ffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000040)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:21 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) mknod$loop(&(0x7f00000000c0)='./bus\x00', 0x4, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000100)=ANY=[], 0x0) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000000)=0x5, 0x4) 23:24:21 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x8fc, 0x32800) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$PPPIOCGFLAGS(r2, 0x8004745a, &(0x7f0000000140)) readahead(r1, 0xfffffffffffffd4a, 0xfffffffffffffe20) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1, 0x1, 0x0, 0xfffffffffffffffc}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000080)={'vcan0\x00', @remote}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'bond_slave_0\x00', @random="001008000002"}) 23:24:21 executing program 4: 23:24:21 executing program 2: 23:24:21 executing program 4: 23:24:22 executing program 2: 23:24:22 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x800, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'eql\x00', 0x1000}) ioctl$PPPIOCGL2TPSTATS(r1, 0x80487436, &(0x7f0000000200)="78a11d56be64b64abdc0e5904e83ba5aa01609f22b7da31088da068dee0d792afe6f1b705f7b7e4d0f709dd081ab2270fc21173f4ac8fc33d0e8a0f2c7b173ab04528680d37dfad26abab2a99f2cb2cad824e4c258e7b11869fbe28ee2e01823d1fc6c92aefd5333b8d83445830e545bdcc30b29b51ac2b62868983d251863c8b19bf096376417c1f47660a129ed36a4a884a23de1651d286ddfcdab4d68358777c9c3c1ce5023d8530f0a025bb238cd2ff9ce1b1e3c02e6c091c78b371bb7fce0757a79b2a46437630e1a6977e4c62e30") close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:22 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x0, 0x48000) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x105640, 0x0) 23:24:22 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x4800}, {0xffffffffffffffff, 0x9fca148690d47b1f}], 0x2, 0x7f1) 23:24:22 executing program 4: 23:24:22 executing program 2: 23:24:22 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x20500) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:22 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x1000) socketpair(0x10, 0x2, 0x7, &(0x7f0000000080)={0xffffffffffffffff}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r2, 0x1) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000000c0)={r4}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e20, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7d}}, 0x1, 0x5, 0xfffffffe, 0x401, 0x82}, 0x98) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'sy\x96kall\xc6O\xef\x9f\xbf\xc1\xb1\x139', @broadcast}) 23:24:22 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) sendfile(r3, r6, &(0x7f0000000040)=0x81, 0x1) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r7, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x2000000008001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f00000001c0)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r8 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r8, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r8, r8, &(0x7f0000000240), 0x7fff) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000380)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r8, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000004c0)={&(0x7f00000003c0)={0x44, r9, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5ce}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x3) r10 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r10, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:22 executing program 2: 23:24:22 executing program 4: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000840)=[{&(0x7f0000000680)="30dd96866c8619c7522155d10efb2cc5b0a761c91083a81d8483c1db9a56744d590452367251d70f3ce7bbb664fe975a105cadf789618f7a51abddc6ad6564ac6f08b316b1de15f1c2bb3f58722383a5a9c68233a39fba38b43f871fb52eabc279cf67bd8dc1cbc964fece03ffd57b8a789640692dbbb17fbe53bce58c461d9fae317cbf87901aed080b695e19f766bb1413ae000000000000002d1e15875ad5b244082fac18c28973c5677ba706d48f019a6973cc21278c6533c792f292e952ccbd96e0a9c5117a4d9b85f2ac4c72deaf542c3369a34dce3775f849be4a77095980f6eeb79a1798d8ca6e383267790219917c635f6d3db5000000000000009e47d7c7f5ee98e29287cfb1f09d4bfe4a6936fb96770f51d161ca774752e97b4cbba0cc84176c009586bfbea7fb1e7b9a995c6a175a694a30a64feed3730151503404777bc6b1bcea4755ab8aacc81ead62ebf576d13445d09fa510033c5a4971b48f0907477ceeaf717d4d429c70191b65a8e35197524bd11c988eff77ad06896a01c497c10034e2", 0xffffff32}], 0x1, 0x0) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f00000000c0)=0x800000100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x18) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x355) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000000)=@ccm_128={{0x303}, "fc547f51492bfd32", "fa0d3d36314b4eb5b48eef964dce4767", "efcb07aa", "6467c27acf750265"}, 0x28) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) 23:24:22 executing program 1: syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x8c) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, '\x00\x01\x10\x00'}) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000080)) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$VIDIOC_SUBDEV_S_EDID(r1, 0xc0285629, &(0x7f0000000000)={0x0, 0x4000, 0x10000044, [], 0x0}) 23:24:22 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:22 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:22 executing program 4: unshare(0x6c060000) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00\x00\x00\x00\x00\x05\x00', 0x4001}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000100)={'lo\x00', {0x2, 0x0, @local}}) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x2, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbb24fec2fba09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000100)=0x7, 0x4) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x0) recvmsg(r2, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14, 0x3e8}, 0x100) write$binfmt_elf64(r2, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) r3 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r3, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") [ 476.231499] IPVS: ftp: loaded support on port[0] = 21 23:24:23 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x4800}, {r0}], 0x2, 0x7f1) 23:24:23 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x80000) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x3, 0x4, 0x1, 0x2, 0x2, 0x3e, 0xe00000, 0x2fc, 0x38, 0xde, 0x20, 0x7, 0x20, 0x2, 0x6fd7, 0x8, 0x8}, [{0x0, 0x5f8, 0xdb08, 0xffffffff, 0x208c, 0xffff20e7, 0xdc9, 0x1f}, {0x6474e551, 0x0, 0x7e4, 0x80, 0x5, 0xff, 0x5, 0x800}], "0f6164755f137e4f7810c7d707f7bec88c141f51b42896823b71a7e3dd12d653a4144219c22cbaea7739a7f7e216cffe5ed9b7ef229c565230a2cc4fff8ab81f77d90b60710f0b4c813c322a5b833b0d0714ba80bc5e330e26d7cf9b15bb35a7b540be893fef6b2438e7ac1d09f0bddceddde1909b59c519788454cbd84de68e71fad129fa976fbf39b931b4519d25a2b4e368255527af173ee5b243ced72a81536f9744c4a95b69f1dad03aadbc01c5918de950a01c1fc8cccb99cd2fdc723951f43452ad078fc008a10731d21248231da802efc1c1e83f", [[]]}, 0x250) ioctl$sock_inet6_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000000)) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000001c0)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f00000004c0)=0x1c) close(r4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) write(r1, &(0x7f0000000140)="adfc97512cfe2fdd35577af079f2dc9b73d66f9d7330af934e560aec6b83a668b55be8e92da51ad436c14aa046274a6ababb1bddddcb2d078d1daeca3d37f9e7b63215c3b486cdfa49140f25c3b9cfcae6072d92aa18e5f4a6e718ca8643f6ed7734", 0x62) r5 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r5) setsockopt$inet_mreq(r5, 0x0, 0x20, &(0x7f0000000080)={@remote, @loopback}, 0x8) 23:24:23 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:23 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x220080) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) 23:24:23 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl(r0, 0x81204101, 0x0) 23:24:23 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) prctl$PR_SET_FPEXC(0xc, 0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r4, 0x0, 0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r6, 0x0, 0x0) mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x100a020, &(0x7f0000000240)={'trans=unix,', {[{@mmap='mmap'}, {@cachetag={'cachetag', 0x3d, '/dev/v4l-subdev#\x00'}}], [{@fsmagic={'fsmagic', 0x3d, 0x100000001}}, {@pcr={'pcr', 0x3d, 0xe}}, {@dont_measure='dont_measure'}, {@dont_hash='dont_hash'}, {@fowner_eq={'fowner', 0x3d, r2}}, {@appraise_type='appraise_type=imasig'}, {@fowner_lt={'fowner<', r4}}, {@appraise='appraise'}, {@uid_eq={'uid', 0x3d, r6}}]}}) ioctl$VIDIOC_SUBDEV_G_EDID(r1, 0xc0285628, &(0x7f00000000c0)={0x0, 0x1000, 0x1f, [], &(0x7f0000000000)=0x10}) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) 23:24:23 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xffd', @random="0100040c0b10"}) 23:24:23 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000640)='/dev/dsp1\x00', 0x205580, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0xa, 0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) recvfrom$inet6(r1, &(0x7f0000000400)=""/61, 0x3d, 0x1, &(0x7f00000004c0)={0xa, 0x4e22, 0x0, @mcast2, 0x8000}, 0x1c) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000500)={0x0, 0x1}, &(0x7f0000000540)=0x8) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000580)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x0, &(0x7f0000000080)=0x0) io_submit(r4, 0x0, 0x0) r5 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r5, 0x7, &(0x7f0000027000)={0x1}) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000700)={0x0, @multicast2, @remote}, &(0x7f0000000740)=0xc) setsockopt$inet6_mreq(r5, 0x29, 0x1, &(0x7f0000000780)={@mcast2, r6}, 0x14) io_submit(r4, 0x1, &(0x7f00000001c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000340)="0a4e3df004e61a9affc1904894963a24d54a248ba42e8955cf2730d7e68c3aa1e51b14c7da0df4d5326cb612a992c5f4a95140392b057253b87b3d3da60a88150c8fd6b5e7dd76b7749d9118ba225cbee27d87332438de980e88e3efd3ea6295ecc17687d3af05144f473952dd4a0af375b28cd053dd7a534cb5649d63e6275381cd1f088004", 0x86, 0x4, 0x0, 0x3, r2}]) r7 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:23 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl(r0, 0x81204101, 0x0) 23:24:23 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl(r0, 0x81204101, 0x0) 23:24:23 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) listen(r0, 0x0) connect$netlink(r0, &(0x7f0000000680)=@unspec, 0xc) 23:24:24 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x4800}, {r0}], 0x2, 0x7f1) 23:24:24 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f00000000c0)={0xb, @capture={0x3000, 0x2, {0x80000000, 0xbee6}, 0x2, 0x800}}) 23:24:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:24 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f0000000280)=""/246) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) poll(&(0x7f0000000380)=[{r0}], 0x1, 0x7) 23:24:24 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x14, r5, 0x1, 0x0, 0x0, {0x11}}, 0x14}}, 0x0) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240), 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xe8, r5, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x198}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5c}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x8}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6a2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xc0000}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x45}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x57}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={[], [], @rand_addr=0x7}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2c}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x810}, 0x58000) sendmsg$IPVS_CMD_DEL_SERVICE(r3, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000200}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x24, r5, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0xedfc57cc77ad9c2e}, 0x20000) 23:24:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:24 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) r3 = shmget(0x2, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r6 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000580)='/proc/capi/capi20\x00', 0x1, 0x0) ioctl$SIOCRSSCAUSE(r6, 0x89e1, &(0x7f00000005c0)=0x1) setresuid(r5, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) fstat(r7, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000240)={{{@in6=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000340)=0xe8) getresgid(&(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000400)=0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000540)='TIPC\x00') fcntl$getownex(r0, 0x10, &(0x7f0000000440)={0x0, 0x0}) r12 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r12, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r12, r12, &(0x7f0000000240), 0x7fff) ioctl$sock_FIOGETOWN(r12, 0x8903, &(0x7f0000000480)=0x0) shmctl$IPC_SET(r3, 0x1, &(0x7f00000004c0)={{0x80, r5, r8, r9, r10, 0x1, 0x1}, 0x101, 0x5, 0xfff, 0x2, r11, r13, 0x800}) select(0x40, &(0x7f0000000000)={0x6, 0x6, 0x9, 0x39de, 0x41c19203, 0x80000000, 0x1, 0xea86}, &(0x7f00000000c0)={0x3ff, 0x3, 0x4, 0x0, 0x4, 0x100000001, 0x400, 0x8}, &(0x7f0000000100)={0x81, 0x7, 0x3, 0x81, 0x6, 0x7, 0x59, 0xffffffff}, &(0x7f0000000180)={r1, r2/1000+10000}) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) 23:24:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:24 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x20500) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:24 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x20500) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:24 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x4800}, {r0}], 0x2, 0x7f1) 23:24:24 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x20500) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:24 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x80000000, {{0xa, 0x4e24, 0x0, @remote}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) getsockopt$EBT_SO_GET_INIT_ENTRIES(r2, 0x0, 0x83, &(0x7f00000003c0)={'nat\x00', 0x0, 0x3, 0x28, [], 0x6, &(0x7f0000000340)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000040)=""/40}, &(0x7f00000001c0)=0x78) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) setsockopt$inet6_MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f00000004c0)={{0xa, 0x4e24, 0x8, @rand_addr="6d442984a42d8a87fd13be198c6528b8"}, {0xa, 0x4e20, 0x5, @loopback, 0x8}, 0x9a, [0x20, 0x10000, 0x5, 0xffffffff, 0x3f, 0x8, 0xf5a9]}, 0x5c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:25 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x81204101, 0x0) 23:24:25 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x20500) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:25 executing program 4: ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x81204101, 0x0) 23:24:25 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) getsockopt$ax25_int(r2, 0x101, 0x9, &(0x7f0000000200), &(0x7f0000000240)=0x4) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:25 executing program 4: ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x81204101, 0x0) 23:24:25 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KDSETMODE(r1, 0x4b3a, 0xfffffffffffff8a5) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) write$binfmt_script(r4, &(0x7f0000000640)={'#! ', './file0', [{0x20, 'security'}, {0x20, '/dev/sg#\x00'}, {0x20, '/dev/loop#\x00'}, {0x20, '/dev/sg#\x00'}, {0x20, '&selinuxGPLproc'}, {0x20, '/dev/sg#\x00'}], 0xa, "6273776b8b67f490522969151c9cb869fd294c5188674f9ed9f3a8b5496a612a9b00c9489f31a254fd6158a76969c93420e23c9ebd91b2ca366cd3772760fcbb3d99e6b5f67ae106ca7cc7bafe4bc388e4038396a3dda71dd4dae3f34b1b9111ea96c283c16726f0b157f11a5b2b113a063f1d7e0e830c7613e9b62ce5be819108f039939e598b2f86418abc02a769005d1301e33c79e14178fd39e11a1c7e8062dfa3dc4ed7f926ad848a8d4428f56a1abff90acb2159a3dec74604c3c0c5260182573e7d68689ba16f74df9ca293efc53a5cce7824d5bff99da4bd23bbf512e7c7f1aeb68ed2db596406"}, 0x139) 23:24:25 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{r0, 0x9fca148690d47b1f}], 0x1, 0x7f1) 23:24:25 executing program 2: r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:25 executing program 4: ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:25 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) socket$vsock_dgram(0x28, 0x2, 0x0) 23:24:25 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x20000, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) setsockopt$inet6_opts(r1, 0x29, 0x39, &(0x7f0000000340)=@hopopts={0x63, 0xd, [], [@pad1, @ra, @generic={0x3b, 0x59, "dbeb6a41e80ee6146273049a49a1ad6fe9a22270054d0f60794200a02e2dd856a9b375a9e6838f209fb218461976ea51f93227f18a67339b5d3553982d37c99edd751e4fcd258462b808d37293141633d954220110a611b8e2"}, @pad1, @pad1, @jumbo={0xc2, 0x4, 0x9}]}, 0x78) 23:24:25 executing program 4: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x20500) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:25 executing program 2: r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:25 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) socket$vsock_dgram(0x28, 0x2, 0x0) 23:24:26 executing program 2: r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:26 executing program 4: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x20500) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:26 executing program 4: r0 = syz_open_dev$video4linux(0x0, 0x0, 0x20500) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:26 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{r0, 0x9fca148690d47b1f}], 0x1, 0x7f1) 23:24:26 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000040)=0x7, 0x4) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f00000002c0)={{0xa, 0x4e22, 0x4, @loopback, 0x71b0}, {0xa, 0x4e22, 0xff, @dev={0xfe, 0x80, [], 0xf}, 0x7}, 0x6, [0x0, 0x59, 0x4, 0x100, 0x37, 0x3f, 0x885, 0x101]}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f0000000180)={{0xa, 0x4e24, 0x3, @local, 0x3ff}, {0xa, 0x4e20, 0x4, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5}, 0xfb0, [0x5, 0x2, 0x7, 0x4, 0x2d, 0x7, 0xfffffffffffff494, 0x945]}, 0x5c) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4000, 0x0) r4 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r4, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) listen(r4, 0x9) socket$inet6(0xa, 0x6, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x6, @mcast1, 0x6}, @in={0x2, 0x4e23, @remote}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e23, 0xc2, @dev={0xfe, 0x80, [], 0x10}, 0x6}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e23, @broadcast}], 0x78) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreqsrc(r5, 0x0, 0x2f, &(0x7f0000000200)={@rand_addr=0x1f, @local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xc) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, 0x0, 0x0) 23:24:26 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:26 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) socket$vsock_dgram(0x28, 0x2, 0x0) 23:24:26 executing program 4: syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) [ 480.131917] audit: type=1400 audit(1575674666.816:100): avc: denied { name_bind } for pid=24583 comm="syz-executor.3" src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 23:24:26 executing program 4: syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) [ 480.220113] audit: type=1400 audit(1575674666.826:101): avc: denied { node_bind } for pid=24583 comm="syz-executor.3" saddr=::1 src=20000 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 23:24:27 executing program 4: syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f00000000c0)={0x8, 0xfffffffa, @value=0x5}) 23:24:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:27 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:27 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{r0, 0x9fca148690d47b1f}], 0x1, 0x7f1) 23:24:27 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) ioctl$RTC_WKALM_RD(r1, 0x80287010, &(0x7f0000000180)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x208000, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r3, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000001c0)={0x9, 0x0, 0x10001}) ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f0000000080)={0x9, r4, 0x1, 0x4}) ioctl$DRM_IOCTL_SG_FREE(r2, 0x40106439, &(0x7f0000000140)={0xfff, r5}) 23:24:27 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, 0x0) 23:24:27 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x2000, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:27 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) 23:24:27 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, 0x0) 23:24:27 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:27 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, 0x0) 23:24:27 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) 23:24:27 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x560000, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:27 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:28 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{}, {r0, 0x9fca148690d47b1f}], 0x2, 0x7f1) 23:24:28 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x0, 0xfffffffa, @value=0x5}) 23:24:28 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:28 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$KVM_SMI(r1, 0xaeb7) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000080)=""/42) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @broadcast}) 23:24:28 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl(r0, 0x81204101, 0x0) 23:24:28 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) sendmsg$nl_route(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x50000a0}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000290022002abd7000fddbdf25021414400000000100060000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = creat(0x0, 0x0) sched_yield() perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r3, 0x9) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000580)={0x0, 0x20, 0x7, {0x2}, {0x401, 0x853}, @period={0x5c, 0x7, 0x3, 0xa1a, 0x6, {0x1, 0x7, 0x4197, 0x9ea0}, 0x1, &(0x7f0000000540)=[0x6]}}) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) capget(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400)={0xfffff001, 0x10001, 0x4, 0xff, 0x6, 0x1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) getsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f00000004c0), &(0x7f0000000500)=0x4) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:28 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x0, 0x0, @value=0x5}) 23:24:28 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:28 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl(r0, 0x81204101, 0x0) 23:24:28 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:28 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r0, 0xc02c5625, &(0x7f00000000c0)={0x0, 0x0, @value}) 23:24:28 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl(r0, 0x81204101, 0x0) [ 481.867637] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) 23:24:29 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{}, {r0, 0x9fca148690d47b1f}], 0x2, 0x7f1) 23:24:29 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ioctl(r0, 0x81204101, 0x0) 23:24:29 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) 23:24:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:29 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:29 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x930cd41102ac3aa0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040), 0xe}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) socket$inet6_tcp(0xa, 0x1, 0x0) 23:24:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:29 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:29 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) 23:24:29 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x81204101, 0x0) 23:24:29 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:29 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:30 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{}, {r0, 0x9fca148690d47b1f}], 0x2, 0x7f1) 23:24:30 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x81204101, 0x0) 23:24:30 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) 23:24:30 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000004c0)=0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x2600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x7}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2001002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x7c, 0x0, 0x10, 0x70bd28, 0x25dfdbfc, {}, [@NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x3}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x7}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x7}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x85c3a2f082e0c048}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x80000000}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000400)) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000500)={0x1, 0x4}) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:30 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:30 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:30 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0x81204101, 0x0) 23:24:30 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:30 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:30 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x0, 0x0) 23:24:30 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:30 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:31 executing program 0: syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0x0) poll(&(0x7f0000000280)=[{0xffffffffffffffff, 0x4800}, {r0, 0x9fca148690d47b1f}], 0x2, 0x0) 23:24:31 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x0, 0x0) 23:24:31 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'bpq0\x00', 0xec}) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:31 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:31 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0x0, 0x0) 23:24:31 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:31 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:31 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:31 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:31 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000001c0)={0x1, 0x7}, 0x5) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$VIDIOC_RESERVED(r1, 0x5601, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x1ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_pts(0xffffffffffffffff, 0x8000) ioctl$KDDELIO(r3, 0x4b35, 0x2e) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x9, 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:31 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:31 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:31 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:31 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:31 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:31 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:32 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:32 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) r2 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f0000000040)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:32 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:32 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:32 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:32 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:32 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:32 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:32 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:32 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:32 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:32 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:32 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x7, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f00000001c0)={{0x7, 0x0, 0x6, 0xdb, 0x40}, 0x8}) listen(r1, 0x9) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) mkdirat(r3, &(0x7f0000000340)='./file0\x00', 0x3c36b0b27aedc935) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) r4 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r4) ioctl$KDFONTOP_SET_DEF(r4, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x6, 0x14, 0x189, &(0x7f0000000640)="6cb7d173ab51dfc770eb2a53ababfc4f0cc58eb86d20b0fd402bd5ce51c5a6529e042ae6b2c573abd1b99656e8de2d7ea60467b07fedeff9208595e661a85a30d0da72cb7e9f32a6bff1d79e624c0bcc92fde99ff0ae1a9ac602c114cad2c51833c8b00b97c2981dada603f9d26b000e2beeb120ce81ab04b4683d07946f264f26319232bd92cd26f1bbd337321cd752ad9eb1ad2130af71b82cdf966b28c4e81473559d28609517a8045b62bf7d3282ba96d2c798f57ca723d3dbf96f42b25214e7f40051b7d42e05f7af81b0777cfb1de9014b348fb3963ac38599837e8857e1af70efdbb10825f62df3f56a7d7e74a1d79546b6728d3ab23d2ea52676851dfaa98169df756b5d27cbe15cb02a577193b2979f92f060eb336df1628d74aa8f919fffa68c214223fdd9c75f10ea230853ca304cb3660a95297a18c67def4813c2d462f576bf7dc4d708f076e07b3853272e9d0776c02691be53d7d0b29d50ab3d1c21cbaffaf404e4a6ed94aaaaa96f7f7e157ce521bd750142b5fd7d0c1ee69b23067b51272c23523bb21b7910a76cc8e018e649c12a788b264f940a4ef6cff86f6b406cfcbed7f5fcb05318c458985d94b000ecaacc553f545e2fd6d40b43b556b73456f5190ac93890af3d8b03a25a14a533f60a04da6947693fa78cdb11980a64675de146bce076e0ffc1736f692f1e366f9bdcbf787dddf9bec8fd0a6a76e74872d0965fa774b68fd2ab795d45f965a99dfdebb94bb7c850c896643999ab55c6621739282e3f6edb15c596dfaa1a489644323b747352d7c2b2bca8c13fa4e9d878282a74a99c0406974379893408f23b57945770ddfb580bf5ad0859a50bf9a248595587977ce9a7837caeec5d70ccd58fec60f7352fba753f5a51fc4873a965c84159cc8f2f98999ddcaa8bc4ea03d3856841204da9e82214c4d34178463bac96867b68e96963c5b1e1151a88cde20e5bef869684d9b7117a26dedc8b600e9f48c384c779fc424d309ad7e33631677786b601f9ce73073f241e64da29d3ec4763c5c431f5953c7e9b5c7fdf88af49b886980c52fee9c00d4c27865b83dc85bc5ecf31f3687cd83fb83bfb80c40049afe0684c3e827b4fb0ff145ecc712dee65fa55d11abe43664a003f12605783ada0fbf2cbcf62f1c5085e944deec15a8b3771f63a606aa146cc2c303a1d6217392f8eebb66526e6caa92c0ec99784dd895b1bcdffb498a8dcb4bb20047aed57a2993438ba40bb046e4c35f8263e7dfc707261b12e83f50ef61985297d594f12a3f6182e4beff60a475e178d24be4d994df84945e505f756995e0290fc2768a6e4432256ac0d273d4033774f32c158a5eeaebe56e38a7b2bc74cbb24d04d5c0a758a856981fac9bcb140ca3db8bd7f5a38e2c8ade3254c092622b935c6d0a209ebd39024f03cbc1ce4d188ea524fd8"}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:32 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:32 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:32 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:32 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:33 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:33 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:33 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000040), &(0x7f00000001c0)=0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:33 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:33 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:33 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:33 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 1: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 5: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:33 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 5: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:33 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) recvmmsg(r1, &(0x7f0000001400)=[{{&(0x7f0000000340)=@xdp, 0x80, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/242, 0xf2}, {&(0x7f0000000640)=""/129, 0x81}], 0x2, &(0x7f00000016c0)=""/157, 0x9d}, 0x66f6}, {{&(0x7f00000003c0)=@nfc, 0x80, &(0x7f0000000ac0)=[{&(0x7f0000000c00)=""/46, 0x2e}, {&(0x7f00000007c0)=""/198, 0xc6}, {&(0x7f0000000700)=""/100, 0x64}, {&(0x7f0000000940)=""/68, 0x44}, {&(0x7f00000009c0)=""/250, 0xfa}], 0x5, &(0x7f00000015c0)=""/219, 0xdb}, 0x80000001}, {{&(0x7f0000000c40)=@nfc_llcp, 0x80, &(0x7f00000010c0)=[{&(0x7f0000000cc0)=""/177, 0xb1}, {&(0x7f0000000d80)=""/26, 0x1a}, {&(0x7f0000000dc0)=""/124, 0x7c}, {&(0x7f0000000b40)=""/173, 0xad}, {&(0x7f0000000f00)=""/155, 0x9b}, {&(0x7f0000000fc0)=""/252, 0xfc}], 0x6, &(0x7f0000001140)=""/97, 0x61}, 0x77e1}, {{&(0x7f00000011c0)=@ipx, 0x80, &(0x7f0000001380)=[{&(0x7f0000001240)=""/12, 0xc}, {&(0x7f0000001280)=""/2, 0x2}, {&(0x7f00000012c0)}, {&(0x7f0000001780)=""/99, 0x63}], 0x4, &(0x7f00000013c0)=""/19, 0x13}, 0x3}], 0x4, 0xb4eb96921155b3a9, &(0x7f0000001500)={0x77359400}) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f0000001800)=ANY=[@ANYBLOB="050000003683192a6baa48ca33a6d02a6abfbac197678d8edc6c209230144acea766edc5b6b2c90040383dc68f4fde424401f76c9dd8ea6dab2c778bda2aede25b5e9c36a2d842379a8dc9b9cbd4ed398ae60bdfeb37cc2f6c57ccfc17bbc628f7ebd84ac8f61607d690618ca6ff386824ddd7722e5c33d1945cafc2e90a1caa0848838752d3c327358f5e1c0ce4349e40d33000000000415eb0d822fb3fdd806e40e5b8cb837a95e95ac231523b53dfb3fbe7afce217cc8aa1a9527f4693789b3449d3aca911cab0d8e1ae8edb1d8dfb89e04d97e9b86e35819bbffb9993955297c8ab5a56915d697a852de8ac6dd690cc1c535", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000001540)=0x18) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000600)={[0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe1, 0x0, 0x100]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40106614, &(0x7f0000001580)) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x42, 0x8001, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3}, 0x222, 0x9, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r6, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r7 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:33 executing program 1: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:34 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 5: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 1: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:34 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:34 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 4: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 1: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:34 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:34 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 4: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:35 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:35 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) r2 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ID(r2, 0x80082407, &(0x7f0000000040)) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:35 executing program 0: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:35 executing program 4: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:35 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:35 executing program 0: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:35 executing program 4: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:35 executing program 0: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') 23:24:35 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:35 executing program 0: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000340), &(0x7f0000000380)=0x4) fchdir(r1) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000040)={'HL\x00'}, &(0x7f00000001c0)=0x1e) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r3, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:35 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:35 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:35 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) 23:24:36 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:36 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:36 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:36 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) 23:24:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:36 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000640)={0x0, {{0xa, 0x4e23, 0x0, @mcast2}}, {{0xa, 0x0, 0xfffffffc, @loopback}}}, 0x108) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x280000, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f00000001c0)={0x80000, 0x0, [0x100, 0x1, 0x101, 0x0, 0x10001, 0x100000000, 0x7fff, 0x401]}) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0xfffffffffffffff5, 0x4a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:36 executing program 2: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) 23:24:36 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:36 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:36 executing program 2: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 2: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:36 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) 23:24:36 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:36 executing program 2: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:36 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:36 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f7, 0x0, @perf_bp={0x0}, 0x0, 0x80000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x220c1, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r4, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @rand_addr=0x4}, 0x10) sendto$inet(r4, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r4, 0x1) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f00000000c0)={r6}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000003c0)={0x2, 0x2, 0x7, 0x5, r6}, &(0x7f0000000640)=0x10) r7 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x1ff, 0x201) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r7, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)=ANY=[@ANYBLOB="3000000067be7a15bf23d47d1a91c60ff4db1b8cfa289789f56b4965bd4160e9bd41819c736b0b2dec620774adbc11dedc1d68c142b4f23f06ee6e9e137553a7afef8bd4cbe9aa32ab04edf65daa0ca3c9b3867be566a9eaef3173774e6db903d3cafab901b08a7461e8f699", @ANYRES16=r8, @ANYBLOB="100026bd7000ffdbdf2501000000000000000b0000000014001462726f6164636173742d6c696e6b0000"], 0x30}, 0x1, 0x0, 0x0, 0x110d2ab284738a9e}, 0x20000001) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:36 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() 23:24:36 executing program 2: clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:36 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) 23:24:36 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) 23:24:36 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000), 0x111, 0x5}}, 0x20) 23:24:37 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:37 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) 23:24:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:37 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) sendmsg$nl_route(r2, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x50000a0}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000290022002abd7000fddbdf25021414400000000100060000"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = creat(0x0, 0x0) sched_yield() perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r3, 0x9) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000580)={0x0, 0x20, 0x7, {0x2}, {0x401, 0x853}, @period={0x5c, 0x7, 0x3, 0xa1a, 0x6, {0x1, 0x7, 0x4197, 0x9ea0}, 0x1, &(0x7f0000000540)=[0x6]}}) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) capget(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400)={0xfffff001, 0x10001, 0x4, 0xff, 0x6, 0x1}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) getsockopt$inet6_udp_int(r1, 0x11, 0x1, &(0x7f00000004c0), &(0x7f0000000500)=0x4) r4 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:37 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) 23:24:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) 23:24:37 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ubi_ctrl\x00', 0x4c0902, 0x0) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000380)=0xfffffffe, 0x4) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r4, 0xc008ae91, &(0x7f00000004c0)={"a01fe7de86d7d3e38150b5cfc32609fbf77007943b05f834fe0b107d483fc927bd6ba1b884a19a27c4a7ba7873444ca995372b5bebbb7de238d9c8cba4dde88bfdf3c8910a18ab567de55a8e4a5fff54785bc1d3c1fa5c1792d93d3abbccaf62ee5f0662b3f26e5812f573646609fd33c2acd78e185ecdceda0c26a93d16fa4bad8d2cdd172b660144fdb72ef7bdf3f7574260cc6e24e196a87137e33a9d3343176ebb997d541b4d583994b892ad3a414c35b0167aca88c277a391c1438a02e77b6c0ddb71c3c7687686a79e6338fff3c119875eae759ced19c5234fb1cdd77145f52f3eb7cf3f43e13760a2242be5613aa7f5b953727d801d49e249ebaeb91cecd0ef8607c6537339e792d6b1994d5fa02491f39ac43de2b88bbda5392455aaf42a691f02fdddc8bde9a9c1cefe59f7dac8e83651ba6b2edea2363164ed3587542933984d130e4c1f8d670229a15bca48e73d5d6301d7b95a3a2e7502518a6e80906adaf57dfdb82b6aab48c4d3a9c9b0e1b5dc1be0380f5d450ad3523426f68b79ddc88c6e9cf57d1eb71b9dfbd3eef41fa0ba8cdbc2c84963650c586c69c95531e3582069fb8e4b15cafb14624e09e711a354f92f102fb029942d526480fee1d3f79e86933786da88cf997da373226947df2c7d655060b1cf7ce5ee058cb6abc483c66db83a7135c1746c8b2a0650060c9de7a960d2f187cb7dffb79cb4ae1fe7a7342a92cc7c20db84631f2b59a4835a20552256cac69a288eeb80cd1051114a92c7aa3f4b5c6a9039e6b75548443fabd046ccffeb9508a14b5cd95fe70b15da18e3a733b3beb42f519a5ff9f292437db85be18f4b94288dd97a6ac6e1fbea2fc6c33436e559090f0af19c0b4c82df8824a6dfedb2fcc33be8f3878dfb6635519a3a7eb607fcb718bd7d189edebc2db6d4c9830950d4cf46e95cf98687d0e2bcb0aad337313fada4f1af6b57c0e2251705a4527d808e67895085c8c4c53c69ed73574667872325248efa364f9843aab96210fd5361119200320db077ee20b09624f658e467945e69fe73a2e2fde3f90b91f2eb4e4ee2e36ca4af09bf6d1dbec1a51a3cc4ad2b2b1c8310adf2de01e3cffd22feb2554320b19dc8ed2112d41191369218eabe414c41c6f1247fc0d26b99a8413c472c64218de0ebb38fc78e396ee987150b42cdcc69447087bec021b30b936b5524b3d10896783d481916df633304c0223502847bbb648a13b825811f7b22608772189ee4c7b44415f1b540ac48a726a3bdb66fe56cfcb7f2e185d62f1d88ebf5eae4e69eee4a216b4d2532e5614f22dd91567062374813fd5451cfb71f1913acabf08b7adc19f300f5c641738ff1fb215035acf912d11559718e751d1fca8f387e77e5682ff7e02f5d4523bc8781ee7e9949df304a1cd0088366e23f5051b1d21aacb0f8c37557e00cac52"}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10004, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r5, 0x9) r6 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r6, 0x7, &(0x7f0000027000)={0x1}) getsockopt$inet_mreq(r6, 0x0, 0x24, &(0x7f0000000040)={@dev, @local}, &(0x7f00000001c0)=0x8) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r7 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r7, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:37 executing program 5: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f7, 0x0, @perf_bp={0x0}, 0x0, 0x80000002}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x220c1, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r4, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @rand_addr=0x4}, 0x10) sendto$inet(r4, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r4, 0x1) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f00000000c0)={r6}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r3, 0x84, 0x22, &(0x7f00000003c0)={0x2, 0x2, 0x7, 0x5, r6}, &(0x7f0000000640)=0x10) r7 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x1ff, 0x201) r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r7, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f0000000500)=ANY=[@ANYBLOB="3000000067be7a15bf23d47d1a91c60ff4db1b8cfa289789f56b4965bd4160e9bd41819c736b0b2dec620774adbc11dedc1d68c142b4f23f06ee6e9e137553a7afef8bd4cbe9aa32ab04edf65daa0ca3c9b3867be566a9eaef3173774e6db903d3cafab901b08a7461e8f699", @ANYRES16=r8, @ANYBLOB="100026bd7000ffdbdf2501000000000000000b0000000014001462726f6164636173742d6c696e6b0000"], 0x30}, 0x1, 0x0, 0x0, 0x110d2ab284738a9e}, 0x20000001) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:37 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x100000000, 0x0) socket$nl_route(0x10, 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdir(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='net/ipv6_route\x00') ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x40000000000c0182) sendfile(r2, r1, 0x0, 0x0) inotify_init() r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000340)={0x13, 0x10, 0xfa00, {&(0x7f0000000140), r5}}, 0x18) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000440)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:37 executing program 2: r0 = socket(0x80000000000000a, 0x2, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3f0200000003000000000100000000000000060000000014001462726f6164636173742d6c696e6b00004de853b9ff8d14411bc2"], 0x30}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r1, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x18000020}, 0xc, &(0x7f0000000340)={&(0x7f00000001c0)={0x30, r3, 0x20, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x7, 0x8, 0x1000, 0x1}}}, ["", "", ""]}, 0x30}}, 0x10010) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @rand_addr="9f1a72f3735f3e83d4754a8cee4f8fbf"}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @local}, 0x7}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = creat(0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x29}}}, 0x1, 0x3}, 0x90) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r4, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) rt_sigprocmask(0x2, &(0x7f00000003c0)={0x2}, 0x0, 0x8) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:37 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) getsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140), &(0x7f0000000280)=0x4) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x80800, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snapshot\x00', 0x40d000, 0x0) setsockopt$bt_BT_RCVMTU(r4, 0x112, 0xd, &(0x7f00000003c0)=0x254, 0x2) r5 = socket(0x10, 0x803, 0x0) r6 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$PIO_UNIMAP(r6, 0x4b67, &(0x7f0000000340)={0x2, &(0x7f00000002c0)=[{0x7f, 0xff81}, {0xff, 0x893}]}) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r7, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044f5e31d652b0fc4ea62161b8c980000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000900)=ANY=[@ANYBLOB="240000bdb462d9d900002e000702000000000000", @ANYRES32=r7, @ANYBLOB="00000000000000001ff24ec063ef7130fa406cec0000000000003e4ca97059c68d6359538e1f85ff41e76dd7c2d0c7f445faa37cff6bceb892df51f02679a0ac101072042a4e9a2942426b769cadd3b8bf42d4701515941a950beadc3007b47b8ea6926b2c68ea0c8a1bf12cfc73ce04de7aa4a9c370b936033a1015e0799f9e364a15a186f500ef48a61531ecdb61e6feae9fb8ce1b0157f4733757e02e557262fc611fda8ba21f88bfc7daf02a95226da3be320268fab19bdca499076b085466f4219c554a3a6967f09a60b420a3b730719daa1f"], 0x24}}, 0x0) r8 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r8, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r8, r8, &(0x7f0000000240), 0x7fff) ioctl$KDFONTOP_SET(r8, 0x4b72, &(0x7f0000000300)={0x0, 0x1, 0x8, 0x5, 0x1c6, &(0x7f0000000a00)="4fb9b53c681a1a085171f87a7b5d05feb975fa4e61a8a8eb2986317d03398822683fc0a92d64d1fd52102ac97a7cc4158370c222537493776bfd4db94088b1cb59def405833343428676692199e86aae9bef4cb8d6b202414d2d18edafe4bac73dcb8f0b7d802b9f8ce2640831864f457a8c8c4d40509b3699bd9420a077c536fa8a23e407e5e9b9e08d203159d087ac3f77f4137cb0e9ba1d3d7a8498e3b6a345ffc7dcf9735d34ef2c6bb415919334cbf239386b2883bd9dab9291cd44d5df97f9b1afcb942fe28fea691f98a4ae61269d6d422364f16c5fa5e749760af827d2c65e84f5cc1c4584992f83359954f0d24e0dcd54c4e00d73ba92d30a416d61026c4810a930eef1f00da77ca75ca6c7700709985de6fe8da8ccf2480356303f24a1de6d22cc809222409b4faa3c0cbb211da0101a3c6c8e41f746511900ba41f1ebc33d84fc8d510db9e4f4630f184b65b22ca7c0829514cf494b4dfaa7a7857a52f94a1d85bd71e6c9bd2d5e2210bfa3967ad16f1f696a302f550f481d692016facb15123c75d01130514235b00cace5b5733626c4bc3d4a5952a387bcfe1140d933353b037840eb87cf4f985708acc37a3f1e225e01e60bd55d3ba03620329776e6beb1dc98de3391cf698e548aa55fbbc817598c5b00346b25bd954d220c9240fe61f57811c3d67e1600e6ba137707c1cb4ccaac5e77197e160784029736d5ee5d4e363c6e694309ae8ac32842a42d1e228fc7186ebb7a0814653068e2ac6cea6d5a0358c45a9b12da273d1a2a11264242d2dfb4dfdc0453cbdddb295187f0d0539a6ca3fad9857ae1f0c0be51ac097da91c1bd2a5ee8e3cff518d04e067051aef94c2db8ae785c8c4c7ab00a660fa75a05af2c570e6f71846c066e64478fe6340a835411dbb7b5af9d08c0d33ec90d81c1f89a5b4e0ce5ee992cbe67c668bd9bbf76a690742b4b37aeb8cf26b99018c9209e83d45c66e04757e33521e46775285bc9e4efd8dc96fdd8fc2f07b9abf24c3260e4c13329cc7b26fe0538a853083a0cffc43463c8d549d7f8d1cfa618387537a12df332f015102aee39d5d5877cf9dc4c027e14ea485332b98183662280f26c876b9fa0b15d59b7bce9907da9ddeceee23f6fbfda5e427ac09dec90849da2c90bef4c52300835b51313542fcd784c7389ffbfa637634d700762f1924d6fd9ea75f4cb16d93174eeb312e1f5419528d524c0ac395fb36b8a6ad33cc516f0eb34c7bc06833b37811c71ddc3fca02d9e3c227735892279267f0fd72a166969f745ae4a2d05eb2c1ac13d1464f24d75416a11c16f7c19ab2524ca1e332e118b7807b79007dd78bff0175933377e6ecfad7af8ea5af2b8f2b31d3a14412c2dcf224f5dc07b82ebd1f7f26ac2b1092958a39d662841d2462ed0ae720ed006f3aa4b9c794b9809095e0f8243c8b2e3a"}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000080)={@mcast2, 0xf, r7}) 23:24:37 executing program 4: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) r1 = socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) r4 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r4, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r4, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r4, 0x1) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f00000000c0)=ANY=[@ANYRES32=r6, @ANYBLOB="00020000"], &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000040)={0xda3, 0x200, 0x8, 0x4, r6}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000340)={r7, @in={{0x2, 0x4e23, @remote}}, 0x1, 0x3}, &(0x7f0000000400)=0x90) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r8 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:37 executing program 5: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa5cb289fbd0312f, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x1a, &(0x7f00000f5ffc)=0xfffffffeffffffff, 0x4) bind$inet6(r3, &(0x7f0000710fe4)={0xa, 0x4e21}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@random="a585e8799cd5", @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$FICLONE(r2, 0x40049409, r4) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r5 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) [ 491.154278] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 491.179379] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=25268 sclass=netlink_route_socket pig=25650 comm=syz-executor.1 23:24:37 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffd000/0x2000)=nil) fsync(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f00000015c0)={0xa0, 0x19, 0x1, {0x0, {}, 0xc4, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xa0) r1 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000420081aee405e9a4000000000000c6ff07d800400300"/35, 0x23}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x2}, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x2, 0x0, @tick, {}, {}, @quote}], 0x30) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x2000, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="874046cf7c7330a401bd0817b6a95beb", 0x10) r4 = socket$bt_cmtp(0x1f, 0x3, 0x5) fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000000)) 23:24:37 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:38 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) shmget$private(0x0, 0x2000, 0x40, &(0x7f0000ffd000/0x2000)=nil) fsync(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x138, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f00000015c0)={0xa0, 0x19, 0x1, {0x0, {}, 0xc4, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0xa0) r1 = socket$kcm(0x10, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="23000000420081aee405e9a4000000000000c6ff07d800400300"/35, 0x23}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000001740)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000300)=""/4096, 0x1000}], 0x2}, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x1, 0x0) write$sndseq(r2, &(0x7f0000000040)=[{0x0, 0x0, 0x2, 0x0, @tick, {}, {}, @quote}], 0x30) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x2000, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r3, 0x6, 0x21, &(0x7f00000001c0)="874046cf7c7330a401bd0817b6a95beb", 0x10) r4 = socket$bt_cmtp(0x1f, 0x3, 0x5) fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000000)) 23:24:38 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_RESERVED(r1, 0x5601, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) setsockopt$sock_int(r2, 0x1, 0x1, &(0x7f0000000000)=0x8, 0x4) syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x100, 0x80) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x321300, 0x0) r4 = syz_open_dev$radio(&(0x7f0000000240)='/dev/radio#\x00', 0x1, 0x2) ioctl$VIDIOC_G_CTRL(r4, 0xc008561b, &(0x7f0000000280)={0x8, 0x8}) ioctl$ASHMEM_SET_NAME(r3, 0x41007701, &(0x7f00000001c0)='keyring\x00') ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f00000000c0)) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) 23:24:38 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) ioctl$TIOCSSERIAL(0xffffffffffffffff, 0x541f, &(0x7f0000000180)={0x4, 0xf3, 0x200, 0x1, 0x552, 0x7, 0x461, 0xffffffff, 0x0, 0x0, 0x7, 0x8, 0x401, 0x7, &(0x7f00000000c0)=""/163, 0x2, 0x9, 0x9}) 23:24:38 executing program 4: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x400, 0x0) ioctl$TIOCSIG(r0, 0x40045436, 0x3f) r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r1, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) recvmmsg(r2, &(0x7f0000005940)=[{{&(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)=""/190, 0xbe}, {&(0x7f00000002c0)=""/131, 0x83}, {&(0x7f0000000380)=""/179, 0xb3}, {&(0x7f0000000440)=""/146, 0x92}], 0x4, &(0x7f0000000540)}}, {{&(0x7f0000000580)=@caif=@dbg, 0x80, &(0x7f0000000900)=[{&(0x7f0000000600)=""/204, 0xcc}, {&(0x7f0000000700)=""/218, 0xda}, {&(0x7f0000000800)=""/199, 0xc7}], 0x3, &(0x7f0000000940)=""/223, 0xdf}, 0x1}, {{&(0x7f0000000a40)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @local}}, 0x80, &(0x7f0000001f80)=[{&(0x7f0000000ac0)=""/216, 0xd8}, {&(0x7f0000000bc0)=""/253, 0xfd}, {&(0x7f0000000cc0)=""/105, 0x69}, {&(0x7f0000000d40)=""/45, 0x2d}, {&(0x7f0000000d80)=""/120, 0x78}, {&(0x7f0000000e00)=""/12, 0xc}, {&(0x7f0000000e40)}, {&(0x7f0000000e80)=""/184, 0xb8}, {&(0x7f0000000f40)=""/4096, 0x1000}, {&(0x7f0000001f40)=""/56, 0x38}], 0xa, &(0x7f0000002040)}, 0x640}, {{0xffffffffffffffff, 0x0, &(0x7f0000002140)=[{&(0x7f0000002080)=""/191, 0xbf}], 0x1, &(0x7f0000002180)=""/141, 0x8d}, 0x1e}, {{&(0x7f0000002240)=@xdp, 0x80, &(0x7f0000002600)=[{&(0x7f00000022c0)=""/64, 0x40}, {&(0x7f0000002300)=""/130, 0x82}, {&(0x7f00000023c0)=""/182, 0xb6}, {&(0x7f0000002480)=""/83, 0x53}, {&(0x7f0000002500)=""/211, 0xd3}], 0x5, &(0x7f0000002680)=""/220, 0xdc}, 0x1387}, {{&(0x7f0000002780)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @dev}}}}, 0x80, &(0x7f0000004900)=[{&(0x7f0000002800)=""/4096, 0x1000}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000004800)=""/212, 0xd4}], 0x3, &(0x7f0000004940)=""/4096, 0x1000}, 0x80000000}], 0x6, 0x41, &(0x7f0000005ac0)={0x77359400}) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) r4 = socket$inet_sctp(0x2, 0x397adf6f18cabb0e, 0x84) sendto$inet(r4, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) lseek(r6, 0x37dc79f4, 0x0) sendto$inet(r4, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r4, 0x1) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f00000000c0)={r8}, &(0x7f0000000000)=0x8) r9 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r9, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r9, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r9, 0x1) r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r9, 0x84, 0x6d, &(0x7f0000005b00)=ANY=[@ANYRES32=r11, @ANYBLOB="00000000ee2edb63e7626215747664a4e8c8f0acb123dee28d676c50cd1b08cf530fe30c6019dae2cf066b97f007cf145575047010bb2c7018305a07000000000000008e0000000000"], &(0x7f0000000000)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000000c0)={r11, 0x1, 0x1}, 0x8) r12 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r12) connect$caif(r12, &(0x7f0000000100)=@dbg={0x25, 0x20, 0xc6}, 0x18) 23:24:38 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000340)={0x2}) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_FPEXC(0xc, 0x40000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x6, 0x0, 0x20000004, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x55, 0x80) ioctl$IMSETDEVNAME(r2, 0x80184947, &(0x7f00000001c0)={0x9, 'syz1\x00'}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) ioctl$TIOCCONS(r4, 0x541d) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:38 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:38 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) syz_extract_tcp_res$synack(&(0x7f0000000000), 0x1, 0x0) 23:24:38 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0x1f}, 0x0) sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) write$binfmt_aout(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="cc000900a3020000a0020000050000007c0100003f0000000000000000000000553edaa0b7f09a1251c08183512c9000919fce7dedf9689b0f97b9a4200993262767b0dc97b5ab9f00be6d3809cc300d4f427e20fe1d307d09cfcb7f1bf10dc1ab305ca8ea27dd90716421e95e73715d0e3d1f17be54b78b176e5d2ddfd7d0ceb73a23e4a8508940237184910d4842726ee31788969433e26ab7eda589248c26a4d0966703d7c9a3f172d9e8e8aeda0698d9dd8a04c6cc6aa4eab0b28b2b7725af82952cc6e630b8813bc2cd933faa020abc8bdf7a19e783faf5037c2e95c1a22fea543cb917e279a1ddfdf9972fee313e188860b949f4af3a87de501820370d899cccada027cb0704fd63a3d3d7240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cc500"/2303], 0x90f) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x20000000000000, 0x20000000000000}, 0x0) unshare(0x2040400) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) creat(&(0x7f0000000140)='./file0\x00', 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r10, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_ax25_SIOCDELRT(r10, 0x890c, &(0x7f0000000180)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:38 executing program 3: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x4, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = gettid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r2, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:38 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000180)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x2, {0x2, 0x4e20, @local}, 'ip6gretap0\x00'}) write$P9_RCREATE(r1, &(0x7f0000000100)={0x18, 0x73, 0x1, {{0x0, 0x4, 0x8}, 0x1}}, 0x18) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(0xffffffffffffffff, &(0x7f00000001c0)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @null, @null, @default]}, 0x48) getsockopt$netrom_NETROM_T4(r2, 0x103, 0x6, &(0x7f0000000000)=0xffffffff, &(0x7f00000000c0)=0x4) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r3 = syz_open_dev$midi(&(0x7f0000000240)='/dev/midi#\x00', 0x2, 0xa080) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r7, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r7, r7, &(0x7f0000000240), 0x7fff) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r11, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) poll(&(0x7f0000000280)=[{r1, 0x4800}, {r3, 0x9fca148690d47b1f}, {r0, 0x2000}, {r4, 0x2000}, {r6, 0x8000}, {r1, 0x6402}, {0xffffffffffffffff, 0x200}], 0x7, 0x7f1) 23:24:38 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0x1f}, 0x0) sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) write$binfmt_aout(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="cc000900a3020000a0020000050000007c0100003f0000000000000000000000553edaa0b7f09a1251c08183512c9000919fce7dedf9689b0f97b9a4200993262767b0dc97b5ab9f00be6d3809cc300d4f427e20fe1d307d09cfcb7f1bf10dc1ab305ca8ea27dd90716421e95e73715d0e3d1f17be54b78b176e5d2ddfd7d0ceb73a23e4a8508940237184910d4842726ee31788969433e26ab7eda589248c26a4d0966703d7c9a3f172d9e8e8aeda0698d9dd8a04c6cc6aa4eab0b28b2b7725af82952cc6e630b8813bc2cd933faa020abc8bdf7a19e783faf5037c2e95c1a22fea543cb917e279a1ddfdf9972fee313e188860b949f4af3a87de501820370d899cccada027cb0704fd63a3d3d7240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cc500"/2303], 0x90f) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x20000000000000, 0x20000000000000}, 0x0) unshare(0x2040400) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) creat(&(0x7f0000000140)='./file0\x00', 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r10, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_ax25_SIOCDELRT(r10, 0x890c, &(0x7f0000000180)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:38 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:38 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0x1f}, 0x0) sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) write$binfmt_aout(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="cc000900a3020000a0020000050000007c0100003f0000000000000000000000553edaa0b7f09a1251c08183512c9000919fce7dedf9689b0f97b9a4200993262767b0dc97b5ab9f00be6d3809cc300d4f427e20fe1d307d09cfcb7f1bf10dc1ab305ca8ea27dd90716421e95e73715d0e3d1f17be54b78b176e5d2ddfd7d0ceb73a23e4a8508940237184910d4842726ee31788969433e26ab7eda589248c26a4d0966703d7c9a3f172d9e8e8aeda0698d9dd8a04c6cc6aa4eab0b28b2b7725af82952cc6e630b8813bc2cd933faa020abc8bdf7a19e783faf5037c2e95c1a22fea543cb917e279a1ddfdf9972fee313e188860b949f4af3a87de501820370d899cccada027cb0704fd63a3d3d7240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cc500"/2303], 0x90f) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x20000000000000, 0x20000000000000}, 0x0) unshare(0x2040400) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) creat(&(0x7f0000000140)='./file0\x00', 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r10, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_ax25_SIOCDELRT(r10, 0x890c, &(0x7f0000000180)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:38 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:39 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) 23:24:39 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5, 0x0, 0x1f}, 0x0) sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) write$binfmt_aout(r7, &(0x7f00000003c0)=ANY=[@ANYBLOB="cc000900a3020000a0020000050000007c0100003f0000000000000000000000553edaa0b7f09a1251c08183512c9000919fce7dedf9689b0f97b9a4200993262767b0dc97b5ab9f00be6d3809cc300d4f427e20fe1d307d09cfcb7f1bf10dc1ab305ca8ea27dd90716421e95e73715d0e3d1f17be54b78b176e5d2ddfd7d0ceb73a23e4a8508940237184910d4842726ee31788969433e26ab7eda589248c26a4d0966703d7c9a3f172d9e8e8aeda0698d9dd8a04c6cc6aa4eab0b28b2b7725af82952cc6e630b8813bc2cd933faa020abc8bdf7a19e783faf5037c2e95c1a22fea543cb917e279a1ddfdf9972fee313e188860b949f4af3a87de501820370d899cccada027cb0704fd63a3d3d7240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008cc500"/2303], 0x90f) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3, 0x20000000000000, 0x20000000000000}, 0x0) unshare(0x2040400) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) setsockopt$inet_mreqsrc(r8, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) creat(&(0x7f0000000140)='./file0\x00', 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f000001b000)={@multicast2, @dev={0xac, 0x14, 0x14, 0x13}, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r10, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_ax25_SIOCDELRT(r10, 0x890c, &(0x7f0000000180)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x8, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) setsockopt$inet_mreqsrc(r9, 0x0, 0x27, &(0x7f0000000000)={@multicast2, @loopback, @remote}, 0xc) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:39 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:39 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:39 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x2080, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = accept$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000180)) r3 = dup2(r2, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) close(r4) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x40000, 0x0) r7 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r7, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r7, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$FICLONERANGE(r10, 0x4020940d, &(0x7f00000001c0)={r12, 0x0, 0xffffffff, 0x3, 0x13c2}) shutdown(r7, 0x1) r13 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r13, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB='wB\x00\x00', @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f0000000240)={r14, 0x89, "d1429a153e009a1945b0760e64e7b67108b805f424051ff242efb2aee186d7dbe12272a704bc0bb6b4fcbc05fe9e61a54f5274500250f902d35e72aef49108fa95d4e13730dfa05f92345ef8d7d38661bbc2887fb896c9de5e8390ef4c886ff83e988dfe11df08fc4ca712a27cb9ce513f3d8b6d490f95b811aa8fe8bf8549a025210dddaaa8d212eb"}, &(0x7f0000000000)=0x91) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000080)={r14, 0xaf, 0x8}, 0x8) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x304) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) 23:24:39 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000000)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100040c0b10"}) syz_open_dev$tty20(0xc, 0x4, 0x1) 23:24:39 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) getsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, &(0x7f0000000200)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0xc502, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000002200290800000000000000000400000014001100ffffff7fffffffff79f195c65f49d0a3"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) socket$inet6(0xa, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f000095dffc)) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffffea7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup3(r2, r1, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000140)=[@mss={0x2, 0x9}, @mss={0x2, 0xab}, @window={0x3, 0x80, 0x6}, @timestamp, @sack_perm, @window={0x3, 0x0, 0xffff}, @sack_perm], 0x7) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), 0x0) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r4, 0xc008af12, &(0x7f0000000000)) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) 23:24:39 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) r1 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000258f88)) msgrcv(r1, &(0x7f0000000180)={0x0, ""/93}, 0x65, 0x0, 0x0) msgsnd(r1, &(0x7f0000000340)={0x3}, 0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000480)=""/4096) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000200)=""/217) close(r0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/devSzero\x00', 0x363c80, 0x0) ioctl$SG_GET_SCSI_ID(r2, 0x2276, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000180)={'sit0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) 23:24:39 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:39 executing program 1: r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, 0x0, 0x0) socket(0x0, 0x0, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000000080)={0x6, {{0xa, 0x4e24, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0xff}}}, 0x108) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x400000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = creat(0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x0, 0x3f, 0x0, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x7}, 0x222, 0xfffffffffffffffe, 0x4000000, 0x4edc516ff787aa77, 0x0, 0x20000004, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x9) syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x8001, 0x1c9200) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$SG_GET_SG_TABLESIZE(r2, 0x227f, &(0x7f0000000180)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)) r3 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000005c0)={[], 0x6, 0x9, 0x200}) 23:24:39 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:39 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) r1 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000258f88)) msgrcv(r1, &(0x7f0000000180)={0x0, ""/93}, 0x65, 0x0, 0x0) msgsnd(r1, &(0x7f0000000340)={0x3}, 0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000480)=""/4096) msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000200)=""/217) close(r0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/devSzero\x00', 0x363c80, 0x0) ioctl$SG_GET_SCSI_ID(r2, 0x2276, &(0x7f0000000080)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000180)={'sit0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) 23:24:40 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:40 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100270cf271"}) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$USBDEVFS_GET_SPEED(r0, 0x551f) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) lsetxattr$security_smack_transmute(&(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000300)='TRUE', 0x4, 0x1) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e23, 0x0, @empty, 0x200}}, 0x1, 0x2, 0x7fff, 0x9, 0xffffffb8}, &(0x7f0000000000)=0x98) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={r3, 0x3}, &(0x7f0000000200)=0x8) 23:24:40 executing program 4: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) getsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, 0x0, &(0x7f0000000200)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0xc502, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="280000002200290800000000000000000400000014001100ffffff7fffffffff79f195c65f49d0a3"], 0x28}, 0x1, 0xfdffffff00000000}, 0x0) socket$inet6(0xa, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f000095dffc)) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffffea7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/pfkey\x00', 0x0, 0x0) dup3(r2, r1, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000140)=[@mss={0x2, 0x9}, @mss={0x2, 0xab}, @window={0x3, 0x80, 0x6}, @timestamp, @sack_perm, @window={0x3, 0x0, 0xffff}, @sack_perm], 0x7) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), 0x0) r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_KICK(r4, 0xc008af12, &(0x7f0000000000)) ioctl$VIDIOC_SUBDEV_S_EDID(r0, 0xc0285629, &(0x7f0000000080)={0x0, 0x0, 0x0, [], 0x0}) 23:24:40 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000258f88)) msgrcv(r1, &(0x7f0000000180)={0x0, ""/93}, 0x65, 0x0, 0x0) msgsnd(r1, &(0x7f0000000340)={0x3}, 0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000480)=""/4096) msgctl$IPC_RMID(r1, 0x0) close(r0) 23:24:40 executing program 5: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x84000) r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) close(r0) utime(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0xc9, 0x31f}) bind$can_raw(r1, &(0x7f00000000c0), 0x10) 23:24:40 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:40 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) getsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000080), &(0x7f0000000140)=0x4) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000000)=0x8, 0x4) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000100)={'batadv0\x00\x00 \xa0\xff\xff\xff\xff\x00', @random="0100270cf271"}) 23:24:40 executing program 3: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) close(r0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x220c06, 0x0) ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) vmsplice(r4, &(0x7f0000001540)=[{&(0x7f0000000080)="c58c0f0b82641a83c71096f18fb758100d7ee2e27ac908fd244f8ea2100f12badf54e26f06f0c7dbc7b59dbbd771d1628797f25da34bc3571ee430b38981ebed2f3d25db9c1925dbdb3e30050ca875bcb439ca8c03537f083c0e27414302fa3705252f5e06772b466173e6b03e8b4695b9afc9d901a14555e374fe66dfcc2d15eb1e76e2b1391dac78c26e41784c1680f83310a15d8fe6a84c379019fb2cfa94ac9625cee267a5aa4c5df505bb224433995ec6800f3fa7d829e3160b129e6e4c", 0xc0}, {&(0x7f0000000140)="0df0f441ffd3f5fd79e5414fc52d31d7e3b5352e0e9dc618587fcbe4f9553cc85bb975117c9daec955a720bd976ef2cc3c20d4805225066a4f2af0353a077a10db0dcda2ee406156277871829de43305d47a1487625587ebf4fde37c2598b5aa7abd032fa599098614e838a1054dc2bcb71ce8dd1da247b24f3f87adba29d6aa65aa74d8f5929ad053b292f277c73467cf00c072620da203c647267e99d9e1f282b642004cca5c430b5a860434f8504669ab75389cecda855d1fa873d5c795a8f35a6560ee41c424da732c36ca15b0be4eb9feea7abd47cd808a4b8485cef45d3b4ac9e210c40e6e8dfdc42d0eea2b149129d4514fc4c594c18a9db85d", 0xfd}, {&(0x7f0000000240)="0c34602c34cb6deb31050863e101ba55426a4c7a4424a215de85f2b99db726c85900bdd865ec9d57cc1427858c9c87a8897efa937c821a76538c895374aa9af7db9497632c5e6f1ab15d0d5a2c361179a535c4d5de827700d1f1b7ccac01c8bb1ce41ee08267546deebd368a5f4f25f9e8c20f080bf2ba4d04efb1754d63a56249b2e11f3b3a1c4771dff3d13de1f3cd69da99df221c1f9717050c53b803d73fe9331b443a72a393927d9f368c18bcc36c4cbe3f249b59fe531b6c41e488dabf4d5a7351ff5189955dcff00afa6cb9f24c3e1ebd7fd37278ae5b5e1a66083b8c5a67dedac5b9ed", 0xe7}, {&(0x7f0000000340)="ff0838bf9981608ecad21f1feb50b290f7fc32341a891a09551ab3c3ab76d24cd132710da49ee9ad7a", 0x29}, {&(0x7f0000000380)="cad3cafd331d4f00789c067b88f9f30792e48e2a9c72b2d0c8c826e9e665249d7cb653f80fbc3122c2558af123a5e0d978203176d0bcecd3711b071b3b708c10757a2c50cb5abbfc341f6a9977c4a9d480f0e512407dfaded8ab7152122c7d497facecbaa22fdf9b1781b25ed38ca5b9bc0ff525ac49e3402fe2831d33334542a46c7162142dd9b7f1ceda367d88208473470f8987aa38ec09acbafebb7d99c25e989075fac4ce41c3", 0xa9}, {&(0x7f0000000440)="7b64d92e216ee68bbc728fa64591db363890f34604d9d5e47dab34d0161e9dc016134f1aa4c52a404dd5e29a6f0a8d1bda41e767bcb49400a799e11ab11c37a28e169d7c62f7aa38952bf4827b84359041f1068d4809967bbfa6fa07b697f84e0e69f7d5cda447f734fe3300bec655", 0x6f}, {&(0x7f00000004c0)="b63ad4", 0x3}, {&(0x7f0000000500)="af2240a62d0312f0cbf729330c0ab317251ea65d36547f5e43736aa56d3aaacf2e2e97b1bb7d4f6748703cfafba68034b3ac5c75527689b614bce94cea5e76d8ccdd3520a632ab2e2a78181ba04cc1143f2ecc6743a1ffadf1500ec0300f9c7e7821f47e370a761b815f92b45d56c97fbc4064ea3197049f0c5b0a97854538c75533ab00a72691d8de3de5ee2f4d55c7005a14f33aabfa91778656937c265d98010ad535088e43bd5573cb108e75b8c9b6bb8c279d80f936a039306fb1bbcb379406d9b9da593ea85f14b48bfb4f32343634b19ede1d68f5e2b3b2f67ab613177a79b3ce41c9dea9e141439023a5d98786b913b4fa02d5170b8d3c694d7b00a6119a076e8c192e34df2cbca487af3c6ee2e8e1da278e91ddc3eb161583be9baa135853c1e7515dd479f636151c40867b02a03c3b4fa42bc91d581907cec6a4b45202acd41258f111af07c37b307989134a7eadfde8cd1b92944e1695d1f445d1d071508fbcce922252d12987e162856d3b65f465993f26b28b0d6f072f89a694d9783d98099b317c64b5308b886a5779454f1184ab1978a3055c87659b1b08f8f7dff52b74ed0ace1d1d4013a3714c0ae2e54a04178bab77f19ab6707dffd8ccf68f727ef677b676bec0bda4b6c14453e1ccf2e3669457f925f9d612248cc52df9057575d55f8de35abbe1d4646142cf890a1ff9601dff163ad5884769f88a5632ba8a2ad297c3ec2a5ba7e02f78bc4e7cf334767919340875c79478591bafe408c40293f65e3020f36067780d2ef730d608dacf451ce29fc57f847f1fb2bb4622fca8f2d348f33a33142ee6ab15bed8b285026b9b685e58146642988e9f5338358b24db01fbbde789bd8222a0850b6bf077cf87e33c2dd596bd7797c18b31b49bd316b0e3e9a76e22c8086baeafbe594135ed900e935145384d011ae9fe4323567a6fb8b65747a31c1d7728b15d2f4726c34739cd739afb1e2cde70223ff0c52bd664810f8ea72cd7834f13c6477e940d5b7aa416fb17c2d2c95742e9ef899a878ccc990af76d36370be705607a53c5870df9b020cff0056ab04e5dfbc2fa43da5f3f2887a4db548a05e616bd21c24011bfe127aaccce63255bcb599cfaaf505456ad0ed0b7c1941c2a538fc78b4fe618ba62e1b15e5413d3a656e22f204672aa8ad61c9823c5c3e10910a725f839410035b0a3f4a85fffc76f7e7c62acbbcf72b9f48e85ca9c3d84d00ac947ca0e362017654c6992d880d29fd306e03b301fc34439b6d94010a6cbccd394d748073355d80e66550fb3c4c73ccfd6315263115cee0a00e900a4004dfbc8329472118ea204775885d1e9dcf232b3491cf72e00b9775204075f96edcd47b4bfd2a8ad2b2a203cfdc13540323a468b7e9c6cdc580d4bf4843f47777b770354dfad4068ceea991078b3839b7292be70822168724aa57c386e9d2b9d0e22aac3f2cf47ccdc29246457b3331bccef4075641695eeb8d0843ed89f60438c24e3ff811be14e901d463914a327b0e78df33d771b8db848ec8e2f37403e41aeceb57abb4471f0d07cc983363a973aff996a507aa0af4f6cfb8a5f833bb7958a5a6f50adf41efa37c3a7306da8bad21204184963e4f7ae16fa23aa5baa9ab3cbe03918e035d86c06279e137ed2bbe0d6264f4cf246938f2a30fdcae1ae4849e6d9f6227bebf02b16975e5aa5684759b9668f9456d1e7ab4719c6df785343b87399745553ce27621f7888ff354035342daa45df754b035d49ff41d11fe768a362fb43b2392e5bc61d8dfbdb0317908dafc8791d3edef064be485a51c7d0fb26b79009e622df51b0990eecb605e23726bb3a011ae631bf0cf8b38da673e55a60f2503e533cab952afb144a2854d3b62316557b25e870a47bd51deae0440b105de7f274f89df26f523f55e53e50073143ab5f1d12757d3fb5ca2fbcf10bda16ebc50580810e9b62ef602cddb20a4f091bbbe525c8eca8a46f4e8d71b60025694eef3c58a811ef34dec7d15c045bb9feae8672371c47007b4a1691febbaba2987fc2df37f771ea80d48f60e0a1be8a0e47115657728527a7c09dd08beddf6f0584dd8a7159dc20e01dcb5e7f12490b2bc38b126d7a368fff472563b13ed87650dc00f97dd9b6be5337b2210ea7262f9b2d6b9eca19e48c916c220c97fbc403bb91daab91abb1b1f07e06c3c0b2d798b9d718ea435202190e52691160f0be657824f403eec0ec8fdeeb3619ef8b67a9258d9b39dbbdf0a987ed374608ce689b4b329b19aa5bd328d872666e2e6293c7a682f0a663f71a0564baf7bc8e53db7ba53f6656230fe2bc4a1cdeee9413a53ef6e2db057ae497a48a1bbfe56ab6516a93953f9ee4a7e3cdf6358c94c7855928d551dce379cfc39ea87cca550094459afbad7c3becf260b8f14bc6e01435f542dc97192c2fb1972039ecd019c064dc762098a280a60467a421de834401f9969a421889f6d3d53ed3cff618ef08dbbde4bff7a4c42b4daf0efc066ec3772f119457260350456f20494d7d67b0ebf0566e79810661c14605d4b7a80381663d640b5c75f86a40e77d995c3798cda339051a512c718d3f97212a7b2ecaf1109630f399a6cf3ae2640cf0ec27ea78ea0f73d04d8889deeb15eb4b70a57b32220be5f928fbfb1437e93ac38d97bac0c0f5328eed5e13f98c85d76bb6fdc8e472943513a2617a67700941a1c943cf6c9407f8009fe8331959b78f2dce862f0a0ebe89088ea9ebbbc4cc188849cb5277750b906986bd4351db17c133f0e7d2af94509c77dea70c9a4e62709f6dbb7b82d21f100c2ea19c99ad3e4dfa109a18aecccab4e591db7ec84993ad0b13706cf5fa021fffe83255e19fe4c572b296c774f36495bc924669dce0724e2b5813976d7e22d1a91319053a47b75aa01edcde4851aa7a65b68ad85dd3476dac9455788f6f46ad698f3aff6ac41c085db7289518e0ec4531dedc3fde0876272071a1917c30e80d80cf9aa04c1399235f279f49f820113f0efdb82754f8d0a27cb892b1132ee60fa18a03a68cc0e99a2a42935a7a73978eec660648574c8e9fe5bd1f0e29d430f9ae38976568285d99208c005cbef7fcb11e8e3a210fd64a60171a06cd38d8765ad43b29c2951797f5f0fab03a80da08d237ec7663a648f61d26ede8a4600370cc41b644fd2faa301fbabb4ca90f96775e06ef09a7177e45e2d716d07f83641e35477ad07a626f2d61a341a005337b542af450c515cfb162826def7cecc80939fe91690f8256ce412b3f771ff3aca27465ae412c4535ebdfd7948deff69eac2d219bfd580b7f623beb8f8b189a7a8805e0ef821931d24002efd754cf189df39dd1042883a16a2cb8842327e06408ac417d64a7d2eae6bc34e370dd8e5035e87680b8900319e99afda45925bb14185092f16c16836ee6733d82f762da61fdb479b2e019d79488ee6db91a1388111fbf0524935407d148cd344d8648777847ce6bccfea717190d24c196d0bc9639ef44be6f83cf363ef97f515b8388b571fa760d97c0950070ef2c1f61d324b5cc16f439836ea330ac6e39ecd2e9fe8ab93e178f77fdee222301cf0e72b15e45da8d41ee26c3f0668b3f2f87b5ab6f93187a3e0bbeb1b29416f1e672967355c12c8019a5b0dc3875a9d0b93fe099fbf2a2c5ccb2809350dec6f37439dae82ea69dc2686013b2777b2054120f47ff00f70e957ca705c922d7fad0b60575a16e1b440c028959634a915f82dd7ae3dd37be4de32b7eea907dad0d329d16d5024dbbd6a1df63db36426861ed3008a939af9e4a845efdfc81a616ed32027c9a3a20f7f241eaf9aa91bc59b59cfe168e2abba5044108cd85f32df454e5e1f0947425916f98590d79c9b7ce6b11ddc73e4e636da967d5535ffa8676c2fee2197c9d17e330e49104f9fdc6dd57bc7ecb051ff333dea147eee7bc060899d5cbd20c5ee95b49b13ac8ad05380f31fa4c2f258db82b7eb3049cc361ecb3fca2d72578af5baa14f2831143aa28153b5ee70499835cf92230f0e5e7672135a45401d9f99be6a502383d2ab86f9df8f644385710f0b8ae2902e19da78e83f2de8f8274b388a0052a89e9a69c568f37a7ab333972641e5be44d45001ac272cce82ec309ba5afc2b6af058902c2cbdc2e3f81275aa62f1445a83cf01ffd98e4de7c4281c9835514918d3893fec7e9bd8e82e35f254ee093895e6debbfdd2145ec3e154823ab50a20aeb08385312dc618da1019c560720375c6580ed9c509cdd1b7060e8121640a7885f9fac7bf767df55d363b6511de7878e0e45e44e413d45a66452a38e619a704529ea66b813cc3d750660a185855d661a3181c06c7541c511d56bce200e123f21ac271731f93982bac7bf432a80064cda48aff1ad1d8aa9805677e49d7bd382910166974548a98cea4dd40d4c2f8269fe319c7b428a792c0fac552aa086f36933c6bf0086198f40f310d17371f231cb8806995a7584feaa5288d1ec9adc8254adbfdf3f5dd52381c9da16da3a2b64d9ef036a3d9237d0a84b55731ec5dd9098f07c2e3e3b37654afa2fad4701b982c5fdf947b8f090e5695a89f33aa94c30a4e44976f381e476474e0a15c376071745804d92f6e16aedad34b7727eec7ae2dd917a6bbea0f07722fbfe80eb8bad00255fce4f6f649668c6b2860b2d59f31d66ab9cbdd08d5a16c8af7645bb862a2beac465a6b2c5faf3018bd32569e8c7de645f9fc2595d07f238862fa1dfb31634fcc5af015d06da60a5a298f9570d0bfe395b1368ff91798b6015584338368caf017ca570451305a9331a36fb04c33ab5370501de275ba60b7c4ba46f57838c19ab4464007b46a4e4bf0b108338fe77bcd30aa037bd852816426031091b74c09c1477acce3da5cfe88dd709e7b673f885b4fd72e615c49c17601c9eeae42dd16873391e8608b713768333f246e88f8bb9e57e8c93b18e59846fd41dcd9a60fb31eee9b8a9889fb91144da2a4aa17925c9cdf495d6a5c9ad471bdcc5decd251b9f2885ce7a7bac39e555af3e804a7ed0c1a1b288624e374e43f74995d5307c4a96a6c509886dbdbea00306c4be7966e6dc36d5dc9e09d5925c70b28d6f7b7108ff3ad9d08d5eb9f9d50db8e707b3e5f3cdcd5c654b8d547eb9b679065f4a64f4837c4790f7a740cecf31c477fbc199c10cf43b671c3868df432e498ad8708a2090cf6886c24aacad7b1d41a7729f5595cb3b577b7b427470279f86ca63bdb904c4871bba91d4cb1fd196a8d825969758532d25ee4413865f5cc2cbbb0733d5f66273e699fe38903db8170c61b99b7b113a9c49f82f0c12365469a41565c8eab14741fc17e709367d03d6f8b60a5866e34fdfaec8e7f75dc34adb1ef10484dcde0fb8d16ec368ed9a5582715fe4a4aab5b48f94a40ca5b31184df754c7582040196cf9afa4152df2cb7ae714cd08e7cacef7ae04c0d1a5233f5fe1d1c8834707e3c6c7478c38f64b34f9138350c5bf653e690b5459f3e5f311cc0fc39d29360f6291d8b9bd4a013cd356c3c8433b94d826b3f190571850167976ea81a3381fbc5bbc159e219d2235be0cef16ef4c1486894e05f2ae02f429ee6014ce38725b59a9290da68d8821cd515ca28701170b9b74e1faa84ba235e568ff6fefc105c234659cfd2963357193f826709b6bfda6e8b2d6785c4c149deaba9f3cb6bb94d1784cc8ef05a7375a0f6f56f8a274e5430979451e223c56c314ccf6417f1d17f28f307c78c6cf69dc7464111d506a7787d5282fd2bb78487f4f4fa62115c3412860338edae1", 0x1000}, {&(0x7f0000001500)="93994b8c1cc35050dcde7155c2ebbdfbc639c8bbc3ed74179ae8bd93389c49cc37378d01857ce016a4a4c20f24b1e8d2cabdf2c6717022177858c6", 0x3b}], 0x9, 0x0) 23:24:40 executing program 5 (fault-call:0 fault-nth:0): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 494.008691] FAULT_INJECTION: forcing a failure. [ 494.008691] name failslab, interval 1, probability 0, space 0, times 0 [ 494.065550] CPU: 1 PID: 25866 Comm: syz-executor.5 Not tainted 4.14.158-syzkaller #0 [ 494.073486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.082848] Call Trace: [ 494.085436] dump_stack+0x142/0x197 [ 494.089056] should_fail.cold+0x10f/0x159 [ 494.093200] should_failslab+0xdb/0x130 [ 494.097174] kmem_cache_alloc_node+0x287/0x780 [ 494.101801] ? get_pid_task+0x98/0x140 [ 494.105769] copy_process.part.0+0x17d5/0x6a70 [ 494.110357] ? save_trace+0x290/0x290 [ 494.114208] ? proc_fail_nth_write+0x7d/0x180 [ 494.118699] ? proc_cwd_link+0x1b0/0x1b0 [ 494.122757] ? __f_unlock_pos+0x19/0x20 [ 494.126726] ? find_held_lock+0x35/0x130 [ 494.130776] ? __cleanup_sighand+0x50/0x50 [ 494.135005] ? lock_downgrade+0x740/0x740 [ 494.139166] _do_fork+0x19e/0xce0 [ 494.142609] ? fork_idle+0x280/0x280 [ 494.146370] ? fput+0xd4/0x150 [ 494.149548] ? SyS_write+0x15e/0x230 [ 494.153246] SyS_clone+0x37/0x50 [ 494.156595] ? sys_vfork+0x30/0x30 [ 494.160121] do_syscall_64+0x1e8/0x640 [ 494.164020] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.168854] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.174030] RIP: 0033:0x45a6f9 [ 494.177211] RSP: 002b:00007f5d4120ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 494.184917] RAX: ffffffffffffffda RBX: 00007f5d4120ec90 RCX: 000000000045a6f9 [ 494.192171] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 494.199425] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.206701] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d4120f6d4 [ 494.213971] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:40 executing program 1 (fault-call:0 fault-nth:0): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:40 executing program 4 (fault-call:0 fault-nth:0): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:40 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:40 executing program 3 (fault-call:0 fault-nth:0): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 494.281115] FAULT_INJECTION: forcing a failure. [ 494.281115] name failslab, interval 1, probability 0, space 0, times 0 [ 494.304514] FAULT_INJECTION: forcing a failure. [ 494.304514] name failslab, interval 1, probability 0, space 0, times 0 [ 494.324799] CPU: 1 PID: 25872 Comm: syz-executor.4 Not tainted 4.14.158-syzkaller #0 [ 494.332761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.342130] Call Trace: [ 494.344731] dump_stack+0x142/0x197 [ 494.348383] should_fail.cold+0x10f/0x159 [ 494.352602] should_failslab+0xdb/0x130 [ 494.356599] kmem_cache_alloc_node+0x287/0x780 [ 494.361195] ? finish_task_switch+0x14d/0x650 [ 494.365691] ? switch_mm_irqs_off+0x5e1/0xec0 [ 494.370195] copy_process.part.0+0x17d5/0x6a70 [ 494.370208] ? retint_kernel+0x2d/0x2d 23:24:41 executing program 2 (fault-call:0 fault-nth:0): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:41 executing program 5 (fault-call:0 fault-nth:1): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 494.370221] ? trace_hardirqs_on_caller+0x400/0x590 [ 494.370231] ? save_trace+0x290/0x290 [ 494.378710] ? __f_unlock_pos+0x19/0x20 [ 494.391499] ? find_held_lock+0x35/0x130 [ 494.395583] ? __cleanup_sighand+0x50/0x50 [ 494.399830] ? lock_downgrade+0x740/0x740 [ 494.403982] _do_fork+0x19e/0xce0 [ 494.407536] ? fork_idle+0x280/0x280 [ 494.411341] ? fput+0xd4/0x150 [ 494.413531] FAULT_INJECTION: forcing a failure. [ 494.413531] name failslab, interval 1, probability 0, space 0, times 0 [ 494.414534] ? SyS_write+0x15e/0x230 [ 494.414550] SyS_clone+0x37/0x50 [ 494.414558] ? sys_vfork+0x30/0x30 [ 494.414577] do_syscall_64+0x1e8/0x640 [ 494.440229] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.445066] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.450240] RIP: 0033:0x45a6f9 [ 494.453413] RSP: 002b:00007faa8cfa0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 494.461108] RAX: ffffffffffffffda RBX: 00007faa8cfa0c90 RCX: 000000000045a6f9 [ 494.468362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 494.475708] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.482965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007faa8cfa16d4 [ 494.490218] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 494.497492] CPU: 0 PID: 25882 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 494.505384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.514801] Call Trace: [ 494.517414] dump_stack+0x142/0x197 [ 494.521134] should_fail.cold+0x10f/0x159 [ 494.525277] should_failslab+0xdb/0x130 [ 494.529239] kmem_cache_alloc_node+0x287/0x780 [ 494.533804] ? get_pid_task+0x98/0x140 [ 494.537681] copy_process.part.0+0x17d5/0x6a70 [ 494.542251] ? save_trace+0x290/0x290 [ 494.546035] ? proc_fail_nth_write+0x7d/0x180 [ 494.550512] ? proc_cwd_link+0x1b0/0x1b0 [ 494.554571] ? __f_unlock_pos+0x19/0x20 [ 494.558529] ? find_held_lock+0x35/0x130 [ 494.562578] ? __cleanup_sighand+0x50/0x50 [ 494.566796] ? lock_downgrade+0x740/0x740 [ 494.570932] _do_fork+0x19e/0xce0 [ 494.574372] ? fork_idle+0x280/0x280 [ 494.578073] ? fput+0xd4/0x150 [ 494.581255] ? SyS_write+0x15e/0x230 [ 494.584951] SyS_clone+0x37/0x50 [ 494.588297] ? sys_vfork+0x30/0x30 [ 494.591820] do_syscall_64+0x1e8/0x640 [ 494.595688] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.600533] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.605722] RIP: 0033:0x45a6f9 [ 494.609078] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 494.616783] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 494.624051] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 494.631317] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.638616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 494.645886] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 494.654978] FAULT_INJECTION: forcing a failure. [ 494.654978] name failslab, interval 1, probability 0, space 0, times 0 [ 494.666429] CPU: 1 PID: 25877 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 494.666853] FAULT_INJECTION: forcing a failure. [ 494.666853] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 494.674329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.674334] Call Trace: [ 494.674353] dump_stack+0x142/0x197 [ 494.674373] should_fail.cold+0x10f/0x159 [ 494.674391] should_failslab+0xdb/0x130 [ 494.674402] kmem_cache_alloc_node+0x287/0x780 [ 494.674413] ? get_pid_task+0x98/0x140 [ 494.674427] copy_process.part.0+0x17d5/0x6a70 [ 494.674442] ? save_trace+0x290/0x290 [ 494.674456] ? proc_fail_nth_write+0x7d/0x180 [ 494.674464] ? proc_cwd_link+0x1b0/0x1b0 [ 494.674477] ? __f_unlock_pos+0x19/0x20 [ 494.674489] ? find_held_lock+0x35/0x130 [ 494.674502] ? __cleanup_sighand+0x50/0x50 [ 494.674511] ? lock_downgrade+0x740/0x740 [ 494.674525] _do_fork+0x19e/0xce0 [ 494.674536] ? fork_idle+0x280/0x280 [ 494.674548] ? fput+0xd4/0x150 [ 494.674557] ? SyS_write+0x15e/0x230 [ 494.674569] SyS_clone+0x37/0x50 [ 494.674576] ? sys_vfork+0x30/0x30 [ 494.674588] do_syscall_64+0x1e8/0x640 [ 494.674596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.674611] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.674618] RIP: 0033:0x45a6f9 [ 494.674623] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 494.674634] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 494.674640] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 494.674646] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.674652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 23:24:41 executing program 2 (fault-call:0 fault-nth:1): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 494.674658] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 494.674923] CPU: 1 PID: 25885 Comm: syz-executor.1 Not tainted 4.14.158-syzkaller #0 [ 494.841873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.851233] Call Trace: [ 494.853822] dump_stack+0x142/0x197 [ 494.857537] should_fail.cold+0x10f/0x159 [ 494.861696] should_failslab+0xdb/0x130 [ 494.865675] kmem_cache_alloc_node+0x287/0x780 [ 494.870252] ? get_pid_task+0x98/0x140 [ 494.870269] copy_process.part.0+0x17d5/0x6a70 [ 494.870286] ? save_trace+0x290/0x290 [ 494.870295] ? proc_fail_nth_write+0x7d/0x180 [ 494.870302] ? proc_cwd_link+0x1b0/0x1b0 [ 494.870313] ? __f_unlock_pos+0x19/0x20 [ 494.870322] ? find_held_lock+0x35/0x130 [ 494.870338] ? __cleanup_sighand+0x50/0x50 [ 494.903347] ? lock_downgrade+0x740/0x740 [ 494.907513] _do_fork+0x19e/0xce0 [ 494.909266] FAULT_INJECTION: forcing a failure. [ 494.909266] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 494.910972] ? fork_idle+0x280/0x280 [ 494.910987] ? fput+0xd4/0x150 [ 494.910997] ? SyS_write+0x15e/0x230 [ 494.911011] SyS_clone+0x37/0x50 [ 494.911018] ? sys_vfork+0x30/0x30 [ 494.911029] do_syscall_64+0x1e8/0x640 [ 494.911038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.911057] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.954163] RIP: 0033:0x45a6f9 [ 494.957338] RSP: 002b:00007fb735e70c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 494.965035] RAX: ffffffffffffffda RBX: 00007fb735e70c90 RCX: 000000000045a6f9 [ 494.972291] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 494.979551] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 494.986813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb735e716d4 [ 494.994066] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 495.001335] CPU: 0 PID: 25886 Comm: syz-executor.5 Not tainted 4.14.158-syzkaller #0 [ 495.009227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.018566] Call Trace: [ 495.021141] dump_stack+0x142/0x197 [ 495.024757] should_fail.cold+0x10f/0x159 [ 495.028886] ? __might_sleep+0x93/0xb0 [ 495.032821] __alloc_pages_nodemask+0x1d6/0x7a0 [ 495.037477] ? __alloc_pages_slowpath+0x2930/0x2930 [ 495.042506] ? rcu_read_lock_sched_held+0x110/0x130 [ 495.047511] copy_process.part.0+0x26a/0x6a70 [ 495.051996] ? save_trace+0x290/0x290 [ 495.055778] ? proc_fail_nth_write+0x7d/0x180 [ 495.060258] ? proc_cwd_link+0x1b0/0x1b0 [ 495.064303] ? __f_unlock_pos+0x19/0x20 [ 495.068257] ? find_held_lock+0x35/0x130 [ 495.072306] ? __cleanup_sighand+0x50/0x50 [ 495.076537] ? lock_downgrade+0x740/0x740 [ 495.080671] _do_fork+0x19e/0xce0 [ 495.084123] ? fork_idle+0x280/0x280 [ 495.087848] ? fput+0xd4/0x150 [ 495.091022] ? SyS_write+0x15e/0x230 [ 495.094721] SyS_clone+0x37/0x50 [ 495.098068] ? sys_vfork+0x30/0x30 [ 495.101613] do_syscall_64+0x1e8/0x640 [ 495.105499] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.110345] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 495.115540] RIP: 0033:0x45a6f9 [ 495.118722] RSP: 002b:00007f5d4120ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 495.126423] RAX: ffffffffffffffda RBX: 00007f5d4120ec90 RCX: 000000000045a6f9 23:24:41 executing program 3 (fault-call:0 fault-nth:1): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:41 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_RESET_STATS(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x12c0004}, 0xc, &(0x7f0000000340)={&(0x7f0000000080)={0x2a8, r1, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0xbc, 0x4, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc95}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x12e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_BEARER={0xb4, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x1, @rand_addr="0e2c4b1477b8ec88cb14c8dcee8543fe"}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x1, @loopback, 0x6}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xffff0000, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x81}}, {0x14, 0x2, @in={0x2, 0x4e22, @local}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x50, 0x4, [@TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf80}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}]}, @TIPC_NLA_SOCK={0x30, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7ff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xc745}]}, @TIPC_NLA_NODE={0x38, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x10000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1ff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xaa0}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}]}, @TIPC_NLA_MEDIA={0x3c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}]}]}, 0x2a8}, 0x1, 0x0, 0x0, 0x40080840}, 0x4000) [ 495.133682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 495.140937] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 495.148288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d4120f6d4 [ 495.155542] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 495.204747] CPU: 0 PID: 25889 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 495.212688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.215731] FAULT_INJECTION: forcing a failure. [ 495.215731] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 495.222065] Call Trace: [ 495.222082] dump_stack+0x142/0x197 [ 495.222097] should_fail.cold+0x10f/0x159 [ 495.222107] ? __might_sleep+0x93/0xb0 [ 495.222120] __alloc_pages_nodemask+0x1d6/0x7a0 [ 495.222131] ? __alloc_pages_slowpath+0x2930/0x2930 [ 495.222141] ? rcu_read_lock_sched_held+0x110/0x130 [ 495.222158] copy_process.part.0+0x26a/0x6a70 [ 495.222174] ? save_trace+0x290/0x290 [ 495.222182] ? proc_fail_nth_write+0x7d/0x180 [ 495.222189] ? proc_cwd_link+0x1b0/0x1b0 [ 495.222200] ? __f_unlock_pos+0x19/0x20 [ 495.222208] ? find_held_lock+0x35/0x130 [ 495.222222] ? __cleanup_sighand+0x50/0x50 [ 495.222231] ? lock_downgrade+0x740/0x740 [ 495.222243] _do_fork+0x19e/0xce0 [ 495.222269] ? fork_idle+0x280/0x280 [ 495.222281] ? fput+0xd4/0x150 [ 495.222288] ? SyS_write+0x15e/0x230 [ 495.222303] SyS_clone+0x37/0x50 [ 495.313439] ? sys_vfork+0x30/0x30 [ 495.316983] do_syscall_64+0x1e8/0x640 [ 495.320854] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.325686] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 495.330878] RIP: 0033:0x45a6f9 [ 495.334050] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 495.341743] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 495.349001] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 495.356260] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 495.363516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 495.370959] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 495.378230] CPU: 1 PID: 25894 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 495.386126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.386131] Call Trace: [ 495.386146] dump_stack+0x142/0x197 [ 495.386164] should_fail.cold+0x10f/0x159 [ 495.405835] ? __might_sleep+0x93/0xb0 [ 495.405852] __alloc_pages_nodemask+0x1d6/0x7a0 [ 495.405867] ? __alloc_pages_slowpath+0x2930/0x2930 [ 495.405877] ? rcu_read_lock_sched_held+0x110/0x130 [ 495.405894] copy_process.part.0+0x26a/0x6a70 [ 495.429123] ? save_trace+0x290/0x290 [ 495.432938] ? proc_fail_nth_write+0x7d/0x180 [ 495.437445] ? proc_cwd_link+0x1b0/0x1b0 [ 495.441632] ? __f_unlock_pos+0x19/0x20 [ 495.445613] ? find_held_lock+0x35/0x130 [ 495.449680] ? __cleanup_sighand+0x50/0x50 23:24:42 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x4103, 0x0) ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f0000000040)) 23:24:42 executing program 5 (fault-call:0 fault-nth:2): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:42 executing program 2 (fault-call:0 fault-nth:2): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 495.454006] ? lock_downgrade+0x740/0x740 [ 495.458164] _do_fork+0x19e/0xce0 [ 495.458177] ? fork_idle+0x280/0x280 [ 495.458191] ? fput+0xd4/0x150 [ 495.458201] ? SyS_write+0x15e/0x230 [ 495.458215] SyS_clone+0x37/0x50 [ 495.475607] ? sys_vfork+0x30/0x30 [ 495.479160] do_syscall_64+0x1e8/0x640 [ 495.483061] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.487924] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 495.493109] RIP: 0033:0x45a6f9 [ 495.496295] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:24:42 executing program 3 (fault-call:0 fault-nth:2): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:42 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x80, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$ax25(0xffffffffffffffff, &(0x7f0000000040)=""/246, 0xf6, 0x20, &(0x7f0000000140)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3}, [@default, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @default]}, 0x48) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r3) [ 495.496306] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 495.496311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 495.496317] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 495.496323] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 495.496328] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 495.571349] FAULT_INJECTION: forcing a failure. [ 495.571349] name failslab, interval 1, probability 0, space 0, times 0 [ 495.584275] FAULT_INJECTION: forcing a failure. [ 495.584275] name failslab, interval 1, probability 0, space 0, times 0 [ 495.590692] CPU: 0 PID: 25907 Comm: syz-executor.5 Not tainted 4.14.158-syzkaller #0 [ 495.603396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.603402] Call Trace: [ 495.603417] dump_stack+0x142/0x197 [ 495.603435] should_fail.cold+0x10f/0x159 [ 495.624516] should_failslab+0xdb/0x130 [ 495.628503] kmem_cache_alloc+0x2d7/0x780 [ 495.632656] ? creds_are_invalid+0x48/0x110 [ 495.636984] ? __validate_process_creds+0x14c/0x200 [ 495.642036] prepare_creds+0x3c/0x390 [ 495.645845] copy_creds+0x7b/0x4f0 [ 495.649402] ? lockdep_init_map+0x9/0x10 [ 495.653479] copy_process.part.0+0x868/0x6a70 [ 495.653492] ? save_trace+0x290/0x290 [ 495.653500] ? proc_fail_nth_write+0x7d/0x180 [ 495.653507] ? proc_cwd_link+0x1b0/0x1b0 [ 495.653519] ? __f_unlock_pos+0x19/0x20 [ 495.653535] ? __cleanup_sighand+0x50/0x50 [ 495.653544] ? lock_downgrade+0x740/0x740 [ 495.653558] _do_fork+0x19e/0xce0 [ 495.653569] ? fork_idle+0x280/0x280 [ 495.653581] ? fput+0xd4/0x150 [ 495.653590] ? SyS_write+0x15e/0x230 [ 495.653601] SyS_clone+0x37/0x50 [ 495.653607] ? sys_vfork+0x30/0x30 [ 495.653618] do_syscall_64+0x1e8/0x640 [ 495.653628] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.678630] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 495.678637] RIP: 0033:0x45a6f9 [ 495.678644] RSP: 002b:00007f5d4120ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 495.728774] RAX: ffffffffffffffda RBX: 00007f5d4120ec90 RCX: 000000000045a6f9 [ 495.736136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 495.743402] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 495.750659] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d4120f6d4 [ 495.757928] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 495.766745] CPU: 1 PID: 25910 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 495.774668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.777116] FAULT_INJECTION: forcing a failure. [ 495.777116] name failslab, interval 1, probability 0, space 0, times 0 [ 495.784044] Call Trace: [ 495.784060] dump_stack+0x142/0x197 [ 495.784077] should_fail.cold+0x10f/0x159 [ 495.784092] should_failslab+0xdb/0x130 [ 495.784102] kmem_cache_alloc+0x2d7/0x780 [ 495.784111] ? creds_are_invalid+0x48/0x110 [ 495.784120] ? __validate_process_creds+0x14c/0x200 [ 495.784130] prepare_creds+0x3c/0x390 [ 495.784139] copy_creds+0x7b/0x4f0 [ 495.784149] ? lockdep_init_map+0x9/0x10 [ 495.784160] copy_process.part.0+0x868/0x6a70 [ 495.784176] ? save_trace+0x290/0x290 [ 495.784184] ? proc_fail_nth_write+0x7d/0x180 [ 495.784192] ? proc_cwd_link+0x1b0/0x1b0 [ 495.784202] ? __f_unlock_pos+0x19/0x20 [ 495.784218] ? __cleanup_sighand+0x50/0x50 [ 495.784228] ? lock_downgrade+0x740/0x740 [ 495.784241] _do_fork+0x19e/0xce0 [ 495.784252] ? fork_idle+0x280/0x280 23:24:42 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:42 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) ustat(0x3, &(0x7f0000000100)) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000000)={r3, 0xac, "d1cad4657eb7e74741cfa284ef1c1130b35f9799c0b8fc5c7615e8d6f1b52877a64e4b53a5a439cf65aa69c99cb4fa2785b58f35466ed3b18f9704102809706f289e8dafcbcdd2856717827a3cfc2fcca0cd9b76e93edb3a311a3ea8a37b302c055b63a2d145b23c3dae329db7576f8975887f0457d2b2f38dde0b737a352a22ea024d07c831cdf55cdfe8e76c0fe37d42f80d5a1b416aa7c4420cf19e9edd7e48ef3273aeb0d543085df616"}, &(0x7f00000000c0)=0xb4) 23:24:42 executing program 4: clone(0x10000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x30000) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000080)={0x10004, 0x4, 0x5, 0xa, 0xfa}) 23:24:42 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000040)={0x0, 0x2, 0x2, 0x20, &(0x7f0000ffc000/0x1000)=nil, 0x9}) 23:24:42 executing program 2 (fault-call:0 fault-nth:3): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 495.784264] ? fput+0xd4/0x150 [ 495.784272] ? SyS_write+0x15e/0x230 [ 495.784284] SyS_clone+0x37/0x50 [ 495.784289] ? sys_vfork+0x30/0x30 [ 495.784307] do_syscall_64+0x1e8/0x640 [ 495.814119] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 495.827234] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 495.827244] RIP: 0033:0x45a6f9 [ 495.827249] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 495.827260] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 495.827265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 495.827272] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 495.843107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 495.843113] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 495.929130] CPU: 1 PID: 25912 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 495.946743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.946748] Call Trace: [ 495.946762] dump_stack+0x142/0x197 [ 495.946778] should_fail.cold+0x10f/0x159 [ 495.964010] should_failslab+0xdb/0x130 [ 495.964020] kmem_cache_alloc+0x2d7/0x780 [ 495.964032] ? creds_are_invalid+0x48/0x110 [ 495.964040] ? __validate_process_creds+0x14c/0x200 [ 495.964052] prepare_creds+0x3c/0x390 [ 495.970244] copy_creds+0x7b/0x4f0 [ 495.970253] ? lockdep_init_map+0x9/0x10 [ 495.970266] copy_process.part.0+0x868/0x6a70 [ 495.970280] ? save_trace+0x290/0x290 [ 495.983151] ? proc_fail_nth_write+0x7d/0x180 [ 495.983160] ? proc_cwd_link+0x1b0/0x1b0 [ 495.983171] ? __f_unlock_pos+0x19/0x20 [ 495.983188] ? __cleanup_sighand+0x50/0x50 [ 495.983201] ? lock_downgrade+0x740/0x740 [ 495.992566] _do_fork+0x19e/0xce0 [ 495.992580] ? fork_idle+0x280/0x280 [ 495.992592] ? fput+0xd4/0x150 [ 495.992601] ? SyS_write+0x15e/0x230 [ 495.992612] SyS_clone+0x37/0x50 [ 495.992622] ? sys_vfork+0x30/0x30 [ 496.000105] do_syscall_64+0x1e8/0x640 [ 496.000115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 496.000132] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 496.000139] RIP: 0033:0x45a6f9 23:24:42 executing program 5 (fault-call:0 fault-nth:3): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:42 executing program 4: clone(0x13380400, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000000)=0x800, &(0x7f0000000040)=0x2) [ 496.000145] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 496.000154] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 496.000159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 496.000163] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 496.000171] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 496.008736] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 496.031687] Unknown ioctl -1071094763 [ 496.126809] FAULT_INJECTION: forcing a failure. [ 496.126809] name failslab, interval 1, probability 0, space 0, times 0 [ 496.138837] FAULT_INJECTION: forcing a failure. [ 496.138837] name failslab, interval 1, probability 0, space 0, times 0 [ 496.139173] CPU: 1 PID: 25933 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 496.157949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.167319] Call Trace: [ 496.169932] dump_stack+0x142/0x197 [ 496.173614] should_fail.cold+0x10f/0x159 [ 496.177781] should_failslab+0xdb/0x130 [ 496.181790] __kmalloc_track_caller+0x2ec/0x790 [ 496.186550] ? check_preemption_disabled+0x3c/0x250 [ 496.186565] ? prepare_creds+0x3c/0x390 [ 496.195541] ? selinux_cred_prepare+0x49/0xb0 [ 496.200102] kmemdup+0x27/0x60 [ 496.203306] selinux_cred_prepare+0x49/0xb0 [ 496.203320] security_prepare_creds+0x7d/0xb0 [ 496.203336] prepare_creds+0x2d1/0x390 [ 496.203347] copy_creds+0x7b/0x4f0 [ 496.203358] ? lockdep_init_map+0x9/0x10 [ 496.203370] copy_process.part.0+0x868/0x6a70 [ 496.203385] ? save_trace+0x290/0x290 [ 496.231879] ? proc_fail_nth_write+0x7d/0x180 [ 496.236358] ? proc_cwd_link+0x1b0/0x1b0 [ 496.240443] ? __f_unlock_pos+0x19/0x20 [ 496.244426] ? __cleanup_sighand+0x50/0x50 [ 496.248646] ? lock_downgrade+0x740/0x740 [ 496.252782] _do_fork+0x19e/0xce0 [ 496.256222] ? fork_idle+0x280/0x280 [ 496.259934] ? fput+0xd4/0x150 [ 496.263110] ? SyS_write+0x15e/0x230 [ 496.266835] SyS_clone+0x37/0x50 [ 496.270194] ? sys_vfork+0x30/0x30 [ 496.273730] do_syscall_64+0x1e8/0x640 [ 496.277613] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 496.282548] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 496.287746] RIP: 0033:0x45a6f9 [ 496.290925] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 496.298636] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 496.305924] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 496.313179] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 496.320431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 23:24:42 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:43 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000000)) [ 496.327683] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 496.335568] CPU: 0 PID: 25932 Comm: syz-executor.5 Not tainted 4.14.158-syzkaller #0 [ 496.343479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.352840] Call Trace: [ 496.355439] dump_stack+0x142/0x197 [ 496.359085] should_fail.cold+0x10f/0x159 [ 496.363335] should_failslab+0xdb/0x130 [ 496.367310] __kmalloc_track_caller+0x2ec/0x790 [ 496.371987] ? check_preemption_disabled+0x3c/0x250 23:24:43 executing program 1: clone(0x10000200, 0x0, 0x0, 0x0, 0x0) [ 496.377018] ? prepare_creds+0x3c/0x390 [ 496.381004] ? selinux_cred_prepare+0x49/0xb0 [ 496.385512] kmemdup+0x27/0x60 [ 496.388719] selinux_cred_prepare+0x49/0xb0 [ 496.393051] security_prepare_creds+0x7d/0xb0 [ 496.397558] prepare_creds+0x2d1/0x390 [ 496.401458] copy_creds+0x7b/0x4f0 [ 496.405004] ? lockdep_init_map+0x9/0x10 [ 496.409071] copy_process.part.0+0x868/0x6a70 [ 496.414102] ? save_trace+0x290/0x290 [ 496.417916] ? proc_fail_nth_write+0x7d/0x180 [ 496.422414] ? proc_cwd_link+0x1b0/0x1b0 [ 496.426482] ? __f_unlock_pos+0x19/0x20 [ 496.430476] ? __cleanup_sighand+0x50/0x50 [ 496.434720] ? lock_downgrade+0x740/0x740 [ 496.438883] _do_fork+0x19e/0xce0 [ 496.442347] ? fork_idle+0x280/0x280 [ 496.446068] ? fput+0xd4/0x150 [ 496.449263] ? SyS_write+0x15e/0x230 [ 496.452965] SyS_clone+0x37/0x50 [ 496.456310] ? sys_vfork+0x30/0x30 [ 496.459855] do_syscall_64+0x1e8/0x640 [ 496.463742] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 496.469269] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 496.474444] RIP: 0033:0x45a6f9 23:24:43 executing program 3 (fault-call:0 fault-nth:3): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:43 executing program 1: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$KDGKBMETA(r0, 0x4b62, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 496.477641] RSP: 002b:00007f5d4120ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 496.485337] RAX: ffffffffffffffda RBX: 00007f5d4120ec90 RCX: 000000000045a6f9 [ 496.492593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 496.499852] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 496.508251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d4120f6d4 [ 496.516839] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:43 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002e00)=[{{0x0, 0x0, &(0x7f0000000700), 0x0, &(0x7f0000000740)=""/25, 0x19}}, {{&(0x7f0000000780)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000900)=[{&(0x7f0000000800)=""/204, 0xcc}], 0x1}, 0x1ff}, {{&(0x7f0000000940)=@ipx, 0x80, &(0x7f0000001d40)=[{&(0x7f00000009c0)=""/110, 0x6e}, {&(0x7f0000000a40)=""/206, 0xce}, {&(0x7f0000000b40)=""/23, 0x17}, {&(0x7f0000000b80)=""/40, 0x28}, {&(0x7f0000000bc0)=""/235, 0xeb}, {&(0x7f0000000cc0)=""/107, 0x6b}, {&(0x7f0000000d40)=""/4096, 0x1000}], 0x7, &(0x7f0000001dc0)=""/141, 0x8d}, 0x7}, {{&(0x7f0000001e80)=@pppol2tp, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001f00)}, {&(0x7f0000001f40)}], 0x2, &(0x7f0000001fc0)=""/138, 0x8a}, 0x4}, {{&(0x7f0000002080)=@tipc=@name, 0x80, &(0x7f0000002180)=[{&(0x7f0000002100)=""/72, 0x48}], 0x1, &(0x7f00000021c0)=""/190, 0xbe}, 0x3}, {{&(0x7f00000022c0)=@alg, 0x80, &(0x7f0000002440)=[{&(0x7f0000002340)=""/212, 0xd4}], 0x1, &(0x7f0000002480)=""/140, 0x8c}, 0x7}, {{&(0x7f0000002540)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f0000002840)=[{&(0x7f00000025c0)=""/8, 0x8}, {&(0x7f0000002600)=""/59, 0x3b}, {&(0x7f0000002640)=""/197, 0xfffffffffffffec2}, {&(0x7f0000002740)=""/97, 0x61}, {&(0x7f00000027c0)=""/8, 0x8}, {&(0x7f0000002800)}], 0x6, &(0x7f00000028c0)=""/243, 0xf3}, 0x4}, {{&(0x7f00000029c0)=@alg, 0x80, &(0x7f0000002b40)=[{&(0x7f0000002a40)=""/219, 0xdb}], 0x1}, 0x7}, {{&(0x7f0000002b80)=@ax25={{0x3, @rose}, [@default, @bcast, @rose, @rose, @bcast, @bcast, @null, @rose]}, 0x80, &(0x7f0000002cc0)=[{&(0x7f0000002c00)=""/115, 0x73}, {&(0x7f0000002c80)=""/25, 0x19}], 0x2, &(0x7f0000002d00)=""/247, 0xf7}, 0x2}], 0x9, 0x40002101, 0x0) setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000003040)=@ccm_128={{0x303}, "e6b4e3b469825c67", "1578eb7a94b2e5c68613b57d59e2bace", "a5608b55", "d2f348f56be37ded"}, 0x28) 23:24:43 executing program 2 (fault-call:0 fault-nth:4): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:43 executing program 1: clone(0x270b4300, 0x0, 0x0, 0x0, 0x0) [ 496.634657] FAULT_INJECTION: forcing a failure. [ 496.634657] name failslab, interval 1, probability 0, space 0, times 0 [ 496.638671] FAULT_INJECTION: forcing a failure. [ 496.638671] name failslab, interval 1, probability 0, space 0, times 0 [ 496.736509] CPU: 1 PID: 25964 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 496.744572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.753947] Call Trace: [ 496.756545] dump_stack+0x142/0x197 [ 496.760192] should_fail.cold+0x10f/0x159 [ 496.764353] should_failslab+0xdb/0x130 [ 496.768332] __kmalloc_track_caller+0x2ec/0x790 [ 496.773056] ? check_preemption_disabled+0x3c/0x250 [ 496.778069] ? prepare_creds+0x3c/0x390 [ 496.782035] ? selinux_cred_prepare+0x49/0xb0 [ 496.786524] kmemdup+0x27/0x60 [ 496.789702] selinux_cred_prepare+0x49/0xb0 [ 496.794019] security_prepare_creds+0x7d/0xb0 [ 496.798506] prepare_creds+0x2d1/0x390 [ 496.802394] copy_creds+0x7b/0x4f0 [ 496.805921] ? lockdep_init_map+0x9/0x10 [ 496.809979] copy_process.part.0+0x868/0x6a70 [ 496.814464] ? save_trace+0x290/0x290 [ 496.818263] ? proc_fail_nth_write+0x7d/0x180 [ 496.822758] ? proc_cwd_link+0x1b0/0x1b0 [ 496.826815] ? __f_unlock_pos+0x19/0x20 [ 496.832019] ? __cleanup_sighand+0x50/0x50 [ 496.836239] ? lock_downgrade+0x740/0x740 [ 496.840376] _do_fork+0x19e/0xce0 [ 496.843814] ? fork_idle+0x280/0x280 [ 496.847515] ? fput+0xd4/0x150 [ 496.850694] ? SyS_write+0x15e/0x230 [ 496.854410] SyS_clone+0x37/0x50 [ 496.857762] ? sys_vfork+0x30/0x30 [ 496.861290] do_syscall_64+0x1e8/0x640 [ 496.865184] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 496.870030] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 496.875223] RIP: 0033:0x45a6f9 [ 496.878418] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:24:43 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x20000, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000080)={0x2, r1}) openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x10003, 0x0) [ 496.886117] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 496.893373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 496.900628] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 496.907882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 496.915137] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 496.922407] CPU: 0 PID: 25963 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 23:24:43 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) lsetxattr$smack_xattr_label(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='security.SMACK64IPIN\x00', &(0x7f0000000180)={'@Oproc)!\x00'}, 0xa, 0x2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, 0xffffffffffffffff, 0x0, 0x9, &(0x7f0000000000)='@Oproc)!\x00'}, 0x30) ptrace$setsig(0x4203, r1, 0x8, &(0x7f0000000080)={0x30, 0x2}) socket$bt_cmtp(0x1f, 0x3, 0x5) [ 496.930302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.939656] Call Trace: [ 496.942255] dump_stack+0x142/0x197 [ 496.945895] should_fail.cold+0x10f/0x159 [ 496.950052] should_failslab+0xdb/0x130 [ 496.954137] __kmalloc_track_caller+0x2ec/0x790 [ 496.958819] ? check_preemption_disabled+0x3c/0x250 [ 496.963878] ? prepare_creds+0x3c/0x390 [ 496.967861] ? selinux_cred_prepare+0x49/0xb0 [ 496.972352] kmemdup+0x27/0x60 [ 496.975536] selinux_cred_prepare+0x49/0xb0 [ 496.979872] security_prepare_creds+0x7d/0xb0 [ 496.984358] prepare_creds+0x2d1/0x390 [ 496.988318] copy_creds+0x7b/0x4f0 [ 496.991842] ? lockdep_init_map+0x9/0x10 [ 496.995899] copy_process.part.0+0x868/0x6a70 [ 497.000401] ? save_trace+0x290/0x290 [ 497.004184] ? proc_fail_nth_write+0x7d/0x180 [ 497.008666] ? proc_cwd_link+0x1b0/0x1b0 [ 497.012714] ? __f_unlock_pos+0x19/0x20 [ 497.016684] ? __cleanup_sighand+0x50/0x50 [ 497.020902] ? lock_downgrade+0x740/0x740 [ 497.025048] _do_fork+0x19e/0xce0 [ 497.028484] ? fork_idle+0x280/0x280 [ 497.032197] ? fput+0xd4/0x150 [ 497.035458] ? SyS_write+0x15e/0x230 [ 497.039156] SyS_clone+0x37/0x50 [ 497.042516] ? sys_vfork+0x30/0x30 [ 497.046043] do_syscall_64+0x1e8/0x640 [ 497.049912] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 497.054772] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 497.059970] RIP: 0033:0x45a6f9 [ 497.063152] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 497.070862] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 497.078137] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 497.085416] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 497.092677] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 497.099950] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:43 executing program 5: clone(0x2000, 0x0, 0x0, 0x0, 0x0) 23:24:43 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:43 executing program 2 (fault-call:0 fault-nth:5): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:43 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='wchan\x00') mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x40010, r0, 0x5a2) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000040)={0x5, 0x1ff, 0xffff}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$USBDEVFS_DISCARDURB(r1, 0x550b, &(0x7f0000000080)=0x9) 23:24:43 executing program 4: r0 = socket(0xec5da36adb3d7be3, 0x3, 0x2) getsockopt$netlink(r0, 0x10e, 0x9, &(0x7f0000000000)=""/180, &(0x7f00000000c0)=0xb4) [ 497.247467] FAULT_INJECTION: forcing a failure. [ 497.247467] name failslab, interval 1, probability 0, space 0, times 0 [ 497.323332] CPU: 1 PID: 26002 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 497.331264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.340637] Call Trace: [ 497.343242] dump_stack+0x142/0x197 [ 497.346918] should_fail.cold+0x10f/0x159 [ 497.351098] should_failslab+0xdb/0x130 [ 497.355093] __kmalloc_track_caller+0x2ec/0x790 [ 497.359794] ? __debug_object_init+0x171/0x8e0 [ 497.364387] ? setup_userns_sysctls+0x50/0x180 [ 497.368987] kmemdup+0x27/0x60 [ 497.370177] FAULT_INJECTION: forcing a failure. [ 497.370177] name failslab, interval 1, probability 0, space 0, times 0 [ 497.372191] setup_userns_sysctls+0x50/0x180 [ 497.372294] create_user_ns+0x79c/0xcd0 [ 497.372314] copy_creds+0x3e9/0x4f0 [ 497.395492] ? lockdep_init_map+0x9/0x10 [ 497.399564] copy_process.part.0+0x868/0x6a70 [ 497.404081] ? save_trace+0x290/0x290 [ 497.407885] ? proc_fail_nth_write+0x7d/0x180 [ 497.412379] ? proc_cwd_link+0x1b0/0x1b0 [ 497.416443] ? __f_unlock_pos+0x19/0x20 [ 497.420428] ? __cleanup_sighand+0x50/0x50 [ 497.424671] ? lock_downgrade+0x740/0x740 [ 497.428820] _do_fork+0x19e/0xce0 [ 497.432269] ? fork_idle+0x280/0x280 [ 497.435983] ? fput+0xd4/0x150 [ 497.439171] ? SyS_write+0x15e/0x230 [ 497.442890] SyS_clone+0x37/0x50 [ 497.446256] ? sys_vfork+0x30/0x30 [ 497.449802] do_syscall_64+0x1e8/0x640 [ 497.453695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 497.458551] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 497.463748] RIP: 0033:0x45a6f9 [ 497.466939] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 497.474648] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 497.481941] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 497.489219] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 497.496500] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 497.503782] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 497.511573] CPU: 0 PID: 26017 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 23:24:44 executing program 3 (fault-call:0 fault-nth:4): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:44 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:44 executing program 1: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f0000000040)) r1 = syz_open_dev$dri(&(0x7f00000003c0)='/dev/dri/card#\x00', 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$bt_hci_HCI_FILTER(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000)={0x80, 0x1, 0xfb}, 0x10) ioctl(r1, 0xffffffffffffffb2, &(0x7f0000000000)) clone(0x1000000, 0x0, 0x0, 0x0, 0x0) 23:24:44 executing program 5: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:44 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.overlay.nlink\x00', &(0x7f0000000080)='$system*\x00', 0x9, 0x2) 23:24:44 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r3, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000140)=0x1) shutdown(r2, 0x1) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r5, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r5, r5, &(0x7f0000000240), 0x7fff) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e24, 0x198, @loopback, 0x800}, 0x1c) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000000c0)={r6}, &(0x7f0000000000)=0x8) r7 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r7, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r7, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r7, 0x1) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000200)={r2}) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r10, 0x84, 0x1e, &(0x7f0000000280), &(0x7f00000002c0)=0x4) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f00000000c0)={r9}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000000)={r6, 0x4, 0x5, 0x8, 0x1cbf, 0x409c, 0x7f, 0x3b0, {r9, @in6={{0xa, 0x4e21, 0x8, @ipv4={[], [], @multicast1}, 0x1ff}}, 0x6, 0x800, 0x4, 0x7, 0x3c5}}, &(0x7f00000000c0)=0xb0) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000100)={r11, 0x24}, 0x8) [ 497.519570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.519578] Call Trace: [ 497.531530] dump_stack+0x142/0x197 [ 497.535170] should_fail.cold+0x10f/0x159 [ 497.539767] should_failslab+0xdb/0x130 [ 497.543753] kmem_cache_alloc+0x2d7/0x780 [ 497.547922] ? retire_userns_sysctls+0x90/0x90 [ 497.547933] ? kmemdup+0x47/0x60 [ 497.547946] create_user_ns+0x3ce/0xcd0 [ 497.559848] copy_creds+0x3e9/0x4f0 [ 497.563477] ? lockdep_init_map+0x9/0x10 [ 497.567547] copy_process.part.0+0x868/0x6a70 [ 497.572057] ? save_trace+0x290/0x290 [ 497.575873] ? proc_fail_nth_write+0x7d/0x180 [ 497.580400] ? proc_cwd_link+0x1b0/0x1b0 [ 497.584471] ? __f_unlock_pos+0x19/0x20 [ 497.588457] ? __cleanup_sighand+0x50/0x50 [ 497.592700] ? lock_downgrade+0x740/0x740 [ 497.596857] _do_fork+0x19e/0xce0 [ 497.600325] ? fork_idle+0x280/0x280 [ 497.604046] ? fput+0xd4/0x150 [ 497.607256] ? SyS_write+0x15e/0x230 [ 497.610984] SyS_clone+0x37/0x50 [ 497.614358] ? sys_vfork+0x30/0x30 [ 497.617999] do_syscall_64+0x1e8/0x640 [ 497.621890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 497.626736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 497.631913] RIP: 0033:0x45a6f9 [ 497.635128] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 497.642824] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 497.650093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 497.657364] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 497.664623] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 23:24:44 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x0, 0x0) ioctl$USBDEVFS_GETDRIVER(r0, 0x41045508, &(0x7f0000000040)={0x1ff, "8a9d1831d6698b6c671b57d6d4152734dcacf4a424cbbf21b47ee0dc8950a9e97955cddda05dafe71debcea5e53a29c078d6707830a5aeb004808896ed4c42855ff4940be0f8c906b983422ac0d5ee52b323eb5dde410489577739d79dfa331cebfe84344e41f1e08a5e28fbec9bec5f227c0e4c566ef191e33b4b904647f1a1689a6b399c8c834618c54a52e0d9dcc2b81d50dcb0f8ce88fa48eb64c1b0634127ce6c5d1839871eaba91fb8d3d31429654de87c4d29ce212836fb6b625f277e743e878c9aaa7929749ede6605cc763ecbf6bdd6fac5b521b63a4ffd32cd32cb8a3c3159f7bc1a0df5e6fc612ccf368b13d149d604dd98d3abbd00"}) 23:24:44 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:44 executing program 2 (fault-call:0 fault-nth:6): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:44 executing program 1: clone(0x40890c00, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) getsockopt$bt_hci(r0, 0x0, 0x1, &(0x7f0000000000)=""/43, &(0x7f0000000040)=0x2b) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) getsockname$inet(r1, &(0x7f0000000080)={0x2, 0x0, @dev}, &(0x7f00000000c0)=0x10) [ 497.671880] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:44 executing program 3 (fault-call:0 fault-nth:5): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:44 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x1) [ 497.731308] FAULT_INJECTION: forcing a failure. [ 497.731308] name failslab, interval 1, probability 0, space 0, times 0 23:24:44 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$EVIOCGNAME(r0, 0x80404506, &(0x7f0000000040)=""/144) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r12 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r13 = ioctl$KVM_CREATE_VM(r12, 0xae01, 0x0) r14 = ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0) ioctl$KVM_SET_REGS(r14, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r14, 0xae80, 0x0) ioctl$KVM_RUN(r14, 0xae80, 0x0) r15 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r16 = ioctl$KVM_CREATE_VM(r15, 0xae01, 0x0) r17 = ioctl$KVM_CREATE_VCPU(r16, 0xae41, 0x0) ioctl$KVM_SET_REGS(r17, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r17, 0xae80, 0x0) ioctl$KVM_RUN(r17, 0xae80, 0x0) write$P9_RREADLINK(r0, &(0x7f00000013c0)=ANY=[@ANYRES64=r2, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES64=r1, @ANYRES64=r2, @ANYRES64, @ANYRESDEC=r1, @ANYRES16=r4, @ANYPTR, @ANYRESDEC=r6], @ANYRES16, @ANYRESHEX, @ANYBLOB="16daa8bf401ebc19c2bcdf1d0ea8cf8b1613baee57875730a21a99c48a06808690060138fb99eeb54214b04ec55c47d97fd94d40d1f50d4fe8ba60419edb5f143521eafa78066b211207c81df400951ab48cf619cb57dc055350b421a4bbd8acb12f26cc4811a3e0ce57acbbfb082c48ee5240b7fdf99d0ca5dd41236caf42afdaa8826c2d89343f8830a5e1a8e3490f92043bb8f72258be16ca528f8b3ca0facf48897498617839b553b65b2993225067515b0563c288c09a5a0cbfa5d39926e962455ccafc13bd271b6b9ee820fdaae7bcd7d51afc33555ba72c40f7432a6a0ea90e98c7e0e271", @ANYPTR64=&(0x7f0000001580)=ANY=[@ANYPTR=&(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRES16=r7, @ANYRES32, @ANYRES64=r8, @ANYRES16=r10, @ANYPTR64], @ANYRESOCT, @ANYRESOCT, @ANYRESOCT=r5, @ANYPTR64=&(0x7f0000000300)=ANY=[@ANYRES16, @ANYRES32, @ANYRES16=r14], @ANYRESOCT=r11], @ANYPTR=&(0x7f0000001600)=ANY=[@ANYPTR, @ANYPTR64, @ANYRESOCT=r17], @ANYPTR=&(0x7f0000000380)=ANY=[@ANYPTR64, @ANYBLOB="eaa0d372551341255ca44758059c4faf9171aec999bd7f4bf6269120f2c79821460fdf0888ecb93bb5e59464c18a6458032e1c3578b0e8bfa30cd06d155b291be99c0f404c0534d944ee230fe43c2e6ce35a4fb0931315f53e8fc502d6d3fb9d534f98d7c1a6d6b141109f258b4cc2420d28ea467bd5329f030f5d5841a305d2eae94d386b854e96470f8108e8d8a2ce1173a33b3b48a9e1b7f04447cf425f6e4779fcad481253eabc731c6c7c89fcdf269c9b1032654df1c882fc65b697f7c84704d68a3a666cd1de5bf69aeedf17f4c0beb007a092c298c1447f25746f77b1191697dd0134c39906f289be4b4e8643c7f542ec539556e1d752418cd459e2bbe470d8fd1b29ee7b12c43a1e2e0e9d7ecaa6f0ba0c064c5aad85e58856f40e56e386a464f76e5d8cb5f88ba96a48b46f763d7808bdd5a34c71c71876572a13a489d105e43c1acd3caf3ce198f5cc205b2f4a711d3ccdd7a39255746232e60ba4a79d28f4260c851bb32efeb12670aa8cd2bdb319a23c5568064c4694d6e6fe80e4a905d76066bd6dc445468149af9839bfc51245169d6017326b5b45a1ac2bcff825b3f7b92f2c2f445a79437175a2bc13514f129db8d0f3109adede8af54f3cef228ab62a16ca2de990c053fba45d9f21f0d690098f5dfacb28f20d32f7f8ba9c0b2ad3fa1d76f6f42609ad154e38663c9852fb13e4cabd85f9a8c2c9a1ee4e5e732747b8ad06562ba09a8142ff7b769615f8fb427e39297a09acda91d08f48917b128ff26c7d542bffa3a2e8228c0a9c8bbae0e0c0a27b6e3ed9582647001031c7503ea3715392b1fdb3e4eede88262c92a5e8fc8636d461de1f5f9c71380bfb03bcc7307ef33347daad79fe82959d165566c1b2a6577b42444ef179bf91f19bb2c63c065c780b4e9ab0071f3b3f02ae00de7e874826607a95b35cdc73ca82d5cf055e4a4a76a506567b3f82d0190f2947d6460acf246bbf095d4f166c12f50bab2911b9746a1203afbf6a2b4c385d65d969068c5db5ce3c46e902f6017647886e2941165825a50a4c30dae6d5c6092d4047651ba3ff2de6396dd8f075bc80e039459a0e66ce8630a166254cc58015ebfa8459ac069ecfd8280550193ac8c27b6c9f3362af50178570a39bb9a9c54f074182b322b5053e98ab25181160d4a6213369bb14a35aa96df7fc25a7ad8bc80573b3a4d4fa532be5f28a883dd1996c96048fc011eb0148999cfc4e6e3aef02b1ecbdc9cd7cd8a0b92d62036d0cd87923baba5e300f320c73cdeeb8392d2e082e13ba8311a9a9e9d26710083232dfc8d3b3e51b985484d59d5b2da828fdcefacc47ec422c21ed09fa7ab8ae258d75c0ac513cfc5290ead89abdbb84c0c0f8e5b2bec5cc4d0edd705f4a44965129cc1d066bb1c96d49cb7a1383c832b18f3a350c9ab33fde766f58116592d28711a4bf2fe037009548d34388607cdf4d9231cfd1304be352df5ade200e80f01b9b02703876b0ae6f77338860997b01f477dae9b351fda9c2bfa91b3f777ed593b263625b31147dd199acf965a2583a674ac7103e732f7c9fde60dfa216bac5c696fcea3c2cba6c51db507ecc8074cd87b94830818f00d23f4b157b5146768d1efd83807ec47bb0364ad004a05dcf4b26fa177404dd9a9a1fd28ba14a4d2614003a3d5fcf7e525ef5653c5ae6854bffe7ba580b5b799ce2a1cf29e6b3bdbbc91a6108c9fd890e1cc01f5535e3a7f3b630bb2b8c161313eea3aa0b2c1de9ae344351b1949778facb28c51a2b0a105163d1902b7b1de5e9391293a9450fc7dfa4a67c110f0512f9fd8a551c76af8ca514a3a121cd06052742cfbab3934de5af934b60873c7bfb410458bcf15e8ee078ab3c54f9684aa17c3c0c25456fcf499b72026bbe6257dc921301e865b367705264ab59bb91a2a3973020d0c69332d27a49b023caa84a840d3de36d649181093c068b47abe7e4c0866772f0ab29a7d2d18e084f7bc39d21c262818f629aecf5e13037e44d8ac101779e653b8969afc575e1acfaa038a86d99af3e797bf8984772cdc28c0243d3832327584891224d710e88d18026ee10eb3aadcea317c282b00b29040964b9b6bb52dc9998bf0e6246ab61c309344e46d07143fdd5b77ffa0ba1e761715ae0a851fc0c75d2aeec921b188395b158fe2f0300828d976846a13d7008a27476dd57f154251f775f16f0673bcba21861cd1f42017ad2b9934d5008696f5344463afb41c78e13352c50a8d376c9d5097100d3fb6be986d7a059f2977c4d013ca1cbfd0a1c718a71417618f943d9764f18eb71daa32d79f4144ff3afb2c8dbe1f39cd89567601c3d4c859f02f957a28eb7e35d956ff6dea5780bc223d3c605e2382f159bca84222aaba2126acb74e29b46a9bcd67e48371135ee0c0800dd2b730bdeacd8ea388d9f591e0f530d3963be773e708def7402a8c75da2c23e954219b1a87e11bd79f8e31f6908f93e2927878ae27e316b89276a9d606b3192d15bdb7e392ce16b9015897701cc2020a2219fd1295ffbb0f172b12c9572dd1bff3eedbdb477cbe6a251b77e1c035c078a69aa3e7366660e154475ad42bde31e6b86cda577e03231a524dee6b036ff3cadc105d9deb3f50cf0542d603760fa36485a00848fe5bc347e7c2f1db020d23c22c9124ca6def608a6c7a7e7f003be0ee67a971c1ff0991d73e82c876134a342fd29631e6f981a9abf1d0e9bda6618ae36ac9bf60184dad27b1b241448555e95d531c444900ba7afcb6d87de121364cf76ce9e2ce94d54079f19fea568c18651b000f61b5562ba16cda6f230da274b5999800fa55cfff6f46164add26e2f745146e5bedd4ec940743e095b7e0c5fea29750d74124ce4f5d0d1c4b0d44c25e1123eccfb1327a7c590a90a91820f493eeee22f24e3a4ac8222083a03d47a078066ec8064dcce9fb278b546697a01cc0e850b94ce64f42fb942a7ad04840f896945e175ba1ceb4852762f7adb5de0bcd8e79e1f1ce68130b00282c20319f253797eccf9b2ffb393e63fc215e576bfed90dade963ff0a497321c281e26bdd7573e89b0ffdc643b62f213ef2d7b7ad8699e139642709d19b05fa9aef54a5f43addde2833f1d9bc9fdefc35853bb7d07dfd1ab9712d290429b27193a3caefef70c573e45c5e7899ec3f08180932d4d9817734f2d92f492f4ebca1b330bf278d0dd21a3fc2738f203f16eecd306ddb99491033a57291dedf2ea93c59769b4fe90762a5f0c10541ecf23623e07e3fa9fe05526be3eb1d8d9c0ff91fe1e4963af9163567852a1a66353329cf725b10160773d4516a805310d5adf5c2b719965d283fa0a38ac931fb1e2269a4369124b64f0411b3ba0bcf4f349cdb3e38cb8f2dd2901dd7b093ef045457de0a17434ef988ccf6e79bcbab766777f7a88917994017a1bf41a4488d5b3570aa647609ecb697bbb75aa0f7ea454456e939738ce132cb1d7a64bd59c1c4e510ebd50fddb5581bf3de4253c84c4ac8186316d3f88716c9dda1cf474aa5f796e39a3cee0e1249e01b51a3db9dde2077937e06469ad1b8f823b5a717890b0632a0e868a3841a6cddee88b5750981e3a76ddc4ea08f71b250ef226d96b1b6eaef89a995f321f47c712f545a02eaa3d3d6b232a02570588626167a7d7bf34cd2e3c7b155fa510793ed7ddbceff9614702624a27fd5bd3836f90eb8e8cfb66e380d79b549b35cd1771316d24804621a56b95d8f66c081ae6988ad15359089cd01b9a0f5e5ded1d3a012668efc0ab2d2195f2c89fe8db77086a9f0c365af92197850629f82fcefaf395ce89a100af12ecc9e2104c4ef56522dbf2e500571fca9a909c98e4c212132bf4e98abe456bf1839e7e01113f1300f547d538bbb11fef83784067c6f48325ff30592eb4fa8ab49a0311a155ccec069ffbf53f3eca3d96411e696c4ad091e528f3f8204ff1b4e82ec9138ab7347f82a0ea7bbbcb0f976d34e83766a11c3ec4752305e09dbeeb3eacb04920b3d39ce01d3fd369348b661533db015ca5ab9684532079d4b6d469b3c7c11a0696486a9888491cf881b81731534af4d136fa04398c17009325e5b51953d56a6b60eb05eacba8e85ccd30919a40758ef816fe4f02b9c7edb090920be075911b2c0d7ca751cdcb657de14161519174c88ebfc59adcd87fa7e523de602b2ef265625569c834cc778fd9c14e94cec3cef07d53b66041c9121c0e20a11413bee35e507b707a04f155f5c606c8835c36c81b5ea385730299811743b1786cd656faf7baf0576e1726794c4e49f9836067f10db7e9b66ab7701ab76be94e48e2ea878cfd03839ea511dacb9f6c248ed0377fd8d1dbb40fd40460285fe008935b1ab56e69d4e1a5b03012fd21d412684bb71beaedef94b4c07e1ef4eda7ee68491cad12e1c10e59b113d55cd4462f651917f2d0a090ce8a11656632a750d151356cca28b8bc3ef2205f9b0a276d900123c74c7004ca920b4cb2dd9e2efdfbdaced7ac98b9fa6d04d7641b2e958850c6d80fb20c308bb38d2090a4a9216ddaa3a854f4beef8c1a981d4c686b36721e4543ac058db9fe8a36e0a6fee4b35908703a3958a7e7e95cd047d954e47067283de52f59f2bcae698eb50618bee486b1f6a5f12990bb477ffc7c6d398e4e9dab99035b5d24efe9bf5161adf503ee4ff80b702a4a025a06df1c8d9263ffb7c30919e373871f71c01697ca9afa658ae4d715116eb580e910eeb5051cd998e311fff816d45b1c355d5806a4e18941b21c5fc6034fc9bd40b9db9b53bb745e33b8e484aa6786195db252f481a50cf6abc5fa1893e32b7d87d40f512afbe121feb6e73f851ea331c9d5fb036744647ba8e559cfaed4116d23d76673288c8546d2b963110ea9d8083d6590f257f8ddefe469f1048e9a29b8a279f64b156aac9d2ada840bf6f349c6f5ea915424354cfc901c283899181771eea5037502898e5ab1e3eaa2b0afc851bde5395e8a0ec70575027309b3764a85003955ba5b816b959f26e803871abab84f80e15cd5fb151fb22cfed7c7f5c0bf7959b2f31ed83dcec53ce3c7cf3f1ac856106620e59faf712058d71cd7c7d1d89be23b1a881f8fc16c5268334cd98a14246f84f14e87341d4a5c7dd54f11cb150d8ccb702d1e2ed88aab9fbf2ef55d80a6f724930b6e72e0478201c76e32f4841de051f8065c70ac62d053cb4f12bbfc583ce4e4568b2341020749435a3a8d0d05aa7aab337a42864fba4da487cabefe5cb88c26f2478173eec122ac2ebcbcbaca4cbe42062d55b23613ce0b1b806ac949710307b17c9c54edfc2bba78c11c018234ddb1b3bf407369211e4c00e5891b3b81b05027df27bd58acbeb87a5c47824c2bea11c2a53c5c8dc5c94c1865837b11b3c6764b002a8d0279c991587cd9a9446a18ffa83d664b91d1724183cd837abe0490939a1dbdf027cdac1d0028e601b1b2e1aef939841fd94896bd4c30ba8d870470f020a0de74481e480e25756a455ca36c005e871682bbf6f58131ac35bbffccdd2d1d22211c2783b710e978f8b7868513b1256e6e2aa3509be43af652654433771c9200c2fb913ae564390493a50d47f1e9002f23075201ff6017b557c26b5db01e8dbdbcf4a2af8051f35087ffb83853e0e266a5b42bd245cc14b4d5196d1c4040e713230177312b61ee46fef29e59c32e03929e9a0bd53bb0d81bf2e6d67e3745f6173be858c2f0cc211153acf2a2f4d8dcad26fa76bbbdcd62536585e7dc1d420aa09521c57fc957e6421e25f408ffdbe0f79d55688785c085a142ce"]], 0x124) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$VIDIOC_QUERYSTD(r0, 0x8008563f, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 497.813590] FAULT_INJECTION: forcing a failure. [ 497.813590] name failslab, interval 1, probability 0, space 0, times 0 [ 497.823238] CPU: 0 PID: 26041 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 497.832711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.842159] Call Trace: [ 497.844759] dump_stack+0x142/0x197 [ 497.848401] should_fail.cold+0x10f/0x159 [ 497.852562] should_failslab+0xdb/0x130 [ 497.856554] __kmalloc+0x2f0/0x7a0 [ 497.860107] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 497.865559] ? rcu_read_lock_sched_held+0x110/0x130 [ 497.870579] ? __register_sysctl_table+0xc7/0xe50 [ 497.875423] __register_sysctl_table+0xc7/0xe50 [ 497.875437] ? memcpy+0x46/0x50 [ 497.875451] setup_userns_sysctls+0xbc/0x180 [ 497.875464] create_user_ns+0x79c/0xcd0 [ 497.891762] copy_creds+0x3e9/0x4f0 [ 497.891774] ? lockdep_init_map+0x9/0x10 [ 497.891785] copy_process.part.0+0x868/0x6a70 [ 497.891800] ? save_trace+0x290/0x290 [ 497.891809] ? proc_fail_nth_write+0x7d/0x180 [ 497.891817] ? proc_cwd_link+0x1b0/0x1b0 [ 497.891827] ? __f_unlock_pos+0x19/0x20 [ 497.891843] ? __cleanup_sighand+0x50/0x50 [ 497.891853] ? lock_downgrade+0x740/0x740 [ 497.891867] _do_fork+0x19e/0xce0 [ 497.891879] ? fork_idle+0x280/0x280 [ 497.891890] ? fput+0xd4/0x150 [ 497.891898] ? SyS_write+0x15e/0x230 [ 497.891910] SyS_clone+0x37/0x50 [ 497.946203] ? sys_vfork+0x30/0x30 [ 497.949746] do_syscall_64+0x1e8/0x640 [ 497.953622] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 497.958463] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:24:44 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 497.963652] RIP: 0033:0x45a6f9 [ 497.966828] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 497.974526] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 497.981782] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 497.989037] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 497.996312] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 498.003592] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 498.017135] CPU: 1 PID: 26050 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 498.025056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.034417] Call Trace: [ 498.037041] dump_stack+0x142/0x197 [ 498.040687] should_fail.cold+0x10f/0x159 [ 498.044856] should_failslab+0xdb/0x130 [ 498.048842] __kmalloc_track_caller+0x2ec/0x790 [ 498.053521] ? __debug_object_init+0x171/0x8e0 [ 498.058111] ? setup_userns_sysctls+0x50/0x180 [ 498.062705] kmemdup+0x27/0x60 23:24:44 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, &(0x7f0000000640)={{0x1, 0x0, @descriptor="a7e318d30b6bfd99"}}) fchdir(r0) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000040)="2e18c02ab5e46a2a93a4319443095285e25b8ab738df11eb", 0x18}, {&(0x7f0000000080)="b433d1ef430fff2c98ff18a9be8ca288503157500b2a1849ef9c1c33c7883e73d8d22a4898659d83033b3939e255a0897e86eeff4f31e48c6a5911760fe5f4f9cca5b428c1c254678023cc01563e66859e4a6e1a05f2cec1f63bb45514210f519f666239e0b622e7b2860b2e09f6aa132e567786f1e112aa854208494394ab396bf013053461ecf790ffd3b0031b962bf60b25b72081ca18927f31b4cfc52f4def6e0b846f724a9305bf6b92687de656a9c180ca846cbe46e15a1cecee9c2c75392facc29f144c6c7c24de3c172975349e199c4c91fe64eb03d3904d5444ce4cc4519ccc886cf5d9addd4a4168", 0xed}, {&(0x7f0000000180)="92173fe16dcee3854e1bd160c199886e7ec0db67d04d532a947486200632f6b64d7fc57ab9ec9785", 0x28}, {&(0x7f00000001c0)="1b9d12912fa6463099248e7ba57170ff608609e434baa492c50655ebe96fc535200ebf5f491da2f25ea7ec162b86c2a0fab1bbb8a80dd3a407a2ae465ef2ec7633f2a04fec244e50cb82a129ec16d99a5938a7f52115a022473373b585431a81cc82b2734b40981991236667a8c3fd3d83a40ec893dfba2f355ce7af63965b7d77d09dc7d3b7f6d6e6d1d3eaf2205b631c70a1420c803a386bf0b31cd3e619d2f878d1334ece39e32103def7b0b17d52ca36219669201f0772818ea356e2600fc2e2f59bf187e38162c837c833cbc987", 0xd0}, {&(0x7f00000002c0)="9e9d429c6bfd154e3fbf7e7249ee46c9ba2ab7d73bb1096b9bb9e42647a701c836d552c8f2182bcb4ca272544b2b78c17cbcb7d7999e16e9fc6dbc23966e7cc73af70869f47590ec2c4f2156e893ab2238322a0bbeaaf41e15159e542f60b3b3f1f48d27f478400276cd6465d48bfc3ba96cdbdec3e817a1dbdf5d", 0x7b}, {&(0x7f0000000340)="bf9428a01d7b9f5bf59aea1989330c62e1771bcef33fe8baacd0f6b9c17d546321233cf2d22f9868c208f2d201d5734d6899079438", 0x35}], 0x6, &(0x7f0000000880)=ANY=[@ANYBLOB="b8000000000000000000000007000000440c22661e2511dcd99f94e0072704e0000002e0000002ac1e010100000000e0000002000000007f0000017f000001ac1414180717807f000001ac1e0101e000000100000000e00000024444ee21000000050001000000001000ac1414bbda800000e00000020000000500000001ac14142400000093000000db000000000000000100000000fffffffe89178100000000ac1414bbac1414aaffffffffe000000101000000000000b2dcf093b5474579a60524d03ae9f2ed7882dd2999f9997eb2bf619e471ff6e42fdef4a4bb9011abae66c42d5028c60b3a197d3a454439bd4991a48a9eae5be3f99f"], 0xb8}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000500)="d4af27b0782e26324751c3cfe64e14c3ea703f5b8a8894936bc6abd6738505ef0f98ba657ef79d6223816c5a94c48d3f54d9347895a2d0240821411568dd9b859f3f0e401cfd954e74052346b46ef0937e038babbac82de92034a00782962aa68cd899dee9dabec98f626e26fabfd7e43a6bbe4c7a303c6ba3267539", 0x7c}, {&(0x7f0000000580)="812283d11c8fd32de1b0a54dd788d3936c75cd8470b61619eef879de4ac844b9118f8c32c85e51e27c839f7bee9ece59a59e147762f965cb4957da965f8f0c710c20d1ce1a29d6147358f0e07cfd57b5eb6264aea1c9c8be136650e8569ab4a14bcc2145434b765ade1a", 0xffffff99}, {&(0x7f0000000600)="a384", 0x2}, {&(0x7f0000000640)}, {&(0x7f0000000680)="8b7817b5ba2f127338a781bb901236a05f8e16fe9c3aafa9ce853f6f66d11ce3d30e9ca3fa8148cc38dbc3a5af16bf60b2721c3fb5a4f8d5e13130f90e25ad59b9ad5751151475fa82893cce42cba698de692ecc60b18e1cf32bc5b3277a1e6b4bb13355e39da541c153cae52d681d15dfc72a0f603b0294476b50d77783915a5c3e3edfeccb544055", 0x89}], 0x5}}], 0x2, 0x80) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000840)='/dev/video35\x00', 0x2, 0x0) [ 498.065907] setup_userns_sysctls+0x50/0x180 [ 498.070339] create_user_ns+0x79c/0xcd0 [ 498.074332] copy_creds+0x3e9/0x4f0 [ 498.077971] ? lockdep_init_map+0x9/0x10 [ 498.082042] copy_process.part.0+0x868/0x6a70 [ 498.086546] ? save_trace+0x290/0x290 [ 498.090338] ? proc_fail_nth_write+0x7d/0x180 [ 498.090346] ? proc_cwd_link+0x1b0/0x1b0 [ 498.090357] ? __f_unlock_pos+0x19/0x20 [ 498.090373] ? __cleanup_sighand+0x50/0x50 [ 498.090383] ? lock_downgrade+0x740/0x740 [ 498.090395] _do_fork+0x19e/0xce0 23:24:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r1, 0x0, 0x0) r2 = open(&(0x7f0000000040)='./bus\x00', 0x105046, 0x72) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x9, 0x701480) ioctl$NS_GET_OWNER_UID(r3, 0xb704, &(0x7f0000000000)=0x0) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r6, 0x0, 0x0) setresuid(r1, r4, r6) [ 498.090407] ? fork_idle+0x280/0x280 [ 498.118452] ? fput+0xd4/0x150 [ 498.121653] ? SyS_write+0x15e/0x230 [ 498.125382] SyS_clone+0x37/0x50 [ 498.128790] ? sys_vfork+0x30/0x30 [ 498.132344] do_syscall_64+0x1e8/0x640 [ 498.136243] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 498.141102] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 498.146297] RIP: 0033:0x45a6f9 [ 498.149493] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 498.157299] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 23:24:44 executing program 2 (fault-call:0 fault-nth:7): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:44 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 498.164581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 498.170974] audit: type=1800 audit(1575674684.706:102): pid=26070 uid=255 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=16733 res=0 [ 498.171917] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 498.171923] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 498.171935] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:44 executing program 3 (fault-call:0 fault-nth:6): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:45 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000000)={0x2, 0x7ff, 0x5}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) ioctl$VT_WAITACTIVE(r1, 0x5607) [ 498.294643] FAULT_INJECTION: forcing a failure. [ 498.294643] name failslab, interval 1, probability 0, space 0, times 0 [ 498.317627] FAULT_INJECTION: forcing a failure. [ 498.317627] name failslab, interval 1, probability 0, space 0, times 0 23:24:45 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r1, 0x80045700, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 498.358507] audit: type=1800 audit(1575674684.946:103): pid=26070 uid=255 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.5" name="bus" dev="sda1" ino=16733 res=0 [ 498.389427] CPU: 1 PID: 26081 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 498.397365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.406726] Call Trace: [ 498.409330] dump_stack+0x142/0x197 [ 498.412982] should_fail.cold+0x10f/0x159 [ 498.417154] should_failslab+0xdb/0x130 [ 498.421143] __kmalloc+0x2f0/0x7a0 [ 498.424713] ? lock_downgrade+0x740/0x740 [ 498.429395] ? find_entry.isra.0+0x1e0/0x1e0 [ 498.433837] ? __register_sysctl_table+0x79b/0xe50 [ 498.438794] __register_sysctl_table+0x79b/0xe50 [ 498.443928] setup_userns_sysctls+0xbc/0x180 [ 498.448363] create_user_ns+0x79c/0xcd0 [ 498.452360] copy_creds+0x3e9/0x4f0 [ 498.455994] ? lockdep_init_map+0x9/0x10 [ 498.460070] copy_process.part.0+0x868/0x6a70 [ 498.464574] ? save_trace+0x290/0x290 [ 498.468371] ? proc_fail_nth_write+0x7d/0x180 [ 498.472861] ? proc_cwd_link+0x1b0/0x1b0 [ 498.476920] ? __f_unlock_pos+0x19/0x20 [ 498.480901] ? __cleanup_sighand+0x50/0x50 [ 498.485143] ? lock_downgrade+0x740/0x740 [ 498.489296] _do_fork+0x19e/0xce0 [ 498.492751] ? fork_idle+0x280/0x280 [ 498.496468] ? fput+0xd4/0x150 [ 498.499661] ? SyS_write+0x15e/0x230 [ 498.503374] SyS_clone+0x37/0x50 [ 498.506733] ? sys_vfork+0x30/0x30 [ 498.510271] do_syscall_64+0x1e8/0x640 [ 498.514163] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 498.519015] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 498.524206] RIP: 0033:0x45a6f9 [ 498.527396] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 498.535101] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 498.542374] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 498.549655] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 498.556961] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 498.564246] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 498.571543] CPU: 0 PID: 26086 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 498.579453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.588809] Call Trace: [ 498.588825] dump_stack+0x142/0x197 [ 498.588842] should_fail.cold+0x10f/0x159 [ 498.588856] should_failslab+0xdb/0x130 [ 498.598153] sysctl could not get directory: [ 498.599191] __kmalloc+0x2f0/0x7a0 [ 498.599205] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 498.599217] ? rcu_read_lock_sched_held+0x110/0x130 [ 498.599228] ? __register_sysctl_table+0xc7/0xe50 [ 498.599239] __register_sysctl_table+0xc7/0xe50 [ 498.599249] ? memcpy+0x46/0x50 [ 498.599262] setup_userns_sysctls+0xbc/0x180 [ 498.599275] create_user_ns+0x79c/0xcd0 [ 498.599294] copy_creds+0x3e9/0x4f0 [ 498.599304] ? lockdep_init_map+0x9/0x10 [ 498.599315] copy_process.part.0+0x868/0x6a70 [ 498.599329] ? save_trace+0x290/0x290 [ 498.599337] ? proc_fail_nth_write+0x7d/0x180 [ 498.599344] ? proc_cwd_link+0x1b0/0x1b0 [ 498.599354] ? __f_unlock_pos+0x19/0x20 [ 498.603549] / [ 498.607880] ? __cleanup_sighand+0x50/0x50 [ 498.611476] /user -12 [ 498.616833] ? lock_downgrade+0x740/0x740 [ 498.634591] _do_fork+0x19e/0xce0 [ 498.642967] ? fork_idle+0x280/0x280 [ 498.642979] ? fput+0xd4/0x150 [ 498.642987] ? SyS_write+0x15e/0x230 [ 498.642997] SyS_clone+0x37/0x50 [ 498.643003] ? sys_vfork+0x30/0x30 [ 498.643015] do_syscall_64+0x1e8/0x640 [ 498.643022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 498.643037] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 498.643045] RIP: 0033:0x45a6f9 [ 498.643050] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 498.643060] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 498.643064] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 498.643069] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 498.643074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 23:24:45 executing program 1: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = semget(0x1, 0x6, 0x100) semctl$GETALL(r0, 0x0, 0xd, &(0x7f0000000000)=""/228) 23:24:45 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 498.643079] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 498.680377] CPU: 1 PID: 26081 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 498.680385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.680389] Call Trace: [ 498.680406] dump_stack+0x142/0x197 [ 498.709457] ? trace_hardirqs_on+0xd/0x10 [ 498.719479] __register_sysctl_table+0x762/0xe50 [ 498.719498] setup_userns_sysctls+0xbc/0x180 [ 498.719512] create_user_ns+0x79c/0xcd0 23:24:45 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$SIOCX25GFACILITIES(r0, 0x89e2, &(0x7f0000000000)) [ 498.744958] copy_creds+0x3e9/0x4f0 [ 498.744968] ? lockdep_init_map+0x9/0x10 [ 498.744979] copy_process.part.0+0x868/0x6a70 [ 498.759525] ? save_trace+0x290/0x290 [ 498.759534] ? proc_fail_nth_write+0x7d/0x180 [ 498.759544] ? proc_cwd_link+0x1b0/0x1b0 [ 498.784047] ? __f_unlock_pos+0x19/0x20 [ 498.784066] ? __cleanup_sighand+0x50/0x50 [ 498.784077] ? lock_downgrade+0x740/0x740 [ 498.784094] _do_fork+0x19e/0xce0 [ 498.784105] ? fork_idle+0x280/0x280 [ 498.847829] ? fput+0xd4/0x150 [ 498.847840] ? SyS_write+0x15e/0x230 [ 498.854734] SyS_clone+0x37/0x50 [ 498.854744] ? sys_vfork+0x30/0x30 [ 498.854756] do_syscall_64+0x1e8/0x640 [ 498.854766] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 498.863447] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 498.870839] RIP: 0033:0x45a6f9 [ 498.870844] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 498.870853] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 498.870857] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 498.870861] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 498.870866] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 498.870870] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:45 executing program 4: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x4, 0x0) ioctl$KVM_GET_MP_STATE(r0, 0x8004ae98, &(0x7f0000000040)) clone(0x20000000, 0x0, 0x0, 0x0, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x5) 23:24:45 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) modify_ldt$read_default(0x2, &(0x7f0000000000)=""/213, 0xd5) 23:24:45 executing program 2 (fault-call:0 fault-nth:8): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:45 executing program 3 (fault-call:0 fault-nth:7): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:45 executing program 1: clone(0x8000000, 0x0, 0x0, 0x0, 0x0) 23:24:45 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r4, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:45 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) fcntl$setflags(r0, 0x2, 0x3) [ 499.098503] FAULT_INJECTION: forcing a failure. [ 499.098503] name failslab, interval 1, probability 0, space 0, times 0 [ 499.101124] FAULT_INJECTION: forcing a failure. [ 499.101124] name failslab, interval 1, probability 0, space 0, times 0 23:24:45 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = perf_event_open$cgroup(&(0x7f0000000140)={0x3, 0x70, 0x1, 0xf9, 0x7, 0x80, 0x0, 0x8, 0x80000, 0x8, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb2a522a, 0x5, @perf_bp={&(0x7f0000000100)}, 0x2, 0x5, 0x3f, 0x7, 0x1000, 0x34db, 0x9}, 0xffffffffffffffff, 0x3, r1, 0xc) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xff, 0x8, 0xff, 0x8, 0x0, 0xffffffff, 0x8, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x2, @perf_bp, 0x0, 0x4, 0x800, 0x5638728339e67af3, 0x2, 0x7fffffff, 0x7ff}, r0, 0xf, r2, 0x1) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 499.176577] CPU: 1 PID: 26140 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 499.184525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.193975] Call Trace: [ 499.193993] dump_stack+0x142/0x197 [ 499.194012] should_fail.cold+0x10f/0x159 [ 499.200247] should_failslab+0xdb/0x130 [ 499.200259] __kmalloc+0x2f0/0x7a0 [ 499.200273] ? lock_downgrade+0x740/0x740 [ 499.200285] ? find_entry.isra.0+0x1e0/0x1e0 [ 499.200297] ? __register_sysctl_table+0x79b/0xe50 [ 499.200310] __register_sysctl_table+0x79b/0xe50 [ 499.230185] setup_userns_sysctls+0xbc/0x180 [ 499.234612] create_user_ns+0x79c/0xcd0 [ 499.238611] copy_creds+0x3e9/0x4f0 [ 499.242456] ? lockdep_init_map+0x9/0x10 [ 499.246541] copy_process.part.0+0x868/0x6a70 [ 499.251061] ? save_trace+0x290/0x290 [ 499.254867] ? proc_fail_nth_write+0x7d/0x180 [ 499.259553] ? proc_cwd_link+0x1b0/0x1b0 [ 499.263625] ? __f_unlock_pos+0x19/0x20 [ 499.267614] ? __cleanup_sighand+0x50/0x50 [ 499.271846] ? lock_downgrade+0x740/0x740 [ 499.275988] _do_fork+0x19e/0xce0 [ 499.279431] ? fork_idle+0x280/0x280 [ 499.283143] ? fput+0xd4/0x150 [ 499.286345] ? SyS_write+0x15e/0x230 [ 499.290045] SyS_clone+0x37/0x50 [ 499.293397] ? sys_vfork+0x30/0x30 [ 499.296925] do_syscall_64+0x1e8/0x640 [ 499.300801] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 499.305681] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 499.310867] RIP: 0033:0x45a6f9 [ 499.314046] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 499.322013] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 499.329391] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 499.336670] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 499.343939] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 499.351205] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 499.358481] CPU: 0 PID: 26139 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 499.366389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.375780] Call Trace: [ 499.378378] dump_stack+0x142/0x197 [ 499.382031] should_fail.cold+0x10f/0x159 [ 499.386184] should_failslab+0xdb/0x130 [ 499.386193] kmem_cache_alloc+0x2d7/0x780 [ 499.386205] ? selinux_is_enabled+0x9/0x50 [ 499.394306] ? creds_are_invalid+0x48/0x110 [ 499.402914] __delayacct_tsk_init+0x20/0x80 [ 499.404887] sysctl could not get directory: [ 499.407263] copy_process.part.0+0x1a6c/0x6a70 [ 499.407283] ? save_trace+0x290/0x290 [ 499.411795] / [ 499.416249] ? proc_fail_nth_write+0x7d/0x180 [ 499.420078] /user -12 [ 499.421742] ? proc_cwd_link+0x1b0/0x1b0 [ 499.432660] ? __f_unlock_pos+0x19/0x20 [ 499.436627] ? __cleanup_sighand+0x50/0x50 [ 499.440853] ? lock_downgrade+0x740/0x740 [ 499.444997] _do_fork+0x19e/0xce0 [ 499.448439] ? fork_idle+0x280/0x280 [ 499.452294] ? fput+0xd4/0x150 [ 499.455486] ? SyS_write+0x15e/0x230 [ 499.459201] SyS_clone+0x37/0x50 [ 499.462568] ? sys_vfork+0x30/0x30 [ 499.466111] do_syscall_64+0x1e8/0x640 [ 499.470008] ? trace_hardirqs_off_thunk+0x1a/0x1c 23:24:46 executing program 1: 23:24:46 executing program 4: clone(0x410100, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x220101, 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21}, {0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x0, {0x2, 0x4e21, @remote}, 'ip6erspan0\x00'}) getsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000080)={'team0\x00', {0x2, 0x4e23, @multicast2}}) 23:24:46 executing program 5: clone(0x787467f2cfa9d9c, 0x0, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$clear(0x7, r0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f00000000c0)={0x42d, 0x0, 0x2, 0x401}) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x1f, r3, 0x10000, 0x7}) 23:24:46 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 499.474892] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 499.480101] RIP: 0033:0x45a6f9 [ 499.483293] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 499.491022] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 499.498321] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 499.505588] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 499.505593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 499.505597] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 499.517395] CPU: 1 PID: 26140 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 499.535601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.544959] Call Trace: [ 499.544975] dump_stack+0x142/0x197 [ 499.544988] ? trace_hardirqs_on+0xd/0x10 [ 499.545006] __register_sysctl_table+0x762/0xe50 [ 499.545021] setup_userns_sysctls+0xbc/0x180 [ 499.564516] create_user_ns+0x79c/0xcd0 [ 499.568506] copy_creds+0x3e9/0x4f0 [ 499.572142] ? lockdep_init_map+0x9/0x10 [ 499.576214] copy_process.part.0+0x868/0x6a70 [ 499.580724] ? save_trace+0x290/0x290 [ 499.584538] ? proc_fail_nth_write+0x7d/0x180 [ 499.589038] ? proc_cwd_link+0x1b0/0x1b0 [ 499.593111] ? __f_unlock_pos+0x19/0x20 [ 499.597094] ? __cleanup_sighand+0x50/0x50 [ 499.601449] ? lock_downgrade+0x740/0x740 [ 499.605702] _do_fork+0x19e/0xce0 [ 499.609155] ? fork_idle+0x280/0x280 [ 499.612859] ? fput+0xd4/0x150 [ 499.616051] ? SyS_write+0x15e/0x230 [ 499.619753] SyS_clone+0x37/0x50 [ 499.623104] ? sys_vfork+0x30/0x30 [ 499.626636] do_syscall_64+0x1e8/0x640 [ 499.630597] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 499.635428] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 499.640601] RIP: 0033:0x45a6f9 [ 499.643774] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 499.651478] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 499.658760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 499.666028] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:24:46 executing program 2 (fault-call:0 fault-nth:9): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:46 executing program 4: openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x0, 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f00000000c0)=""/122) pipe(&(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:46 executing program 1: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000180)='\x00', r0}, 0xa) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 499.673646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 499.681028] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 499.735692] FAULT_INJECTION: forcing a failure. [ 499.735692] name failslab, interval 1, probability 0, space 0, times 0 [ 499.823560] CPU: 0 PID: 26167 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 499.831498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 499.840862] Call Trace: [ 499.843466] dump_stack+0x142/0x197 [ 499.847116] should_fail.cold+0x10f/0x159 [ 499.851308] should_failslab+0xdb/0x130 [ 499.855313] kmem_cache_alloc+0x2d7/0x780 [ 499.859523] copy_fs_struct+0x43/0x2d0 [ 499.863593] copy_process.part.0+0x3974/0x6a70 [ 499.868170] ? save_trace+0x290/0x290 [ 499.871959] ? proc_fail_nth_write+0x7d/0x180 [ 499.876524] ? proc_cwd_link+0x1b0/0x1b0 [ 499.880587] ? __cleanup_sighand+0x50/0x50 [ 499.884808] ? lock_downgrade+0x740/0x740 [ 499.888942] _do_fork+0x19e/0xce0 [ 499.892394] ? fork_idle+0x280/0x280 [ 499.896098] ? fput+0xd4/0x150 [ 499.899276] ? SyS_write+0x15e/0x230 [ 499.902985] SyS_clone+0x37/0x50 [ 499.906331] ? sys_vfork+0x30/0x30 [ 499.909858] do_syscall_64+0x1e8/0x640 [ 499.913740] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 499.918573] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:24:46 executing program 3 (fault-call:0 fault-nth:8): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:46 executing program 5: clone(0x4019000, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000040)={0x100000001, 0x1, 0x7}, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}, {}]) [ 499.923744] RIP: 0033:0x45a6f9 [ 499.926926] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 499.934617] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 499.941873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 499.949145] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 499.956407] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 499.963665] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:46 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @local}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0x8e, @time={0x77359400}, 0x63, {0xba, 0x2e}, 0x2f, 0x2, 0x7}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:46 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:46 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x104000, 0x0) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x715c0b6dd924d857}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r1, @ANYBLOB="860425bd7000fedbdf2501000000100001006e657464657673696d000000100002006e657464657673696d300000100001006e6574000000000000020000100002006e657464657673696d300000080001007063690014000200303030303a30303a31302e3000000000080001007063690014000200303030303a30303a31302e30000000000800010070630d0014000200303030303a30303a31302e3000000000"], 0xa8}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000200)='/dev/input/event#\x00', 0xffff, 0xadbc719bf9188c97) ioctl$EVIOCRMFF(r2, 0x40044581, &(0x7f0000000240)=0x2) 23:24:46 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000040)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'ean0\x00'}) getgid() ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000000)) [ 500.036815] FAULT_INJECTION: forcing a failure. [ 500.036815] name failslab, interval 1, probability 0, space 0, times 0 [ 500.092762] CPU: 0 PID: 26193 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 500.100707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.110072] Call Trace: [ 500.112664] dump_stack+0x142/0x197 [ 500.116317] should_fail.cold+0x10f/0x159 [ 500.120469] should_failslab+0xdb/0x130 [ 500.124435] kmem_cache_alloc+0x2d7/0x780 [ 500.128584] ? __sanitizer_cov_trace_pc+0x31/0x60 [ 500.133415] ? selinux_is_enabled+0x9/0x50 [ 500.137650] ? creds_are_invalid+0x48/0x110 [ 500.142066] __delayacct_tsk_init+0x20/0x80 [ 500.146732] copy_process.part.0+0x1a6c/0x6a70 [ 500.151305] ? save_trace+0x290/0x290 [ 500.155089] ? proc_fail_nth_write+0x7d/0x180 [ 500.159572] ? proc_cwd_link+0x1b0/0x1b0 [ 500.163623] ? __f_unlock_pos+0x19/0x20 [ 500.167600] ? __cleanup_sighand+0x50/0x50 [ 500.172078] ? lock_downgrade+0x740/0x740 [ 500.176212] _do_fork+0x19e/0xce0 [ 500.179652] ? fork_idle+0x280/0x280 [ 500.183367] ? fput+0xd4/0x150 [ 500.186561] ? SyS_write+0x15e/0x230 [ 500.190277] SyS_clone+0x37/0x50 [ 500.193625] ? sys_vfork+0x30/0x30 [ 500.197149] do_syscall_64+0x1e8/0x640 [ 500.201020] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 500.205850] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.211032] RIP: 0033:0x45a6f9 [ 500.214215] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 500.221906] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 500.229162] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 500.236421] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:24:46 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'bridge_slave_1\x00'}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000000)={0x20, 0x0, 0x9e7af396ef16e41b, 0xae09}) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x40000, 0x0) getsockopt$CAN_RAW_RECV_OWN_MSGS(r2, 0x65, 0x4, &(0x7f00000000c0), &(0x7f0000000180)=0x4) ioctl$DRM_IOCTL_SG_FREE(r0, 0x40106439, &(0x7f0000000040)={0x0, r1}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) close(r0) r3 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x2, 0x2) sendmsg$nl_route(r3, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@getneightbl={0x14, 0x42, 0x200, 0x70bd29, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x24004800}, 0x1000) [ 500.243672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 500.250945] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:47 executing program 2 (fault-call:0 fault-nth:10): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 3 (fault-call:0 fault-nth:9): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) gettid() 23:24:47 executing program 4: memfd_create(&(0x7f0000000000)='nodeveth1\x00', 0x8) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x802, 0x200000) 23:24:47 executing program 1: ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000001440)=0x0) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x6, &(0x7f0000001380)=[{&(0x7f0000000080)="132fd82ea1d3616b2665cdf86957915e8c01ead0b0fa0c2ae4385ddbddf562c7ed4a0560042c4ef353e5e7bb1f7f6c86208f4563f67c892867800aaf4bcf6af2281b0e0f4943b231478afd29c40d4a139c3ecd3f4ee88750648ca569124924edbc4d8dfe68b3cb165803eb0df1b9464ff142f923fdf833c7d990556d207dbf63e4eebc8398010f7b70d81b56248bd31babc63021d96bd2b4506ed21b2c42c13423ad7db962c09666669b5149c85d89de6b65e2b70cb4271fec8d7967bb62a235a8827c782647d9fbb2ea5c0a0df1cec07e6437cb536228dda8089d0d3dba5c9cd81d11ae6fc545a08862c33c10e0d09c645cf287088deb4cb1d988477a15d7255eed260a3399f8f07c7016dfcd2d47355020db7f4811d62c62079c39a104848522befb41b7910cc31ae2d4f7327cad53a457af7cb61f7464871868282da87c9ef4b639d192f6d2f0129d14ec308cf1cdc7e392c2f98db7f1c00ae44381b8ae403df081cf53e37a27e27c14156bac0ea98d2fa59b84a30fa116a64107bf2501bfdaab136d777add968370fe3494288503859a683222ef78a8b5b40650702a2c5cdb7491fb54f33eef1e3646f35c7ce0be755e5f0f9d6b33a8d8df7b22f1e35011231dacb7ea6f18886ae8d15fc4b755f0423b78399a8d9390d4b02c4e4c350cfd344a7ee4da14c62459b226ffa9ebcb39e32c5393e21b44d067d9b9a1dbafa7430c1641301b59bddbdbf43f5df559623c93bafd52cc6dc116b04fca850399e523e7520c69ad3df258c8331aab38f63857c553a301a3ba1b50639c2b518b33dc35e531d45efaf4a9ce0ac42104837cbf10c4650bfffb3c4774c42a7cb1b05f5f05fca01134965af9dd578d034d9b13163a4127c031c95f0e5e5f3f57f20bce74fbf4928fa9c7d2976287fd6261862cab224f1f0e09ea00a345178d204904fe1bae1f93a9b275d521bf32b3decb5eba3ec89aa9b4e0e3db43a37cc4a0583d80699d0c035cc7c269828bacc3ec6cdb373242541d40aaaf1d37f119bf55f2dc841a3adefebf113ba9090368f00750d92050b7c4656b574facc816922ccd52416a1fefe660e6b6537881ab6cb92382fe658d13a8eecd4ee44379a969555cfbc0978e0abe10322499a56973000d5ad876d15963871e1d60cbd51a9b606540586695931175d60112c6e95aa4b227d93c315bcf4191d7b9ddebe5415aa7920b9b195ba11efdea6f3e99f32dc3e4da0a49dff895b025d82059456d865be5f3c6a5511f9838f93c6977c2d523294134368a6eb8221853a40f46c83c371e7bef268f0903cba0d888f1a100bcf1b6e22c7950d5f5cbe391b156a3402dc6e1ca16f660830cfb7bb91b7907c45d02262090d90c054b2af6ccb19ee06bd10a9932eecbac91ddf60ded678ab8258db4ba6117f4e91b62879fd44731e100b351beb86f41777b057c2c2c5660c04b8e9ce74dd91f29ce2128944d467083228721598ae7db14654f76b13155a6b7bdfccce3923bb420b21588d146374accb12c353e242d5ba60d83cf8eae0503f77492fa744d8665ea4331ce773ec86ae42d0bbac27d6cc9b4ecd99edc57d208d536a9c11c4fe7f001f57c9734d8fb3d3bab5a0add13ae600ee3c41b7c023241cd9738c54e8eff9fff9c8a765d8c9d3e0c32dd2687c56c86c1bd4bee074a2802093a720a41e29cf3aa0bc9138f05e487ecdd4730b6e15fdd2aaf34fac783a3e5edfd390b1d6fce6492739a473ca3794c4267d3bc62657883e5da79471e895c5b66b302349197954f52d93dff452dfc7174b9c8d2cb488260f8e83611a6337ef9a7b622728471963a9f32b9ce16d6e036439b8f3218abed315daa38be3598aa0e32eca513cd1d7654b74c9891cace720056d4f5eee5a3e72e91a4cd5066d006488576ba309e2e2b7e34c65e3b93f31a5d53a33da98ca01bd9a7546321b5d8247fbe5cafb6267ba1eec81979ec47cb2421ed18b0522b72abe3b099838756450b1fd6e015ce0bea6d86d7e03d28a29b1f930da3b2d426b4cf5705952f9cec348eb004f68d82d9af9ea9b81d8d8d7fdf0305eeef7bcdb2d4ee380d05ade7117a742221e00b0b1491eba9bd2245e420a0a3fd2b5a8494f0113673b5b10bd340790cf10f188afcfd979c02f29dfc929bc298a224a2eb20af81bd255855a4ddd8ce1e9d7130aa7fb5f7c1d235edb319a358892239d47d033d9a68f7beac2d3587324fe7fba19eb553a984f936a8d52e8be6368b7904f73e45bbe923e59443a57f31582a25e388af50fc97d149f32b6d24ad01e74938c779e80d70a3f93a438a67ea53daa8e14024f665c045a7c87df86efc48a8a1457e09400e57b55317902b1d9d72dcdfeae493e56626cc95c62155cd8d8fd7d0031653f2384614945aafcbd6a79e1708a09d2722ad1ab99b3764a6dab49f72de10b04f004578539691bc6ae452e8d83c97b0981c9ac4ef2d899ce2c00cb7b0ce7beae81ec3f1f98d823dc1e653e170946420d323f0b0360f4028695fddb71924ed3e12c26a1d5ec03e8c04dcc3c5a2dd97ad2d034c756731216933e2bc560b7bb961606014d5ec826ae87b9d463e762072df9b720bfefa6a58f36ad8017e914ece5d001acb2d69d4b0f0f3b8e7429c3f7c3989d5db0a3bfc239489d37ca2cde3eeb654f7d25c90b98004d2a0a3a7a89e6bab4bea7f4810d6b308596148209676371458cfe3971defdf87b290190a7b9446594b27b7630e02eca95af98f9ec8b0d4d8c936cd94b77063168825d4d6144d8b34b4821db67adbf29543bff104f1bb45492ac73d86c10efe58197eff335dce8dc6d6cba133416d107d04350973d5f1eceadc0ac87d7588b111f227cb2c8e91e34af6d38c4ac8d9caaae05d06e6ef1446394688f347b5cb3edd149ded8ebc0fb16f17c16014d57b4ecb0be4e0c8b39159645f01f184836dde097bad57de77eb86c475f14cbd920fc74f091b40436ad1a407d0ada87eb4ac762c34e3e5f38daad9cb5a97b7ce1f07d1428cb6518a673e2a9de80a93006391a0006c58f11a14fd8e6d6b4bb9a5927e6d99a82b29c5e07d1c6fe8e6537607bd03e8908bb1301c3714ed670154ddcec6c40e1399c6a4847f8c849f0710db48a34691298c52b9c4ac398328c5ce9edeab9cd03b3626bc204c15041cc2f2c1b0b51e7dfd2d12cbadd3fb693f8f88832e8a8cf6c715c6a7d4a34d9607e522568758fd3b9ba1a7e552bfd580cf423194133baa06df80b7a3fd91a7363c2e19a1de2289968188fb1dee8fb16d5bf4a3ade3ec2fe5b7c93d5f6cccbf006f5d3ab4aa6638b8b05eccb9044a41f181fac6e0b20c09c0ca886407adf3d66fe339e3454a154d89355cfdb1d8cff1782ac05ddf8ef5d4df8b129bfe177be8eb8dc5b4158e5e93d51f4f7cf367feeb58a03480fa3185fbd4e329aefc96cd5eeecd8021a628fc66e937ee69a0e6525cb8e2f3e54ee160b06ec1910a437eea951408322ebeb17eb7b8c7fadc63e400b8155a7a124cd76c38cf65a52f1f9db2628e7bfb225e585eb06f70deddcf5a8cf760ef9c0b039763bd78df454ea941e5e753382227a5720e123f87e020413c1bfd98bebf483159740258342a3f709626989eb69cd7e8057751322cb357cbf188c55cb85ae5947cd1b8cc56728cedd834d8db35997a64bbe2454964b6fc9a2ef99396cb10917b21bae43ceeb9d2a2aaf1341dfc4a783b69631efce896b4f299903dcd437083ab1f15bf2de63c43ecc51f0838011d0812aacdd2e97d79a0570ec8ea00adeed98a91dd299fbaff182f84c0634b5991b90368108e76813a0826e81d92d4e0193db3b5f04b6f047732d3718a592d658b7299fa578ce451a68598ed58b6f0acbf014ec582c1436f188443a20f9da120ed7a75de786ca42756c0441d2b20ced935a0b4dcc6f8589a9aa4bd4c77fbe047431312c09b4c4e0390756ae156d24f558d00f56c371d25d94e85a4c1c89f9c9fce9a91d49f062ce486e4041cd0aac064853bb694a1478c69526f7718068de21eab1b96499b4fb6fa683e3ac1d49d186bbd1ca8ee48d90c5e2a5ed13e7b909a7cee6718d41ff57fdd969e24627f7104602ddf8c76136afd7d9f3ab18440c77afb5d1162cea8ac41b5e25a327c768c632ca4cbebffd9b28ab2bad90c24cec95a5de8a283f1c996d9fe87b81d7ac6b1e44620716b1071d159ffe642b519bf8c750dc45f88c8027981cb01290aa2630384edc26a018fcf3718f7eca59c13d64443b561d590ac5958e092eb0cec418d673ed6a0e8acfad94c4fced65356127c1aee4efadbc8b043af2f47033b8a0fa930ddd32c91f47271090de00ed3f455766adb82844bb17423f0e420b5b169a47addf916b11b72fd0c6f6bd214a582b67f5e25bb86e393144410b86b4722ca0310677d7f2aafb2fa07132efb4811801fa928d63a92638fb7008760ec7e6c9aec3b144e59c41fc18cd7772aaa1d06354bfa1d28a03816e403c84696b0d46b2b3a4a9c80d4e1f18e33867502b442cf32665552c2fda60886ce44221641af550805b765956aee64c43ed5058493d029620eaee4ad2fbe5bdbcf2e6eb9efb3d9db46578cd0e6916f7f9e883060bd0feeef29ab9b04a1f6d514ce62b8b5919744b465fed6f1318eeb666dd6f913e0ab1b91aca5d9c0cf8fa450bc8950ce8ad6fc3c73a450fb088cae90b8fcb2b3a679d7ac1569d6956946c68b4cfe555bb465a6c04c0b66179b83d3113435675ffda5f95378421bfee69127f9ea6ab197c19258c3add74d385a5c3ac05a0c9daa5310046f41fef0aec0923c6f4d465517bf71b3f2d6f2f87d633a88cfc7d42661ae71232e628cd7b41df356f46093035cb08f212305f5ba82addbeeaa854b54afe91f4b8332c72cbb2bf0773a29833d706bf27c9006046dbd80194ff7cfa75081419f8194849651e183d20739e33455e31b32f48be27fb245db0e4ad2ee392ceb592a655d1c0ed1882df7f33d284bcae54217416b66b60fc7a86ce2d5ee81ec6a706ba368832e5834d9d412dc3003b0f79a98c895585e8a1fe141fbb4c18de24fb4cc8c16fb001a5ebf68157793327d7eb5d0837a0f19edc458d347555b83164c485a01ba96904f1c787013806a8d16fa4b0a913ae1e080f19fce3d21d336b9806d15e96a3fc8c69b333625eb03093be4ae8e9b141872dcc4db5187afe0575436259266096840cd7a02afecfdf3b7b946165fdbc8a84086ee6638655301d0fed5715611d8a2641b7608916f03ee9603c0f70bea4f939a44abe5dba271423db239b97c729c392edaa850e3a907f857073d00ae396ed099e5aba6a39394105b5eff0021674086ffa8537ef1f24e9a35cfdcbfc4559fa7b98ea56a1e8626c49e4d7e28114aa7c0b8780c6eb1f3b01a11982d1ac673a920e8c3c3223e9851b2358843c7c4fbd7443c0cb9de3c1ccae33047d2038da8d36d88d000ef2ee7b300c4923b8da4bfad25ab1e8fbb2ee816b71339a8e48c0f67b86d8280ab63d7815664a0f6a5669b3de0bba15081431ffaab2404445669515c0f90c3ce28e1c6dde7b6bde25d863bb17eef08450ba1ddd3ae36b2099bcc53b314cf5869fed6c021335b17b6eb0fb3530ac43e6c808d3250bdb267bf68c91abfb0f09c76d24352c90f8c4157d0fb7a2c4d8449053e224af0b8975471aa6c6f488e32ac3ee3d8b370db1eb8b5ae23dd9bfaa84d029ffc97f32714b80f8f22456d354082552f6c9b7899efe5b9fc0b478867d474ba96e159b0aa020eb870a4a251ab2e75f925bea9c3576b93dacc9b5af83f71ca47952a777c850718a375bc", 0x1000, 0x7ff}, {&(0x7f0000001080)="0a030f1ba0fc68eac4e13e10fdf8", 0xe, 0x401}, {&(0x7f00000010c0)="0f25633472c7fc9d03d697a47ea91487f5929511a15c55be400785065b3b8f6efbf39c6ada82917cf8e0878d74b910e37f4d5d29ef83363d595a10653473b3e1004bca6bb4611953f73857c583fa649d86ea4364ebd0d912562bae495563c17c4a94338bb6de3bbdaf05877732d4d551345988768ccfacf72e55d34b70efe56c10939e2a482456c5d12a480ccd7a041075d8895cadafedcfd6a7289464cf158aeb86db8096b43b055098c425e92965a1fae8d151b68ae79e708a0e9db0dcc4e65adb22ac805a9538539bed5c3bc7", 0xce, 0x3}, {&(0x7f00000011c0)="c6dccfc5a11a5fa8938905092a91251d71ea28be88d8e30719c5ddfcd6ddfe4a00d8ba77a940d3ebda645208927d6fe47a1c7f0931ae4c49d1e69e76d0dedc40e178f04e1de830d1986f8830157b59d4c49aee0ff23d0d4a23008a453f30a823b9bead46db10cf607746b9b6edd62e2adfb21ef05a1ea2a1c217728f26f6e9fb6f8f0169af4c906d678773043f57c6e59634b193ac8f4f40faca5cba2a4fd4db37215ab85a298bbc893e27ae44ea4b44b4b173d5160c902ece76211d8e82a67054c633997f61fa16694658c38aa7e1c6ab85aef00902", 0xd6, 0xfe}, {&(0x7f00000012c0)="ed16426d550e4b2be552f37f60aad86dc789ce39687f1650f480", 0x1a, 0x1}, {&(0x7f0000001300)="df290b3342cde533a42bd00f2dc4b99e903fa1bfd31457b766a104d3df27bc6e821ce69c90f2963b0a4a31175f54796d74321199258ce8e5acdb7066f22a7a5c762fb433bc05b97689ef21fe54d5669f22b3a5887b0a9e34c980708745a06aee126b94fa55b0bfdf51679c36b390ebe3cdb84aea2c6f5de0317d972be6", 0x7d, 0x200}], 0x20000, &(0x7f0000001480)={[{@nodots='nodots'}, {@nodots='nodots'}, {@dots='dots'}, {@nodots='nodots'}, {@dots='dots'}], [{@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@uid_eq={'uid', 0x3d, r0}}, {@defcontext={'defcontext', 0x3d, 'root'}}]}) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) recvmsg$kcm(r1, &(0x7f0000002c00)={&(0x7f0000001500)=@caif, 0x80, &(0x7f0000002a80)=[{&(0x7f0000001580)=""/210, 0xd2}, {&(0x7f0000001680)=""/4096, 0x1000}, {&(0x7f0000002680)}, {&(0x7f00000026c0)=""/246, 0xf6}, {&(0x7f00000027c0)=""/228, 0xe4}, {&(0x7f00000028c0)=""/2, 0x2}, {&(0x7f0000002900)=""/85, 0x55}, {&(0x7f0000002980)=""/247, 0xf7}], 0x8, &(0x7f0000002b00)=""/198, 0xc6}, 0x100) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 500.408054] FAULT_INJECTION: forcing a failure. [ 500.408054] name failslab, interval 1, probability 0, space 0, times 0 [ 500.409654] FAULT_INJECTION: forcing a failure. [ 500.409654] name failslab, interval 1, probability 0, space 0, times 0 [ 500.479695] CPU: 1 PID: 26231 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 500.487644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.497011] Call Trace: [ 500.499609] dump_stack+0x142/0x197 [ 500.503243] should_fail.cold+0x10f/0x159 [ 500.503259] should_failslab+0xdb/0x130 [ 500.503271] kmem_cache_alloc+0x2d7/0x780 [ 500.503288] copy_fs_struct+0x43/0x2d0 [ 500.503299] copy_process.part.0+0x3974/0x6a70 [ 500.511536] ? save_trace+0x290/0x290 [ 500.511548] ? proc_fail_nth_write+0x7d/0x180 [ 500.511555] ? proc_cwd_link+0x1b0/0x1b0 [ 500.511575] ? __cleanup_sighand+0x50/0x50 [ 500.511587] ? lock_downgrade+0x740/0x740 [ 500.511599] _do_fork+0x19e/0xce0 [ 500.511610] ? fork_idle+0x280/0x280 [ 500.511622] ? fput+0xd4/0x150 [ 500.511629] ? SyS_write+0x15e/0x230 [ 500.511640] SyS_clone+0x37/0x50 [ 500.511649] ? sys_vfork+0x30/0x30 [ 500.565845] do_syscall_64+0x1e8/0x640 [ 500.569729] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 500.574570] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.579832] RIP: 0033:0x45a6f9 [ 500.583008] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 500.590715] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 500.597985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 500.605245] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 500.612509] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 500.619766] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 500.627050] CPU: 0 PID: 26229 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 500.634959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.644325] Call Trace: [ 500.646927] dump_stack+0x142/0x197 [ 500.650574] should_fail.cold+0x10f/0x159 [ 500.654740] should_failslab+0xdb/0x130 [ 500.658748] kmem_cache_alloc+0x2d7/0x780 [ 500.662911] copy_fs_struct+0x43/0x2d0 [ 500.666813] copy_process.part.0+0x3974/0x6a70 [ 500.671436] ? save_trace+0x290/0x290 [ 500.675226] ? proc_fail_nth_write+0x7d/0x180 [ 500.679805] ? proc_cwd_link+0x1b0/0x1b0 [ 500.683860] ? __cleanup_sighand+0x50/0x50 [ 500.688195] ? lock_downgrade+0x740/0x740 [ 500.692335] _do_fork+0x19e/0xce0 [ 500.695778] ? fork_idle+0x280/0x280 [ 500.699479] ? fput+0xd4/0x150 [ 500.702654] ? SyS_write+0x15e/0x230 [ 500.706355] SyS_clone+0x37/0x50 [ 500.709702] ? sys_vfork+0x30/0x30 [ 500.713228] do_syscall_64+0x1e8/0x640 [ 500.717103] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 500.721934] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 500.727108] RIP: 0033:0x45a6f9 23:24:47 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000000)={'security\x00'}, &(0x7f0000000080)=0x54) r1 = open(&(0x7f00000002c0)='./file0\x00', 0x141042, 0xe93079ef2092687e) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240)=0x1, 0x6) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_PPC_GET_SMMU_INFO(r3, 0x8250aea6, &(0x7f0000000100)=""/202) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000280)={0x2, 0x6}, 0x2) 23:24:47 executing program 5: clone(0x3000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x8, 0x2300) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setgroups(0x1, &(0x7f00000002c0)=[r5]) getgroups(0x3, &(0x7f0000000200)=[r5, 0xee00, 0x0]) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='fuse\x00', 0x1008000, &(0x7f0000000240)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r6}, 0x2c, {[{@allow_other='allow_other'}], [{@defcontext={'defcontext', 0x3d, 'sysadm_u'}}, {@dont_hash='dont_hash'}]}}) sendfile(r0, r1, &(0x7f0000000040)=0x7fff, 0x0) [ 500.730283] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 500.738235] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 500.745516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 500.752785] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 500.760054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 500.767315] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:47 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:47 executing program 2 (fault-call:0 fault-nth:11): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 1: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000040), &(0x7f00000000c0)=0x250) clone(0x787467f39aa189c, 0x0, 0x0, 0x0, 0x0) [ 500.885469] FAULT_INJECTION: forcing a failure. [ 500.885469] name failslab, interval 1, probability 0, space 0, times 0 [ 500.922524] CPU: 0 PID: 26264 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 23:24:47 executing program 4: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000000c0)={r2}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={r2, 0x1ad}, &(0x7f0000000040)=0x8) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x3b}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000100)={r3, 0x8, 0x7ff, 0xf09f, 0xb0, 0xfffc, 0x2, 0xfffffff7, {r5, @in={{0x2, 0x4e24, @empty}}, 0x81, 0x8, 0x80, 0xbcb, 0x8000}}, &(0x7f00000001c0)=0xb0) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000200)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 500.930486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.939853] Call Trace: [ 500.942464] dump_stack+0x142/0x197 [ 500.946111] should_fail.cold+0x10f/0x159 [ 500.950283] should_failslab+0xdb/0x130 [ 500.954268] kmem_cache_alloc+0x2d7/0x780 [ 500.958433] ? selinux_capable+0x36/0x40 [ 500.962546] create_new_namespaces+0x34/0x720 [ 500.967058] ? ns_capable_common+0x12c/0x160 [ 500.971487] copy_namespaces+0x284/0x310 [ 500.975565] copy_process.part.0+0x2603/0x6a70 [ 500.980161] ? proc_fail_nth_write+0x7d/0x180 [ 500.984660] ? proc_cwd_link+0x1b0/0x1b0 [ 500.988722] ? __cleanup_sighand+0x50/0x50 [ 500.992951] ? lock_downgrade+0x740/0x740 [ 500.997094] _do_fork+0x19e/0xce0 [ 501.000536] ? fork_idle+0x280/0x280 [ 501.004238] ? fput+0xd4/0x150 [ 501.007424] ? SyS_write+0x15e/0x230 [ 501.011123] SyS_clone+0x37/0x50 [ 501.014473] ? sys_vfork+0x30/0x30 [ 501.018000] do_syscall_64+0x1e8/0x640 [ 501.021875] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 501.026731] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 501.031904] RIP: 0033:0x45a6f9 [ 501.035076] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 501.042769] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 501.050044] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 501.057315] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.064570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 501.071833] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:47 executing program 3 (fault-call:0 fault-nth:10): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 2 (fault-call:0 fault-nth:12): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) close(r0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 501.137916] FAULT_INJECTION: forcing a failure. [ 501.137916] name failslab, interval 1, probability 0, space 0, times 0 23:24:47 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x10, 0x20080) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000040)={0x3, 0x5, 0x1c0000, 0x0, 0x0, [], [], [], 0x9, 0x8001}) 23:24:47 executing program 4: eventfd2(0x7, 0x80001) r0 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000)) clone(0x0, 0x0, 0x0, 0x0, 0x0) 23:24:47 executing program 5: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x2000, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x101000, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x8000) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) [ 501.214957] FAULT_INJECTION: forcing a failure. [ 501.214957] name failslab, interval 1, probability 0, space 0, times 0 [ 501.236490] CPU: 0 PID: 26284 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 501.244432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.253798] Call Trace: [ 501.256406] dump_stack+0x142/0x197 [ 501.260053] should_fail.cold+0x10f/0x159 [ 501.264203] should_failslab+0xdb/0x130 [ 501.268166] kmem_cache_alloc+0x2d7/0x780 [ 501.272328] ? do_raw_spin_unlock+0x16b/0x260 [ 501.276818] ? _raw_spin_unlock+0x2d/0x50 [ 501.280958] copy_process.part.0+0x1cd5/0x6a70 [ 501.285532] ? save_trace+0x290/0x290 [ 501.289313] ? proc_fail_nth_write+0x7d/0x180 [ 501.293790] ? proc_cwd_link+0x1b0/0x1b0 [ 501.297886] ? __cleanup_sighand+0x50/0x50 [ 501.302106] ? lock_downgrade+0x740/0x740 [ 501.306241] _do_fork+0x19e/0xce0 [ 501.309692] ? fork_idle+0x280/0x280 [ 501.313391] ? fput+0xd4/0x150 [ 501.316578] ? SyS_write+0x15e/0x230 [ 501.320289] SyS_clone+0x37/0x50 [ 501.323639] ? sys_vfork+0x30/0x30 [ 501.327171] do_syscall_64+0x1e8/0x640 [ 501.331042] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 501.335876] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 501.341059] RIP: 0033:0x45a6f9 [ 501.344231] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 501.351935] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 501.359206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 501.366464] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.373720] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 501.380972] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 501.406771] CPU: 1 PID: 26292 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 501.414714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.424079] Call Trace: [ 501.426680] dump_stack+0x142/0x197 [ 501.430323] should_fail.cold+0x10f/0x159 [ 501.434484] should_failslab+0xdb/0x130 [ 501.438474] kmem_cache_alloc_trace+0x2e9/0x790 [ 501.443160] ? _raw_spin_unlock_irq+0x28/0x90 [ 501.447845] ? trace_hardirqs_on_caller+0x400/0x590 [ 501.452873] inc_ucount+0x3db/0x710 [ 501.456516] ? retire_userns_sysctls+0x90/0x90 [ 501.461119] alloc_mnt_ns+0x98/0x450 [ 501.464840] copy_mnt_ns+0x95/0x8c0 [ 501.468472] ? kmem_cache_alloc+0x611/0x780 [ 501.472808] ? selinux_capable+0x36/0x40 [ 501.476882] create_new_namespaces+0xc9/0x720 [ 501.481390] ? ns_capable_common+0x12c/0x160 [ 501.485810] copy_namespaces+0x284/0x310 [ 501.489887] copy_process.part.0+0x2603/0x6a70 [ 501.494516] ? proc_fail_nth_write+0x7d/0x180 [ 501.499016] ? proc_cwd_link+0x1b0/0x1b0 [ 501.503089] ? __cleanup_sighand+0x50/0x50 [ 501.503101] ? lock_downgrade+0x740/0x740 [ 501.503113] _do_fork+0x19e/0xce0 [ 501.503125] ? fork_idle+0x280/0x280 [ 501.518649] ? fput+0xd4/0x150 [ 501.521847] ? SyS_write+0x15e/0x230 [ 501.525574] SyS_clone+0x37/0x50 [ 501.529151] ? sys_vfork+0x30/0x30 [ 501.532702] do_syscall_64+0x1e8/0x640 [ 501.536596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 501.541447] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 501.546641] RIP: 0033:0x45a6f9 [ 501.549831] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:24:48 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3f0200000003000000000100000000000000060000000014001462726f6164636173742d6c696e6b00004de853b9ff8d14411bc2"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x821008}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x8, 0x70bd2d, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000000}, 0x800) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x399000, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0xf000, &(0x7f0000000000), 0x2, r4, 0x4}) 23:24:48 executing program 1: clone(0x800, 0x0, 0x0, 0x0, 0x0) 23:24:48 executing program 1: clone(0xcc042400, 0x0, 0x0, 0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x18000, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r2, 0x1) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000000c0)=ANY=[@ANYRES32=r4, @ANYBLOB="86030000"], &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000040)={r4, 0x68, "3542af79d118965551e899bc47abbb8a51c1daa78e2fec527ec187cd969b43dfeac204a3258e4ae0905f59e1cd20ee041afaa51a9d7d3998de7d8a26468ccb3e5637f45c6dab54f8698d5b5e339eb9480397ad176614026055fa7191d8f9febdfdc31a8cdd5f98e8"}, &(0x7f00000000c0)=0x70) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r5, 0xffff3c9e}, 0x8) 23:24:48 executing program 3 (fault-call:0 fault-nth:11): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:48 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000640)='/proc/thread-self/attr/current\x00', 0x2, 0x0) readv(r0, &(0x7f0000000bc0)=[{&(0x7f0000000680)=""/89, 0x59}, {&(0x7f0000000700)=""/77, 0x4d}, {&(0x7f0000000780)=""/145, 0x91}, {&(0x7f0000000840)=""/211, 0xd3}, {&(0x7f0000000940)=""/69, 0x45}, {&(0x7f00000009c0)=""/101, 0x65}, {&(0x7f0000000a40)=""/17, 0x11}, {&(0x7f0000000a80)=""/103, 0x67}, {&(0x7f0000000b00)=""/158, 0x9e}], 0x9) lsetxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000080)={'U-', 0xc5}, 0x28, 0x1) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/sequencer2\x00', 0x40, 0x0) get_thread_area(&(0x7f00000000c0)={0x3, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1}) r1 = socket$isdn(0x22, 0x3, 0x22) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@multicast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@remote}}, &(0x7f00000003c0)=0xe8) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@mcast1, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast1}}, &(0x7f0000000500)=0xe8) mount$9p_virtio(&(0x7f0000000140)='syz\x00', &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x12002, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=virtio,aname=em1/vmnet1securitykeyringvboxnet0,dfltgid=', @ANYRESHEX=r2, @ANYBLOB="2c616e616d653d6c6f3d76657273696f6e3d3970323030f3264c2c736d61636b66737472616e736d7574653d552d2c7065726d69745f646972656374696f2c666f776e65723e", @ANYRESDEC=r3, @ANYBLOB=',dont_appraise,uid<', @ANYRESDEC=r5, @ANYBLOB=',dont_hash,mask=MAY_READ,\x00']) accept(r1, 0x0, &(0x7f0000000100)) [ 501.557549] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 501.564829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 501.572108] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.579389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 501.586697] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 501.657948] FAULT_INJECTION: forcing a failure. [ 501.657948] name failslab, interval 1, probability 0, space 0, times 0 [ 501.675320] CPU: 0 PID: 26328 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 501.683255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.683261] Call Trace: [ 501.683278] dump_stack+0x142/0x197 [ 501.683294] should_fail.cold+0x10f/0x159 [ 501.683309] should_failslab+0xdb/0x130 23:24:48 executing program 2 (fault-call:0 fault-nth:13): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:48 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 501.683319] kmem_cache_alloc+0x2d7/0x780 [ 501.683329] ? do_raw_spin_unlock+0x16b/0x260 [ 501.683340] ? _raw_spin_unlock+0x2d/0x50 [ 501.683354] copy_process.part.0+0x1cd5/0x6a70 [ 501.683369] ? save_trace+0x290/0x290 [ 501.683377] ? proc_fail_nth_write+0x7d/0x180 [ 501.683386] ? proc_cwd_link+0x1b0/0x1b0 [ 501.719408] FAULT_INJECTION: forcing a failure. [ 501.719408] name failslab, interval 1, probability 0, space 0, times 0 [ 501.720032] ? __cleanup_sighand+0x50/0x50 [ 501.720046] ? lock_downgrade+0x740/0x740 [ 501.720058] _do_fork+0x19e/0xce0 [ 501.720069] ? fork_idle+0x280/0x280 [ 501.720081] ? fput+0xd4/0x150 [ 501.720088] ? SyS_write+0x15e/0x230 [ 501.720099] SyS_clone+0x37/0x50 [ 501.720106] ? sys_vfork+0x30/0x30 [ 501.720119] do_syscall_64+0x1e8/0x640 [ 501.720133] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 501.720154] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 501.737059] RIP: 0033:0x45a6f9 [ 501.737066] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 501.737078] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 501.737084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 501.737089] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.737095] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 501.737100] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 501.809051] CPU: 1 PID: 26333 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 501.817796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 501.817801] Call Trace: [ 501.817818] dump_stack+0x142/0x197 [ 501.817836] should_fail.cold+0x10f/0x159 [ 501.817853] should_failslab+0xdb/0x130 [ 501.817865] kmem_cache_alloc_trace+0x2e9/0x790 [ 501.817876] ? retire_userns_sysctls+0x90/0x90 [ 501.847569] alloc_mnt_ns+0xde/0x450 [ 501.847583] copy_mnt_ns+0x95/0x8c0 [ 501.847594] ? kmem_cache_alloc+0x611/0x780 [ 501.847605] ? selinux_capable+0x36/0x40 [ 501.847620] create_new_namespaces+0xc9/0x720 [ 501.860509] ? ns_capable_common+0x12c/0x160 [ 501.860523] copy_namespaces+0x284/0x310 [ 501.860536] copy_process.part.0+0x2603/0x6a70 [ 501.860553] ? proc_fail_nth_write+0x7d/0x180 [ 501.860561] ? proc_cwd_link+0x1b0/0x1b0 [ 501.860579] ? __cleanup_sighand+0x50/0x50 [ 501.927505] ? lock_downgrade+0x740/0x740 [ 501.931658] _do_fork+0x19e/0xce0 [ 501.935109] ? fork_idle+0x280/0x280 [ 501.938821] ? fput+0xd4/0x150 [ 501.942015] ? SyS_write+0x15e/0x230 [ 501.945717] SyS_clone+0x37/0x50 [ 501.949160] ? sys_vfork+0x30/0x30 [ 501.952685] do_syscall_64+0x1e8/0x640 [ 501.956731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 501.961568] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 501.966742] RIP: 0033:0x45a6f9 [ 501.969919] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 501.977613] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 501.984866] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 501.992122] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 501.999375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 23:24:48 executing program 3 (fault-call:0 fault-nth:12): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:48 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000000)) 23:24:48 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 502.006633] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:48 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x59, 0x4085c3) ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f00000000c0)=0x1) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f0000000000)) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)=@x25={0x9, @null=' \x00'}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)="69db0bd91b374eb3b2a9948ad0fadaf4942c2146738005ccbc54af5041c7e5b4162e2c33d2b6b45ddf21ceb2f92d9ef393c3c3973f0aec0a79014d4c6740b24c7d", 0x41}, {&(0x7f0000000200)="5fd0d5be529d9b024aae0cf285ab36c6cf0fc599196bb169a0a12df5349edd2915ba89b281dc534b038fae56dd23b99db1d6e0784e31754a0700354ff3854d88ee69d060d513322031567341d00b0639261eb7e9cd884979c828ec7f5757177ee1ec40e706333ce301d4af", 0x6b}], 0x2, &(0x7f00000002c0)=[{0x10, 0x4042d8ead6b04ee7, 0x80000000}], 0x10}, 0x80) ioctl$VT_RESIZE(r0, 0x5609, &(0x7f0000000040)={0x427, 0x8, 0xed53}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:48 executing program 5: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vsock\x00', 0x183502, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000040)=""/175) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0x9, 0x6, 0x8001, 0x2, 0x9, 0x60, 0x0, 0xff, r3}, 0x20) clone(0x787467fbd6acd9c, 0x0, 0x0, 0x0, 0x0) [ 502.072183] FAULT_INJECTION: forcing a failure. [ 502.072183] name failslab, interval 1, probability 0, space 0, times 0 [ 502.163456] Unknown ioctl -2141170668 [ 502.170327] CPU: 0 PID: 26342 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 502.178246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.187594] Call Trace: [ 502.190208] dump_stack+0x142/0x197 [ 502.193828] should_fail.cold+0x10f/0x159 [ 502.197962] should_failslab+0xdb/0x130 [ 502.201920] kmem_cache_alloc_trace+0x2e9/0x790 [ 502.206585] ? _raw_spin_unlock_irq+0x28/0x90 [ 502.211077] ? trace_hardirqs_on_caller+0x400/0x590 [ 502.216075] inc_ucount+0x3db/0x710 [ 502.219696] ? retire_userns_sysctls+0x90/0x90 [ 502.224268] alloc_mnt_ns+0x98/0x450 [ 502.227964] copy_mnt_ns+0x95/0x8c0 [ 502.231584] ? kmem_cache_alloc+0x611/0x780 [ 502.235901] ? selinux_capable+0x36/0x40 [ 502.239948] create_new_namespaces+0xc9/0x720 [ 502.244432] ? ns_capable_common+0x12c/0x160 [ 502.248825] copy_namespaces+0x284/0x310 [ 502.252871] copy_process.part.0+0x2603/0x6a70 [ 502.257447] ? proc_fail_nth_write+0x7d/0x180 [ 502.261922] ? proc_cwd_link+0x1b0/0x1b0 [ 502.265971] ? __cleanup_sighand+0x50/0x50 [ 502.270192] ? lock_downgrade+0x740/0x740 [ 502.274325] _do_fork+0x19e/0xce0 [ 502.277764] ? fork_idle+0x280/0x280 [ 502.281464] ? fput+0xd4/0x150 [ 502.284638] ? SyS_write+0x15e/0x230 [ 502.290174] SyS_clone+0x37/0x50 [ 502.293521] ? sys_vfork+0x30/0x30 [ 502.297044] do_syscall_64+0x1e8/0x640 [ 502.300913] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 502.305757] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 502.310928] RIP: 0033:0x45a6f9 23:24:49 executing program 2 (fault-call:0 fault-nth:14): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 502.314097] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 502.321786] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 502.329038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 502.336289] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 502.343539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 502.351052] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:49 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f0000000000)="aba1ef072365639599b7b732d5c84c93494c1f6ad6dee8856e20f8a969973a7519729bc4f6b4aba5d63db393b80f6cd9ac00fe2c396a740dcdb76e7fed45f4fcb7dd5f17ae23458bbf058846003fd1725a755c8ddbc8c068d2a35aa82f7e77d7a0a79e78cff14bd9be05d08bbf05af820d30ba47cee13df150de99e68f4d3fae5c6f47ad30882ced2e9cf44eda583097133c25226009c5eb1dd7") ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, &(0x7f00000000c0)={0x0, 0x1, {0x3c, 0x1a, 0xf, 0x15, 0x4, 0x2, 0x6, 0x118, 0x1}}) clone(0x800, 0x0, 0x0, 0x0, 0x0) [ 502.449342] FAULT_INJECTION: forcing a failure. [ 502.449342] name failslab, interval 1, probability 0, space 0, times 0 [ 502.490008] CPU: 1 PID: 26371 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 502.497947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.507325] Call Trace: [ 502.509903] dump_stack+0x142/0x197 [ 502.513523] should_fail.cold+0x10f/0x159 [ 502.517659] should_failslab+0xdb/0x130 [ 502.521616] kmem_cache_alloc+0x2d7/0x780 [ 502.525751] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 502.530849] alloc_vfsmnt+0x28/0x7d0 [ 502.534543] clone_mnt+0x70/0xee0 [ 502.537979] copy_tree+0xd0/0x8a0 [ 502.541415] copy_mnt_ns+0x11c/0x8c0 [ 502.545117] ? kmem_cache_alloc+0x611/0x780 [ 502.549420] ? selinux_capable+0x36/0x40 [ 502.553465] create_new_namespaces+0xc9/0x720 [ 502.557952] ? ns_capable_common+0x12c/0x160 [ 502.562368] copy_namespaces+0x284/0x310 [ 502.566414] copy_process.part.0+0x2603/0x6a70 [ 502.570998] ? proc_fail_nth_write+0x7d/0x180 [ 502.575477] ? proc_cwd_link+0x1b0/0x1b0 [ 502.579525] ? __cleanup_sighand+0x50/0x50 [ 502.583764] ? lock_downgrade+0x740/0x740 [ 502.587904] _do_fork+0x19e/0xce0 [ 502.591341] ? fork_idle+0x280/0x280 [ 502.595047] ? fput+0xd4/0x150 [ 502.598222] ? SyS_write+0x15e/0x230 [ 502.601933] SyS_clone+0x37/0x50 [ 502.605361] ? sys_vfork+0x30/0x30 [ 502.608956] do_syscall_64+0x1e8/0x640 [ 502.612832] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 502.617687] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 502.622860] RIP: 0033:0x45a6f9 [ 502.626038] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:24:49 executing program 3 (fault-call:0 fault-nth:13): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:49 executing program 5: clone(0x400, 0x0, 0x0, 0x0, 0x0) 23:24:49 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:49 executing program 4: clone(0x40100400, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x4, 0x80000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) utimensat(r2, &(0x7f0000001600)='./file0\x00', &(0x7f0000001640)={{0x77359400}}, 0x200) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000200)={0x14, r3, 0x1, 0x0, 0x0, {0x11}}, 0x14}}, 0x0) r4 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$set_timeout(0xf, r4, 0x0) keyctl$KEYCTL_PKEY_VERIFY(0x1c, &(0x7f0000000440)={r4, 0x1000, 0xd1}, &(0x7f0000001680)=ANY=[@ANYBLOB="656e633d6f61657020686173683d78786861736836342d67656e657269630000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005ed140697fa3e2d7adf29e8ca1f6fc69f76a2583b92b59c45f064a576292a272f9121c5b55c84d4067f24ab8d148f620970befce752794f7368fce04aa1f60a9b5d2d97916dd6780a414b0ded848f3a02e95fc80ae292a6a40350b5fb9898a8d1361fc6b879f080e7225f053987c604c879672d20faedb4d687287845a724a25dd70813e7997920d0bba424f513674e474506aa993f59f31ead32e0945352c8aa73233f0c0bf3735b87e4faeb315c658280fd2f0a7532343af0b8d7399b555970e5003d50e174255b74217658cc18b"], &(0x7f0000000500)="baa5395afd9489bc9eb4835c0cef21f58c1ac1cc9080a2c539cd69a8ee598b82644d4d2a4c0ebc0726420778a93551ac57141f186f44c0099af9ae32c6358ade36405c8e70c282f8b168ba9d4ead688e2742f17296261c8ef9522dcc19ebb3cdbb9796ff4aa02f494689b9c3396d55376b49e39879b48b604c2cac3ef42778b1a820f068c31be79ae6e6a8592494b3140789883ea8b9f655c53936b8074f5c2dde26ba2ce089738a6ab696475531b0efa506bbdd405645a3b7edc865e67047a1c33ac39a654a25ed2b1e59fb5cf8d9af0898a4727edd87f70ae496318616b6394a9ee4294129dee0c57ab047adb36d71b4c6639dc8c15f5bd5e55aaae05c1e5d3ac26f048fecfcffe3ea06a6dd57a940f04f66d7717515f49bb6ef771c8dbb33cfb85f9af1d8e30da4d52d767ef2689e674e6349ffa87a1fd95255b445c15034587a443613a3e6565793c1167976ff55c7480dd66a8586c4ed0fc093771a27c3ff60ee81fbacd0b2fb3e1e9fa62e1c25303b8882ddbf8f40524c1aa4ef9dd100cb4a8a3f910ed06bcdf92a25156a1c100f1b4aba862bb3cdce0ea067ae19a8b4353bf2527ad62aeb8f56c241470ba913db5160c258ea0a57b8a26e81d7077bd9118e99297201a95c30a1df302f3aa423077de82c568238aea4a4dac77c8c91bc6f3418f45f8124cc533c0934b1169d30ba4fe5a68a68a0199cff3eb1f07f61859f46e18ba33aeee2a8208fa74e6a210dedbdbc0fb7b989352406f9c47b656591dd6627d4a4b7fd792c08ad9c0091637b48ac923069948195d5a120a25ccadc08c9631c62b5a8191f36c277ba4b1b157b56e295d6694666bf53662eb1ba5750bafa01a20b6bf4422478716bcd82990fb3dec02d7f029d710a7f64e60cf932b080727d65d49199c6b6835ac5c3da404a2914ea62f98352176b657c2cf05aa04952516caabb7c0924653589acee1517a7cff726ae88799664243dbd22db2dfbd964ab7150ab63883451e17265a7ef2c3ee722f52713ddfe62f688dde0d458a8ec4c44f7e6ab473d1d1e954cfefe5c2fa19945f872c1ad55d7e90689f511840e447b56747cc52ffef30bcf334694e3a06e078b5b2321e2e9dea6cf71857517960be547b1582159dca6b4537e0256bc54156d2a82d9a6b22baf075ec23a34b3b6caae192cd5d45a4874460f86e9cd55ca3b91cf2d01e5231503ef04906c58176a784f3dc6e724c366464aa9590d0c086398410960d8148080e9dddb67e8875a3ecddf6c3d5a1e57e5ab16e0adda65ff62d017cfd5c7657d0bb99f09d80f0a852b75a2a45921769d69a96ffe2692a5675af5109b5f43154003cd1174f61c23083cdaa730e5a7aa344a4960625c5dc9094920099f34f32e6af2c9879dfb165445c12d0931ad34b921ae6930efb302f63e74b9fc678eb16dd7fa0aeb2d35b4ac1704e3d6d4374bed97d8416740c9cb3c1d2d221fcdb737d5b03955acad3db41e9c5e7a8096258496238c450e47aea2b5b0bbb9126230ddaea3918b4a582e457fe24e1185a243763827d7f8024368f7ec4a50e784fdfed3603dfb6111464e38d94cb74fdbd7b0b9a42012f7ac109438bbc23977660df9d59edd4c9b6b51a21d88726ef575a731357ccc7dfa15e68804e918bdb9158bfe6ec4b2d87a80b7004f372fdb6b9a7beb377d0d962aef6280935a259aa6cc8439308bbd0429fcd52dd84dfdb814f0123e6aae0983274682dfc39fbc18f0b9675e65a948a654c9c5496956fbbac99387050884c731a94ce162bef0958fea42f493a6b80b3919cfac1ca45d9787c70a6811492e76fb5f4074d924c9c4bfd4dbfd83c0c484fcfc7e2462a4f837f692cd911e629a5de58a361e12e5a44ada459d75bd3862948582ceeb2882fb5d9d07fe0948db25ebc1b02097572ca2ae84e7567e1504248effc1fe8c38797cfb8fcc3ef97ac4025e300631448ce31b7abbbeda36fbd19b8dfeb8c61d950a4f51ce1ebf17651b2e7a8300efea54f9dadd88dc1ff781d7e8a77b8459d821bcb7a0e36bd24261d2c80d271e8a07a0cda5016b6d3ac77cd15b9211852f80cfd8aac49eeae3936c5df3f2044fd355e339e1b095f91e51ea53ea2ff36103ae6b661ddd89f75cf6c27dbc8ff3bc3476a0ae68b9cbd198694f6a869081d1b225f06d431c0a328e9c160a4422b4a817f53ec10bb78d986369ab278a31440cd43691fc2d059f6605c1a42df50ecd5d5fdb812cae4158003201854ccd8d266c283235662a6578e4764aaa775a10feb57281ee1fc17016996f8dbbb5b320f5acdd554b0344a6925bbb8ec9029cfcd06601c7577596aa1dae9af5314f743bb4ddb46ff9ab7f7af43b5500bb91f427d20d0075c04bbb0a0be080eff513bfc006ce591d30d3db28ee0e7f626dbaffbf9f7ec7c1d00e0708876769d115c10fc36e3865d93f7a1a5d514644ea8121f16e8abe95c4b88a9ae33b04f7dd690a3b3f8d6fa176736bac4fa50aa150876720682909478cb2547fdb969f835a658730950a747435c6d8de4424654d84a1cd781dbb713332b84b92dec2d7b7c8cca2c7484bb17e45cd8cbfc4cc7daaa2d45a300d598a8fb3fa30b945f558cd63264d759b639622a844d827680aeb88370a0a14fe36734d8bf026fcb950bad90af162829429cd618e254bb64937210181d7e92cae803621b67914c8037b6d583e4e8e8799f94e8a646c50ad8d3ceb40b858ccac5ac6ebfbc6549df65ac092b112391d257aa9a1f828f7bba8581209eac9cb1aff80702665b04ad281600f458c94679149ff809e0b003b4c0996d4c661e395172040ca9f7df1bd5bf4d51c2b7d3fbb1caeef2650db2bcf08dc6801fb1c5cf99885bf407d59f56f4e48352cc50123286f0f9bec82e169486af5624769e1e42d2e9457b3957b14026bda4ab15e2dc955fd6089a2ebf2030a630f30c8a66a2325c094cb971e06617fae3c54beebcf95f5bf89246e5c39fb1a170d433d524f90e0e2dd6957970cc357ac91f23aa354d8a2909b95cfe9983ef8344206ebdf57ef143585373c41c2a050310343e19b8aada8611a70bb546cb2b3a61a6769802efc6c439d54f658290c901b91058e6fecc504255ad3c6ef1d312d7e036e3e36dc5b8a932d232f1b22e648b92bbff18197a57f7e3bf52d4d7cb0b48e7914bccbd35697048e196582666276d2f627456ebc92330a53d41d7e0f769d3dd6e911712c38d0b04481fc26c59c778a13e84982ea1170b8588b8d9a9b89c94b763743ab286fdd272eaf1ab444b27750727dcab03af6a63cf2038f186ebb8f1dc92b91f548aeeb466bea4738b0ab8da5474b35bf84d32d61ff223b38957acd2bfee25f603b57fc1627b32db6e8ec509af3a4e2c0acb4171077e7ddcccdd29b36f1b6588727f5a51aad5707031b508a8a1205dea3a72391db7dd0e8ba878f2c0ff6cfc18c3e5f08d96f74fb4a0867e36cec10bf37e4554ae2df00eb19006ee4b8849cf017a7f7cf19249146147a0e57293854291741cdbe0d2757f091aa4832fe0263e0f3036e8fab2cbb2b4f04f5c57d91f481140a22e41e9d8768f0e7d3b3236033128526145fe0641ac0194563149397967bc2846556f62aed23f54fbd5720e225f2334bb62c7039c9b1f24be55c4bab867ccf3f90012727af4d25b57ffe81e747432b94cf0ec67dbca20d0a2c1783f3e5570e3504ca9936913b23647fb36a0e4846511c7d6bb220409f942e04c816602aa8618364c60cb114360f20315745fc3a0dc4a4d9e2ac682b7c59e0cf3e7580a21485517df205a45043f90626b49abbdaab48c6cde326a715efef1c063e6963b5bb9121341e91fdded03546227ef1b029620ec7c538274b3798f7dc581b76abbe4045ef49876aaff37adf5373429a3024338007550344446499b231fa7a3541e3fe6ba1abd0aa1ce70f9802b79cdfe4fa75b0117665817393df92fd77ee4428efa3fe4b2b3ab9b32a09de4a72e21801d6cd571e0ef883195a0946dc977683dfd4a789d9cb34676566162ea30073d55f67514f25d7948f408d32b3882b52f5a82cb5ffbec7da619b9a3bb183a769ed6c0556834706b50e1b33b700c0dc09c65257cb31638d36c43eaedb3a1ef74f3f4da4d5d0d0618bf5bbccc87ac19782c9c2c7ea47bb4a16d4aff844eb1570ed07a111985d343cc45ef0ec89f3a494cbfbe5f19a301cf32ee348e24e8569e9313c4cc315f7e81e4a46452b95b92196bc719593e90ec3dfd6b00f290365ca778e0c2c0346673b946435c1b6f79530ddfe559f0ec7dba3993180142d1f20425e09710503703dcaa9853f1e183218ffe52488efa4315a055c5845825eade000e13072e119064af61a445e4afa3f84eca29c1a6c2aee0e25dd1b20db09ebb38e0e9579e6c0c8abf76976612391b61b24687d04c9e17c5c710af63117a87d19873b4fb229bbb2dc141ea83e7c5bb48015983b0083e7c7dae89dfce0fc3e2807be17fcecec448b17e88ffd6f8df0a026207a43fbc5c9731560d288b2a408f17dfac019691006f37f17c910939152054f172df3e1edf820ce61ffd6faef2b0fee7257fed9442c42b6ad87a64f24e7777c8932ff9267f424995bae2afb5a7b3ab5eb79dcb9aba2578de8a58b3edc8b83e43509ed0eaf408998e42e9a088604affebce477b92f4b578da887bfd896041c3b2681c76d26c0949171e93b821eef4d793a7ed6d4b251b3f9203d84a37c1b5689381b57db31215ff5937d85f452c4d992f82e3ccc3fa0abf56428215f8574bc1dae0943d75de52c6956c7139349332ab8d2c04862fe3f918dd2d78c69c5f63a7b90758077a1cdbafd074ed75b698639fff3f7b03cd6513fe5e8e121153a0684059e359adcc093ce65e21df763d6a41e44279350a263171999edf562c93fd7bc79a94db6c296c606b246f12bac2ecc0488f7801a60e6437c67d4170ef12da72ccfca7c1e51310f5ea644e34be4fdff229674d9714c363dc4f5fae7a3e5c822f6fc4c6d429f8096ea12d8fe7a3a372176995423118f1f489dbdd4a98c8bf410f8549387df5dabca7b7381d76b07bbe489862558be13303bb77cafbb2f80aeb3a96f0ff7f06b679b6076d8f6ee93cd7f802101c62884df78899a8af8b347aa495a0a6ff684dcdb077b4e8e96a9368da495ff7bb87a48dacd22f612dc0732ab7c4b2a9ef7493706309997ea2b1c0ec872d73b5cc0e86191a717b0184cac2156a80a26a18f121d67c46065c30402fd1f26ba131334ae819c883ec5ce597e1af58cbf42ada4971983df738aa3e3277972bdf043b5f8ffe07d48a21ad0ee30a707e24c192132819e47ad1e6405d0f70a3056aeebe7c7680a96bc2646364152d9d59e264211b7d43716aa5225c7839948eeb9a0f1bc66d653a5731501dce9920b8d3c708ec64704fe883f16ffbcaaa37bb604ff6bac9261238aee8128fa28268fef326113b824eb250755d4132bdab789fbe86894e8ecb09c0ebf29481c6435ca1f5063b62befd5d7c468106ec924003a4c5a4816eee7b0b327329523d64d6f3f3ba9dfbb804226a1096f5f93e04d5f2521f9f585a874cbfc89ba29b9d56ecf98291ffc0f56b49c1a83f09dab2e9e40fee6303a0255de5c52bd12bac48de4648771db43681d570b0c66c8f2958de1ecc84d1f449203f5069659156d46622f4dec70ac3880b93570a1ad3746aa69a74a9a2d41e23f11d16f58f08793074627e63211b45c4c2082a3299e642109632da5297df3e24dd6615a374e2f443f1b294cd91faa334a3e72286c1aac255cf30895c0d791c5680ee1a7eb4204a7ea17", &(0x7f0000001500)="23e3d4c9e7cae39233e994c50c460c248f12c8d6ec29712262cc4acffacfbf7facf2e5b5012b8b3133f8d20247969f6ceb95e9b7d93c7ef41f6226e41755b0f54b45aedb9ece445b7ea2a516fa41552a24c42f04143e5656ddc0eb0f4e0fce0dd8cb68057c99e03397e93102b0c3019c18aa41fdd67f387b920c8b27a3e2e6eb48403aaaf9d9ba37593861485b371af12b07dabe2198a0e6d989bf0472941498459849e2894d2d0dc7f2ac57717f3e155f47e89541a2970149c4e85ff715c8a143386883cf23eed61d50ec560b48240558") syz_open_dev$midi(&(0x7f0000000400)='/dev/midi#\x00', 0x7, 0x84000) sendmsg$IPVS_CMD_GET_INFO(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240), 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xe8, r3, 0x100, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x5c, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x198}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x5c}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@broadcast}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x20, 0x8}}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x5}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sh\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6a2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xc0000}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3f}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x45}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x57}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@ipv4={[], [], @rand_addr=0x7}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x2c}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x810}, 0x58000) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10800200}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x1ec, r3, 0x800, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0x54, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3ff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x8000}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hsr0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x80000001}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x11}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x4}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_bond\x00'}]}, @IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x2f}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x3085ddada8bb1c51}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xb360}, @IPVS_CMD_ATTR_DEST={0x6c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e21}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffe00}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e21}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x5}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@loopback}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}]}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x28, 0x10}}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x89}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x22, 0x18}}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x200}]}, 0x1ec}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) [ 502.633739] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 502.641105] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 502.648375] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 502.655674] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 502.663016] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:49 executing program 2 (fault-call:0 fault-nth:15): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 502.767058] FAULT_INJECTION: forcing a failure. [ 502.767058] name failslab, interval 1, probability 0, space 0, times 0 [ 502.770932] FAULT_INJECTION: forcing a failure. [ 502.770932] name failslab, interval 1, probability 0, space 0, times 0 23:24:49 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @random="9ea17d02e4f5"}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000180), &(0x7f00000001c0)=0xc) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x63, 0x80301) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x40000, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(r3, 0x40044104, &(0x7f0000000040)=0xc6) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) write$FUSE_WRITE(r6, &(0x7f0000000280)={0x18, 0x0, 0x6, {0xfffffffc}}, 0x18) write$cgroup_pid(r4, &(0x7f00000000c0)=r5, 0x12) ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000200)={0x0}) ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000380)={r7, 0x7, &(0x7f0000000240)=[0x1, 0x10, 0xc195, 0xffff, 0x2, 0x5, 0x5], &(0x7f00000002c0)=[0x800, 0x8], 0x20, 0x1, 0x9, &(0x7f0000000300)=[0xffff], &(0x7f0000000340)=[0x8]}) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000080)={r7, 0x20}) perf_event_open(&(0x7f00000003c0)={0x3, 0x70, 0x2, 0xcd, 0x80, 0x3, 0x0, 0x7f, 0x80000, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0xffffffff, 0x2, @perf_config_ext={0x8, 0x10000}, 0x1000, 0xf32e, 0x3ff, 0x9, 0xff, 0x1, 0x2}, r5, 0x6, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000640)={r7, &(0x7f0000000580)=""/139}) ioctl$DRM_IOCTL_GET_CTX(r0, 0xc0086423, &(0x7f0000000000)={r7, 0x1}) r8 = gettid() ptrace$cont(0x15, r8, 0x3, 0x7d82) [ 502.821952] CPU: 1 PID: 26390 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 502.829895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.839271] Call Trace: [ 502.841886] dump_stack+0x142/0x197 [ 502.845537] should_fail.cold+0x10f/0x159 [ 502.849706] should_failslab+0xdb/0x130 [ 502.853687] kmem_cache_alloc+0x2d7/0x780 [ 502.857842] ? lock_downgrade+0x740/0x740 [ 502.861993] alloc_vfsmnt+0x28/0x7d0 [ 502.865699] clone_mnt+0x70/0xee0 [ 502.869216] ? is_subdir+0x222/0x389 [ 502.872936] copy_tree+0x33b/0x8a0 [ 502.876475] copy_mnt_ns+0x11c/0x8c0 [ 502.880194] ? kmem_cache_alloc+0x611/0x780 [ 502.884528] ? selinux_capable+0x36/0x40 [ 502.888581] create_new_namespaces+0xc9/0x720 [ 502.893074] ? ns_capable_common+0x12c/0x160 [ 502.897611] copy_namespaces+0x284/0x310 [ 502.901677] copy_process.part.0+0x2603/0x6a70 [ 502.906290] ? proc_fail_nth_write+0x7d/0x180 [ 502.910798] ? proc_cwd_link+0x1b0/0x1b0 [ 502.914872] ? __cleanup_sighand+0x50/0x50 [ 502.919122] ? lock_downgrade+0x740/0x740 [ 502.923285] _do_fork+0x19e/0xce0 [ 502.926770] ? fork_idle+0x280/0x280 [ 502.930496] ? fput+0xd4/0x150 [ 502.933703] ? SyS_write+0x15e/0x230 [ 502.937459] SyS_clone+0x37/0x50 [ 502.940829] ? sys_vfork+0x30/0x30 [ 502.944376] do_syscall_64+0x1e8/0x640 [ 502.948271] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 502.953131] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 502.958322] RIP: 0033:0x45a6f9 [ 502.961512] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 502.969226] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 502.976503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 502.983781] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 502.991880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 502.999159] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 503.006454] CPU: 0 PID: 26387 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 503.014356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.014360] Call Trace: [ 503.014375] dump_stack+0x142/0x197 [ 503.014396] should_fail.cold+0x10f/0x159 [ 503.034336] should_failslab+0xdb/0x130 [ 503.034347] kmem_cache_alloc_trace+0x2e9/0x790 [ 503.034359] ? retire_userns_sysctls+0x90/0x90 [ 503.034379] alloc_mnt_ns+0xde/0x450 [ 503.034390] copy_mnt_ns+0x95/0x8c0 [ 503.034396] ? kmem_cache_alloc+0x611/0x780 [ 503.034410] ? selinux_capable+0x36/0x40 [ 503.054969] create_new_namespaces+0xc9/0x720 [ 503.054983] ? ns_capable_common+0x12c/0x160 [ 503.054994] copy_namespaces+0x284/0x310 [ 503.055006] copy_process.part.0+0x2603/0x6a70 [ 503.063375] ? proc_fail_nth_write+0x7d/0x180 [ 503.063382] ? proc_cwd_link+0x1b0/0x1b0 [ 503.063401] ? __cleanup_sighand+0x50/0x50 [ 503.063412] ? lock_downgrade+0x740/0x740 [ 503.063427] _do_fork+0x19e/0xce0 [ 503.063440] ? fork_idle+0x280/0x280 [ 503.063453] ? fput+0xd4/0x150 [ 503.063460] ? SyS_write+0x15e/0x230 [ 503.063473] SyS_clone+0x37/0x50 [ 503.063480] ? sys_vfork+0x30/0x30 [ 503.063491] do_syscall_64+0x1e8/0x640 [ 503.063500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 503.063516] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 503.132895] RIP: 0033:0x45a6f9 [ 503.136090] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 503.143803] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 503.151068] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 503.158349] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 503.165618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 23:24:49 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0)='/deN\xfd\xcb\x06\x00', 0x588000, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000000c0)={'mangle\x00'}, &(0x7f0000000140)=0x54) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000040)={0x2}) 23:24:49 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 503.172889] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:49 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:49 executing program 1: clone(0x825800, 0x0, 0x0, 0x0, 0x0) 23:24:49 executing program 5: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x20080, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000040)={r3, 0x1000, "dc15fbf296b880b8fe2857d793e436d530e0a683585e7f75b28fb2a82dd657abbc4b1438d0fab2d2a7d73e6663a7b3e2f45c870ceb5c94b9a14528178aaf67a739d36ea6a4130e4b6ee61d5f0c6a02aee988f39c25a04b53660b9dcd341d97523348d5769930726f02bb097d93ba4bddf5afb081426137d6a83546c50e5c6afdd6bfcbb3b219ad31d623b5267de395f1070ff8781f14c35becbfad57cb284154db2046da308b141181e4c56d1729ab2a08aec15e96008ebee99c257d534b3f9d2b59d2ab83d05cc79ac063f10837d97af72c4f95b7dfed26a16d361b19b64a70a74aaace9e57a36a6b1ddd1fe138ec8b2c22e95f63997aeabbc75bf82470272b81b437746b0f97a23099a1d316e6acad607d51b0950d110e1b9ee455ad909ecdb0144bf0c6494ebb2642b908c8609fa318a867bc245dc08d0529577c6f930c6ae881fbe8a4febf384f173b094854cad8987c85159f1df512696ecd3b9c80895ea334f07a5927d72582da0c0c5fa6be56eba49d149c4f96df7e587a735928ed664029a3ca8b50c43a019a0538a46e1917951b2ce1ec0e8d6b4d5617e8648b7bc8ce4a182fac689422019250c4a93d38cd287b9979e681ea91a5e777518b2c96c1cffad8d9ee311fdd38b30731949fb2223b0afaf936efad31ef7955ef731139a6beb24609b86cf77e071525f20baeffcf721db338e3c2a68213a47645ecd32ab737c11aa67c36a552d45ebd5461da05314e3d3c0cb4e0fc10a005b1ddadee26918b45a419e955489a4c0a1b004d881b999ba9caf474ea42b89c01e1f2d7f5116f9f54323cbcd594942f7939a92fe44a5578b38bd2e7021de50286dd8c44a372a6ed946f1bcd1fd6f33ac145611fd256ba3e49b849d8d89d89b434823ae3b7527aa200dd6d0e4f223eb7bdbede1b0d0be1c3c7358e271f0966802ab18fe80b1553eb03c2d0f4fa5afb526ab5235367396551c1e73dcff7bcfa2e9f5f85e140906b16fef233aa59f0ed4cae650b0bd7098b707f7c1a3b2508c7137e78158dfe9d89e207bdac13e3208455a5a0d2d3080240b5b62a661d7bc7e33eb46df11b4c02daf0b8f8e3c4f8d32866d8128d6f98fe3265f81fb0a60bf48eeffadb10a0a178318b21e8c0dc10a796d104f7b91487681ebedbdb5cf8d67ce908832634b797f8c2e44577694c1754aed67a21c22bc4803e9288b495d637bf505b8b715e19570fcc09af28f6e17fa54d7fa459f373f151d2243e440429df2ef1911f17f2f2bea006ce8a397f922794c3cb6d3d4a9a825a6a2209bd01cacfdd27680f3a2e712778f463beb0da8de758597dbb34fae4b2e3aed0701861eee90dc46a1fa651a4ddc5dd99423b4065a71c3ed53aabbf2ba0977b0fb3128f8341386f45c721be34f93e49b5144a076bff600a6218b61c84a71632a40ee8a9bba14f6dda6c8e045e4fd1d08bcee6d6ceb29dc8758f79162e531a2b568a32df65ae89780fde2a9db90559cd2d3ed20ee2c5e92c41f62b6fb052c4b33b861b1eaf8a42971026f46bca4d2d27d004e493c8ef5483fe2d7631e3b7676ae0977e5b2bf29a67524cbf0d96557cb8ffac2f31cb7b8a94ae19dfd3381e895d0945bbdcd7de904653318107e29982dd18c8582d59717a7bfbad20657a0d573bb0997eae69d5e030c5ad601440abf2fabf554679d65e630da0a2b86a12bc7cf0a8ee9198ddaacc5adf5b48799d5659d1423f8ce681c4dd4886af81c624fa970327518b14190330d17357748f767d1a397bec2020dfa57ff02d03a53ccc3fdb0111eaa271277466e13413a89e279afb013567dfdda4169da2d89090e26c98b42392720cb6ce8aadcb68d5145a56bebe312949bedc38569cd62774e93674c391ca4ca9590d33ea8dfcabba0cb96d4edca6bbf9332e02cf0e973db0f9c773cd8ee3defa6b020e8fd293386b1e917ee6915823d97b4253ff1a014065da2ea59488e2b11f5dd53cc00a798f892a7f74b04f157ff20598ec7f74614b4aea958e4bb840b8f3245003d55b82fe21e1d7fc73d03c802803cac5be83b6aae6708cd9c1e9848273eb1cb196aebe981100d2c12188859fd0e5731782f84cfe394fbb6aef287d108743b5c6afb66f679da27384c401668d60d01e3cadc7fc3fb0a20f11d0e83d4338edebefbccde8ff6732176444343ec0c1c430587fcee49c690e8c510b48cb724ec8cdc7b2db07c27fe234bf31754d66ceb3725debc8820614943ffaee3acde43cd9411d71c6e19e49331e2fb20d46de97b0c50d94f4ef1561d69061848081b4a4a3eed0523de904cbb55717459e19b1c4d139b5ac584722b1824de49911e8e255b9e1f1dd7829df6a029434ff62b620832d3f9b25ec4c70bbf9dad238648b9b9a11b4222f1685883fb5b5e3bb7288459d86ed3f585959b07553c58e64ddb0d4fe832fbc6026d6036af406e25579e931b1a4b7983b2a5cd777e538f14b7f92cb5bacbc51a7c94c7d80403155eccc414668b59d27402ab21c87021c81dcffb1000c0e39f31cdd8ca99fc5e2ba04cba79389b2c44952c96d8ab8d145d4e034dc2c5159a1db25daad3fe5e2abe3abdc8a0afe344a92a4fa61b74345062f57359c9ff2e3cc758dbc3cda7ba30abd1528b6ba055cb8e79d62f3e54486ff5d0ab41e318108d83973752903bd00fe2a5c86b6e8938148056df4167994ae22efcb69318bbd7a9fc36378c01c360bd90ca3ca3b32a032f2378db49f9dc9a07757c5caaf5f7a91612a292198067d746629afdf1f85cec9148430c7533681062983729f5083b0a0957c11eb91c5cf06d2ab20bc018a4f41d72ed661663bdd98999b6b372a098f87e077a2b4b9e601f759e84160ff85d0f3993bc60914976815cf7c0d2d85346bb8b97382c329d4fd5fff90511880d903d6d4f777d388731a2c9ea4a4894d1b7ea6635af811617f8a8b93675c66d4ac11c57024d471d9e78ea14c9b0b29ec124eb4fbf9481361fe59b7c9ca31bec3fd70101f7a3c8afbed7c8bb4dba5526beea8f14c75b486625b175bea43914974dff5b1615808581293114a520a7327f804b16148fae074b6955cc96d536519cfff3f30d78b8ce57fd4b17606c74671af770be25064fe6e52e9d1e7d02a640ba846103f9ff51f1837f9dd0ed5eba93093c328bd9966c219cb1fecd91e6f218b501555ea5641d5590d42471ceb6bbd099f56433032b4a60041d03e72cd99fd2157ae36cf230564ef2474dfdcc9924ccdfc99978515c8524b91534d1ef98bef967322ba58f712ccdb749e27c2ee636e01ec7f5d3392341e4dd6f267200ef41d8ebbffbf353e9f8555e9d964c37cdfe7ef312f58ce1618ee20ee5928bff739674d7055c7ebdb3b24fa2fe9017638a5cae3becf0ca9043c58c9339bb25f45b9a64de6f5a16c3a9f3f22101b2c5d2fcb786e76c639978c8632b597f776bd2dfee7fe32f739fbf3edf4422bfada63f8c58802b9c1e30ba56547c9bffb77bc331beffc2bb5d4c4c9edc6f254966fd045dbde833c294ee879126b491cf5fadb3832716019274471c3065bd8935fcd0ec9e9d852170e8ff5aeb9b99575444e21288e36f93c3f893568bf68469e0b71b5ca9263ac80d23f98f94c27fcf5a2e9460578716c52ca62ab09468fa681135a76a16b2a3f1a24c34fd408fe5da143a5fa6e0f1f6f8c3bc0356169958488b48b01bc792b48974a87a0ade1533f3bebd0beabbe3fe6750123f20adc2103b7576ff73c0567ec81db0d805e5dff4ecf2d48000689bd4abcc2a5e0a17b0fe03c4dc75103ea42f468649b05c733b0a0a19ba6c0c48c314c1a888baabc60f80c9c2599c2583927d41080ab34f53c00564185b1a32e29834bff29d20285e2ef42b63c862c98d96e5bebd4a6213a7e73284d6cf25914d724536332dbb041816b7ddc2e3f4ce6ac5a6965cb888d6ba37a126def283b622f03a852563e67803b9e396a27ba54e86f00e5704721d999662ebb2f6ff341e02e9e0cf39111de8e19655ff6d2b0bf31afa9052f7b87fb12cc5f5bc66eec79e6c2f77b546f0e1991aa610ca0e96091652b18bec5cf6cf2ea0869d755c626589bb99a83f6ce19aaa612d078b31ac79a51f88b3c7f0c8739bb5d28b257047569822b9bda0f3c3304932b3973edf7f03764748baac91af53815bfc9e5d3a46ed6452178fdf3279adaa44c88997a065e239fab7c637c7356a2c2ab81e666c4e590fcc0869729d86c86701a37303f42fbe949f80c411b0cd3d73fdeab23de689ccce63f2654508d40e1c079a084437ac922248c459b1a9cca68367337027552eb6d4acdaa8d619fc67c7a60e6a60c47532101ea31bc6a3562e4ccc7045e34e2e3ee70d86b2b9a450cebc6605882519e40391dbfb2db35427a8bf1f9628154f0aee8f2a210c22c74ec4a026da4f2ba947cb663bf150e8ae464bcd34b3fd750ee0a89209b2454fe4e05d5b1534f08e2c67cf0ebfe661b55366613f7ce0fc61a9d61cd13c364dd06e1b8917f4b03aac6b27b16d5ac6bb6ffd38b080d9189dbb693f15e4684e317e6894f57a1ab44519a5ea52a4f716a10487ac848bbf88bc3854bc50ae1df91f2659f65617ee3ae383dd5bc229564ac07723659cbe46f69065e884301730642c904c0ec75524ebee871a5ba9fb629338eb9ec920714711a411fea3a8daf56d86023a64687c92f80d3280e1544a772a1ba0d0cd4bcb87bb6272bbeeb814a843631e63c38e8c6bc0aba9bba0f7cc7df3357ff416646693a88a6ee44f854104113150d11f2bb0c5c763faf943d95954c0c758db50158ee7c8011e2e2cfdee566676765c84be5f77284aaff0a43f3f82081959c20289f3ce00e7e77d5085c1f890b59ac6714f42c5c2d0599ca5c927dbcc894598eddca5ddea6c918b32b61d9cc28c0250dec1db26f9d29c41724578a5f43a9e7527c395f0b829918c1b740e4eaf460de61256e5a8c713fde4ce517036c1b10ffecd821bea796063db23f3e4e313fbc43a63aecf61de256fd4ebfa876feb10ce4f9f801351c33928ce07b00c12e2727b654c737549c0b94487e0dda382cb954d37a4808324a15e6980e9f12042d09ca937a9344d7efabf56a27a8347a57c6513db91377c672e0e8233786f5bbed3484e4402226bf09bfcc20b7671de056dc2db2d879292f435eeb929b0188623fd96e1454317bb8d5238c593503d1c91723d19dc7ad18adfcd1b98ce3f9b4cb644c1cdba90beeff9562601db70e251cd264409b27f206ed8fde81f648b34e358d7ff50846d8df3801d1605e94698e20eedbb2a48acac068f247ed18cfa044f3afb441f8ec282d8dae13646095b2a23f4b05499645751c3c69528bdc3f1af8da684a22f2b77d576cc1515cb8b8c914ebb9e73e8fcfaf487d7ff899eaefad062c5a16979634509aac796dcef0310bcb712b3f6fa27e9c8230df6090df0d88efbaca1e1ef439dbc7ece18353bc54303476b1357c00ec4578b440f60a7eae281b3bbd21ca122a2e66c5855a528eddd73d1eef7ced7177483797d94bdeb65b451674b9b600d4f85f4358af1787faa8dfa8fb03fae77ae911eaf66efc4f4b45b74e550048090ed5b073d5b8b66c749c5fc093ffbb4b5e41ef7529883b50a4150c1f672fe772528de2fe6264cf8e1634dd489b42030caa0a9ec75cb813b3432e734ef58856407bf070c132ed9d46f85cc2986574445162208b640e9b2d8b3a69f2d22c4aa4b2b0ab3aa279696fec5639d297b5a3fca4b0d082da36128b690fe31aa2e013790d4b7cec62b71aa9bdb00e4638667004fdea126eb0a52f13868fa872efb5658c1dd1"}, &(0x7f0000001080)=0x1008) 23:24:49 executing program 2 (fault-call:0 fault-nth:16): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:50 executing program 3 (fault-call:0 fault-nth:14): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 503.344865] FAULT_INJECTION: forcing a failure. [ 503.344865] name failslab, interval 1, probability 0, space 0, times 0 [ 503.361789] IPVS: ftp: loaded support on port[0] = 21 [ 503.378722] CPU: 0 PID: 26423 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 503.386655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.386694] Call Trace: [ 503.398661] dump_stack+0x142/0x197 [ 503.402295] should_fail.cold+0x10f/0x159 [ 503.406444] should_failslab+0xdb/0x130 [ 503.406456] __kmalloc_track_caller+0x2ec/0x790 [ 503.406470] ? kstrdup_const+0x48/0x60 [ 503.406480] kstrdup+0x3a/0x70 [ 503.422181] kstrdup_const+0x48/0x60 [ 503.425908] alloc_vfsmnt+0xe5/0x7d0 [ 503.429628] clone_mnt+0x70/0xee0 [ 503.433087] ? is_subdir+0x222/0x389 [ 503.436808] copy_tree+0x33b/0x8a0 [ 503.440361] copy_mnt_ns+0x11c/0x8c0 [ 503.444079] ? kmem_cache_alloc+0x611/0x780 [ 503.448391] ? selinux_capable+0x36/0x40 [ 503.452444] create_new_namespaces+0xc9/0x720 [ 503.456954] ? ns_capable_common+0x12c/0x160 [ 503.461363] copy_namespaces+0x284/0x310 [ 503.465416] copy_process.part.0+0x2603/0x6a70 [ 503.469998] ? proc_fail_nth_write+0x7d/0x180 [ 503.474485] ? proc_cwd_link+0x1b0/0x1b0 [ 503.478538] ? __cleanup_sighand+0x50/0x50 [ 503.482762] ? lock_downgrade+0x740/0x740 [ 503.486899] _do_fork+0x19e/0xce0 [ 503.490355] ? fork_idle+0x280/0x280 [ 503.494055] ? fput+0xd4/0x150 [ 503.497242] ? SyS_write+0x15e/0x230 [ 503.500941] SyS_clone+0x37/0x50 [ 503.504313] ? sys_vfork+0x30/0x30 [ 503.507845] do_syscall_64+0x1e8/0x640 [ 503.511716] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 503.516729] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 503.521913] RIP: 0033:0x45a6f9 [ 503.525092] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 503.532785] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 23:24:50 executing program 0: creat(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:50 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(r0, 0x4040ae70, &(0x7f0000000000)={0x9, 0x6, 0xd52, 0x200}) [ 503.540042] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 503.547312] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 503.554582] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 503.561836] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 503.608109] FAULT_INJECTION: forcing a failure. [ 503.608109] name failslab, interval 1, probability 0, space 0, times 0 [ 503.621471] CPU: 0 PID: 26425 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 503.629384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.638742] Call Trace: [ 503.641333] dump_stack+0x142/0x197 [ 503.644974] should_fail.cold+0x10f/0x159 [ 503.649130] should_failslab+0xdb/0x130 [ 503.649143] kmem_cache_alloc+0x2d7/0x780 [ 503.649167] ? rwsem_down_read_failed+0x390/0x390 [ 503.649181] alloc_vfsmnt+0x28/0x7d0 [ 503.649192] clone_mnt+0x70/0xee0 [ 503.657314] copy_tree+0xd0/0x8a0 [ 503.657328] ? call_rwsem_down_write_failed+0x17/0x30 [ 503.657345] copy_mnt_ns+0x11c/0x8c0 [ 503.657354] ? kmem_cache_alloc+0x611/0x780 [ 503.657366] ? selinux_capable+0x36/0x40 [ 503.657380] create_new_namespaces+0xc9/0x720 [ 503.694686] ? ns_capable_common+0x12c/0x160 [ 503.699082] copy_namespaces+0x284/0x310 [ 503.703138] copy_process.part.0+0x2603/0x6a70 [ 503.707723] ? proc_fail_nth_write+0x7d/0x180 [ 503.712210] ? proc_cwd_link+0x1b0/0x1b0 [ 503.716268] ? __cleanup_sighand+0x50/0x50 [ 503.720499] ? lock_downgrade+0x740/0x740 [ 503.724642] _do_fork+0x19e/0xce0 [ 503.728080] ? fork_idle+0x280/0x280 [ 503.731783] ? fput+0xd4/0x150 [ 503.734964] ? SyS_write+0x15e/0x230 [ 503.738681] SyS_clone+0x37/0x50 [ 503.742039] ? sys_vfork+0x30/0x30 [ 503.745587] do_syscall_64+0x1e8/0x640 [ 503.749455] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 503.754287] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 503.759462] RIP: 0033:0x45a6f9 [ 503.762642] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 503.770365] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 503.777635] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 503.785014] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 503.792279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 503.799542] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:51 executing program 4: uname(&(0x7f0000000000)=""/155) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:51 executing program 0: creat(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:51 executing program 3 (fault-call:0 fault-nth:15): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:51 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000600), 0x80400001, 0x2) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x80000, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0xd6) execveat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)=[&(0x7f0000000080)='self-\x00', &(0x7f00000000c0)='GPL.\x97bdev&/em0wlan0.user^/user@\x00', &(0x7f0000000100)='\x9f#\'\x00', &(0x7f0000000140)='/\x00', &(0x7f0000000180)='&lo\x00', &(0x7f00000001c0)='user/$^procvmnet0/+@trusted%\\[posix_acl_accessselinux{keyringsystem.selinux\x00', &(0x7f0000000240)='ppp1*\x00', &(0x7f0000000280)='GPL#\x00', &(0x7f00000002c0)='/%#keyring#\x00'], &(0x7f0000000580)=[&(0x7f0000000380)='bdev\x00', &(0x7f00000003c0)='md5sumi\xdc$/\x00', &(0x7f0000000400)='vmnet0cgroup,^:\'ppp0cpusetmime_typesecurity}\x00', &(0x7f0000000440)='+wlan1^,\x00', &(0x7f0000000480)='posix_acl_access@[\x00', &(0x7f00000004c0)='ppp0).\x00', &(0x7f0000000500)='\x00', &(0x7f0000000540)='\x00'], 0x800) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000005c0)=[@in={0x2, 0x4e22, @multicast1}, @in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}], 0x20) 23:24:51 executing program 2 (fault-call:0 fault-nth:17): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:51 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xf, 0x7, 0x0, 0x1, 0x9, 0x18, "505c966294c8118851e4b02c80d7f30c0c679ab8b93e053e1116ef2426632e60a618f7a397926b51a79ed8b1950b10e87b1e3c07417907fd7fb7ea4a43034e83", "16395ba706be8ca43b85afa2414ad8919e578fcbe9601c3a2954586229003c8db44ea7a14b4b015571af978d9a9167c0724ea990dcaa38a21b5659a296b1951f", "64a1f5c36c61835390839d7fb393fc27b8219b65d57e70219b55be05cef9b936", [0x3, 0x2]}) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) flock(r1, 0xc) [ 504.438198] FAULT_INJECTION: forcing a failure. [ 504.438198] name failslab, interval 1, probability 0, space 0, times 0 [ 504.465086] CPU: 1 PID: 26456 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 504.473026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.482382] Call Trace: [ 504.484982] dump_stack+0x142/0x197 [ 504.488616] should_fail.cold+0x10f/0x159 [ 504.492777] should_failslab+0xdb/0x130 [ 504.496763] kmem_cache_alloc+0x2d7/0x780 [ 504.500915] ? find_held_lock+0x35/0x130 [ 504.504991] ? copy_tree+0x4a2/0x8a0 [ 504.508712] alloc_vfsmnt+0x28/0x7d0 [ 504.512417] clone_mnt+0x70/0xee0 [ 504.515853] ? lock_downgrade+0x740/0x740 [ 504.520140] ? do_raw_spin_unlock+0x16b/0x260 [ 504.524636] copy_tree+0x33b/0x8a0 [ 504.528171] copy_mnt_ns+0x11c/0x8c0 [ 504.531879] ? kmem_cache_alloc+0x611/0x780 [ 504.536189] ? selinux_capable+0x36/0x40 [ 504.540238] create_new_namespaces+0xc9/0x720 [ 504.544757] ? ns_capable_common+0x12c/0x160 [ 504.549380] copy_namespaces+0x284/0x310 [ 504.553429] copy_process.part.0+0x2603/0x6a70 [ 504.558007] ? proc_fail_nth_write+0x7d/0x180 [ 504.562491] ? proc_cwd_link+0x1b0/0x1b0 [ 504.566548] ? __cleanup_sighand+0x50/0x50 [ 504.570769] ? lock_downgrade+0x740/0x740 [ 504.574917] _do_fork+0x19e/0xce0 [ 504.578356] ? fork_idle+0x280/0x280 [ 504.582054] ? fput+0xd4/0x150 [ 504.585230] ? SyS_write+0x15e/0x230 [ 504.588937] SyS_clone+0x37/0x50 [ 504.592292] ? sys_vfork+0x30/0x30 [ 504.595820] do_syscall_64+0x1e8/0x640 [ 504.599690] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 504.604530] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 504.609706] RIP: 0033:0x45a6f9 [ 504.612881] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 504.620591] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 504.627846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 504.635103] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 504.642469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 504.649742] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 504.662868] FAULT_INJECTION: forcing a failure. [ 504.662868] name failslab, interval 1, probability 0, space 0, times 0 [ 504.677477] CPU: 1 PID: 26458 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 504.685425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.685431] Call Trace: [ 504.685450] dump_stack+0x142/0x197 [ 504.685470] should_fail.cold+0x10f/0x159 [ 504.685488] should_failslab+0xdb/0x130 [ 504.685498] kmem_cache_alloc+0x2d7/0x780 [ 504.685511] ? lock_downgrade+0x740/0x740 [ 504.685522] alloc_vfsmnt+0x28/0x7d0 [ 504.685532] clone_mnt+0x70/0xee0 [ 504.685540] ? is_subdir+0x222/0x389 [ 504.685552] copy_tree+0x33b/0x8a0 [ 504.685567] copy_mnt_ns+0x11c/0x8c0 [ 504.685575] ? kmem_cache_alloc+0x611/0x780 [ 504.685587] ? selinux_capable+0x36/0x40 [ 504.685601] create_new_namespaces+0xc9/0x720 [ 504.685611] ? ns_capable_common+0x12c/0x160 [ 504.685624] copy_namespaces+0x284/0x310 [ 504.685636] copy_process.part.0+0x2603/0x6a70 [ 504.685653] ? proc_fail_nth_write+0x7d/0x180 [ 504.685664] ? proc_cwd_link+0x1b0/0x1b0 [ 504.697654] ? __cleanup_sighand+0x50/0x50 [ 504.697669] ? lock_downgrade+0x740/0x740 [ 504.697684] _do_fork+0x19e/0xce0 [ 504.697697] ? fork_idle+0x280/0x280 [ 504.697710] ? fput+0xd4/0x150 [ 504.788684] ? SyS_write+0x15e/0x230 [ 504.792557] SyS_clone+0x37/0x50 [ 504.795905] ? sys_vfork+0x30/0x30 [ 504.799454] do_syscall_64+0x1e8/0x640 [ 504.803350] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 504.808196] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 504.813388] RIP: 0033:0x45a6f9 [ 504.816562] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 504.824275] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 504.832662] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:24:51 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) accept4$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000040)=0x1c, 0x80800) clone(0x1000000, 0x0, 0x0, 0x0, 0x0) [ 504.839922] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 504.847233] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 504.854509] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:51 executing program 2 (fault-call:0 fault-nth:18): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:51 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) wait4(r0, &(0x7f0000000000), 0x81000010, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:51 executing program 3 (fault-call:0 fault-nth:16): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:51 executing program 5: clone(0x1000000, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) bind$rxrpc(r0, &(0x7f0000000000)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x18}}}, 0x24) 23:24:51 executing program 0: creat(0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:51 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000005c0)='/selinux/status\x00', 0x0, 0x0) getsockname$unix(r2, &(0x7f0000000600)=@abs, &(0x7f0000000680)=0x6e) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0xfffffe70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x3, 0xffffffffffffffff, 0x0) r3 = socket$caif_stream(0x25, 0x1, 0x0) sendmmsg(r3, &(0x7f0000004e80), 0x4000000000003e5, 0x0) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) r5 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r5) r6 = openat$cgroup_ro(r5, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(r6, 0x400454d8, &(0x7f0000000b80)=0xdd69) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000c80)='/dev/cachefiles\x00', 0xb04a2e29588d2101, 0x0) ioctl$KVM_ASSIGN_SET_INTX_MASK(r9, 0x4040aea4, &(0x7f0000000b00)={0x608, 0x1, 0x1, 0x1, 0x7}) ioctl$VHOST_GET_FEATURES(0xffffffffffffffff, 0x8008af00, &(0x7f0000000ac0)) r10 = open(&(0x7f0000000080)='./file0/bus\x00', 0x0, 0x0) r11 = accept4$tipc(r10, &(0x7f00000006c0)=@name, &(0x7f0000000700)=0x10, 0x80000) sendmsg$tipc(r11, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a00), 0x0, 0x0, 0x0, 0x84}, 0x40050) fchdir(r10) openat$cgroup_ro(r4, &(0x7f0000000bc0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f0000000cc0)=ANY=[@ANYBLOB="6d616e676c6500000000000000000000000000000000000000000000000000001f00000006000000d00400004003000078020000b8010000f8000000b8010000380400003804000038040000380400003804000006000000", @ANYPTR=&(0x7f0000000000)=ANY=[@ANYBLOB='\x00'/96], @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800f80000000000000000000000000000000000000000000000f32630c21c3200006000534554000000000000000000000000000000000000000000000000000000050000000500000000040000010400005c60000080000000ffff0000020000000100000004000000d6eb000001000000ffff000003000000080000003fc90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800c00000000000000000000000000000000000000000000000000028004453435000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009800c000000000000000000000000000000000000000000000000000280045434e00000000000000000000000000000000000000000000000000000030020000000000000000000800000000ff0000000000000073797a5f74756e000000000000000000626f6e64300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0000000000000000000000000000000c00027000000000000000000000000000009800c80000000000000000000000000000000000000000000000000030005450524f5859000000000000000000000000000000000000000000000000ffffffff04000000ac14141e4e20000000000003e000000200000000ffffffff697036746e6c3000000000000000000062637366300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002e0003020000000000000000000000000000c800f80000000000000000000000000000000000000000000000000030006168000000000000000000000000000000000000000000000000000000006e04000002000000000000000000000030005450524f58590000000000774ae11b7ebe4bf8bab1d78d0000000000000000000000000000000000000006290000000000c0ac1414bb00ab0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/1238], 0x530) r12 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/dlm-monitor\x00', 0x822000, 0x0) ioctl$KVM_REINJECT_CONTROL(r12, 0xae71, &(0x7f0000000c40)={0xfa}) [ 505.008102] FAULT_INJECTION: forcing a failure. [ 505.008102] name failslab, interval 1, probability 0, space 0, times 0 [ 505.065900] CPU: 0 PID: 26481 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 505.074200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.083573] Call Trace: [ 505.086169] dump_stack+0x142/0x197 [ 505.089875] should_fail.cold+0x10f/0x159 [ 505.094019] should_failslab+0xdb/0x130 [ 505.097986] __kmalloc_track_caller+0x2ec/0x790 [ 505.102653] ? kstrdup_const+0x48/0x60 [ 505.106530] kstrdup+0x3a/0x70 [ 505.109718] kstrdup_const+0x48/0x60 [ 505.113419] alloc_vfsmnt+0xe5/0x7d0 [ 505.117115] clone_mnt+0x70/0xee0 [ 505.120568] ? lock_downgrade+0x740/0x740 [ 505.124983] ? do_raw_spin_unlock+0x16b/0x260 [ 505.129462] copy_tree+0x33b/0x8a0 [ 505.133017] copy_mnt_ns+0x11c/0x8c0 [ 505.136734] ? kmem_cache_alloc+0x611/0x780 [ 505.143066] ? selinux_capable+0x36/0x40 [ 505.147158] create_new_namespaces+0xc9/0x720 [ 505.151650] ? ns_capable_common+0x12c/0x160 [ 505.156073] copy_namespaces+0x284/0x310 [ 505.160131] copy_process.part.0+0x2603/0x6a70 [ 505.164725] ? proc_fail_nth_write+0x7d/0x180 [ 505.169208] ? proc_cwd_link+0x1b0/0x1b0 [ 505.173264] ? __cleanup_sighand+0x50/0x50 [ 505.177496] ? lock_downgrade+0x740/0x740 [ 505.181636] _do_fork+0x19e/0xce0 [ 505.185077] ? fork_idle+0x280/0x280 [ 505.188780] ? fput+0xd4/0x150 [ 505.191957] ? SyS_write+0x15e/0x230 [ 505.195654] SyS_clone+0x37/0x50 [ 505.199004] ? sys_vfork+0x30/0x30 [ 505.202530] do_syscall_64+0x1e8/0x640 [ 505.206397] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 505.211402] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 505.216574] RIP: 0033:0x45a6f9 [ 505.219745] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 505.227445] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 505.234707] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 505.241964] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 505.249228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 505.256486] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:51 executing program 5: clone(0x30000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f00000006c0)='/dev/input/mice\x00', 0x0, 0x8000) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000700)=0x8, 0x4) r1 = getpgrp(0x0) process_vm_writev(r1, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/148, 0x94}, {&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000140)=""/121, 0x79}, {&(0x7f00000001c0)=""/199, 0xc7}, {&(0x7f00000002c0)=""/242, 0xf2}, {&(0x7f00000003c0)=""/202, 0xca}], 0x6, &(0x7f0000000680)=[{&(0x7f0000000540)=""/56, 0x38}, {&(0x7f0000000580)=""/225, 0xe1}], 0x2, 0x0) 23:24:52 executing program 4: prctl$PR_SVE_SET_VL(0x32, 0x3e271) [ 505.335472] FAULT_INJECTION: forcing a failure. [ 505.335472] name failslab, interval 1, probability 0, space 0, times 0 [ 505.360803] CPU: 0 PID: 26487 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 505.368764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.378118] Call Trace: [ 505.380705] dump_stack+0x142/0x197 23:24:52 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x24003, 0x0) timerfd_settime(r0, 0x789afd79e52fa6f4, &(0x7f00000000c0)={{0x77359400}}, &(0x7f0000000100)) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000040)={0x5, 0x1f, 0x2, 0x200}) [ 505.380724] should_fail.cold+0x10f/0x159 [ 505.380740] should_failslab+0xdb/0x130 [ 505.380752] __kmalloc_track_caller+0x2ec/0x790 [ 505.380769] ? kstrdup_const+0x48/0x60 [ 505.380781] kstrdup+0x3a/0x70 [ 505.380792] kstrdup_const+0x48/0x60 [ 505.380803] alloc_vfsmnt+0xe5/0x7d0 [ 505.380817] clone_mnt+0x70/0xee0 [ 505.415099] ? is_subdir+0x222/0x389 [ 505.418823] copy_tree+0x33b/0x8a0 [ 505.422380] copy_mnt_ns+0x11c/0x8c0 [ 505.426095] ? kmem_cache_alloc+0x611/0x780 [ 505.430438] ? selinux_capable+0x36/0x40 [ 505.434606] create_new_namespaces+0xc9/0x720 [ 505.439106] ? ns_capable_common+0x12c/0x160 [ 505.443522] copy_namespaces+0x284/0x310 [ 505.447577] copy_process.part.0+0x2603/0x6a70 [ 505.452157] ? proc_fail_nth_write+0x7d/0x180 [ 505.456643] ? proc_cwd_link+0x1b0/0x1b0 [ 505.460712] ? __cleanup_sighand+0x50/0x50 [ 505.464958] ? lock_downgrade+0x740/0x740 [ 505.469431] _do_fork+0x19e/0xce0 [ 505.469444] ? fork_idle+0x280/0x280 [ 505.476621] ? fput+0xd4/0x150 [ 505.479807] ? SyS_write+0x15e/0x230 [ 505.483540] SyS_clone+0x37/0x50 [ 505.486900] ? sys_vfork+0x30/0x30 [ 505.490546] do_syscall_64+0x1e8/0x640 [ 505.494486] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 505.499325] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 505.504506] RIP: 0033:0x45a6f9 [ 505.507677] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 505.515375] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 505.522742] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:24:52 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 505.530153] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 505.537440] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 505.544709] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:52 executing program 2 (fault-call:0 fault-nth:19): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:52 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$SOUND_MIXER_WRITE_RECSRC(r0, 0xc0044dff, &(0x7f0000000080)=0x400) clone(0x20000000, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ioctl$NBD_SET_FLAGS(0xffffffffffffffff, 0xab0a, 0x1) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$SOUND_MIXER_INFO(r1, 0x805c4d65, &(0x7f0000000000)) 23:24:52 executing program 3 (fault-call:0 fault-nth:17): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:52 executing program 5: clone(0x40805000, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f0000000380)={0x6, 0x1, 0x8, 0x5800, r0}) sendmsg$sock(r0, &(0x7f00000001c0)={&(0x7f0000000040)=@in6={0xa, 0x4e21, 0x21f, @ipv4={[], [], @loopback}, 0x8813}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)="c8e427005c568c4e932f1d899a0579112962fe1483b2c4ef4f6333ac357b0f6735476bd1b80bb32bece928da888e86314c666f246dc2ae212df9a0e3b33c3857892ccc58e500b33f2fc43d80a0cb2cc11cf9f622093124b3b52e8989792901ad00df5fd7f073ca4f7a562941eecfff219f05a549eca87612ca75713bf9a1918ebe40fd5920e14f8fbbd802d6de14abc0f16910b870d0fd192a544ba533721cba52d1da44afbb", 0xa6}], 0x1, &(0x7f0000000280)=[@mark={{0x14, 0x1, 0x24, 0x9}}, @mark={{0x14, 0x1, 0x24, 0xfff}}, @timestamping={{0x14, 0x1, 0x25, 0xffffffff}}, @txtime={{0x18, 0x1, 0x3d, 0x6}}, @txtime={{0x18, 0x1, 0x3d, 0x10000}}, @timestamping={{0x14}}], 0x90}, 0x6000000) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$SNDCTL_DSP_NONBLOCK(r0, 0x500e, 0x0) write$P9_RLCREATE(r0, &(0x7f0000000200)={0x18, 0xf, 0x1, {{0x40, 0x3, 0x2}, 0x80000001}}, 0x18) 23:24:52 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:52 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x10001, 0x10302) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x9) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 505.663252] FAULT_INJECTION: forcing a failure. [ 505.663252] name failslab, interval 1, probability 0, space 0, times 0 [ 505.744571] CPU: 1 PID: 26530 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 505.752620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.761984] Call Trace: [ 505.764583] dump_stack+0x142/0x197 [ 505.768228] should_fail.cold+0x10f/0x159 [ 505.772391] should_failslab+0xdb/0x130 [ 505.776380] kmem_cache_alloc+0x2d7/0x780 [ 505.780585] ? find_held_lock+0x35/0x130 [ 505.784651] ? copy_tree+0x4a2/0x8a0 [ 505.788373] alloc_vfsmnt+0x28/0x7d0 [ 505.792095] clone_mnt+0x70/0xee0 [ 505.795558] ? lock_downgrade+0x740/0x740 [ 505.799718] ? do_raw_spin_unlock+0x16b/0x260 [ 505.804398] copy_tree+0x33b/0x8a0 [ 505.808121] copy_mnt_ns+0x11c/0x8c0 [ 505.811843] ? kmem_cache_alloc+0x611/0x780 [ 505.816197] ? selinux_capable+0x36/0x40 [ 505.820269] create_new_namespaces+0xc9/0x720 [ 505.824760] ? ns_capable_common+0x12c/0x160 [ 505.829172] copy_namespaces+0x284/0x310 [ 505.833451] copy_process.part.0+0x2603/0x6a70 [ 505.838100] ? proc_fail_nth_write+0x7d/0x180 [ 505.842601] ? proc_cwd_link+0x1b0/0x1b0 [ 505.846682] ? __cleanup_sighand+0x50/0x50 [ 505.850923] ? lock_downgrade+0x740/0x740 [ 505.855082] _do_fork+0x19e/0xce0 [ 505.858586] ? fork_idle+0x280/0x280 [ 505.862306] ? fput+0xd4/0x150 [ 505.865578] ? SyS_write+0x15e/0x230 [ 505.869557] SyS_clone+0x37/0x50 [ 505.873069] ? sys_vfork+0x30/0x30 [ 505.876621] do_syscall_64+0x1e8/0x640 [ 505.880507] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 505.885367] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 505.890563] RIP: 0033:0x45a6f9 [ 505.893741] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 505.901450] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 505.908728] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 505.916144] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 505.923505] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 505.930785] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:52 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 505.944095] FAULT_INJECTION: forcing a failure. [ 505.944095] name failslab, interval 1, probability 0, space 0, times 0 [ 505.956096] CPU: 1 PID: 26534 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 505.964003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 505.964008] Call Trace: [ 505.964026] dump_stack+0x142/0x197 [ 505.964045] should_fail.cold+0x10f/0x159 [ 505.964061] should_failslab+0xdb/0x130 [ 505.964072] kmem_cache_alloc+0x2d7/0x780 [ 505.964083] ? find_held_lock+0x35/0x130 [ 505.964093] ? copy_tree+0x4a2/0x8a0 [ 505.964105] alloc_vfsmnt+0x28/0x7d0 [ 505.964117] clone_mnt+0x70/0xee0 [ 505.983945] ? lock_downgrade+0x740/0x740 [ 505.983958] ? do_raw_spin_unlock+0x16b/0x260 [ 505.983972] copy_tree+0x33b/0x8a0 [ 505.983990] copy_mnt_ns+0x11c/0x8c0 [ 505.983998] ? kmem_cache_alloc+0x611/0x780 [ 505.984010] ? selinux_capable+0x36/0x40 [ 505.984024] create_new_namespaces+0xc9/0x720 [ 505.984033] ? ns_capable_common+0x12c/0x160 23:24:52 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 505.984044] copy_namespaces+0x284/0x310 [ 505.984057] copy_process.part.0+0x2603/0x6a70 [ 505.984074] ? proc_fail_nth_write+0x7d/0x180 [ 505.984082] ? proc_cwd_link+0x1b0/0x1b0 [ 505.984100] ? __cleanup_sighand+0x50/0x50 [ 505.984110] ? lock_downgrade+0x740/0x740 [ 505.984124] _do_fork+0x19e/0xce0 [ 505.984136] ? fork_idle+0x280/0x280 [ 505.984149] ? fput+0xd4/0x150 [ 505.984159] ? SyS_write+0x15e/0x230 [ 505.996337] SyS_clone+0x37/0x50 [ 505.996347] ? sys_vfork+0x30/0x30 [ 505.996366] do_syscall_64+0x1e8/0x640 [ 505.996377] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 505.996391] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 505.996399] RIP: 0033:0x45a6f9 [ 505.996404] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 505.996414] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 505.996420] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 505.996425] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 505.996431] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 23:24:52 executing program 2 (fault-call:0 fault-nth:20): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:52 executing program 1: clone(0x1800000, 0x0, 0x0, 0x0, 0x0) 23:24:52 executing program 3 (fault-call:0 fault-nth:18): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 505.996436] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 506.174692] FAULT_INJECTION: forcing a failure. [ 506.174692] name failslab, interval 1, probability 0, space 0, times 0 [ 506.201153] CPU: 1 PID: 26553 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 506.209101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.218468] Call Trace: [ 506.221248] dump_stack+0x142/0x197 [ 506.224916] should_fail.cold+0x10f/0x159 [ 506.229214] should_failslab+0xdb/0x130 [ 506.233218] __kmalloc_track_caller+0x2ec/0x790 [ 506.237907] ? kstrdup_const+0x48/0x60 [ 506.241814] kstrdup+0x3a/0x70 [ 506.245024] kstrdup_const+0x48/0x60 [ 506.248758] alloc_vfsmnt+0xe5/0x7d0 [ 506.252484] clone_mnt+0x70/0xee0 [ 506.255951] ? lock_downgrade+0x740/0x740 [ 506.260106] ? do_raw_spin_unlock+0x16b/0x260 [ 506.264614] copy_tree+0x33b/0x8a0 [ 506.268178] copy_mnt_ns+0x11c/0x8c0 [ 506.271900] ? kmem_cache_alloc+0x611/0x780 [ 506.276239] ? selinux_capable+0x36/0x40 [ 506.280336] create_new_namespaces+0xc9/0x720 [ 506.284842] ? ns_capable_common+0x12c/0x160 [ 506.289260] copy_namespaces+0x284/0x310 [ 506.293342] copy_process.part.0+0x2603/0x6a70 [ 506.297955] ? proc_fail_nth_write+0x7d/0x180 [ 506.302459] ? proc_cwd_link+0x1b0/0x1b0 [ 506.306544] ? __cleanup_sighand+0x50/0x50 [ 506.310800] ? lock_downgrade+0x740/0x740 [ 506.315052] _do_fork+0x19e/0xce0 [ 506.318515] ? fork_idle+0x280/0x280 [ 506.322252] ? fput+0xd4/0x150 [ 506.325448] ? SyS_write+0x15e/0x230 [ 506.329174] SyS_clone+0x37/0x50 [ 506.332542] ? sys_vfork+0x30/0x30 [ 506.336099] do_syscall_64+0x1e8/0x640 [ 506.340003] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 506.344871] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:24:53 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 506.350064] RIP: 0033:0x45a6f9 [ 506.353251] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 506.360970] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 506.368362] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 506.375643] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 506.386576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 506.393865] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:53 executing program 1: clone(0x200000, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) accept4$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000040)=0x1c, 0xc0800) [ 506.579578] FAULT_INJECTION: forcing a failure. [ 506.579578] name failslab, interval 1, probability 0, space 0, times 0 [ 506.596204] CPU: 1 PID: 26558 Comm: syz-executor.3 Not tainted 4.14.158-syzkaller #0 [ 506.604126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.613494] Call Trace: [ 506.616095] dump_stack+0x142/0x197 [ 506.619747] should_fail.cold+0x10f/0x159 [ 506.623914] should_failslab+0xdb/0x130 [ 506.627904] __kmalloc_track_caller+0x2ec/0x790 [ 506.632706] ? kstrdup_const+0x48/0x60 [ 506.636610] kstrdup+0x3a/0x70 [ 506.639817] kstrdup_const+0x48/0x60 [ 506.643542] alloc_vfsmnt+0xe5/0x7d0 [ 506.647265] clone_mnt+0x70/0xee0 [ 506.651597] ? lock_downgrade+0x740/0x740 [ 506.655771] ? do_raw_spin_unlock+0x16b/0x260 [ 506.660282] copy_tree+0x33b/0x8a0 [ 506.663867] copy_mnt_ns+0x11c/0x8c0 [ 506.667623] ? kmem_cache_alloc+0x611/0x780 [ 506.671964] ? selinux_capable+0x36/0x40 [ 506.676045] create_new_namespaces+0xc9/0x720 [ 506.680559] ? ns_capable_common+0x12c/0x160 [ 506.684988] copy_namespaces+0x284/0x310 [ 506.689067] copy_process.part.0+0x2603/0x6a70 [ 506.693675] ? proc_fail_nth_write+0x7d/0x180 [ 506.698186] ? proc_cwd_link+0x1b0/0x1b0 [ 506.702271] ? __cleanup_sighand+0x50/0x50 [ 506.706509] ? lock_downgrade+0x740/0x740 [ 506.710669] _do_fork+0x19e/0xce0 [ 506.714132] ? fork_idle+0x280/0x280 [ 506.717856] ? fput+0xd4/0x150 [ 506.721057] ? SyS_write+0x15e/0x230 [ 506.724782] SyS_clone+0x37/0x50 [ 506.728178] ? sys_vfork+0x30/0x30 [ 506.731728] do_syscall_64+0x1e8/0x640 [ 506.735624] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 506.740482] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 506.745677] RIP: 0033:0x45a6f9 [ 506.748872] RSP: 002b:00007f0850ae1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 506.756587] RAX: ffffffffffffffda RBX: 00007f0850ae1c90 RCX: 000000000045a6f9 [ 506.763861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 506.771226] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:24:53 executing program 4: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 506.778620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f0850ae26d4 [ 506.785897] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:53 executing program 2 (fault-call:0 fault-nth:21): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:53 executing program 5: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x80000, 0x0) write$P9_RWALK(r0, &(0x7f0000000040)={0x64, 0x6f, 0x2, {0x7, [{0x10, 0x3, 0x5}, {0xd360e0f51f290d8a, 0x3, 0x3}, {0x8, 0x4, 0x8}, {0x13, 0x4, 0x3}, {0x8, 0x2, 0x7}, {0x80, 0x4, 0x1}, {0x0, 0x0, 0x7}]}}, 0x64) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x12) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_WINDOW(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x201001}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, r2, 0x4, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x4109, 0x0, {0x4c, 0x18, {0x1, @link='syz1\x00'}}}, [""]}, 0x68}, 0x1, 0x0, 0x0, 0x10}, 0xc12aef7f8cb35f00) 23:24:53 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:53 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000080)={0x3ff}) [ 506.966235] audit: type=1400 audit(1575674693.656:104): avc: denied { create } for pid=26587 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_scsitransport_socket permissive=1 23:24:53 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:53 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:53 executing program 4: socket$inet(0x10, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) syz_open_procfs(0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2081001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa\x00', 0x0, 0x0) pivot_root(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00') r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) bind$packet(r2, &(0x7f0000000100)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @local}, 0x14) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000d0400"/20, @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) munmap(&(0x7f00000c6000/0x3000)=nil, 0x3000) setsockopt$CAIFSO_REQ_PARAM(0xffffffffffffffff, 0x116, 0x80, &(0x7f0000000000)="17ad26722ed4c63d8024b2b0135075688d9a5f96a9c854fdd192f1d5e15d31268ea245f0acd709833183d0f3aeacf450e07a1d89a2822cfe8facc0c971fc17217137d5c446c670255bc38d59f3", 0x4d) bind$inet(r7, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) r8 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) sendto$inet(r7, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 507.098063] FAULT_INJECTION: forcing a failure. [ 507.098063] name failslab, interval 1, probability 0, space 0, times 0 [ 507.147592] CPU: 1 PID: 26590 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 507.155637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.165003] Call Trace: [ 507.167610] dump_stack+0x142/0x197 [ 507.171256] should_fail.cold+0x10f/0x159 [ 507.175419] should_failslab+0xdb/0x130 [ 507.179388] kmem_cache_alloc+0x2d7/0x780 [ 507.183531] ? find_held_lock+0x35/0x130 [ 507.187586] ? copy_tree+0x4a2/0x8a0 [ 507.191301] alloc_vfsmnt+0x28/0x7d0 [ 507.197344] clone_mnt+0x70/0xee0 [ 507.200784] ? lock_downgrade+0x740/0x740 [ 507.204939] ? do_raw_spin_unlock+0x16b/0x260 [ 507.209419] copy_tree+0x33b/0x8a0 [ 507.212948] copy_mnt_ns+0x11c/0x8c0 [ 507.216646] ? kmem_cache_alloc+0x611/0x780 [ 507.220955] ? selinux_capable+0x36/0x40 [ 507.225003] create_new_namespaces+0xc9/0x720 [ 507.229501] ? ns_capable_common+0x12c/0x160 [ 507.233899] copy_namespaces+0x284/0x310 [ 507.237947] copy_process.part.0+0x2603/0x6a70 [ 507.242522] ? proc_fail_nth_write+0x7d/0x180 [ 507.247000] ? proc_cwd_link+0x1b0/0x1b0 [ 507.251049] ? __cleanup_sighand+0x50/0x50 [ 507.255268] ? lock_downgrade+0x740/0x740 [ 507.259401] _do_fork+0x19e/0xce0 [ 507.262847] ? fork_idle+0x280/0x280 [ 507.266545] ? fput+0xd4/0x150 [ 507.269808] ? SyS_write+0x15e/0x230 [ 507.273509] SyS_clone+0x37/0x50 [ 507.276860] ? sys_vfork+0x30/0x30 [ 507.280384] do_syscall_64+0x1e8/0x640 [ 507.284267] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 507.289116] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 507.294301] RIP: 0033:0x45a6f9 [ 507.297475] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 507.305169] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 507.312439] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 507.319711] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 507.326989] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 507.334272] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:54 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x180000) ioctl$KDENABIO(r1, 0x4b36) 23:24:54 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) ioctl$NS_GET_USERNS(r3, 0xb701, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap(&(0x7f00009fe000/0x600000)=nil, 0x600000, 0x0, 0x44010, r2, 0x631ac000) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r4 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r4, 0x7, &(0x7f0000027000)={0x1}) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x0, 0x0) close(r5) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r7, 0xffff}}, 0x10) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r4, &(0x7f0000000140)={0x5, 0x10, 0xfa00, {&(0x7f0000000380), r7, 0x2}}, 0x18) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000280)={{0x2, 0x4e20, @loopback}, {0x6, @local}, 0x0, {0x2, 0x4e20, @remote}, 'erspa\v\xc21\x19\x00\x00\x7f\x02\x00'}) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000300)={0x8, 0x0, 0x0, 0x7}) ioctl$DRM_IOCTL_SG_FREE(r4, 0x40106439, &(0x7f0000000580)={0xfffffffffffffffb, r8}) open(&(0x7f0000000180)='./bus\x00', 0x80001, 0x0) write$FUSE_WRITE(r0, &(0x7f0000000100)={0x18, 0x0, 0x4, {0x3b46}}, 0x18) statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/142) 23:24:54 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000000)={'vlan0\x00', {0x2, 0x4e24, @multicast2}}) clone(0x41c00, 0x0, 0x0, 0x0, 0x0) 23:24:54 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4220240c}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x4000) 23:24:54 executing program 2 (fault-call:0 fault-nth:22): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:54 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:54 executing program 1: clone(0xac5fe43412598935, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCAX25DELFWD(0xffffffffffffffff, 0x89eb, &(0x7f0000000000)={@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}) r0 = semget(0x1, 0x2, 0x10) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000040)=""/58) [ 507.596655] FAULT_INJECTION: forcing a failure. [ 507.596655] name failslab, interval 1, probability 0, space 0, times 0 [ 507.666683] CPU: 1 PID: 26636 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 507.674632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.684018] Call Trace: [ 507.686609] dump_stack+0x142/0x197 [ 507.686627] should_fail.cold+0x10f/0x159 [ 507.686643] should_failslab+0xdb/0x130 [ 507.698377] __kmalloc_track_caller+0x2ec/0x790 [ 507.698394] ? kstrdup_const+0x48/0x60 [ 507.698405] kstrdup+0x3a/0x70 [ 507.710125] kstrdup_const+0x48/0x60 [ 507.713840] alloc_vfsmnt+0xe5/0x7d0 [ 507.717557] clone_mnt+0x70/0xee0 [ 507.721005] ? lock_downgrade+0x740/0x740 [ 507.725148] ? do_raw_spin_unlock+0x16b/0x260 [ 507.729636] copy_tree+0x33b/0x8a0 [ 507.733172] copy_mnt_ns+0x11c/0x8c0 [ 507.736868] ? kmem_cache_alloc+0x611/0x780 [ 507.741183] ? selinux_capable+0x36/0x40 [ 507.745235] create_new_namespaces+0xc9/0x720 [ 507.749715] ? ns_capable_common+0x12c/0x160 [ 507.756826] copy_namespaces+0x284/0x310 [ 507.760872] copy_process.part.0+0x2603/0x6a70 [ 507.765454] ? proc_fail_nth_write+0x7d/0x180 [ 507.769932] ? proc_cwd_link+0x1b0/0x1b0 [ 507.773982] ? __cleanup_sighand+0x50/0x50 [ 507.778202] ? lock_downgrade+0x740/0x740 [ 507.782337] _do_fork+0x19e/0xce0 [ 507.785772] ? fork_idle+0x280/0x280 [ 507.789471] ? fput+0xd4/0x150 [ 507.792649] ? SyS_write+0x15e/0x230 [ 507.796346] SyS_clone+0x37/0x50 [ 507.799708] ? sys_vfork+0x30/0x30 [ 507.804278] do_syscall_64+0x1e8/0x640 [ 507.808149] ? trace_hardirqs_off_thunk+0x1a/0x1c 23:24:54 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:54 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x7ff, 0x200) 23:24:54 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x440000, 0x0) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x5, 0xff, 0x7}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000180)={r1, 0x7b, "ee221a45c0247c5561cd5dcd277722daa6e140a64082244ccdb9d5cc0dbd9939164238ff7036aa955902f531afb9bf46fef9cce1921a6c0a866295f76ee05f3c85dbb2b7291f6e99fc923c2bf43564c99baeae121b963df555cb56d86ed3157a9071bea21979dc151702d4fefa98bed8b6f9d08adf2ca75e786492"}, &(0x7f0000000240)=0x83) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f00000000c0)={r1, 0x6, 0xaa, "4f0982d5749f0f1f1bc78da66ed135d58eec71f1570c59e8daa28132fa6e646b1558876fe85e11c5e18875222676181757fa29353e53098fdf9b7afd4fbe4842c9eeee64a1c343e6d0ab0061d35e028402c27b4072c35e48efafd7f5e384f380886c806726c85055a3acadc8fd1e49028792898fbe364422bc20e6a80030a9bfc1c1f2ae9943fd76f78d3f3a73d12550c93f67480da50c5eee2e5afa97d6e3c95e426b2b1e6b97c66f03"}, 0xb2) [ 507.812981] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 507.818153] RIP: 0033:0x45a6f9 [ 507.821327] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 507.829038] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 507.836292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 507.843546] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 507.850797] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 507.858049] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:54 executing program 5: creat(&(0x7f0000000300)='./file0\x00', 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001ac0)={0x0}, 0x0) waitid(0x0, r0, &(0x7f0000001b40), 0x0, &(0x7f0000001bc0)) gettid() prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x4, 0x5, 0x0, 0x5}, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) getpid() recvmmsg(r2, &(0x7f0000008880), 0x400000000000059, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0), 0x10) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000ac0), 0x4) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf31bd4753be30e8c, @perf_config_ext, 0xd02901c74d49813e, 0x0, 0x0, 0x8, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r5, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) clone(0x4101000, 0x0, 0x0, 0x0, 0x0) r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000600)="2c8adad7242f5ced37cd386eb3606d6ffccd638ff933c145ed0b2def87537a3dcc2165696bc57a349771b387ee2886ab857184296cffc2384a109c02612e4f21230d378e2cfdf165d751adb72bb78533e03d84f91cd3d43d2a34f513b966597742bb58a4c080bf82eae40b8021554c2fac661a2836ddf4d1671e60922e8ba1cfd6de4831be70c628c89906092caef232884c39a2926af8f2b5eb8791a91785a8de28f217e98a4d3cf7c3351d38fce4fed8cdbd114b99", 0xb6}, {&(0x7f0000000100)="2cd021947bd63235df71c817a984110bed167837a872c27358417b2207d15a2c05c6d6f752d565ccd9a077e439a439c32f4c8de6a4e73a0fdd22924d5e51b9151af55c758e94e37b074fb2484b7be910bb484164a3ccdc56cb1fd8419b46f9aa3520b1", 0x63}, {&(0x7f0000000180)="3448c356510c14fe19d8821c01f4d3355c1ee7a368f3c2df7329386fd32dc1", 0x1f}, {&(0x7f00000001c0)="138f37bbb881ee238bae20ee417cc4503a40fcda61c5eea02bd9b9d9f581e079b5e4e5e01c10247034665fa8ea329d230e7ea082ed647645acaa08ac02b5e9e631be907dd548ecc6eb51e887cbe65c0c0ad2a7e5fbd010d8ba98c2cd6b2d6222b7dcc3c9ec35c3841cdebf56292fa4c01bedee97242c3f08128022645db0e554189677536383271e36f4c77691c9004309b3a2d185dd6780dabc66013570b4b995b1f28de2702f0784da0d2e714a3a808ce2875cc0ba32a148cebaa710982bd41723b81ce1a9cfbf0907394f7748d73746eb20d8c4af4013e8432e12b30c356edc96222cd2cfa23566c88ae728586f6157242238e020e906bbe3", 0xfa}, {&(0x7f00000002c0)="61040cff24c46f2263e51393ec386844d04aaddb306b2c4b5d24fc5e5c077dddf7a94e", 0x23}, {&(0x7f0000000300)="2c374efdbcd99a8d1947657daedd45dd18a162fe309d24eeb32327febf8878e966fd22fce8f934993032ad3b5b6a5b2b8f3f0e93fc63eeb317d6ed09694398fea4d761a7618672c479539f0e9fa6b0f9969e2960f77a309725afa0725f19c0ae6e57a71723", 0x65}, {&(0x7f0000000380)="78b18c5d4b6f41cd554834ea467ec9235318609fdf8b3a711297aea60087e3e815f367f801f337445c86d5261b8e158325b31a286272a4cb11aafdb2f5d76606b68c0f71f99129677a71dd2335d75ae3f31e0a6d255de8ef6e34521ed65aa74a5c7ff8e134d79e4edaa0fc616c8f60df7b2dd42e31c59a1d19c422c9eb30c34c4a145d71e12e917223c1dc78ff09f061c6fc284c52fd8e78b6a7346ddf44a0c1ab49", 0xa2}, {&(0x7f0000000440)="6e0453017231f832dc8a45d3397cae41042e52f217ba3a814c9f19c2e87f46e662f06cac45704b3458cd615bed7ba84eeaa217e3112e311faa83ddf4939b3e44a940735f6ac502d33a3f4cbafb3419c3848c9016a7c299955dd9d882574dc380deb9429cd3ceedc3ce1b3ea52d9a738f0affbea29d", 0x75}], 0x8}, 0x40) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) 23:24:54 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) openat$cgroup_type(r0, &(0x7f0000000000)='cgroup.type\x00', 0x2, 0x0) 23:24:54 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, 0x0}) prlimit64(r0, 0x0, &(0x7f0000000080)={0x0, 0x400}, &(0x7f00000000c0)) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/enforce\x00', 0x840, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r3 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r3) [ 507.968115] devpts: called with bogus options 23:24:54 executing program 2 (fault-call:0 fault-nth:23): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:54 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x81) [ 508.102511] FAULT_INJECTION: forcing a failure. [ 508.102511] name failslab, interval 1, probability 0, space 0, times 0 [ 508.128362] CPU: 0 PID: 26686 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 508.136405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.145794] Call Trace: [ 508.148393] dump_stack+0x142/0x197 23:24:54 executing program 4: prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f0000000000)="6966b923a873931817907970e041a6b274f34e6eda87349c2e23a5e6a3572ce9dc5e6db1e925612a2ef4d63db7978ffb180d09627ce2b7b1c71e42c123973441e2d53a4452c7c88d9d3eb006e301ea17421b301e238e21890308c5fc1f40a70b1e10057cd9039b239df8cf88697c497b5fc8917ff463f8e6d986acef930d662c60e3010d0354473bf9633507b90a214a") ioctl$KDGKBTYPE(r0, 0x4b33, &(0x7f0000000580)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$KDFONTOP_COPY(r1, 0x4b72, &(0x7f0000000540)={0x3, 0x0, 0xb, 0x20, 0xe3, &(0x7f0000000140)}) r2 = getpid() getsockopt$inet6_dccp_int(r0, 0x21, 0x1, &(0x7f00000005c0), &(0x7f0000000600)=0x4) sched_setattr(r2, &(0x7f0000000040)={0xfffffffffffffec3, 0x2, 0x1, 0x80000, 0x5, 0x0, 0x800}, 0x0) timer_create(0x1, &(0x7f00000000c0)={0x0, 0xf, 0x5, @tid=r2}, &(0x7f0000000100)) [ 508.152043] should_fail.cold+0x10f/0x159 [ 508.156210] should_failslab+0xdb/0x130 [ 508.160231] kmem_cache_alloc+0x2d7/0x780 [ 508.164393] ? find_held_lock+0x35/0x130 [ 508.164406] ? copy_tree+0x4a2/0x8a0 [ 508.164417] alloc_vfsmnt+0x28/0x7d0 [ 508.172186] clone_mnt+0x70/0xee0 [ 508.172197] ? lock_downgrade+0x740/0x740 [ 508.172205] ? do_raw_spin_unlock+0x16b/0x260 [ 508.172215] copy_tree+0x33b/0x8a0 [ 508.172230] copy_mnt_ns+0x11c/0x8c0 [ 508.172238] ? kmem_cache_alloc+0x611/0x780 [ 508.172250] ? selinux_capable+0x36/0x40 [ 508.172262] create_new_namespaces+0xc9/0x720 [ 508.172273] ? ns_capable_common+0x12c/0x160 [ 508.212450] copy_namespaces+0x284/0x310 [ 508.216499] copy_process.part.0+0x2603/0x6a70 [ 508.221070] ? proc_fail_nth_write+0x7d/0x180 [ 508.226603] ? proc_cwd_link+0x1b0/0x1b0 [ 508.230668] ? __cleanup_sighand+0x50/0x50 [ 508.234890] ? lock_downgrade+0x740/0x740 [ 508.239023] _do_fork+0x19e/0xce0 [ 508.242467] ? fork_idle+0x280/0x280 [ 508.246168] ? fput+0xd4/0x150 [ 508.249342] ? SyS_write+0x15e/0x230 [ 508.253044] SyS_clone+0x37/0x50 [ 508.256401] ? sys_vfork+0x30/0x30 [ 508.259931] do_syscall_64+0x1e8/0x640 [ 508.263819] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 508.268652] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 508.273826] RIP: 0033:0x45a6f9 [ 508.276999] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 508.284708] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 508.291965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:24:55 executing program 3: clone(0x787467f9cf81d9c, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_CLAIMINTERFACE(0xffffffffffffffff, 0x8004550f, &(0x7f0000000000)=0x7) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x40, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x3f}, &(0x7f0000000100)=0x10) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000380)='/dev/hwrng\x00', 0x1, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f00000003c0), &(0x7f0000000400)=0x4) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r2, 0x85}, &(0x7f0000000340)=0x8) r4 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r4) sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x13c, 0x0, 0x202, 0x1, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e21}, @IPVS_SVC_ATTR_FWMARK={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x58, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syz_tun\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7ff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x5ab5ae9}]}, @IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xff}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x4}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x26}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xff}]}, 0x13c}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000004) [ 508.299219] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 508.306474] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 508.313730] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:55 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0xc) writev(0xffffffffffffffff, 0x0, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000080)="0300050000000100001400000000000000000f0000000000000000000500000000004200"/62, 0x3e, 0x1c0}]) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x2, 0x0) syz_mount_image$minix(0x0, &(0x7f0000000100)='./file0\x00', 0x3, 0x7, &(0x7f0000000940)=[{&(0x7f0000000440)="7641aecd07932adfafabef02818e898051c41407e712cd06b353bbfc2475f3dfed5f174f90070e012e68e77e2513f2184e769043316d07be50ced60645e3d2fce10163395bdfc26944a926d2d666f5c82502f2f6626844f478203e931662300636676f52fabd01ce2162950b514bd1cb13a024b7004ed0d23a1d755553ebb7e5dfba90b667f05f306c15f9760fe950c999056f5792d4d2d2a899facf66ddd883a6d12654fc490166d10987e6411a41efd9f2e1e010ef50268c135df79c827102e10a714d95f2b95f87e9b6da6d2cf789f3dd60c588e9e671d282b366503b2173b82a7b70", 0xe4, 0xcd4}, {&(0x7f0000000540)="5072e2133f5904a28201b951e0f4b4cb7ba83a0f2dfefa5f9d8e9eee04d9775af0a5a0ba5ae20ec96efb7448c320bce5d1acb8c0ebe7ebec9969422ac87fd39df2c58c789df910ee1ccae481e125903d82e91bae38a04124e82b60952e802f0bd8747a606a5c35b29794dda141ff1ff711826910b23099fc1ce225a03256f06f8511b7a4d14da78ffe89f4edccd34b07abd4426d5822259ebc444f29f6e6a498931a30441e357ac1185e7ff38ef9efcbab05", 0xb2, 0xb9}, {&(0x7f0000000640)="9e00699f8d5ad2f4f06641c965799a0dceba016390bf24ea286dcc55e302721590d5b02da050159a767c6e4198038435557377986dffa98bb97829f13a894b8a661263f4323c9b4c85a0f8cf5c3d60221a6f6bb5bfb92a4ac73508eabde3f778fb0a08c8a2f09c476e9ce725dc70c00ce98f2a95c582047848", 0x79, 0x6}, {&(0x7f0000000740)="9d8aaaf901c47e92bc41b21774d0f4c0e023a69f4c419faaa99e4e3971c877484a4451f8ae44332ac435ab6194fdd51e6038571d1f7d07e26d23a983ff48ea106adc5a", 0x43, 0xe34}, {0x0, 0x0, 0x1}, {&(0x7f0000000840)="e512df8951603ef6c4c014f1631850030223c17365620bc12e7692515e5834d8e75ee8a91c9f9ff86c0a2913da8c3f7cc16965051a2cd4168f0eedb4405f86ea88e36c4b168d7114f2e43a31cb4ef18a4401e7c6502ceeb194405010e9cd1d01700c1ecaf0aff42b473b1f401be1753826a3a6b91439439ad7940b045eb54aca27c19dfda880cb73c800bf0a9a74101a871fd208041a1304de4ff74efea0d68685cf163d0cc290994c5ed4bd421f2959415891608d109e744ff8b5d1f4d20990cfe70c9b6c2d1cf7d05c92eb5ab0f29537f2a13804f7e012bef312d5a3", 0xdd, 0xcc3}, {&(0x7f00000001c0)="eebfd4fb983b9cf3", 0x8, 0x90}], 0x988040, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f00000000c0)) r1 = socket(0x11, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$VHOST_GET_VRING_ENDIAN(r3, 0x4008af14, &(0x7f0000000240)={0x5, 0x5}) setuid(r2) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000400)='system_u:object_r:ldconfig_exec_t:s0\x00', 0x25) dup(r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r6, 0xc028ae92, &(0x7f0000000000)={0x3}) 23:24:55 executing program 1: r0 = semget(0x2, 0x1, 0x0) semctl$GETNCNT(r0, 0x4, 0xe, &(0x7f0000000000)=""/4096) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) setsockopt$inet_opts(r1, 0x0, 0x1, &(0x7f0000001000)="da2bfb1ac2191eb679dbfcdfc1b76db647a7bf7a094b8a9c7d905c398559e5ecf8dade038950382fdb1bd231065a8f4b9037a416f582fb4415a2d57fa10ab2208b003a340eb665840dab104f308c28265c64f2e17b40bba9a646cf43b585bd1ffb09", 0x62) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:55 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000080)={0x3ff}) 23:24:55 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$UI_DEV_DESTROY(r0, 0x5502) r1 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x6857b21ff1155d90) creat(&(0x7f0000000080)='./file0\x00', 0x104) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) write$selinux_attr(r1, &(0x7f0000000000)='system_u:object_r:load_policy_exec_t:s0\x00', 0x28) 23:24:55 executing program 2 (fault-call:0 fault-nth:24): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 508.557535] FAULT_INJECTION: forcing a failure. [ 508.557535] name failslab, interval 1, probability 0, space 0, times 0 [ 508.605888] Dev loop3: unable to read RDB block 1 [ 508.620536] loop3: unable to read partition table [ 508.626844] CPU: 0 PID: 26723 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 508.634763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.637853] loop3: partition table beyond EOD, [ 508.644237] Call Trace: [ 508.644258] dump_stack+0x142/0x197 [ 508.644277] should_fail.cold+0x10f/0x159 [ 508.644293] should_failslab+0xdb/0x130 [ 508.644302] kmem_cache_alloc+0x2d7/0x780 [ 508.644313] ? find_held_lock+0x35/0x130 [ 508.644323] ? copy_tree+0x4a2/0x8a0 [ 508.644337] alloc_vfsmnt+0x28/0x7d0 [ 508.644349] clone_mnt+0x70/0xee0 [ 508.644360] ? lock_downgrade+0x740/0x740 [ 508.644374] ? do_raw_spin_unlock+0x16b/0x260 [ 508.644387] copy_tree+0x33b/0x8a0 [ 508.644407] copy_mnt_ns+0x11c/0x8c0 [ 508.644417] ? kmem_cache_alloc+0x611/0x780 [ 508.644431] ? selinux_capable+0x36/0x40 [ 508.644444] create_new_namespaces+0xc9/0x720 [ 508.644453] ? ns_capable_common+0x12c/0x160 [ 508.644465] copy_namespaces+0x284/0x310 [ 508.644478] copy_process.part.0+0x2603/0x6a70 [ 508.644495] ? proc_fail_nth_write+0x7d/0x180 [ 508.644503] ? proc_cwd_link+0x1b0/0x1b0 [ 508.644523] ? __cleanup_sighand+0x50/0x50 [ 508.644533] ? lock_downgrade+0x740/0x740 [ 508.644548] _do_fork+0x19e/0xce0 [ 508.644561] ? fork_idle+0x280/0x280 [ 508.644574] ? fput+0xd4/0x150 [ 508.644583] ? SyS_write+0x15e/0x230 [ 508.644605] SyS_clone+0x37/0x50 [ 508.644614] ? sys_vfork+0x30/0x30 [ 508.644629] do_syscall_64+0x1e8/0x640 [ 508.644640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 508.644657] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 508.644672] RIP: 0033:0x45a6f9 [ 508.655719] truncated [ 508.659675] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 508.659687] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 508.659692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 508.659697] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 508.659703] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 508.659708] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 508.836366] devpts: called with bogus options [ 508.864821] loop_reread_partitions: partition scan of loop3 () failed (rc=-5) 23:24:55 executing program 5: accept4(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000080)=0x80, 0xc0400) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x54) clone(0x10a028000, 0x0, 0x0, 0x0, 0x0) 23:24:55 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) write$P9_RREADDIR(r0, &(0x7f0000000000)={0xa6, 0x29, 0x1, {0x1000, [{{0x1, 0x4, 0x2}, 0x4, 0x2, 0x7, './file0'}, {{0x40, 0x0, 0x7}, 0x2, 0x1, 0x7, './file0'}, {{0x2, 0x1}, 0x10001, 0x7, 0x7, './file0'}, {{0x18, 0x3, 0x1}, 0x7ff, 0x92, 0x7, './file0'}, {{0x0, 0x4, 0x5}, 0x70, 0x9, 0x7, './file0'}]}}, 0xa6) 23:24:55 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, 0x0) 23:24:55 executing program 2 (fault-call:0 fault-nth:25): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:55 executing program 4: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, &(0x7f0000000040)) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000080)=@int=0x1, 0x4) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:55 executing program 1: clone(0x80000, 0x0, 0x0, 0x0, 0x0) [ 509.046838] FAULT_INJECTION: forcing a failure. [ 509.046838] name failslab, interval 1, probability 0, space 0, times 0 [ 509.135055] CPU: 0 PID: 26751 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 509.143001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.152368] Call Trace: [ 509.154970] dump_stack+0x142/0x197 [ 509.158620] should_fail.cold+0x10f/0x159 [ 509.162789] should_failslab+0xdb/0x130 [ 509.166775] __kmalloc_track_caller+0x2ec/0x790 [ 509.171654] ? kstrdup_const+0x48/0x60 [ 509.175566] kstrdup+0x3a/0x70 [ 509.178773] kstrdup_const+0x48/0x60 [ 509.182500] alloc_vfsmnt+0xe5/0x7d0 [ 509.186226] clone_mnt+0x70/0xee0 [ 509.189691] ? lock_downgrade+0x740/0x740 [ 509.193876] ? do_raw_spin_unlock+0x16b/0x260 [ 509.198382] copy_tree+0x33b/0x8a0 [ 509.201934] copy_mnt_ns+0x11c/0x8c0 [ 509.205649] ? kmem_cache_alloc+0x611/0x780 [ 509.209981] ? selinux_capable+0x36/0x40 [ 509.214185] create_new_namespaces+0xc9/0x720 [ 509.218795] ? ns_capable_common+0x12c/0x160 [ 509.223217] copy_namespaces+0x284/0x310 [ 509.227275] copy_process.part.0+0x2603/0x6a70 [ 509.231862] ? proc_fail_nth_write+0x7d/0x180 [ 509.236354] ? proc_cwd_link+0x1b0/0x1b0 [ 509.240410] ? __cleanup_sighand+0x50/0x50 [ 509.244653] ? lock_downgrade+0x740/0x740 [ 509.248787] _do_fork+0x19e/0xce0 [ 509.252227] ? fork_idle+0x280/0x280 [ 509.255944] ? fput+0xd4/0x150 [ 509.259120] ? SyS_write+0x15e/0x230 [ 509.262827] SyS_clone+0x37/0x50 [ 509.266197] ? sys_vfork+0x30/0x30 [ 509.269722] do_syscall_64+0x1e8/0x640 [ 509.273598] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 509.278443] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:24:56 executing program 1: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000100)={r0, &(0x7f0000000040)="1786c223215bd4025dc622d167263184d94a9b1b4871ca72a11b52a8339829a02a3e17608c4812907845", &(0x7f0000000080)=""/128, 0x4}, 0x20) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x542c808}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=@ipmr_getroute={0x1c, 0x1a, 0x100, 0x70bd25, 0x25dfdbfb, {0x80, 0x20, 0x80, 0x3, 0xfc, 0x0, 0xff, 0x6a97f9ee4b01f6a8, 0x400}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4000) 23:24:56 executing program 3: clone(0x787467ffcfa159c, 0x0, 0x0, 0x0, 0x0) 23:24:56 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, 0x0) [ 509.283630] RIP: 0033:0x45a6f9 [ 509.286817] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 509.294511] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 509.301796] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 509.309052] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 509.316310] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 509.323564] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:56 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x80, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:56 executing program 2 (fault-call:0 fault-nth:26): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:56 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, 0x0) 23:24:56 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000080)={0x3, 0x1ff, 0x4, 0x746b, 0xff, 0x6, 0x6, 0x7f9cbd8, 0x7fff, 0x3, 0x81, 0x3f, 0x3, 0x0, &(0x7f0000000000)=""/100, 0x400, 0x1, 0x8}) [ 509.514582] FAULT_INJECTION: forcing a failure. [ 509.514582] name failslab, interval 1, probability 0, space 0, times 0 [ 509.604392] CPU: 0 PID: 26780 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 509.612339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.621795] Call Trace: [ 509.624400] dump_stack+0x142/0x197 [ 509.628049] should_fail.cold+0x10f/0x159 [ 509.632206] should_failslab+0xdb/0x130 [ 509.636287] kmem_cache_alloc+0x2d7/0x780 [ 509.646182] ? find_held_lock+0x35/0x130 [ 509.650246] ? copy_tree+0x4a2/0x8a0 23:24:56 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ocfs2_control\x00', 0x200000, 0x0) r1 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="24647ec1f9657ec9083514a13a6869137db10c8ecdc02af615eef53c16b248a40fee50ba491a659f14a6864e285cfb0c6a5b38c41d02afc17c5333211d387931a755af5d0ea42fe74bc117f1c5340900000000000000387d82277d991dd0b6729a62eb8dd6bed3a80af3059cff204440ffd39b8fede9d0a4da4289dc86d100dfbdaa2cd7cee800a448501080d5b838a86b240c3f6eaf8f17ed10bc5f17f06132c72d21d592a7e1d31bc15aa0f03b91796ff6f8eb3f2371f2078705af3df7e4bd2325c8654c3fc42f71b8983b970cdc68263738ebea14652cbda8974c379426f8525fafaf4a6b744e5046ff352200ce67bce399f797dd558b68c0dffba8d3750be5fd5f5a74bf206414bbcad334f32da2d4a362fc57", @ANYRES16=r1], 0x2}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x408c204}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0xf4, r1, 0xb, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x24, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x542}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0xc, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0xb0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x0, @empty, 0x2}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_NAME={0x14, 0x1, @l2={'eth', 0x3a, 'ip6_vti0\x00'}}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x3, 0x2, 0xe321}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}]}]}, 0xf4}, 0x1, 0x0, 0x0, 0x81}, 0x20000000) 23:24:56 executing program 5: clone(0x4000000, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000340)={0x0, 0x40000, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x2) ioctl$VIDIOC_ENUMAUDIO(r1, 0xc0345641, &(0x7f0000000040)={0xe98300, "14929936c1971b4dfa3f97e58f1d6e9b8f08b69fc87772037bf068c2f7b20428", 0x0, 0x1}) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) setsockopt$inet_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000180)={0x3}, 0x4) r4 = semget$private(0x0, 0x8, 0x0) semctl$GETZCNT(r4, 0x0, 0xf, &(0x7f0000000600)=""/4096) semctl$IPC_INFO(r4, 0x2, 0x3, &(0x7f0000000240)=""/203) ioctl$TIOCLINUX3(0xffffffffffffffff, 0x541c, &(0x7f00000000c0)) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000080)=0xfffffffd, 0x4) r5 = open(&(0x7f0000021000)='./bus\x00', 0x0, 0x0) fchdir(r5) ioctl$VHOST_SET_LOG_BASE(r5, 0x4008af04, &(0x7f0000000200)=&(0x7f00000001c0)) [ 509.653981] alloc_vfsmnt+0x28/0x7d0 [ 509.657705] clone_mnt+0x70/0xee0 [ 509.661165] ? lock_downgrade+0x740/0x740 [ 509.665324] ? do_raw_spin_unlock+0x16b/0x260 [ 509.669837] copy_tree+0x33b/0x8a0 [ 509.673397] copy_mnt_ns+0x11c/0x8c0 [ 509.677141] ? kmem_cache_alloc+0x611/0x780 [ 509.681626] ? selinux_capable+0x36/0x40 [ 509.685714] create_new_namespaces+0xc9/0x720 [ 509.690226] ? ns_capable_common+0x12c/0x160 [ 509.694667] copy_namespaces+0x284/0x310 [ 509.698742] copy_process.part.0+0x2603/0x6a70 [ 509.702174] audit: type=1804 audit(1575674696.396:105): pid=26794 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir290644921/syzkaller.3X6sTI/234/bus" dev="sda1" ino=17817 res=1 [ 509.703347] ? proc_fail_nth_write+0x7d/0x180 [ 509.703355] ? proc_cwd_link+0x1b0/0x1b0 [ 509.703373] ? __cleanup_sighand+0x50/0x50 [ 509.743245] ? lock_downgrade+0x740/0x740 [ 509.747418] _do_fork+0x19e/0xce0 [ 509.750894] ? fork_idle+0x280/0x280 23:24:56 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)) [ 509.754617] ? fput+0xd4/0x150 [ 509.757826] ? SyS_write+0x15e/0x230 [ 509.761546] SyS_clone+0x37/0x50 [ 509.764923] ? sys_vfork+0x30/0x30 [ 509.768474] do_syscall_64+0x1e8/0x640 [ 509.772368] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 509.777232] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 509.782434] RIP: 0033:0x45a6f9 [ 509.782439] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 509.782449] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 23:24:56 executing program 0: creat(&(0x7f0000000000)='./bus\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000080)) 23:24:56 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000000)={0x8, 0x6, 0x6, 0x3, '\x00', 0x1000}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:56 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r1, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r3, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x258, 0x1, &(0x7f0000000180)=[{&(0x7f0000000080)="27eccf762b34343dae60f58f74d5259ce40df4209fa41c1a19c5efe42a5d8acd4a88a330575b7938ccb4eb6cd0a64fc3d5ab8ff75e1ff5a34bcd9e6d7b773788e8b77b3b3866d36fd1daf010f6f620978a002f0b5a53b3fea90674c886795b15bced27b6cac9fb45efef7198e6cbb9d6cdd111d952f6ff734661abf5bf4ef42119d1e69dc0b9d447bb33fca230a2885e215f1611e5768608ac54f411805eeeb81e09be4fb2308281d9c8aa51eba1c4b89d243145032e7ed9d1db9d703445fd840762c3e6ccad2b45369aca5896f174455b8a81faa9", 0xd5, 0x3}], 0x932804de7a17600c, &(0x7f00000001c0)={[{@nonumtail='nnonumtail=1'}, {@utf8no='utf8=0'}, {@fat=@sys_immutable='sys_immutable'}], [{@fsuuid={'fsuuid', 0x3d, {[0x6a, 0x30, 0xca, 0x31, 0x37, 0x9, 0x39, 0x66], 0x2d, [0x63, 0x32, 0x64, 0x80b2a3b88692b378], 0x2d, [0x30, 0x61, 0x35, 0x32], 0x2d, [0x64, 0x36, 0x61, 0x62], 0x2d, [0x53, 0x63, 0x61, 0x34, 0x37, 0x61, 0x36, 0x64]}}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@uid_eq={'uid', 0x3d, r1}}, {@fowner_lt={'fowner<'}}, {@fsmagic={'fsmagic', 0x3d, 0x665dd1e1}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@fowner_eq={'fowner', 0x3d, r3}}]}) clone(0x787467fbcfe1d9c, 0x0, 0x0, 0x0, 0x0) [ 509.782454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 509.782458] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 509.782463] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 509.782468] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 510.201033] IPVS: ftp: loaded support on port[0] = 21 23:24:57 executing program 3: set_tid_address(&(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:57 executing program 2 (fault-call:0 fault-nth:27): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:57 executing program 0: clone(0x400, 0x0, 0x0, 0x0, 0x0) 23:24:57 executing program 5: clone(0x4000000, 0x0, 0x0, 0x0, 0x0) 23:24:57 executing program 4: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x20100, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x7fff, 0x38415261, 0x2, @stepwise={0x8, 0x5, 0x81, 0x2, 0x6, 0xfc}}) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$set_timeout(0xf, r1, 0x0) keyctl$clear(0x7, r1) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:57 executing program 1: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x80000, 0x0) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f00000000c0)) clone(0x40000000, 0x0, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) [ 511.258542] FAULT_INJECTION: forcing a failure. [ 511.258542] name failslab, interval 1, probability 0, space 0, times 0 [ 511.284880] CPU: 1 PID: 26841 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 511.292819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.302203] Call Trace: [ 511.304809] dump_stack+0x142/0x197 [ 511.308460] should_fail.cold+0x10f/0x159 [ 511.312629] should_failslab+0xdb/0x130 [ 511.316621] __kmalloc_track_caller+0x2ec/0x790 [ 511.321304] ? kstrdup_const+0x48/0x60 [ 511.325205] kstrdup+0x3a/0x70 [ 511.328543] kstrdup_const+0x48/0x60 [ 511.332269] alloc_vfsmnt+0xe5/0x7d0 [ 511.335995] clone_mnt+0x70/0xee0 [ 511.339463] ? lock_downgrade+0x740/0x740 [ 511.343620] ? do_raw_spin_unlock+0x16b/0x260 [ 511.348133] copy_tree+0x33b/0x8a0 [ 511.351688] copy_mnt_ns+0x11c/0x8c0 [ 511.355423] ? kmem_cache_alloc+0x611/0x780 [ 511.359748] ? selinux_capable+0x36/0x40 [ 511.363807] create_new_namespaces+0xc9/0x720 [ 511.363818] ? ns_capable_common+0x12c/0x160 [ 511.363829] copy_namespaces+0x284/0x310 [ 511.363841] copy_process.part.0+0x2603/0x6a70 [ 511.363856] ? proc_fail_nth_write+0x7d/0x180 [ 511.363864] ? proc_cwd_link+0x1b0/0x1b0 [ 511.363881] ? __cleanup_sighand+0x50/0x50 [ 511.363891] ? lock_downgrade+0x740/0x740 [ 511.363903] _do_fork+0x19e/0xce0 [ 511.401784] ? fork_idle+0x280/0x280 [ 511.405496] ? fput+0xd4/0x150 [ 511.408672] ? SyS_write+0x15e/0x230 [ 511.412376] SyS_clone+0x37/0x50 [ 511.415727] ? sys_vfork+0x30/0x30 [ 511.419254] do_syscall_64+0x1e8/0x640 [ 511.423126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 511.427962] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 511.433153] RIP: 0033:0x45a6f9 [ 511.436335] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 511.444123] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 511.451393] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:24:58 executing program 0: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0406618, &(0x7f0000000640)={{0x1, 0x0, @descriptor="a7e318d30b6bfd99"}}) fchdir(r0) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000040)="2e18c02ab5e46a2a93a4319443095285e25b8ab738df11eb", 0x18}, {&(0x7f0000000080)="b433d1ef430fff2c98ff18a9be8ca288503157500b2a1849ef9c1c33c7883e73d8d22a4898659d83033b3939e255a0897e86eeff4f31e48c6a5911760fe5f4f9cca5b428c1c254678023cc01563e66859e4a6e1a05f2cec1f63bb45514210f519f666239e0b622e7b2860b2e09f6aa132e567786f1e112aa854208494394ab396bf013053461ecf790ffd3b0031b962bf60b25b72081ca18927f31b4cfc52f4def6e0b846f724a9305bf6b92687de656a9c180ca846cbe46e15a1cecee9c2c75392facc29f144c6c7c24de3c172975349e199c4c91fe64eb03d3904d5444ce4cc4519ccc886cf5d9addd4a4168", 0xed}, {&(0x7f0000000180)="92173fe16dcee3854e1bd160c199886e7ec0db67d04d532a947486200632f6b64d7fc57ab9ec9785", 0x28}, {&(0x7f00000001c0)="1b9d12912fa6463099248e7ba57170ff608609e434baa492c50655ebe96fc535200ebf5f491da2f25ea7ec162b86c2a0fab1bbb8a80dd3a407a2ae465ef2ec7633f2a04fec244e50cb82a129ec16d99a5938a7f52115a022473373b585431a81cc82b2734b40981991236667a8c3fd3d83a40ec893dfba2f355ce7af63965b7d77d09dc7d3b7f6d6e6d1d3eaf2205b631c70a1420c803a386bf0b31cd3e619d2f878d1334ece39e32103def7b0b17d52ca36219669201f0772818ea356e2600fc2e2f59bf187e38162c837c833cbc987", 0xd0}, {&(0x7f00000002c0)="9e9d429c6bfd154e3fbf7e7249ee46c9ba2ab7d73bb1096b9bb9e42647a701c836d552c8f2182bcb4ca272544b2b78c17cbcb7d7999e16e9fc6dbc23966e7cc73af70869f47590ec2c4f2156e893ab2238322a0bbeaaf41e15159e542f60b3b3f1f48d27f478400276cd6465d48bfc3ba96cdbdec3e817a1dbdf5d", 0x7b}, {&(0x7f0000000340)="bf9428a01d7b9f5bf59aea1989330c62e1771bcef33fe8baacd0f6b9c17d546321233cf2d22f9868c208f2d201d5734d6899079438", 0x35}], 0x6, &(0x7f0000000880)=ANY=[@ANYBLOB="b8000000000000000000000007000000440c22661e2511dcd99f94e0072704e0000002e0000002ac1e010100000000e0000002000000007f0000017f000001ac1414180717807f000001ac1e0101e000000100000000e00000024444ee21000000050001000000001000ac1414bbda800000e00000020000000500000001ac14142400000093000000db000000000000000100000000fffffffe89178100000000ac1414bbac1414aaffffffffe000000101000000000000b2dcf093b5474579a60524d03ae9f2ed7882dd2999f9997eb2bf619e471ff6e42fdef4a4bb9011abae66c42d5028c60b3a197d3a454439bd4991a48a9eae5be3f99f"], 0xb8}}, {{&(0x7f00000004c0)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000000740)=[{&(0x7f0000000500)="d4af27b0782e26324751c3cfe64e14c3ea703f5b8a8894936bc6abd6738505ef0f98ba657ef79d6223816c5a94c48d3f54d9347895a2d0240821411568dd9b859f3f0e401cfd954e74052346b46ef0937e038babbac82de92034a00782962aa68cd899dee9dabec98f626e26fabfd7e43a6bbe4c7a303c6ba3267539", 0x7c}, {&(0x7f0000000580)="812283d11c8fd32de1b0a54dd788d3936c75cd8470b61619eef879de4ac844b9118f8c32c85e51e27c839f7bee9ece59a59e147762f965cb4957da965f8f0c710c20d1ce1a29d6147358f0e07cfd57b5eb6264aea1c9c8be136650e8569ab4a14bcc2145434b765ade1a", 0xffffff99}, {&(0x7f0000000600)="a384", 0x2}, {&(0x7f0000000640)}, {&(0x7f0000000680)="8b7817b5ba2f127338a781bb901236a05f8e16fe9c3aafa9ce853f6f66d11ce3d30e9ca3fa8148cc38dbc3a5af16bf60b2721c3fb5a4f8d5e13130f90e25ad59b9ad5751151475fa82893cce42cba698de692ecc60b18e1cf32bc5b3277a1e6b4bb13355e39da541c153cae52d681d15dfc72a0f603b0294476b50d77783915a5c3e3edfeccb544055", 0x89}], 0x5}}], 0x2, 0x80) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000840)='/dev/video35\x00', 0x2, 0x0) 23:24:58 executing program 5: clone(0x111000, 0x0, 0x0, 0x0, 0x0) 23:24:58 executing program 3: r0 = open(&(0x7f0000000180)='./bus\x00', 0x28100, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) r1 = accept4(r0, 0x0, &(0x7f0000000000), 0x41800) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$SIOCX25SENDCALLACCPT(r0, 0x89e9) write$binfmt_elf32(r1, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0x20, 0x5, 0x6, 0x57d4, 0x2, 0x6, 0x1, 0x17a, 0x38, 0x3d7, 0x7fff, 0x46, 0x20, 0x2, 0x80, 0x1d, 0x1}, [{0x60000000, 0x7fffffff, 0x5, 0x3, 0x0, 0x9, 0x8, 0x9}, {0x1, 0x5, 0x4, 0x1, 0x3, 0x2, 0x3, 0x1f}], "b240091ed7c3c1efd5798119a6e6cbf15544513ba642a82a27bc373904c942eaea8f6f1cb45db940b5fe57406b889d942fe05e82f40993a043180ec2c8ef7c5c8acb466e523527819d67fcba167125cac4ce5a408d735f112b787a251dfc0eef19f7e9f642dfe820a7e590311395bbdede8a1563e05278802c6a8e729a83cdf26524115fedf903cf7f1ad5a66352bf4edce3be2c4bc237c3838707333153995012d10a76b90f945c89c8bcb7cae56373997421279af52b62da63e526b3aa24fa86cf0a57b438fe0c190f6a241704ce08e6bda6f0d0ce56efe6b9caadbba06a8f283ab30eb19e225d06debd5c1f3965d3cc4eb5256976757fedf1a3c5de8d", [[], [], [], []]}, 0x576) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000040)=""/227, &(0x7f0000000140)=0xe3) lchown(&(0x7f00000001c0)='./bus\x00', 0xee01, 0xee00) [ 511.458648] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 511.465902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 511.473329] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:58 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) inotify_init() 23:24:58 executing program 0: 23:24:58 executing program 2 (fault-call:0 fault-nth:28): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:58 executing program 4: clone(0x1000, 0x0, 0x0, 0x0, 0x0) 23:24:58 executing program 0: [ 511.628171] FAULT_INJECTION: forcing a failure. [ 511.628171] name failslab, interval 1, probability 0, space 0, times 0 23:24:58 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000040)={0x140, 0x0, 0x800, 0x70bd2b, 0x400, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4f20}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x81}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0xbc, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1621}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xd74}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9a7c}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x280}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xbf9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0x140}, 0x1, 0x0, 0x0, 0xc000080}, 0x4048010) 23:24:58 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) sendmsg$inet(r3, &(0x7f00000005c0)={&(0x7f00000002c0)={0x2, 0x4e20, @rand_addr=0x28e2}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000380)="29f67ec5fe2ce904b07b195acc6cb1661ded66817aea1054d4dbeb2d21073f07d8ac950521339e19f78572d62ed1e9be1adea1d8b3cf8fa639308e0d22cb2e7faf3b6a4d27608bf17777088c281fb5ca2b6774858bf189da59c6308615ca191957f9e7f3ff44bba10bfb162fc08db39b26fe6f7acec9e2b9de1572b62ba793789b63698d1f1b5a9be8823b6913f484934f2c0b", 0x93}, {&(0x7f0000000440)="83e19c347ccf136dc778cfb4322e2c00eca0160f4b3c21fd47671e46752d83f3dc07d5cdf13f853c1dcd42afaa13b95eb396cb62945c8d7feca2ff577554420cae40a7e681c4b443591ac5a347c26de5bb791aada6a69466b512d584af267ba82be782c9be210348ccf334c33de54a23146d506724e2d8eee074b675826e4f847d24642dd962f64ce494c1092b8798b028c4fa8f639abf373d30e1a583a2f9206018fb59e9128e8160ae05e602c447c597dec50852f664eff7d3ea51863c23b1866a690fdf4c38af0229f27d9502de9fc1a624f5e805568a25980d58ecded9dd9fb9dd030cb6ec004adb9f28c2d24a", 0xef}], 0x2, &(0x7f0000000540)=[@ip_tos_u8={{0x11}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3}}, @ip_tos_u8={{0x11}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}], 0x60}, 0x72081010) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="3f0200000003000000000100000000000000060000000014001462726f6164636173742d6c696e6b00004de853b9ff8d14411bc2"], 0x30}}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200002}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x34, r4, 0x4, 0x70bd29, 0x25dfdbfb, {{}, 0x0, 0x4102, 0x0, {0x18, 0x13, @l2={'ib', 0x3a, 'veth1_to_bond\x00'}}}, ["", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x40000}, 0x10) sendto$llc(r0, &(0x7f0000000080)="693f7a1ff2d7488f1a840a79d3d15f83826ae17a3674c210200cc52a7c82a566c7e2ca0a2466dfbfe0772638fcf329f70c7633389eea13e26fba54a3d1e4ae6656cc73b6e2fa4e454b6dc2d02243404ad1613b8aa1a92b992467fe0808bd9e2ae503c11d55f776a0d06e3ece7c6676332901491670f5cd5039486e05a0668d301d6b48eeeb5de4f303122d6b7b565bf6258d3dfc26828d5fd54800cb7a56ff5b872208aa6162d39ddd7490e226ea1677a1", 0xb1, 0x1, &(0x7f0000000140)={0x1a, 0x10f, 0x1b, 0xe0, 0x6, 0x3, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x10) r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) ioctl$PIO_SCRNMAP(r5, 0x4b41, &(0x7f0000000040)="0e2616cfaa87dd53aea77732bac91a") [ 511.711393] CPU: 1 PID: 26873 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 511.719362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 511.728727] Call Trace: [ 511.731352] dump_stack+0x142/0x197 [ 511.735000] should_fail.cold+0x10f/0x159 [ 511.739174] should_failslab+0xdb/0x130 [ 511.743196] __kmalloc_track_caller+0x2ec/0x790 [ 511.748052] ? kstrdup_const+0x48/0x60 [ 511.751949] kstrdup+0x3a/0x70 [ 511.755148] kstrdup_const+0x48/0x60 [ 511.758868] alloc_vfsmnt+0xe5/0x7d0 [ 511.762589] clone_mnt+0x70/0xee0 [ 511.766048] ? lock_downgrade+0x740/0x740 [ 511.770205] ? do_raw_spin_unlock+0x16b/0x260 [ 511.774718] copy_tree+0x33b/0x8a0 [ 511.778269] copy_mnt_ns+0x11c/0x8c0 [ 511.781973] ? kmem_cache_alloc+0x611/0x780 [ 511.781985] ? selinux_capable+0x36/0x40 [ 511.781999] create_new_namespaces+0xc9/0x720 [ 511.782009] ? ns_capable_common+0x12c/0x160 [ 511.782020] copy_namespaces+0x284/0x310 [ 511.782032] copy_process.part.0+0x2603/0x6a70 23:24:58 executing program 0: [ 511.782047] ? proc_fail_nth_write+0x7d/0x180 [ 511.782055] ? proc_cwd_link+0x1b0/0x1b0 [ 511.782073] ? __cleanup_sighand+0x50/0x50 [ 511.782086] ? lock_downgrade+0x740/0x740 [ 511.812479] _do_fork+0x19e/0xce0 [ 511.812492] ? fork_idle+0x280/0x280 [ 511.812504] ? fput+0xd4/0x150 [ 511.812512] ? SyS_write+0x15e/0x230 [ 511.812524] SyS_clone+0x37/0x50 [ 511.812530] ? sys_vfork+0x30/0x30 [ 511.812544] do_syscall_64+0x1e8/0x640 [ 511.812553] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 511.812571] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 511.812579] RIP: 0033:0x45a6f9 [ 511.812586] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 [ 511.820880] ORIG_RAX: 0000000000000038 [ 511.820891] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 511.820897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 511.820903] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 511.820907] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 511.820912] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:58 executing program 1: ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000000)={0x5, 0x0, 0x1000}) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000080)=0x1e) 23:24:58 executing program 4: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dll\x00', 0x630181, 0x0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f00000000c0)) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4000, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) ioctl$SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:58 executing program 5: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) fcntl$setflags(0xffffffffffffffff, 0x2, 0x0) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000040)={'filter\x00', 0x92, "f6dbf1034d95b60a259ca17f719d8f926fb0949b6c6313112d0fad895dd1aee75f6618af294eb30a49df0d956b9ed0112e2e612d708bebeb6d8d7505aa3c2a1b15215226d4cec5fe21f5c32ac6b3af0a43d524f7eb249f6d7073d262827737d538c715dc9a0a33020b179387317742a76cb96f476be1ca029ce536f2c203fbfbd52b25de4301c85e4f2de59044343a507346"}, &(0x7f0000000100)=0xb6) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) ioctl$SNDRV_PCM_IOCTL_DRAIN(r1, 0x4144, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000200)='system_u:object_r:systemd_systemctl_exec_t:s0\x00', 0x22, 0x0) 23:24:58 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)) setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', &(0x7f0000000080)=@md5={0x1, "76367cf6f0ec5a23d077ebe58ed09c0e"}, 0x11, 0x1) 23:24:58 executing program 0: 23:24:58 executing program 2 (fault-call:0 fault-nth:29): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:58 executing program 0: [ 512.147460] FAULT_INJECTION: forcing a failure. [ 512.147460] name failslab, interval 1, probability 0, space 0, times 0 [ 512.166972] CPU: 0 PID: 26907 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 512.174903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.174909] Call Trace: [ 512.174927] dump_stack+0x142/0x197 [ 512.174944] should_fail.cold+0x10f/0x159 23:24:58 executing program 0: 23:24:58 executing program 0: [ 512.194780] should_failslab+0xdb/0x130 [ 512.194791] kmem_cache_alloc+0x2d7/0x780 [ 512.194804] ? find_held_lock+0x35/0x130 [ 512.207003] ? copy_tree+0x4a2/0x8a0 [ 512.210735] alloc_vfsmnt+0x28/0x7d0 [ 512.214463] clone_mnt+0x70/0xee0 [ 512.217959] ? lock_downgrade+0x740/0x740 [ 512.222119] ? do_raw_spin_unlock+0x16b/0x260 [ 512.226622] copy_tree+0x33b/0x8a0 [ 512.230176] copy_mnt_ns+0x11c/0x8c0 [ 512.233891] ? kmem_cache_alloc+0x611/0x780 [ 512.238222] ? selinux_capable+0x36/0x40 [ 512.242294] create_new_namespaces+0xc9/0x720 23:24:58 executing program 0: shmget$private(0x0, 0x1000, 0x0, &(0x7f0000015000/0x1000)=nil) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) [ 512.246805] ? ns_capable_common+0x12c/0x160 [ 512.251227] copy_namespaces+0x284/0x310 [ 512.255296] copy_process.part.0+0x2603/0x6a70 [ 512.259909] ? proc_fail_nth_write+0x7d/0x180 [ 512.264409] ? proc_cwd_link+0x1b0/0x1b0 [ 512.268486] ? __cleanup_sighand+0x50/0x50 [ 512.272727] ? lock_downgrade+0x740/0x740 [ 512.272745] _do_fork+0x19e/0xce0 [ 512.272761] ? fork_idle+0x280/0x280 [ 512.280371] ? fput+0xd4/0x150 [ 512.280382] ? SyS_write+0x15e/0x230 [ 512.280396] SyS_clone+0x37/0x50 [ 512.280404] ? sys_vfork+0x30/0x30 [ 512.280415] do_syscall_64+0x1e8/0x640 [ 512.280425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 512.280440] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 512.291706] SELinux: Context system_u:object_r:systemd_systemct is not valid (left unmapped). [ 512.294414] RIP: 0033:0x45a6f9 [ 512.294419] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 512.294429] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 512.294438] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:24:59 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) write$cgroup_type(r0, &(0x7f0000000000)='threaded\x00', 0x9) clone(0x88800000, 0x0, 0x0, 0x0, 0x0) 23:24:59 executing program 1: syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x100000000, 0x200) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x84c00, 0x0) getpeername$unix(r0, &(0x7f0000000040)=@abs, &(0x7f0000000100)=0xff28) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 512.294443] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 512.294448] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 512.294453] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 512.304652] audit: type=1400 audit(1575674698.856:106): avc: denied { associate } for pid=26901 comm="syz-executor.5" name="cachefiles" dev="devtmpfs" ino=6 scontext=system_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1 23:24:59 executing program 2 (fault-call:0 fault-nth:30): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:59 executing program 5: clone(0x222000, 0x0, 0x0, 0x0, 0x0) [ 512.499338] FAULT_INJECTION: forcing a failure. [ 512.499338] name failslab, interval 1, probability 0, space 0, times 0 23:24:59 executing program 4: clone(0x5ea00b00, 0x0, 0x0, 0x0, 0x0) [ 512.576335] CPU: 0 PID: 26937 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 512.584279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.593637] Call Trace: [ 512.593656] dump_stack+0x142/0x197 [ 512.593673] should_fail.cold+0x10f/0x159 [ 512.593688] should_failslab+0xdb/0x130 [ 512.593700] __kmalloc_track_caller+0x2ec/0x790 [ 512.599917] ? kstrdup_const+0x48/0x60 [ 512.599931] kstrdup+0x3a/0x70 [ 512.599943] kstrdup_const+0x48/0x60 [ 512.599955] alloc_vfsmnt+0xe5/0x7d0 [ 512.599967] clone_mnt+0x70/0xee0 [ 512.599979] ? lock_downgrade+0x740/0x740 [ 512.635393] ? do_raw_spin_unlock+0x16b/0x260 [ 512.639898] copy_tree+0x33b/0x8a0 [ 512.643455] copy_mnt_ns+0x11c/0x8c0 [ 512.647175] ? kmem_cache_alloc+0x611/0x780 [ 512.651508] ? selinux_capable+0x36/0x40 [ 512.655574] create_new_namespaces+0xc9/0x720 [ 512.660072] ? ns_capable_common+0x12c/0x160 [ 512.664491] copy_namespaces+0x284/0x310 [ 512.668558] copy_process.part.0+0x2603/0x6a70 [ 512.673153] ? proc_fail_nth_write+0x7d/0x180 [ 512.677653] ? proc_cwd_link+0x1b0/0x1b0 [ 512.681733] ? __cleanup_sighand+0x50/0x50 [ 512.685978] ? lock_downgrade+0x740/0x740 [ 512.690136] _do_fork+0x19e/0xce0 [ 512.693601] ? fork_idle+0x280/0x280 [ 512.697322] ? fput+0xd4/0x150 [ 512.700614] ? SyS_write+0x15e/0x230 [ 512.704362] SyS_clone+0x37/0x50 [ 512.707733] ? sys_vfork+0x30/0x30 [ 512.711291] do_syscall_64+0x1e8/0x640 [ 512.715212] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 512.720075] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 512.725270] RIP: 0033:0x45a6f9 [ 512.728468] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 512.736179] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 512.743454] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 512.750754] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 512.758028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 512.765310] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:24:59 executing program 0: syz_genetlink_get_family_id$SEG6(0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x02'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) 23:24:59 executing program 4: clone(0x42080000, 0x0, 0x0, 0x0, 0x0) kexec_load(0x7, 0x4, &(0x7f0000000340)=[{&(0x7f0000000000)="2b8b0d11a180136f4562f74b6af9ae98a04d66bde20a4d0edb8238cd5e5f83b20ffcd260955c4f2a978d9a00ace745e6fbc40d5a580813cd01f5362425ff8e66382d241aae3c8c0cab049cc49fbc32c10b625985932a47077a5a43229cab0a7fe84fbad6299bd23b9463dca4ea65715a74dffe7ff1f2f48ee13674a02573c706464c1313dd990ac716bac6279be19f5402c8f2a08845f3fbac796dd349", 0x9d, 0x8, 0x3}, {&(0x7f00000000c0)="a89b31815f62e79de5c8296c8180b729d4cb293cbec38d931265f3c8d903dec3e8641222c38ce52c6d1e306bd5577223676b2f973cec648980ddfd80bf0edecf11cc573d261a09ed51a8e938aca3fdb495ab6b6d3407ad2b9a0180423922d71a2ec73e5e98547c58aceb2dc6cda92266305c78a0d3b16d2c1c60ea4350fe343769b12ada1128464948d9984f86cf33276bca598260268aa9a5deaa56bca6bc622bbb962f0b41c14d4502fccfec44c33e3743df2840023b3c685562781164b6d9326309e2de36c17826fdeaf0ff9079a9117b075abae39be331eba962e1660d06fd20b57215487e26712caa9421f85121acc35f9662dcfbc5", 0xf8, 0x6, 0x4}, {&(0x7f00000001c0)="0b8605dfc8cc60aae9462b2eeb2f19b87007d1781e9ffd18fc71605302faf9e269767ba2a304924b480ee64924625168a8c1ccdbec551d8a6ccac9c57188408dd7398cb8fc29437d34e76ca50a0cb732aae014fc0d9dc61977078bd70b4461006d", 0x61, 0x9, 0x5}, {&(0x7f0000000240)="fec829b762c821a39eb90e9bd4a048606976ee52ff477bd05583342301b902182a0a29b0eac2d0f79ce277f7b7cdd45d1831398703658ccac146a90d50fbb2fae8e6c8f70acbbbdeecd952139e50ffb409a02e8f4922ef9adb89cf1245835f73925b6b30684162e9d074f95d7f4c4ebb1036ac7cb34100c996a83e45016bf4330efb3344db72a4afb754954758d1ad05fd254987ff52949d0628646adb716626ff8648eefeb69185c8188637d4841966c34f0bbea3d6792becfe9d7d09ee66ef34", 0xc1, 0x3f, 0x20000000000}], 0x30000) 23:24:59 executing program 0: creat(0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000140)='./file1\x00', 0x0) ioctl$FS_IOC_RESVSP(r0, 0x402c5828, &(0x7f0000000000)={0x580000, 0x0, 0x1001000200000000, 0x0, 0xc00, 0x3000, [0xff0f, 0x3800000, 0xa]}) getpid() pipe(0x0) tkill(0x0, 0x9) r1 = socket$inet6(0xa, 0x400000000803, 0x0) close(r1) socket(0x0, 0x80000000000802, 0x0) 23:24:59 executing program 1: clone(0x30000200, 0x0, 0x0, 0x0, 0x0) 23:24:59 executing program 2 (fault-call:0 fault-nth:31): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:24:59 executing program 0: open(&(0x7f0000000080)='./file0\x00', 0x2442, 0x0) mount(&(0x7f0000000040)=@filename='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1001004, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x20, &(0x7f0000002580)={[{@journal_ioprio={'journal_ioprio'}}]}) 23:24:59 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x400000, 0x0) fallocate(r0, 0x30, 0xffffffffffff4c96, 0xb8a) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = dup3(r4, r5, 0x80000) ioctl$ASHMEM_SET_NAME(r6, 0x41007701, &(0x7f00000000c0)='/dev/dsp\x00') setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000040)=@gcm_256={{0x182}, "d35334bb5bd8253d", "76421f65bfecc2d4ecebce59046efade87d6e43ca961a157fbbdc15ac3aa1d28", "8eb70e85", "51dad09b717f8854"}, 0x38) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_PPC_GET_PVINFO(r8, 0x4080aea1, &(0x7f0000000100)=""/127) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) sync_file_range(r9, 0xfe, 0x0, 0x0) [ 513.115865] FAULT_INJECTION: forcing a failure. [ 513.115865] name failslab, interval 1, probability 0, space 0, times 0 [ 513.159859] CPU: 0 PID: 26980 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 513.167796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.177163] Call Trace: [ 513.179779] dump_stack+0x142/0x197 [ 513.183434] should_fail.cold+0x10f/0x159 [ 513.187602] should_failslab+0xdb/0x130 [ 513.191600] kmem_cache_alloc+0x2d7/0x780 [ 513.195760] ? find_held_lock+0x35/0x130 [ 513.199829] ? copy_tree+0x4a2/0x8a0 [ 513.203555] alloc_vfsmnt+0x28/0x7d0 23:24:59 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) io_setup(0x0, &(0x7f0000000080)=0x0) io_submit(r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) io_cancel(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r3, &(0x7f0000000000)="6374f6bf86688878b5e13b05c02f9f2739aff66129f66052c816c389c295e1fd76ffb71e7d922476a3fdaa6cb6670ec488dcbf5198236ec30032eaa94e8de7f09098cf2790a1af9f55bcad82c87065164aa5ee68cbb1033aca70728e67a7f5de1e31e1681ebe438192625aa0342df7bd91279ae45271990d77350e44eda1858dee2b11fdae798b3482e6efb76af72352441cc764f28f45d700ba95e91dcfce9d9d48008391035bcee0ea9ac09de1c9ad70cb0c31351378fd3212b98ded29e95fb3601d5fa196c19a165820fe13367c2bdad3c9a52f2bb308abb1a874befc663b9b0d1b9894c1b61747d2958caa0f18369fe5e979007df919807fe89b21", 0xfd, 0x7fff}, &(0x7f0000000140)) [ 513.207278] clone_mnt+0x70/0xee0 [ 513.210738] ? lock_downgrade+0x740/0x740 [ 513.214890] ? do_raw_spin_unlock+0x16b/0x260 [ 513.219393] copy_tree+0x33b/0x8a0 [ 513.222950] copy_mnt_ns+0x11c/0x8c0 [ 513.226668] ? kmem_cache_alloc+0x611/0x780 [ 513.230999] ? selinux_capable+0x36/0x40 [ 513.235177] create_new_namespaces+0xc9/0x720 [ 513.239683] ? ns_capable_common+0x12c/0x160 [ 513.244097] copy_namespaces+0x284/0x310 [ 513.248171] copy_process.part.0+0x2603/0x6a70 [ 513.252775] ? proc_fail_nth_write+0x7d/0x180 23:24:59 executing program 3: clone(0x787467fbcfe1f9c, 0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0xffffffffffffffaf) r2 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) sendfile(0xffffffffffffffff, r3, 0x0, 0x8000fffffffe) r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r3, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x9c, r4, 0x0, 0x470bd25, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8, 0x4, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x4, 0x2}}]}, 0x9c}}, 0x10) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/status\x00', 0x0, 0x0) r6 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r6, 0x7, &(0x7f0000027000)={0x1}) r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r7, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r7, r7, &(0x7f0000000240), 0x7fff) r8 = getpid() sched_setattr(r8, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sendmsg$DEVLINK_CMD_RELOAD(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xd0, r4, 0x901, 0x70bd2a, 0x25dfdbfc, {}, [{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r6}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r7}}, {@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r8}}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000000}, 0x10) setresuid(r1, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) mount$9p_virtio(&(0x7f0000000000)='syz\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x2850608, &(0x7f00000000c0)={'trans=virtio,', {[{@aname={'aname', 0x3d, '{em0eth0'}}], [{@dont_measure='dont_measure'}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@dont_appraise='dont_appraise'}, {@smackfsdef={'smackfsdef', 0x3d, '^\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@hash='hash'}, {@smackfshat={'smackfshat', 0x3d, 'posix_acl_access\x96-/,}keyring*\\trustedproc,'}}, {@uid_eq={'uid', 0x3d, r1}}, {@subj_user={'subj_user', 0x3d, 'em1lovboxnet0*'}}, {@measure='measure'}]}}) [ 513.257277] ? proc_cwd_link+0x1b0/0x1b0 [ 513.261353] ? __cleanup_sighand+0x50/0x50 [ 513.265597] ? lock_downgrade+0x740/0x740 [ 513.269756] _do_fork+0x19e/0xce0 [ 513.273221] ? fork_idle+0x280/0x280 [ 513.276948] ? fput+0xd4/0x150 [ 513.280145] ? SyS_write+0x15e/0x230 [ 513.283867] SyS_clone+0x37/0x50 [ 513.287239] ? sys_vfork+0x30/0x30 [ 513.290787] do_syscall_64+0x1e8/0x640 [ 513.294677] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 513.299535] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 513.304729] RIP: 0033:0x45a6f9 [ 513.307922] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 513.315652] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 513.322928] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 513.330288] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 513.337577] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 513.344859] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:00 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x4, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x1000, 0x7, 0x3f, 0x8}, {0x2, 0x9, 0x9, 0x80000001}]}) 23:25:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r4, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002e00070200"/20, @ANYRES32=r4, @ANYBLOB="ecff120000000000000000de"], 0x24}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000011c0)={'vlan0\x00', r4}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r5, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) sendmsg$nl_route(r5, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8008104}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)=@setneightbl={0x20, 0x43, 0x400, 0x70bd2c, 0x25dfdbff, {0x2}, [@NDTA_NAME={0xc, 0x1, 'vlan0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x40008800) 23:25:00 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x200000, 0x0) fchdir(r0) open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfff, 0xc7c}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) ioctl$TIOCSPTLCK(0xffffffffffffffff, 0x40045431, &(0x7f00000003c0)=0x1) syz_open_procfs(0x0, &(0x7f0000000000)='loginuid\x00') r1 = syz_open_procfs(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x1) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)) r2 = syz_open_procfs(0x0, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) getsockopt$inet_udp_int(r2, 0x11, 0x65, &(0x7f0000000280), 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='bpf\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="e7ed5dccb97cfeb3f4cf796575d9a290919c10002f151cd12b7266ab9f7dcf7f4fbb65dc88f99e0fc63985868bd9ef7ee06f42bbb3956a93a20ca7ef647548d949d7a1258674aa7987cfdc3d3b9a181f720e534df78df8f2ab24a9db3329d1d66d63b14d153220bd9df08582955d67f1c31cc17391afcb8555e2b516167637a295ef0d6531ada34a25bbc18a9b2209cfa9fcc5"]) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r3, 0x0) write$binfmt_elf64(r3, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) io_setup(0x2, &(0x7f0000000000)=0x0) r6 = getpid() tkill(r6, 0x9) r7 = getpgrp(r6) syz_open_procfs(r7, &(0x7f0000000100)='loginuid\x00') r8 = socket(0x0, 0x2, 0x0) sendfile(r8, 0xffffffffffffffff, 0x0, 0x80000001) io_submit(r5, 0x1, &(0x7f0000000300)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x933313f415ba6da6, 0x4b, 0xffffffffffffffff, &(0x7f0000000140)="dd55d9cd99ee1676dfa7b8ec9fe2f7b84f511f4479ee1d5f601681c1389563ee46136c34b8b2696a5e7757ac7d682e72b68564b6448dd5299ec7bbc9b431c4b4672ed4d85f17ae98dcbc194d8059fc0c533909f441400ddce920aa1645dde37ec8ad3d014372c17988bd6b20ee673f4ed0156a7a43172e46d9f2121679c12573bde5ea0171a20ea545021d9092adfc89dcc61aff108a8cc7a2e5aecc00e2fc", 0x9f, 0xfffffffffffffff8}]) openat(0xffffffffffffffff, 0x0, 0x0, 0x118) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240)='devlink\x00') sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x68, r9, 0x0, 0x0, 0x0, {}, [@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}]}, 0x68}}, 0x0) sendmsg$DEVLINK_CMD_GET(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000004}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="88000000", @ANYRES16=r9, @ANYBLOB="00082bbd7000ffdbdf2501000000100001006e6574646576736981000000100002006e657464657673696d300000080001007067690014000200103030303a3030302e3000000000080001007063690014000200303030303a30303a31302e3000000000080001007063690014000200303030303a30303a31302e30000000000000"], 0x88}}, 0x4) 23:25:00 executing program 2 (fault-call:0 fault-nth:32): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:00 executing program 4: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f00000000c0)={0x0, 0x8}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000140)={r1, 0xbc, "7569325dced93738f0251b911908a3280a34bce3f1838da96bc18c9dc786d5ecdd093e223a6ab40ac2b406a9a414bfe21a82b66e4c310380e244343cc3390aa96367feecc0af5cf7bb6f71879dba7b92b2d8c31379c78b98d66cc7028bf1f75796da79d7a40fd35a8e5e5313b8cc5fdbe1c9715f04c8af17d0fe33c84a5f3d2fb89641d17be9478e7d8a83fd82df111bf0156fc776b09b57bb8ba0efa0e18a2dec612d1c387259d9b81f2faf10e7b72581fed9f561727dbdb90cb63f"}, &(0x7f0000000240)=0xc4) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:00 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r0, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r0, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r0, 0x1) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000000c0)={r2}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000000)={r2, 0x4}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000080)={r3, 0x10000}, 0x8) [ 513.735232] FAULT_INJECTION: forcing a failure. [ 513.735232] name failslab, interval 1, probability 0, space 0, times 0 [ 513.799153] CPU: 1 PID: 27021 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 513.807144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.816509] Call Trace: [ 513.819160] dump_stack+0x142/0x197 [ 513.822809] should_fail.cold+0x10f/0x159 [ 513.826986] should_failslab+0xdb/0x130 [ 513.830977] kmem_cache_alloc+0x2d7/0x780 [ 513.835293] ? find_held_lock+0x35/0x130 [ 513.839370] ? copy_tree+0x4a2/0x8a0 [ 513.843096] alloc_vfsmnt+0x28/0x7d0 [ 513.846822] clone_mnt+0x70/0xee0 [ 513.850284] ? lock_downgrade+0x740/0x740 [ 513.854449] ? do_raw_spin_unlock+0x16b/0x260 [ 513.858965] copy_tree+0x33b/0x8a0 [ 513.862530] copy_mnt_ns+0x11c/0x8c0 [ 513.866259] ? kmem_cache_alloc+0x611/0x780 [ 513.870603] ? selinux_capable+0x36/0x40 [ 513.874687] create_new_namespaces+0xc9/0x720 [ 513.879203] ? ns_capable_common+0x12c/0x160 [ 513.883646] copy_namespaces+0x284/0x310 [ 513.887850] copy_process.part.0+0x2603/0x6a70 [ 513.892450] ? proc_fail_nth_write+0x7d/0x180 [ 513.896952] ? proc_cwd_link+0x1b0/0x1b0 [ 513.901030] ? __cleanup_sighand+0x50/0x50 [ 513.905282] ? lock_downgrade+0x740/0x740 [ 513.909445] _do_fork+0x19e/0xce0 [ 513.912910] ? fork_idle+0x280/0x280 [ 513.916632] ? fput+0xd4/0x150 [ 513.919860] ? SyS_write+0x15e/0x230 [ 513.923581] SyS_clone+0x37/0x50 [ 513.926950] ? sys_vfork+0x30/0x30 [ 513.930501] do_syscall_64+0x1e8/0x640 [ 513.934396] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 513.939257] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 513.944453] RIP: 0033:0x45a6f9 23:25:00 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz0\x00', 0x1ff) [ 513.947644] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 513.955364] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 513.962640] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 513.969924] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 513.977469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 513.984842] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:00 executing program 4: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x80800, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000000c0)={r0, &(0x7f0000000040), &(0x7f0000000080), 0x4}, 0x20) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:00 executing program 1: clone(0x481000, 0x0, 0x0, 0x0, 0x0) 23:25:00 executing program 2 (fault-call:0 fault-nth:33): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:00 executing program 5: clone(0x787467f88fa1d9c, 0x0, 0x0, 0x0, 0x0) [ 514.201058] FAULT_INJECTION: forcing a failure. [ 514.201058] name failslab, interval 1, probability 0, space 0, times 0 23:25:00 executing program 3: clone(0x10000000, 0x0, 0x0, 0x0, 0x0) 23:25:00 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000540)=ANY=[], 0x0) open(0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000100), 0x4) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcsa\x00', 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) [ 514.291221] CPU: 0 PID: 27063 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 514.299273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.308636] Call Trace: [ 514.311238] dump_stack+0x142/0x197 [ 514.314888] should_fail.cold+0x10f/0x159 [ 514.319052] should_failslab+0xdb/0x130 [ 514.323042] __kmalloc_track_caller+0x2ec/0x790 [ 514.327725] ? kstrdup_const+0x48/0x60 [ 514.331621] kstrdup+0x3a/0x70 [ 514.334820] kstrdup_const+0x48/0x60 23:25:01 executing program 4: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000bc0)={0x0, 0x1, 0xf, 0xb, 0x4, &(0x7f00000007c0)="77480a7a85b3c22e19f8f9f96355e65b31edbb438a363818074e08e87aed71d58b42f7c0e44cda489382e90ef4970b41560f0b6064aca73805ca43304c584efbffcce9a288cf3af4e787cc1a1226a348c78ba7bc9449a3e7c3c313ba46880fafa20c4ca4551f71774ac306ec95aec2785dff50ea6ed1b81718280dab0013527101c725bccaef93ac025f522b10b4232b19774d40a16266cd190c3fa8bb0011d9066be8fe995aa27721ff31c6af7db4813eeffca52258ed97e70d533b824d39e1965b5ac50152ce361cf1b0fcc267401de4bb8c46d9c6ef02d0605c7dc0c60c8f3298ad698ab9d22f7e10109812ef2f72093522f91926f525b3fadeee1ecdc4c24a7f5a65a19d1286d8024e5add79a06d304c364775992b0252e4df018b6a5170c734826d87dcb4ebda475754236699c8ccc7458f6c34f7bf342aece5ae50b1da7e0f1dbb91d0c07cdca4b446d426ffbb7ae7ed356d61a04a7bfd44ca416e5dbfb7fe53e2fdd0fccdcbaf5425e5cbe9dd11a10dbf37377c297cdf984e169509438a3ac89fc52367b0d564313c816eff800e8e2ff69b141868fa2a3ead775735c90259e517f99aa5b5201262c0c87b4f93bd609c95f387d0ccdf9e9a093a2f5b57ed265d4974a2dd9d7ea19915ba71f043e88de8c89ee580eab03864838c95075a8b75409d9f6a370b7a211d56ae1cfe463d58d90bfa4a49708e2dd708d3ce0069187d162400e2643749c34f321b9de092653f0e0b95602518b8a925d2665be8cac0f76afceff0b42766d44f2a9c8d1049941fb8fcce9c141f0090ebbb122c2eb443774f62cc6ab8a8adc3ffb237ea4a4ed1de9f25070981cb5e6d27af8ef9fc7604846272e8308fb94375f6a81f28ca8fac7241dd1936e8031bd497ce1357a075200861f20b127f0fac65ee8ce621d65f52959b2c4c6c5c6c7a19957d94d069ff4df831b7c6d50800efc74550d31a9ffc55aa1679619d81687933cca948d72af1a00a04f2b565ff1a90e68a30b7fda8b8563d11cc1b2dbaf5c58b4c9a280de2f10a0d49b3b83192824902637437b0c120d1d8b5e20006385117b9c9d957c0f605b2255773669dc26a6fbff48685884f3f581522397dee7a4b449dffd17f547f77eec0040f5e6496420a69a6e83aa678cd854c3d43c2dff38487c2520ff1a81d43e2428842b6a0cb93301028feab419e38e965706889c2906ca28bb11d7ffbac95ce2b4441c2198f59ceadc705292f662cc33accd80b1433e19e23768213709891c32fe0c8b9cd21c24b7328bb35ad1f6d3c6598ce2603d2b43a984b9cdd97fc546e6f512dfc0ce939102f5f69a3938ce3e73a2e9e18662084fd339187bf31da57fba88c14495d6a4c18cd59b17432b53b93adc93c29328f7bfa2834a0c5c04032f31fddd7ef82de8f5af7c7ce09288ef1803904e4c7d1998dad88b0dacc6d7ac4"}) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r3, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r5, 0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000c00)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setgroups(0x1, &(0x7f00000002c0)=[r8]) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000740)=@broute={'broute\x00', 0x20, 0x5, 0x66e, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, &(0x7f0000000000), &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff010000001100000012474cf980f363616966300000000000000000000000626f6e645f736c6176655f310000000076657468305f746f5f7465616d00000068737230000000000000000000000000ffffffffffff0000feffff00aaaaaaaaaa0affffffff00cb9e00000016010000660100006367726f757000000000000000000000000000000000000000000000000000000800000000000000ff7f0000010000004e464c4f47000000000000000000000000000000000000000000000000000000500000000000000001800000bcb8ff0700000000f530cd3007f0f194ac4e783709e11a13c3536c009e1bd5a5b9ccdbed34dde4e104b391fe00406e243c3cd0dfc1aa5ef1985534020a1442d10e170b71316c63d3000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a3000000000000000000000000000000000000000000000000003000000ff7f00000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff020000001100000002000000fbfb687372300000000000000000000000007465716c3000000000000000000000006970366772657461703000000000000000000000000000000000000000000000aaaaaaaaaaaa00000000ffa8ffffffffffffff360000feff6e0000009e000000d6000000434f4e4e5345434d41524b00000000000000000000000000000000000000000008000000000000000200000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa250000fbc88a4d00000000090000009afad31b0060766c616e3000000000000000000000006c61706230000000000000000000000073797a6b616c6c65723100000000000076657468305f746f5f62726964676500aaaaaaaaaabbff8100ff00ffaaaaaaaaaa2a007fff0000ffde0000000e010000860100006f776e65720000000000000000000000000000000000000000000000000000001800000000000000", @ANYRES32=r3, @ANYRES32=r5, @ANYRES32=r6, @ANYRES32=r8, @ANYBLOB="0205000000000000766c616e000000000000000000000000000000000000000000000000000000000800000000000000040003003a010402434c415353494659000000000000000000000000000000000000000000000000080000000000000009000000000000006e666c6f67000000000000000000000000000000000000000000000000000000500000000000000007000000070073ff00000000b00c6124603768cd2d1e3fc7f759e237d296dc0d6aa97153f30fc8370c51e4b7944c9098af5eda17209097799c3f360fbfb3ed0e1f657f9c4b93d64e9b8ab9550000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff010000000900000028000000001b6e72300000000000000000000000000076657468305f746f5f7465616d0000006970365f76746930000000000000000064756d6d793000000000000000000000aaaaaaaaaaaa00007e0000ff1fd4464eecf700feff000000ae000000fe0000004e01000071756f7461000000000000000000000000000000000000000000000000000000180000000000000000000000000000000600000000000000901f00000000000049444c4554494d45520000000000000000000000000000000000000000000000280000000000003c0c000073797a3100000000000000000000000000000000000000000000000001000000000000006c6f670000000000000000000000000000000000000000000000000000000000280000000000000006fbb38811de4d3d750c0789e0b7b7e990308078c626346fa5794faba421e700010000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000100000011000000000000006005697036677265300000000000000000006272696467655f736c6176655f3100007465716c30000000000000000000000073797a5f74756e000000000000000000aaaaaaaaaaaa000081ffff0daaaaaaaaaa26010000feffff6e0000006e0000009e0000004e4651554555450000000000000000000000000000000000000000000000000008000000000000000400000000000000"]}, 0x6e5) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 514.338538] alloc_vfsmnt+0xe5/0x7d0 [ 514.342264] clone_mnt+0x70/0xee0 [ 514.345739] ? lock_downgrade+0x740/0x740 [ 514.349892] ? do_raw_spin_unlock+0x16b/0x260 [ 514.354403] copy_tree+0x33b/0x8a0 [ 514.358069] copy_mnt_ns+0x11c/0x8c0 [ 514.361787] ? kmem_cache_alloc+0x611/0x780 [ 514.366117] ? selinux_capable+0x36/0x40 [ 514.370196] create_new_namespaces+0xc9/0x720 [ 514.374698] ? ns_capable_common+0x12c/0x160 [ 514.379114] copy_namespaces+0x284/0x310 [ 514.383182] copy_process.part.0+0x2603/0x6a70 [ 514.387789] ? proc_fail_nth_write+0x7d/0x180 [ 514.392389] ? proc_cwd_link+0x1b0/0x1b0 [ 514.396471] ? __cleanup_sighand+0x50/0x50 [ 514.400704] ? lock_downgrade+0x740/0x740 [ 514.404856] _do_fork+0x19e/0xce0 [ 514.408312] ? fork_idle+0x280/0x280 [ 514.412037] ? fput+0xd4/0x150 [ 514.415254] ? SyS_write+0x15e/0x230 [ 514.418971] SyS_clone+0x37/0x50 [ 514.422350] ? sys_vfork+0x30/0x30 [ 514.425906] do_syscall_64+0x1e8/0x640 [ 514.429805] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 514.434656] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:25:01 executing program 1: clone(0x787467f3cf11d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000000)=""/10) [ 514.439844] RIP: 0033:0x45a6f9 [ 514.443036] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 514.450757] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 514.458037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 514.465312] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 514.472580] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 514.479862] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:01 executing program 3: clone(0xbcd2df0d48ad3d10, 0x0, 0x0, 0x0, 0x0) 23:25:01 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x800, 0x0) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000100)=@ccm_128={{}, "85d57dad4a63426d", "8ab037ac12dd8d964e68a7a1482dd5b4", 'a<%2', "c91f9acbfd283bd5"}, 0x28) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000040)=""/140) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:01 executing program 2 (fault-call:0 fault-nth:34): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:01 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) epoll_create1(0x0) 23:25:01 executing program 3: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000040)={0x7ff, 0x3, 0x7fffffff, 'queue1\x00', 0x7ff}) clone(0x40014500, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x6, @local}, 0x0, {0x2, 0x4e23, @local}, 'hsr0\x00'}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/btrfs-control\x00', 0x10000, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = dup2(r1, r4) r6 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r6) connect$inet(r6, &(0x7f0000000240)={0x2, 0x4e23, @remote}, 0x10) r7 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r7, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r7, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r7, 0x1) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$l2tp_PPPOL2TP_SO_RECVSEQ(0xffffffffffffffff, 0x111, 0x2, 0x1, 0x4) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f00000000c0)={r9}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000180)={r9, 0x4}, 0x8) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) 23:25:01 executing program 5: pipe(&(0x7f0000000000)={0xffffffffffffffff}) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000080)={0x0, 0x76, "2c6db9c7b95d60940e61328043ddee96ea8d3daee1107026f190e923a1027b010bf831213358f0e29d94b3e978f42480b570bc1bea01b8bf09738ec28a6b2e11857c359a7bf89b9fb449033a9f93b7a9d35d28a4be71913b6493a08edd7789cc7332663a4739d310afb7de85a8d074cecfa405a618f5"}, &(0x7f0000000100)=0x7e) setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000140)={r2, 0x7}, 0x8) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000040)={0x4, 0x4, 0x4}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) lseek(r5, 0xee8, 0x0) 23:25:01 executing program 1: clone(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e24, 0x4, @ipv4={[], [], @multicast2}, 0x1}}}, 0x84) [ 514.729602] FAULT_INJECTION: forcing a failure. [ 514.729602] name failslab, interval 1, probability 0, space 0, times 0 [ 514.814307] CPU: 0 PID: 27099 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 514.822235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.831593] Call Trace: [ 514.831615] dump_stack+0x142/0x197 [ 514.831634] should_fail.cold+0x10f/0x159 [ 514.831650] should_failslab+0xdb/0x130 [ 514.831661] __kmalloc_track_caller+0x2ec/0x790 [ 514.831673] ? kstrdup_const+0x48/0x60 [ 514.831690] kstrdup+0x3a/0x70 [ 514.831701] kstrdup_const+0x48/0x60 [ 514.831711] alloc_vfsmnt+0xe5/0x7d0 [ 514.831727] clone_mnt+0x70/0xee0 [ 514.850828] ? lock_downgrade+0x740/0x740 [ 514.850841] ? do_raw_spin_unlock+0x16b/0x260 [ 514.850855] copy_tree+0x33b/0x8a0 [ 514.850872] copy_mnt_ns+0x11c/0x8c0 [ 514.850881] ? kmem_cache_alloc+0x611/0x780 [ 514.850894] ? selinux_capable+0x36/0x40 [ 514.850908] create_new_namespaces+0xc9/0x720 [ 514.850919] ? ns_capable_common+0x12c/0x160 [ 514.850931] copy_namespaces+0x284/0x310 [ 514.850943] copy_process.part.0+0x2603/0x6a70 23:25:01 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0xfff) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r2 = syz_genetlink_get_family_id$tipc2(0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_REGS(r13, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xf9, &(0x7f0000000140)={&(0x7f0000000a40)=ANY=[@ANYRESDEC, @ANYRESDEC, @ANYPTR=&(0x7f0000000700)=ANY=[@ANYBLOB="e24a882aa621c9ddfcbf2d3838", @ANYBLOB="dfa77637c30596965d96f42f1b07a8f1629246263903c77d3798a9313eaad86d68647eb8dee15e51a60f751c6235a21c4bb616549c7c09f19cc9628c471efba7411c8dfb78245e2e4ef8c99a379ece2a1846fa722b60b44535170af477cdbab40fb10ddfd533f92920d99a0891e56b59ece548ac", @ANYRES16=r0, @ANYRESOCT, @ANYRESOCT=0x0], @ANYRES32=r4, @ANYPTR=&(0x7f0000000900)=ANY=[@ANYRES64=0x0, @ANYRESDEC, @ANYRESDEC=0x0, @ANYRESDEC, @ANYRES32, @ANYBLOB="4a9fd8e488116cc9c0f2d6a0f67ff3215a8f1e853e91e208a03432dff151a813f25eee4407400c4ce29d5eeda74486944eac2a35bec77dc5a5e8388abfef8c6b4791f49e15c71a4dcc460520ed377e50b0b6171d9be7a4013c599e1e575db47da6a1b23da29aca6881e09d1573ad844d9b3a5420a602f657fc7cfc5f01beb959cb9194c49a441d6cf8814f3fa9dca6adc88df6d1ccfc5abe13e8d69583a318855ca8c3612fcad0600abde4e4b92742fd2cc6ae16154947e8607e7848ca10c34c549c5223ac8d5b24917ff1ce4a649d20c7f4086813a12a6234c8a319a0f547", @ANYPTR64=&(0x7f00000007c0)=ANY=[@ANYRES64=r6, @ANYRESHEX=r8, @ANYRES16=0x0, @ANYRES32=r9, @ANYRESOCT=0x0, @ANYBLOB="47a64c7b2c91842ecfa6579cd965611901d565d8fc55fc7628639289b2744e956204779b5ae698311544d0398e22f7954d002d3d54f0e3a80c0a197f25f65356c4fb41e22e3cb7af40731a94ee82b41bc508b0db61029ee6650d34d31d5891d506696f2d960b7f9cf9e7c6355854ab176bcdb277e6da5ca4ace7a17be864e1ebc1d6899d9619ebb44063b3d5363128d5b1cc373193530f", @ANYRESHEX, @ANYRESOCT=0x0, @ANYRESDEC, @ANYRES64=r10], @ANYRES16=r13, @ANYRES16], @ANYRESOCT, @ANYRESHEX]}, 0x1, 0x0, 0x0, 0x4004}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="be6a8fef", @ANYRES16=r2, @ANYBLOB="0a0327bd7000fedbdf250b000000940001000c00020008000400060000002c0004001400010002004e21ac14141c00000000000000001400020002004e22e00000020000000000000000100001007564703a73797a30000000001c00020008000200030000000800020000100000080001001a0000002c0002000800010001000000080001000600000008000400ffffff7f080003000200000008000400ff07000014000700080002003f000000080001008a0ff328440007000c000400733b00000000000008000200010100000c00040001000000000000000c00040009000000000000000c0004002a6700000000000008000100000000801c0009000800010005000000080001000400000008000200bf0000003001010044000400200001000a004e2100000080fe80000000000000000000000000002403000000200002000a004e230000fffffe8000000000000000000000000000aa0900000044000200080002000000000008000200b60e000008000200cab10000080002000002000008000200200000000800030050320000080001001b000000080003000700000038000400200001000a004e24000024e000000000000000000000ffffac1414aa018000001400020002004e21ac1e00010000000000000000100001007564703a73797a3000000000080003008100000008000300000000004c000200080003000000000008000400000000000800020009000000080004003c0d000008000400d70000000800010001000000080003000300000008000300fbffffff08000200050000004c0007000c0004000800000000000000080001000100010008000100010100000c00030004000000000000000800010000004000080002000200000008000200070000000800020061ed0000a40004003c000700080002000300000008000200000000000800040004000000080002000000000008000400b9bc0000080002003e0c0000080003002262000014000700080002000900000008000300200000001c000700080004000400000008000400eee00000080003000004000014000700080004000900000008000200050000001400070008000400ff7f000008000100110000000c00010073797a3000000000340007000c00040040000000000000000800020002000000080002001c0000000c000400060000000000000008000200000100003c000100380004001400010002004e22e00000010000000000000000200002000a004e21000000ff00"/934], 0x3ac}, 0x1, 0x0, 0x0, 0x4}, 0x10000000) r14 = syz_genetlink_get_family_id$nbd(&(0x7f0000000600)='nbd\x00') sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x28, r14, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffffce0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x28}, 0x1, 0x0, 0x0, 0x48000}, 0x8041) 23:25:01 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_RELEASE(0xffffffffffffffff, 0x6431) lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x1) io_setup(0x0, &(0x7f00000000c0)) [ 514.850965] ? proc_fail_nth_write+0x7d/0x180 [ 514.868880] ? proc_cwd_link+0x1b0/0x1b0 [ 514.868900] ? __cleanup_sighand+0x50/0x50 [ 514.868912] ? lock_downgrade+0x740/0x740 [ 514.868928] _do_fork+0x19e/0xce0 [ 514.868940] ? fork_idle+0x280/0x280 [ 514.868955] ? fput+0xd4/0x150 [ 514.884804] ? SyS_write+0x15e/0x230 [ 514.884820] SyS_clone+0x37/0x50 [ 514.884827] ? sys_vfork+0x30/0x30 [ 514.884842] do_syscall_64+0x1e8/0x640 [ 514.884850] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 514.884866] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 514.902081] RIP: 0033:0x45a6f9 [ 514.902087] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 514.902096] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 514.902101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 514.902106] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 514.902112] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 514.902118] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:01 executing program 0: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000240)='/dev/sg#\x00', 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000802, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) dup2(r2, 0xffffffffffffffff) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$caif_stream(0x25, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) unshare(0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf8c44189f7000000}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) 23:25:01 executing program 5: clone(0x787467fbcfa3d9c, 0x0, 0x0, 0x0, 0x0) 23:25:01 executing program 2 (fault-call:0 fault-nth:35): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:01 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) write$P9_RSTAT(r0, &(0x7f0000000000)={0x56, 0x7d, 0x1, {0x0, 0x4f, 0x7, 0x39f0, {0x12, 0x4, 0x4}, 0x10c0000, 0x3, 0x2, 0x9, 0x8, 'vboxnet0', 0xc, '\\!&*vboxnet0', 0x7, 'selinux', 0x1, ')'}}, 0x56) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:01 executing program 1: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000)=0x200, 0x4) clone(0x787467fbdfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 515.252814] FAULT_INJECTION: forcing a failure. [ 515.252814] name failslab, interval 1, probability 0, space 0, times 0 [ 515.267173] CPU: 1 PID: 27151 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 515.275090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.284465] Call Trace: [ 515.287059] dump_stack+0x142/0x197 [ 515.290740] should_fail.cold+0x10f/0x159 [ 515.294896] should_failslab+0xdb/0x130 [ 515.298884] kmem_cache_alloc+0x2d7/0x780 [ 515.303165] ? find_held_lock+0x35/0x130 [ 515.307242] ? copy_tree+0x4a2/0x8a0 [ 515.310973] alloc_vfsmnt+0x28/0x7d0 [ 515.314696] clone_mnt+0x70/0xee0 [ 515.318154] ? lock_downgrade+0x740/0x740 [ 515.322313] ? do_raw_spin_unlock+0x16b/0x260 [ 515.326827] copy_tree+0x33b/0x8a0 [ 515.330475] copy_mnt_ns+0x11c/0x8c0 [ 515.334196] ? kmem_cache_alloc+0x611/0x780 [ 515.338535] ? selinux_capable+0x36/0x40 [ 515.342604] create_new_namespaces+0xc9/0x720 [ 515.347088] ? ns_capable_common+0x12c/0x160 [ 515.351502] copy_namespaces+0x284/0x310 [ 515.355577] copy_process.part.0+0x2603/0x6a70 [ 515.360186] ? proc_fail_nth_write+0x7d/0x180 [ 515.364792] ? proc_cwd_link+0x1b0/0x1b0 [ 515.368868] ? __cleanup_sighand+0x50/0x50 [ 515.373122] ? lock_downgrade+0x740/0x740 [ 515.377290] _do_fork+0x19e/0xce0 [ 515.380755] ? fork_idle+0x280/0x280 [ 515.384477] ? fput+0xd4/0x150 [ 515.387680] ? SyS_write+0x15e/0x230 [ 515.391407] SyS_clone+0x37/0x50 [ 515.394771] ? sys_vfork+0x30/0x30 [ 515.398315] do_syscall_64+0x1e8/0x640 [ 515.402206] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 515.407061] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 515.412252] RIP: 0033:0x45a6f9 [ 515.415437] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 515.423155] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 515.430435] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 515.437713] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 515.444992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 23:25:02 executing program 4: clone(0x20200, 0x0, 0x0, 0x0, 0x0) 23:25:02 executing program 4: clone(0xffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) tkill(r0, 0x25) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000040)=[@mss, @mss, @mss, @mss, @sack_perm, @timestamp, @window, @timestamp], 0x8) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$cont(0x9, r0, 0x0, 0x0) clone(0x2100000, 0x0, 0x0, 0x0, 0x0) [ 515.452268] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:02 executing program 5: clone(0x4000000, 0x0, 0x0, 0x0, 0x0) 23:25:02 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001200)='/dev/vsock\x00', 0x0, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000001240)={0x5, {{0xa, 0x4e24, 0x377, @ipv4={[], [], @multicast2}, 0x100}}}, 0x88) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x80000, 0x0) ioctl$BLKGETSIZE(r1, 0x1260, &(0x7f0000000040)) 23:25:02 executing program 2 (fault-call:0 fault-nth:36): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:02 executing program 3: ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f0000000000)={0xb53, 0x40, 0x5, 'queue1\x00', 0x3}) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) socket$packet(0x11, 0x2, 0x300) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000000c0)={r3, 0xdf, "851dfc68d2e7c3561872b011c459d15a49e0212c2bc8aca3fb3780c98ea696c0e7cd45d4c89e94cc3809ef357a75c49fd77816251ba365bcda426490fa82dc196fb53c6cf69990eacb50466fbdfb69bdddb1266ce29bfc2b7d32e977d4e14200fab7f0e3352a3fbd5ab1930e34c58ed0512ad6bd683be72c62383898ba36c0a5749dd43997d04287d427846f0685c02fb8e5960623e63eca1edf7abcb63427dafb216c2f99147fd50fdd359c24e7c8cffea817ca1c6588598b4fcd6b843cab18cb48099cfe45eddbe6a9bff5d86e78955bbef2288d6be3746200b72f5dd4a7"}, &(0x7f00000001c0)=0xe7) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={r4, 0xe0000000}, 0x8) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:02 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x4a0000, 0x0) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x1000, 0x3}) [ 515.704348] FAULT_INJECTION: forcing a failure. [ 515.704348] name failslab, interval 1, probability 0, space 0, times 0 [ 515.747258] CPU: 0 PID: 27179 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 515.755193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 515.764550] Call Trace: [ 515.767150] dump_stack+0x142/0x197 [ 515.770784] should_fail.cold+0x10f/0x159 [ 515.770801] should_failslab+0xdb/0x130 [ 515.770813] __kmalloc_track_caller+0x2ec/0x790 [ 515.770828] ? kstrdup_const+0x48/0x60 [ 515.770839] kstrdup+0x3a/0x70 [ 515.778945] kstrdup_const+0x48/0x60 [ 515.778956] alloc_vfsmnt+0xe5/0x7d0 [ 515.778968] clone_mnt+0x70/0xee0 [ 515.778979] ? lock_downgrade+0x740/0x740 [ 515.778989] ? do_raw_spin_unlock+0x16b/0x260 [ 515.810175] copy_tree+0x33b/0x8a0 [ 515.813707] copy_mnt_ns+0x11c/0x8c0 [ 515.817405] ? kmem_cache_alloc+0x611/0x780 [ 515.821709] ? selinux_capable+0x36/0x40 [ 515.825801] create_new_namespaces+0xc9/0x720 [ 515.830424] ? ns_capable_common+0x12c/0x160 [ 515.834828] copy_namespaces+0x284/0x310 [ 515.838878] copy_process.part.0+0x2603/0x6a70 [ 515.843449] ? proc_fail_nth_write+0x7d/0x180 [ 515.847946] ? proc_cwd_link+0x1b0/0x1b0 [ 515.852033] ? __cleanup_sighand+0x50/0x50 [ 515.856262] ? lock_downgrade+0x740/0x740 [ 515.860396] _do_fork+0x19e/0xce0 [ 515.863834] ? fork_idle+0x280/0x280 [ 515.867531] ? fput+0xd4/0x150 [ 515.870706] ? SyS_write+0x15e/0x230 [ 515.874405] SyS_clone+0x37/0x50 [ 515.877751] ? sys_vfork+0x30/0x30 [ 515.881271] do_syscall_64+0x1e8/0x640 [ 515.885154] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 515.889981] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 515.895166] RIP: 0033:0x45a6f9 [ 515.898348] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 515.906097] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 515.913370] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 515.920651] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 515.927940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 515.935269] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:02 executing program 5: clone(0x5884400, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x2c00, 0x38) fchdir(r0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f0000000040)={0x1, 0x0, 0x2, {0x4000ca, 0x4, 0x4, 0x10000ff}}) 23:25:02 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x10000) ioctl$SIOCRSSL2CALL(0xffffffffffffffff, 0x89e2, &(0x7f0000000040)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}) socket$inet_tcp(0x2, 0x1, 0x0) 23:25:02 executing program 3: clone(0x6ded8b8d3231752e, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000000)={0x1, 0x5, 0x3}) 23:25:02 executing program 2 (fault-call:0 fault-nth:37): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:02 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x25000) 23:25:02 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x25000) [ 516.075140] FAULT_INJECTION: forcing a failure. [ 516.075140] name failslab, interval 1, probability 0, space 0, times 0 [ 516.122368] CPU: 0 PID: 27213 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 516.130315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 516.139681] Call Trace: [ 516.142275] dump_stack+0x142/0x197 [ 516.145920] should_fail.cold+0x10f/0x159 [ 516.150082] should_failslab+0xdb/0x130 [ 516.154081] kmem_cache_alloc+0x2d7/0x780 [ 516.158234] ? find_held_lock+0x35/0x130 [ 516.162300] ? copy_tree+0x4a2/0x8a0 [ 516.166016] alloc_vfsmnt+0x28/0x7d0 [ 516.169724] clone_mnt+0x70/0xee0 [ 516.173166] ? lock_downgrade+0x740/0x740 [ 516.173176] ? do_raw_spin_unlock+0x16b/0x260 [ 516.173186] copy_tree+0x33b/0x8a0 [ 516.173200] copy_mnt_ns+0x11c/0x8c0 [ 516.173207] ? kmem_cache_alloc+0x611/0x780 [ 516.173218] ? selinux_capable+0x36/0x40 [ 516.173232] create_new_namespaces+0xc9/0x720 [ 516.201932] ? ns_capable_common+0x12c/0x160 [ 516.206350] copy_namespaces+0x284/0x310 [ 516.210413] copy_process.part.0+0x2603/0x6a70 [ 516.210431] ? proc_fail_nth_write+0x7d/0x180 [ 516.210439] ? proc_cwd_link+0x1b0/0x1b0 [ 516.210456] ? __cleanup_sighand+0x50/0x50 [ 516.219534] ? lock_downgrade+0x740/0x740 [ 516.231946] _do_fork+0x19e/0xce0 [ 516.235407] ? fork_idle+0x280/0x280 [ 516.239128] ? fput+0xd4/0x150 [ 516.242328] ? SyS_write+0x15e/0x230 [ 516.246053] SyS_clone+0x37/0x50 [ 516.249412] ? sys_vfork+0x30/0x30 [ 516.252956] do_syscall_64+0x1e8/0x640 [ 516.256842] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 516.261695] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 516.266885] RIP: 0033:0x45a6f9 [ 516.270065] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 516.270075] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 516.270081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 516.270086] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 516.270091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 516.270095] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 516.320130] protocol 88fb is buggy, dev hsr_slave_0 [ 516.325352] protocol 88fb is buggy, dev hsr_slave_1 [ 516.330484] protocol 88fb is buggy, dev hsr_slave_0 [ 516.335526] protocol 88fb is buggy, dev hsr_slave_1 [ 516.340646] protocol 88fb is buggy, dev hsr_slave_0 [ 516.345681] protocol 88fb is buggy, dev hsr_slave_1 23:25:05 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) 23:25:05 executing program 1: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x0, [], [{0x1f, 0x100, 0x8001, 0x3, 0x5, 0x4}, {0x5495, 0x100, 0x4, 0x200, 0x3, 0x7}], [[]]}) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000000)={{{@in=@multicast2, @in=@broadcast}}, {{@in6=@initdev}, 0x0, @in6=@mcast1}}, &(0x7f0000000100)=0xe8) clone(0x4008100, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 3: r0 = socket$inet6(0xa, 0x3, 0xff) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/policy\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000080)) ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) 23:25:05 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000000)={0xffe1, 0x6, 0x1}) 23:25:05 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x25000) 23:25:05 executing program 2 (fault-call:0 fault-nth:38): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 518.523386] FAULT_INJECTION: forcing a failure. [ 518.523386] name failslab, interval 1, probability 0, space 0, times 0 [ 518.544685] CPU: 1 PID: 27241 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 518.552630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 518.562008] Call Trace: [ 518.564590] dump_stack+0x142/0x197 [ 518.568221] should_fail.cold+0x10f/0x159 [ 518.572359] should_failslab+0xdb/0x130 [ 518.576319] __kmalloc_track_caller+0x2ec/0x790 [ 518.580984] ? kstrdup_const+0x48/0x60 [ 518.584868] kstrdup+0x3a/0x70 [ 518.588050] kstrdup_const+0x48/0x60 [ 518.591759] alloc_vfsmnt+0xe5/0x7d0 [ 518.595462] clone_mnt+0x70/0xee0 [ 518.598916] ? lock_downgrade+0x740/0x740 [ 518.603048] ? do_raw_spin_unlock+0x16b/0x260 [ 518.607530] copy_tree+0x33b/0x8a0 [ 518.611070] copy_mnt_ns+0x11c/0x8c0 [ 518.614775] ? kmem_cache_alloc+0x611/0x780 [ 518.619082] ? selinux_capable+0x36/0x40 [ 518.623148] create_new_namespaces+0xc9/0x720 [ 518.627644] ? ns_capable_common+0x12c/0x160 [ 518.632047] copy_namespaces+0x284/0x310 [ 518.636099] copy_process.part.0+0x2603/0x6a70 [ 518.640676] ? proc_fail_nth_write+0x7d/0x180 [ 518.645184] ? proc_cwd_link+0x1b0/0x1b0 [ 518.649269] ? __cleanup_sighand+0x50/0x50 [ 518.653557] ? lock_downgrade+0x740/0x740 [ 518.657708] _do_fork+0x19e/0xce0 [ 518.661154] ? fork_idle+0x280/0x280 [ 518.664858] ? fput+0xd4/0x150 [ 518.668036] ? SyS_write+0x15e/0x230 [ 518.671855] SyS_clone+0x37/0x50 [ 518.675221] ? sys_vfork+0x30/0x30 [ 518.678775] do_syscall_64+0x1e8/0x640 [ 518.682668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 518.687513] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 518.692693] RIP: 0033:0x45a6f9 [ 518.695865] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 518.703644] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 518.710898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:25:05 executing program 1: clone(0x8690623091ac1727, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 3: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$USBDEVFS_DISCSIGNAL(r0, 0x8010550e, &(0x7f0000000040)={0xffffff81, &(0x7f0000000000)="38e137ed335ea7761f66353a103fb2856a9a2a467b4876e704a454e24f4383"}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0x25000) [ 518.718178] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 518.725432] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 518.732684] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:05 executing program 4: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000000)=0x10, 0x4) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 2 (fault-call:0 fault-nth:39): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 1: clone(0x200000, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3f, 0x90004) r0 = socket$inet(0x2, 0x6, 0x5) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x89, @remote, 0x4e22, 0x1, 'wlc\x00', 0x4, 0x8, 0xc}, 0x2c) 23:25:05 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x8001, 0x111080) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x8, 0x0, 0x80}) syz_open_dev$mice(&(0x7f00000000c0)='?dev/input/mice\x00', 0x0, 0x10100) 23:25:05 executing program 5: clone(0x787467fb4fa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000000)={{0x9, 0x90}, {0x1, 0x9}, 0x3, 0x3, 0x3}) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$TIOCNOTTY(r1, 0x5422) 23:25:05 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x25000) 23:25:05 executing program 5: clone(0x80000000, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x40, 0x0) ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000040)={0x7fffffff}) 23:25:05 executing program 4: 23:25:05 executing program 1: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000040)={0x20, 0x0, 0x5, 0x400, 0x82e1}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCGSND(r0, 0x8040451a, &(0x7f0000000080)=""/127) 23:25:05 executing program 3: clone(0x20000000, 0x0, 0x0, 0x0, 0x0) 23:25:05 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x25000) [ 519.075557] FAULT_INJECTION: forcing a failure. [ 519.075557] name failslab, interval 1, probability 0, space 0, times 0 23:25:05 executing program 4: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) read$usbmon(r0, &(0x7f0000000040)=""/157, 0x9d) [ 519.171286] CPU: 1 PID: 27295 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 519.179207] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.188586] Call Trace: [ 519.191193] dump_stack+0x142/0x197 [ 519.194838] should_fail.cold+0x10f/0x159 [ 519.199003] should_failslab+0xdb/0x130 [ 519.202987] kmem_cache_alloc+0x2d7/0x780 [ 519.207138] ? find_held_lock+0x35/0x130 [ 519.211189] ? copy_tree+0x4a2/0x8a0 [ 519.211199] alloc_vfsmnt+0x28/0x7d0 [ 519.211209] clone_mnt+0x70/0xee0 [ 519.211218] ? lock_downgrade+0x740/0x740 [ 519.211227] ? do_raw_spin_unlock+0x16b/0x260 [ 519.211238] copy_tree+0x33b/0x8a0 [ 519.234272] copy_mnt_ns+0x11c/0x8c0 [ 519.237991] ? kmem_cache_alloc+0x611/0x780 [ 519.242313] ? selinux_capable+0x36/0x40 [ 519.242330] create_new_namespaces+0xc9/0x720 [ 519.242343] ? ns_capable_common+0x12c/0x160 [ 519.242356] copy_namespaces+0x284/0x310 [ 519.250887] copy_process.part.0+0x2603/0x6a70 [ 519.250906] ? proc_fail_nth_write+0x7d/0x180 [ 519.250915] ? proc_cwd_link+0x1b0/0x1b0 [ 519.250933] ? __cleanup_sighand+0x50/0x50 [ 519.250943] ? lock_downgrade+0x740/0x740 [ 519.250959] _do_fork+0x19e/0xce0 [ 519.284303] ? fork_idle+0x280/0x280 [ 519.288038] ? fput+0xd4/0x150 [ 519.291243] ? SyS_write+0x15e/0x230 [ 519.294967] SyS_clone+0x37/0x50 [ 519.298341] ? sys_vfork+0x30/0x30 [ 519.301890] do_syscall_64+0x1e8/0x640 [ 519.305784] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 519.310644] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 519.315851] RIP: 0033:0x45a6f9 [ 519.319043] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 519.326760] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 519.334036] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 519.341315] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 519.348594] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 519.355863] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:06 executing program 2 (fault-call:0 fault-nth:40): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:06 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x14, 0x70bd26, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x10) 23:25:06 executing program 5: openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$KDFONTOP_COPY(r0, 0x4b72, &(0x7f0000000440)={0x3, 0x1, 0xe, 0x1d, 0x12c, &(0x7f0000000040)}) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x8000fffffffe) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x9c, r3, 0x0, 0x470bd25, 0x25dfdbff, {}, [{{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8, 0x4, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8}}, {0x8}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x4, 0x2}}]}, 0x9c}}, 0x10) sendmsg$DEVLINK_CMD_PORT_GET(r1, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x60, r3, 0x400, 0x70bd27, 0x25dfdbfb, {}, [{{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}]}, 0x60}, 0x1, 0x0, 0x0, 0x8040}, 0x80) clone(0x787467f3cfb1f9c, 0x0, 0x0, 0x0, 0x0) 23:25:06 executing program 4: r0 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x4) ioctl$GIO_FONTX(r0, 0x4b6b, &(0x7f0000000400)={0xa, 0x16}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/sequencer2\x00', 0x80000, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x80800, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000004c0)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000740)={&(0x7f0000000500)=ANY=[@ANYBLOB="0c020000", @ANYRES16=r2, @ANYBLOB="00002dbd7000fedbdf250f0000000c000900080002000000008018000200080002000400000004000400080001000400000038000200080002008000000008000200540800000800010003000000080001f0ffffff00080002000600000004000400080002000100000038000200080001007f0000000400040008000200ff0f000004000400040004000400040008000100090000000400040004000400040004000c00090008000100010100001c0001001000010069623a636169663000000000080003000000000014000600080001000100000008000100000800001c0104000c00010073797a310000000054000702080001000b00000008000200030000000800020000000000080004000f7a0000080004000010000008000300010000000800020007000000080003000800000008000400e10d0000080004000100000024000700080001000d000000080001000b0000000800040005000000080001000f0000001c00070008000300b5000000080004000200000008000200040000001400010062726f6164636173742d6c696e6b00000c00010073797a31000000001400010062726f6164816173742d6c696e6b00002c0007000800030005000000080001000e0000000800010005000000080004000800000008000300000000000c00010073797a31000000000c00010073797a31000000000c0006000800010000000000"], 0x20c}}, 0x10) 23:25:06 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x25000) 23:25:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:06 executing program 3: clone(0x91c2b1c2e640490f, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) accept4$x25(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x12, 0x80000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa4, r2, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [{{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x4, 0x1}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x4, 0x2}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x4, 0x2}}]}, 0xa4}, 0x1, 0x0, 0x0, 0xd20aadafe99e0cbd}, 0x0) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x246800, 0x0) setsockopt$sock_void(r3, 0x1, 0x24, 0x0, 0x0) [ 519.485682] FAULT_INJECTION: forcing a failure. [ 519.485682] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 519.497552] CPU: 1 PID: 27342 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 519.497560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.497564] Call Trace: [ 519.497580] dump_stack+0x142/0x197 [ 519.521029] should_fail.cold+0x10f/0x159 [ 519.525194] __alloc_pages_nodemask+0x1d6/0x7a0 [ 519.529875] ? __alloc_pages_slowpath+0x2930/0x2930 23:25:06 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1330e47d, 0x101001) sendmsg$TIPC_CMD_SHOW_STATS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8002004}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x300, 0x70bd2b, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2004c054}, 0x80) [ 519.529898] cache_grow_begin+0x80/0x400 [ 519.529909] kmem_cache_alloc+0x6a6/0x780 [ 519.529923] ? find_held_lock+0x35/0x130 [ 519.547183] alloc_vfsmnt+0x28/0x7d0 [ 519.550908] clone_mnt+0x70/0xee0 [ 519.554366] ? lock_downgrade+0x740/0x740 [ 519.558516] ? do_raw_spin_unlock+0x16b/0x260 [ 519.563019] copy_tree+0x33b/0x8a0 [ 519.566567] copy_mnt_ns+0x11c/0x8c0 [ 519.570281] ? kmem_cache_alloc+0x611/0x780 [ 519.574629] ? selinux_capable+0x36/0x40 [ 519.578682] create_new_namespaces+0xc9/0x720 23:25:06 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000000)) [ 519.583173] ? ns_capable_common+0x12c/0x160 [ 519.587580] copy_namespaces+0x284/0x310 [ 519.591649] copy_process.part.0+0x2603/0x6a70 [ 519.596236] ? proc_fail_nth_write+0x7d/0x180 [ 519.600727] ? proc_cwd_link+0x1b0/0x1b0 [ 519.604804] ? __cleanup_sighand+0x50/0x50 [ 519.609051] ? lock_downgrade+0x740/0x740 [ 519.613201] _do_fork+0x19e/0xce0 [ 519.616651] ? fork_idle+0x280/0x280 [ 519.620368] ? fput+0xd4/0x150 [ 519.623566] ? SyS_write+0x15e/0x230 [ 519.627289] SyS_clone+0x37/0x50 [ 519.630668] ? sys_vfork+0x30/0x30 [ 519.634217] do_syscall_64+0x1e8/0x640 [ 519.638105] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 519.642963] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 519.648190] RIP: 0033:0x45a6f9 [ 519.651394] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 519.651406] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 519.651417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 519.673697] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:25:06 executing program 0: socket$inet6(0xa, 0x80003, 0x6b) r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x25000) 23:25:06 executing program 5: clone(0x787467fb86e159c, 0x0, 0x0, 0x0, 0x0) 23:25:06 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x25000) [ 519.680964] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 519.688233] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:06 executing program 2 (fault-call:0 fault-nth:41): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:06 executing program 5: clone(0x200, 0x0, 0x0, 0x0, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000000)=0x2) 23:25:06 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x25000) 23:25:06 executing program 1: clone(0x100000, 0x0, 0x0, 0x0, 0x0) get_mempolicy(&(0x7f0000000080), &(0x7f00000000c0), 0x8, &(0x7f0000001000/0x1000)=nil, 0x1) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000000)=0x1) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r3, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r3, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r3, 0x1) r4 = msgget(0x3, 0x8) msgctl$IPC_INFO(r4, 0x3, &(0x7f0000000380)=""/68) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000000fb8ca6e5e669e2", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cachefiles\x00', 0x141a00, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f00000000c0)={r6}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000180)={r6, 0x101}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f0000000280)={r7, 0x2}, 0x8) r8 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r9 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/mls\x00', 0x0, 0x0) ioctl$VIDIOC_G_OUTPUT(r9, 0x8004562e, &(0x7f0000000140)) ioctl$KVM_ASSIGN_PCI_DEVICE(r8, 0x8040ae69, &(0x7f0000000040)={0x80, 0x5, 0xc4, 0x9, 0x4}) [ 519.847137] FAULT_INJECTION: forcing a failure. [ 519.847137] name failslab, interval 1, probability 0, space 0, times 0 [ 519.883191] IPVS: ftp: loaded support on port[0] = 21 [ 519.888464] CPU: 1 PID: 27383 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 519.896359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.896364] Call Trace: [ 519.896381] dump_stack+0x142/0x197 [ 519.896400] should_fail.cold+0x10f/0x159 [ 519.896416] should_failslab+0xdb/0x130 [ 519.896427] kmem_cache_alloc+0x2d7/0x780 [ 519.916116] ? find_held_lock+0x35/0x130 [ 519.916133] ? copy_tree+0x4a2/0x8a0 [ 519.916146] alloc_vfsmnt+0x28/0x7d0 [ 519.916157] clone_mnt+0x70/0xee0 [ 519.916168] ? lock_downgrade+0x740/0x740 [ 519.924271] ? do_raw_spin_unlock+0x16b/0x260 [ 519.924287] copy_tree+0x33b/0x8a0 [ 519.924305] copy_mnt_ns+0x11c/0x8c0 [ 519.924312] ? kmem_cache_alloc+0x611/0x780 [ 519.924325] ? selinux_capable+0x36/0x40 [ 519.932105] create_new_namespaces+0xc9/0x720 [ 519.932117] ? ns_capable_common+0x12c/0x160 [ 519.932130] copy_namespaces+0x284/0x310 [ 519.932142] copy_process.part.0+0x2603/0x6a70 [ 519.932157] ? proc_fail_nth_write+0x7d/0x180 [ 519.932165] ? proc_cwd_link+0x1b0/0x1b0 [ 519.932181] ? __cleanup_sighand+0x50/0x50 [ 519.932194] ? lock_downgrade+0x740/0x740 [ 519.997904] _do_fork+0x19e/0xce0 [ 520.001343] ? fork_idle+0x280/0x280 [ 520.005044] ? fput+0xd4/0x150 [ 520.008218] ? SyS_write+0x15e/0x230 [ 520.011914] SyS_clone+0x37/0x50 [ 520.015261] ? sys_vfork+0x30/0x30 [ 520.018784] do_syscall_64+0x1e8/0x640 [ 520.022666] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 520.027501] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 520.032691] RIP: 0033:0x45a6f9 [ 520.035877] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:25:06 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x25000) 23:25:06 executing program 4: [ 520.043570] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 520.050838] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 520.058092] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 520.065342] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 520.072608] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:07 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x22042, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0), &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x2, 0x30}, &(0x7f0000000080)=0xc) 23:25:07 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffd000/0x2000)=nil) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0xae, 0x5, 0xfa67e66fbaad37ab, 0x8000, 0x3, [{0x4bf9, 0x6, 0x401, 0x0, 0x0, 0x202}, {0x2, 0x1, 0xffffffffffffb8c7, 0x0, 0x0, 0xdbb1bcfb0bc3541d}, {0xf01a, 0x800, 0x2, 0x0, 0x0, 0x200}]}) 23:25:07 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000000)) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000040)=""/41) eventfd2(0x1, 0x141801) 23:25:07 executing program 2 (fault-call:0 fault-nth:42): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:07 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x25000) 23:25:07 executing program 1: clone(0x80000000, 0x0, 0x0, 0x0, 0x0) 23:25:07 executing program 5: r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000)='/dl\x00\x00\x00\x00\x00I7\x00', 0x2620c0, 0x0) write$P9_RWSTAT(r0, &(0x7f0000000040)={0x7, 0x7f, 0x1}, 0x7) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x10200, 0x0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f00000000c0)=0xa6b) clone(0x70030000, 0x0, 0x0, 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x400000, 0x0) connect$netlink(r2, &(0x7f0000000140)=@unspec, 0xc) 23:25:07 executing program 0: openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x25000) [ 520.908883] FAULT_INJECTION: forcing a failure. [ 520.908883] name failslab, interval 1, probability 0, space 0, times 0 23:25:07 executing program 4: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='rdma.current\x00', 0x0, 0x0) symlinkat(&(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00') r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) accept(0xffffffffffffffff, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, &(0x7f0000000180)=0x80) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000200)={0x3, 'veth0_to_bo\xf8\x00', {0x1}, 0x5}) ioctl$RTC_ALM_READ(r2, 0x80247008, &(0x7f00000000c0)) clone(0xa014dd00, 0x0, 0x0, 0x0, 0x0) 23:25:07 executing program 1: clone(0x1095100, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000)) [ 520.987645] CPU: 1 PID: 27421 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 520.995611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.004979] Call Trace: [ 521.007589] dump_stack+0x142/0x197 [ 521.011230] should_fail.cold+0x10f/0x159 [ 521.011249] should_failslab+0xdb/0x130 [ 521.019376] kmem_cache_alloc+0x2d7/0x780 [ 521.019390] ? find_held_lock+0x35/0x130 [ 521.019401] ? copy_tree+0x4a2/0x8a0 [ 521.019413] alloc_vfsmnt+0x28/0x7d0 23:25:07 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$rose(r0, &(0x7f0000000040)=@short={0xb, @dev, @default, 0x1, @null}, &(0x7f0000000080)=0x1c, 0x80000) [ 521.019425] clone_mnt+0x70/0xee0 [ 521.038625] ? lock_downgrade+0x740/0x740 [ 521.042787] ? do_raw_spin_unlock+0x16b/0x260 [ 521.047291] copy_tree+0x33b/0x8a0 [ 521.050839] copy_mnt_ns+0x11c/0x8c0 [ 521.054553] ? kmem_cache_alloc+0x611/0x780 [ 521.058883] ? selinux_capable+0x36/0x40 [ 521.062975] create_new_namespaces+0xc9/0x720 [ 521.067487] ? ns_capable_common+0x12c/0x160 [ 521.071902] copy_namespaces+0x284/0x310 [ 521.075970] copy_process.part.0+0x2603/0x6a70 [ 521.080563] ? proc_fail_nth_write+0x7d/0x180 [ 521.080573] ? proc_cwd_link+0x1b0/0x1b0 [ 521.080594] ? __cleanup_sighand+0x50/0x50 [ 521.080605] ? lock_downgrade+0x740/0x740 [ 521.080617] _do_fork+0x19e/0xce0 [ 521.080628] ? fork_idle+0x280/0x280 [ 521.080641] ? fput+0xd4/0x150 [ 521.080649] ? SyS_write+0x15e/0x230 [ 521.080661] SyS_clone+0x37/0x50 [ 521.101004] ? sys_vfork+0x30/0x30 [ 521.101021] do_syscall_64+0x1e8/0x640 [ 521.101030] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.101048] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 521.101056] RIP: 0033:0x45a6f9 23:25:07 executing program 0: openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x25000) 23:25:07 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) recvmmsg(r0, &(0x7f0000001380)=[{{&(0x7f0000000000)=@rc, 0x80, &(0x7f0000001300)=[{&(0x7f0000000080)=""/198, 0xc6}, {&(0x7f0000000180)=""/63, 0x3f}, {&(0x7f00000001c0)=""/21, 0x15}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/213, 0xd5}], 0x5}, 0x8}], 0x1, 0x40, &(0x7f00000013c0)={0x77359400}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:07 executing program 0: openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000180)=0x25000) [ 521.101060] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 521.101069] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 521.101074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 521.101079] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 521.101084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 521.101089] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:07 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$bt_rfcomm(0x1f, 0x3, 0x3) fallocate(r0, 0x25, 0x4, 0x100000000) 23:25:07 executing program 2 (fault-call:0 fault-nth:43): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:07 executing program 5: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x41) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000200)=""/230) clone(0x787467ffc7b1f9c, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f0000000300)='bpq0\x00') r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x80, 0x0) ioctl$MON_IOCX_GET(r2, 0x40189206, &(0x7f0000000180)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000080)=""/196, 0xc4}) 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000180)=0x25000) 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000180)=0x25000) [ 521.334434] FAULT_INJECTION: forcing a failure. [ 521.334434] name failslab, interval 1, probability 0, space 0, times 0 [ 521.393483] CPU: 1 PID: 27467 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 521.401416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.410808] Call Trace: [ 521.413410] dump_stack+0x142/0x197 [ 521.417051] should_fail.cold+0x10f/0x159 [ 521.421219] should_failslab+0xdb/0x130 [ 521.425203] __kmalloc_track_caller+0x2ec/0x790 [ 521.429889] ? kstrdup_const+0x48/0x60 [ 521.433788] kstrdup+0x3a/0x70 [ 521.436987] kstrdup_const+0x48/0x60 23:25:08 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) r4 = getgid() setgroups(0x1, &(0x7f00000002c0)=[r4]) write$FUSE_ATTR(r0, &(0x7f00000000c0)={0x78, 0x0, 0x4, {0xfffffffffffffffa, 0xffff, 0x0, {0x0, 0x0, 0x3ea0fbee, 0x4, 0x1, 0xfff, 0x9, 0xccf, 0x5, 0x9, 0x3, r1, r3, 0x100, 0x20200000}}}, 0x78) [ 521.440711] alloc_vfsmnt+0xe5/0x7d0 [ 521.444428] clone_mnt+0x70/0xee0 [ 521.447887] ? lock_downgrade+0x740/0x740 [ 521.452042] ? do_raw_spin_unlock+0x16b/0x260 [ 521.456546] copy_tree+0x33b/0x8a0 [ 521.460099] copy_mnt_ns+0x11c/0x8c0 [ 521.463814] ? kmem_cache_alloc+0x611/0x780 [ 521.468141] ? selinux_capable+0x36/0x40 [ 521.472207] create_new_namespaces+0xc9/0x720 [ 521.476730] ? ns_capable_common+0x12c/0x160 [ 521.481147] copy_namespaces+0x284/0x310 [ 521.485220] copy_process.part.0+0x2603/0x6a70 23:25:08 executing program 5: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x0, 0x0) close(r1) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3, 0xffff}}, 0x10) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000000)={0xf, 0x8, 0xfa00, {r3, 0x12}}, 0x10) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 521.489799] ? proc_fail_nth_write+0x7d/0x180 [ 521.494296] ? proc_cwd_link+0x1b0/0x1b0 [ 521.498374] ? __cleanup_sighand+0x50/0x50 [ 521.502622] ? lock_downgrade+0x740/0x740 [ 521.506785] _do_fork+0x19e/0xce0 [ 521.510263] ? fork_idle+0x280/0x280 [ 521.514003] ? fput+0xd4/0x150 [ 521.517205] ? SyS_write+0x15e/0x230 [ 521.520927] SyS_clone+0x37/0x50 [ 521.524295] ? sys_vfork+0x30/0x30 [ 521.527841] do_syscall_64+0x1e8/0x640 [ 521.531731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.536591] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000180)=0x25000) [ 521.541781] RIP: 0033:0x45a6f9 [ 521.544966] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 521.552678] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 521.559959] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 521.567319] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 521.574605] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 521.581888] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:08 executing program 1: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e23, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @multicast2}, 'erspan0\x00'}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x80200) sendmsg$netlink(r3, &(0x7f00000029c0)={&(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000002980)=[{&(0x7f0000000240)={0x12b8, 0x2d, 0x1, 0x70bd29, 0x25dfdbfe, "", [@generic="de161eb6225643a511fa3afbdea8000a61330a90b1f436aeea0bfe609a78304dfaa756656d587b99c29f99c47fdd56831f49b5eb32b090a7b3a30a", @generic="1da49db53675fe89826bb05daf9ee4a3bbfbd4d226dc8caf1fbc602d4baacdc649d66b1b3ee559dd45b71a8e77f7f6ce725705d96814783f32f4776116bb1adf23ba30f79e81b4b128e59faccab2915666908adfa80d8f794a79c47b82d9c8672f224457ba4b731b750aa2c635c7e5c31c2eb888b2b51e0288b87083c7de77032770b66f9d7b59dcb83e57b56bb078846af56d5e42addd92f75d4df48fa0a1bcaf49e36b4829228c424c97a4f1d63544fd6cd4cf5c397909eb1362a8588002191b40602de6d7f7c7134a8593ffc98e641d1b7b1e382c0e76ef1419c8f053a59246bc54810767fc5dd91f04f37d496f96d8", @nested={0x117c, 0x8e, [@generic, @typed={0x8, 0x80, @u32=0x1}, @generic="62746b0a350fbaf2b4d419ad12f38f99e55fdf64432e726f2d1c2eaa7075404ac64ff7050c7120a82f40c54f51b7ee770cda048deb7b5cb013bf209f77446541a95dde2c68fa5da880f33b32c8bca1a285919883c6c18eece142121055a540caa6ee311d20ef9652aedf05893687438f380b439adacf534e4417366b63fc5449bbf8477cad4980fb89b5caca2752bef6576eb9f828815332dd2656f396df5e507ef8387ee1de4ed5a95737b8695a343c48cbe773e704fa5881ad5169c79c11d9074c6f7f6613f770b7ba851f0a45de6c2681f139184bc8c3056c578842958173a57b4ae483c28ef50baa301da2ed94bc799c6786642e666ac4939a5a1afd06f6eb09faacb1febe8daf74e183db6d44d2c48d83a6e94c2e70140a17bfbf0c2d8a778e60eac6773902202153dc957c74a1e53f7f4500b4c8851688bc5e12f050b2f6ea3087ac343048e2c350c8531b4fa10e9a7a83ca1e31d3a70975a7e3256b3f87284c945898e76a799161cf7182f0eb976c3807883b2d7cab8c25bda3c4fe3a85077e9b9fb43867c683492ae3c41210649b1b02ada5e702b03bddb06ad41c7088aed44983072a60c15770cfb812623719e5275bc239999949c5cd415a308ffb210ce7162c6fb6af7784360ada4a64ef510a74e035d5b073c99372c476bfb18fe4aaebe6a6768e75a19764b5d536252214612b94c8ee0bb71798ed7db546df6af1bd9ad35b348ba0e4ce7eaebdc25587f904253a0cdfe5958577882b086e6d0e6029aa9f2107855b7e8afa2cd887fd802f0ad41c3f487fa0fe7efb72e088fabd107b1751b6ed030f9a281db4e850352e8908a5487f1ad688ee6c205786b769b11679a4b0928410e5a8c0b7889a72be519f678d90c3ca081586a73bd244b1cdb73a8f724579a8e45dbc70dc7674923c0b1489946916fc644b27e723c16f4806bb6d42c884fc0b4e67f5ec6da56d0b77a10220329a0b11f40ba2d467c674f8dc09264a02484a588b48794e4e03c89dbfc80765a6c1e67fbefbc7aef099062f9420e79887222ab6d13928945e9a1735b609fe9ea31468faa86b9bf78bfa953487a31a4ddf0c7316c4b50f4e5056d7e9832736d93181d8568d0d4e3637454bce9c5cd469848b4d044f9d500a979271e7db938f5262c3eaeacb8ac7d6133cc25afaa2fc7aee58dfcd3d8a4b2f9b9e5f7545735a78027b801d58c8a3348338b1ef46213884b457473da886fdcfeffbc5cb8a2e3e99208efcc1f525f0c07f7694c8fc36e0ff515308fccd2936da83d14fb952b2f6b9d473f9412efae579cfee67c54532f54511419e4644460e78b076ddbee91456e7c592a22edef5716b9351cbd84bffca4fb58a33f27b6d9c04a3d94865e374755e528a8477d436d59e0cf1c8c7d745cf850046751ee7847f11d9d35e193ff8bb029b35c811b882750544c86f33a63eb7d2e8261c925a6ac30cc7430cf76ca08942a8a1450cb00d7adc90aa8767e4a4331def5df18e06049184401290afbdee674849b961fe771831c2cf0d522277bf3e7b38093a795f6c222b8be973e77d0f03280eb646ea85552238ac50e53ee03630f54b5eaf0bbd3d9622e340fb077640265dbfc1372cd22efd85fbf76a32d9eb57e9394195811c74afeaec58fe92492c40b51c909b879ccca7324c64594976632e0d0b8b61fd51c823022db73e9df4cf3b9b8d905c74ce33b22ecf362e4670008efb985817b31387b628f32ec38a2aeb6657e078553b070214d7d7e88a161c1d03e8a3cb3368d491a7b215808404d2eccf64ee1642da690f6ca2d3481b65d5ac3b848697401678ae6ee3aab1d3e7d5a85fe96df337109dfd3e2bd23c3ce90092eb8b8bf2fad055295cc8e05948472feb0adadfd5dcaf89cdb3811e464224cfa487ef6b747032389fad8f5de643082c755ee18fa103e2e4fb64ad26201dfa8b985de33481cd0b9f94a3738f833968661610617623b43d190b73ce682e0e97644ba9aae80dc586ca223994176ddf45c6693db9ad242c610ce44ac227aeb2f93545a62f0dfb5ed811e7fb43d0acd99ebcd0db30898ca9b9c5f4fda63bdfa785be2c53f0f3d5ce04facc03a22a9502b974af99ae89951a0dd80447369e88f6c0c00aeab7aae87423653edc98a926a1ddc813d7d85c9d0c6163ba0a76a07c46c937c732e1a58c5d862077871c19b00705792b94011629c61f0ce9190234768a1ee69ff81474a0e5b37e3a02e2041ba11f5d76f03d160f6ace072ac869baa920208dfe710a2055f3c43409de8d547d60811d8ba72224338529b5ada5f157cd1ae947e3484608ab345e4da8072bf13318899a14da05847a8e7d191a71341e16ea1e0d9a3300be68b2ba42aa90b3e1f8ddcc86cb93f364490b3d9ffbe508a26990560504e476c3e79d8ccd2e0fd6ab9b962f09396eb4e654e6e32d3420a794b6ebb9d5edc5278e399766f65c17e0e736e61ec5e48912b12a01a032f751ff9994c7dca4cc98d3f01e16368188ef338e9d1a40ec01c00748466f11ef0c7029fc026f1741f621e264bd9b5e2986bd382edf1a3a987363c07201002cbad3a5575348f6770507262d5a2ddddaa6c3110c31f700b5094cf7d88dc9dcedb69312d9ca8f31be3d615f940849783e60aedcdde93eaef30c5c625f20622f5dd3a1acb1d570e2352e580f2eba654afdd7239050a32bb4ef92a7ccb5393fbcd25c8cd3d9672d1c181b859f66f87f4be3a676e2518d665e1a0a177413d59b183c87f52caffa231dad710dbbfe67d47c43dc4c8b43eee672bccb63e67318c7ca828731dc36f7c99521c7661ca236b35f8678d1a7af2bce1e51cfe54f3c4b4276b172692a7f0ef6ce4a696f8e722077b0ccc36c8c696c79da8d45e28646f71c7f231acc4b16e241964f869330cd03a61f81f9ea5041d5d5a12ce81d27aa6e0d766152262df817d565d866ec6356954006fbf8bd75cfec55016b269fb6afc2743bb5deeef9b09428b8c1c0f404a2c001ec412b932bbb006b6cf9d11439bb3215aadcf96a247d5a3008e6bb3e3d08ec7ee94fd45abdc562dc765c60c35a2657808456e7f126c5c62e4a9a8f8abc40551ff33a0c5e6ed7f4094d7a8f0cc3b675624d520e6fdf9dfbae86eb187b219468c95f4d456682802c5aa43a391830e032ecfe31f1813ee21008cfba9f13a9ee1f4c25172a8e5dce6910523036a26ba11dc43079a0e906c5c516ec2beb03e50ea5fefdb85b021d0c78ecc25416fd62f3bc2bb44fc8a9742fd3fdcfe0922a58492d94a84d512aa3f7b178719f89f4481722e98a4db51992e4f7c08f7719ae44b6e306746dbd6a06152efef42bbdf0ff148097e139f349bc0f64b432a637bf72a6cdd8abbc3ecd22884daf68a4c280fc4ce83013dc4d9cbc28be6f83adf0f2f79d78cd73d463b6a3525d746aa1591efeaf0aedaaa32379b1100e58547b6486f0b454355a2b1af9fd57bdc6e354e68763490a310caacd1e38386726c78bdbeea1ccffeea1ae00ea4cc9dca9a193477bdb42f6972732eef11858f10f8fd3934847ea457cead55581d1e20ec4f861616cc9e32edb1e81a4fd68c4fb86296eb6d608642068a7d7ef823b932c2430f7425f16bba9be3a85ae87b1172f959a3362d2fcc9c7386f919c53ec621545b99b43789e7010f716307f2e609bc0479a3805a5977ecb816f031e5dc8beb215125e5d69eb90f95ab7e6d6e8e9150bfc485e9a4c621f8c3063a5a580b229883f427888be056ac24dfcc68989e304c9e3ffee38f34efff307b10cc69edd92fd5f9c6bca189d66abef2ec6fb90aeba28c34dd18ebc7493f010e8a26099499e660fc47a1b1a35b2288feb381a13a9927f7587a349eb29234bf772383df9d938a3d31f99a015aad3e1aaca9a192568a7f9e5905cd18584c8c0dfe7fb8dacb77a35676cf096ed6e9f6acad3d1c67b479710585f88ec1dad1e0221152ae012d55dce4900b87a798c7ec66dbbb546ce203742b20f497363f47f85090b80ec3008de72d4d0d34c92b22eb5c56a6012db36fc6be5ff59afed66bdbc360f41bedcfccaab1277d1db7146b443fcfb0fec25238ed49e41fe624377918ef61213e9f4f46201ce515f5bfd3f1e4b40802b4e1aaf8526581fd4a2e00732fe6b9b4df02c80957d3a8388e2800a70e97e5467255982d4538cd7b61a0fce816d1f5cec3002a6dcb81dee0ac18dd1f42bd14adcec1ca8ae5299b5fc398dc0038bd44b29063c9bf741e71a4a24453711535ed3c0d4fa2197a82681108c98b223a1557e2d50bc78c61c6486e97ad0358eb56a830a753fbdc5d389e3d07787a1c2d4c5f6edcac4d3045ef3ac460f4f67b84f0fcce349184b3c8396d4dba71c458b6d671cbca09397fce0e34557c54ea6ea16ac3cfa720488f9ee02a7631c937cf8aba09bbfe2e4bd44c1634761c678d19499dbb8b33e27a0f850d4802da7e4d5661dead3ea9228b94fb20596835e79ff214fc87cc09b9b0c23f79c02b33157c60757bad11d7e3b7dc5cbe0f4634c4151182a159b1a7c51c741dc1873892d7afed6f2588173c4ee1734ea65eb341f059fc7db250533d51a17b2d9017b895624ad5d258e76ef5c9f4531ed94113eba3ef78351879ad5b2ea4165db41d6523d72452b18056a9a5eb18d1ff744924c2829fe5e12d01c79beff77a189693515a6ee64259e9e0de3a3bedd23d59803feebad39ca52bffe100173565279e697f5313873b2afc2470add2251ee10a32f74f051f02735370135e1093b91e1704017dc491666cafda8c9a6297fbe615af33e518b32e7c27f71623b297ccd9c20eb337e7396d4b6ae0698c514846f41508cfba733629bd4d8a01ab9b25ffb02c14f09e752f8852a5b4968f1a3797ef8c86f4e46e3867ccdc21ae4f8b537e8aacb39a351b3fe0e4f39565af6781c725354e94efa742e42d2ed686e98e87cecd32b644d7896972dbeee39ef28c97c19802a61d6869543f89ea6bac4090b256c8a0c69b41ec271f6eeecd58b01337fbf9f5ec9b9d248e22ea96d6c90f3e086e0accffaac5cf7ab6c7d6fbd4c7b65dc30be7874f7a377e38ff6e87af9004c6d2fbd8b953d8cacb0c49f9ee8044d9c6b983a9330bb3b6949c71083821c04ffbaf91591b4bc0ca374917db46552f15ad057f5685abae811d7ccd14d081d0863ef5347442a6ac5f24e06adb96d3b260e2ddbc14966fb83e52ce6e482924fb110510805162c3417edbecf03f09541ae51af40de481814588d3d0e316656bb6d7a9d67819f2c8be2c3dc321c6881fcc9b6f9f94cf22c001c224898e907ec958197706c47d4819033d0da4c2da6d8fb9651372ff169afc2c777b8e6f63aaed48a34ed74b583de922e4d9c9ab370c439ff86d0f04c7e70b6f570db9c0b8a0651ddc9745cd713e7f733d11ed4872be0317e0b15714698041ab2fbbe869283a392679317b5313902ca1b50d5081e6dd8d698467e5ac4ceca4f7c842f024b39739bef8e0246da11e66d2d809462cc7a1de0ce911eb23ea8dedde50b018762992e235168fb59c02a7d00a94d36766ade31acdce687c5eb4b431617febda0c5abc96eaf7d61a7c1583e9733f697dba82b8d707203ff61ab348b1c850715f4070525764be9e290b11e60f55e6ff3080cda30fce5ec38fec174de7d1614aa9eb18ecbbd264584961a3725aa74b3f7fe46f0a0b2aa0606b2bcd4cf29c4956bae24cdc091aef64d3af141739614bffce2423fa2a07703b3e63c24d22476b4c9695ccd55bdee376f7bbb8621c169f47e2ad562e4fdc9f93cc8b0c162e26b6213f1c1f0997919fbf7e89daae67cb049", @typed={0x14, 0x8e, @ipv6=@local}, @generic="5e4974afd832e2e1bdb208672d82e912ed7b1eef20c575cf6f4da1a4a3cab9b60fae3ecf390b10c15572cb8139553ad490787ef71fe6aa882d98bad2342120788cdd2d5fe4d731f8491645518088d0c2c8c35c3eaeb0170b1a169c3bf1147901", @typed={0x4, 0x14}, @generic="f99992a96c5717d11b40d8f80bd94806363bc45615f73860d53f8043ecdea470641b58581fc9f2cc532045df8033a990a099db81d93f51c3fb0f0bc9e808e71683656f9fb90f6fe35d362b820955cb2452ce2e4998fb0f1a156b348668b0b4e752e7e6d2deca1e73e731bb6de8863de4b18c6832c2f766943a65839c325295b246ae409799eb30ca512be9524c6cadf3683020b7239ffc004a58611bbe253ed6fdf8fce473113169b2aefe86d7e37859ee8987a8f572a23e43cb25b58c9bfd8a", @generic="69af6a8a1cd6c6b8638553083693170b029ab24e3da0e3caf4d4ff3d714d95fb9a38bb707876a3da131bd00454f2ca0f96b149a0a50d"]}]}, 0x12b8}, {&(0x7f0000002a00)=ANY=[@ANYBLOB="9c1200002200040028bd7000fcdbdf2502750b82953daca5a387c1d31fe89b2bcb8702f6a22d04e104228d79702dfae29e1d18669f287c42070e4ab254c35dba4054058dee2b786c74c4305b58c6ede84ae2ffb33a185adb087995e0fc53142da964e6c6c992f198749e9cf064f77e4bf39392fbf1dbb0d358d275a16d9bed22576c5b172b1ef5d30e582b9a26178b1c2ac5e3816cef4b735f59c31700b3309586eee39cf3a06755ca3a300069d82d6a85a7994d6cd7185fe98df33c9c7b0b7ce7176e07609ec5a5260228838614bf6462490204525f108cd674660f32ea38c35d045d609bbac245d3cc1a9c2e2a7e0b089604e3f2d010b92f5b26180ff3af059477da1551a8d3afc32e8ccd6b965a6174130c11671d40781b138119d6188847352496830f726b0c8a7bb9b91d352decac5457c5be668a4390b539999486c936d4b39719e35dd0da6d4fa0b9df51d9511a31ecc58788be21d9cbdc0277989ee6f3232a05e976ddb0f000b2f6b53cd358198808562be5eb49b73e906844853d5dcb263c239b8ab632ad9824389d7ca6b60b6053729a908d948d1ec70ff75d439e20809107d33b1e940c5a69de2d6be8b6fe36a2cbefda863a349558a4e89b939b520be57dfff9404b22e1f3877702ffa8ae3aac204d0edf5d3f1232f3d5b1fe11b1cff6f56d827fc7af767066598a4b54828343335d94b7a7b8e5fe834fdd2904e2ec0e5ed17c57b9afa1fe655cdb196491307565ea35df3d5f2eb8a9a4324ebde7c71b42a47f284212ce62beb9bae37c1b356107d1a56e054445eb312fc11041087d59acb7887520f4da55dea6f577765733f491afc3e8f3567965c448bf8c9723570891870883ebf869745bcfec9aa05cffa6c043961c8038b1d4d1df50679edf1c7eab8330c7ef6b45b800953f67dc7be48cdc4c17cdbd40f74b79fcfa37e70b10ed429e12fd0159bd7a1fd5e5458ef02534cc1f2d16260ea13b65314198911ae4fd6c5de173fbd8d085bc9b66e6862ee507d758afcd991d97836123642456140a51d83e42e1eeb56bad590b60ce28d7945063e5b8f6df21738e701a891fd242661f36d3c5e981e1e9e5685b7d47aeac7b397b35eadc4146a2de9ae06857017b0037d503afda054088b23ebd6396b107e9cb6da2b50bffb779dd94a8f27e41817895fcc293ea42d25ee21a5caecc18d80d604b7cc842a57b1bf365d256fb0cee314946398373ab21e347d05aa22000aa30686faec8809fff7a834b745733cfc5f283b633aea3a6fbf26af1060d3d14f336e23c110e7357a4a5df4d875f753c8f12fe70391cf23b0ce1b12bcad54b5119f8d675ca5c34d6cd35c0f1b873cb39b21a2b1d42fdde0726c098f0a1049ab21a233a2952482a2b396838ca41d9c3b2ad6b09a2610fe27a3141d020ddca1b30b7687cec68ccd76e0c7c7aa5b74f6ef4a9699c249f034d023a8a52bcdc023f1d09e5310f115a001e16398dcd03ef1899ba92f939757635fe223a2a559cdf10053b282084e4e30c1a18727c87f0bb754780fdde38f0227cbb7627e0361ef44601c4c4abf391793ba327d1e231f785b3ae04e76b32c8d481f1477a804f40ecba8d3d6496337b18c0d2d9da8deb03a96008c8c6730deed60a936e61383c0657d44f0526fa545ba1b4e7ece6249ab2164f46914ce399c5862e6731fa848643ffd6cc6f84a3ad34211049b472a5faea576c6fa921895e7d4e482c40429190dd5214273859db6eb45e7d17b8fa92784109a379ce98cebe5919389671f269ce09a9b53e963a4755ba2fcd23727dbacc1b15b12741a4aa1bfe65cd302c879c508afddd5e1add35bc52b5295ba475ef83fe74945a0206518ff08555d8ee9cf62933ea75477fc16952e9420f5396a59b4dbac13625108d005fc7c5d1c285c5cc87e7bee44ddcd161c4f1e7029e2e0598fac03ec78867e4fb7fb97bfb1c8d0d3a3daf3e335f2a3e63a11da515c794251461b897ed368d74399ae3561e005b8c194a4f995a67f1933315c2fad5c10d4bf5e12f849855c79a23bde846e38646cf0180497e2f2753f2985f61072baa82255f56dc3e0cc5feb9cadd30a8cd322dfc43009d0b58179f11903826feed47a6c38d05e81122da1abb0f0f1c5705780923ec98857f1d96b0b0d5e0cccc70dd3b503ff02e7fe5455194ab8172ad6ad90423a885a16666ca1f171a7578323c9b66ec7855c45636907945fb78b930bc501c3d6691889826ae7e3d2fa4d81bb08f4127673802f79c23b28863cb61cbbd419466c67917d5f1ed8e8d79692b9e34de3f006a84d755b28db678f500c73ee93c2881c174fc005cd06e99f30dd9b99911561adb3d2cc7d8edf22477d81753a33702bf7ab141c99d285faef91d7ef0703673d7130905c4e1da65d0cc24383fb54ce9ed8214d675855d19738eb53623e90b582901f805fc2d340ebe246133e2f9722403749f4297cc492995ed46f6f17ba70cbae746a9fd1320dd121f7f0e31925ca8df00935dbc60270115106ab0d13ff25f2ebe9eafd4c5aee3934a9a67fb34a2d7c0d682ef054b55c9f442dfa382f71f4caa1d92dc0ed510eba97597c3c05f7cddf77c55a7d97e6ee954b3afd73648754baeb5a89a2b11f5474dfb89bd10b22281aaf570e2b836335dfadd1efa2eee2fbe4f33e18ec9fd339239a878cff9cf6165db50f581b5b3cc6aec3547b6f19a8eb21804bfe8905b5ed7c028e4922e9187ae4c430f28a20f57ae5c76601b27a63add9d0d347278efadb6600ec1e34fb3f5fc405ffac7e912bdacc794bd0b3adde45181e743529efeec4115f24730324076189267b037395c5872715f420649aa8e9839642d3730ce59be6330d19c14f1d633250437e0036505b41128e179e4f29fa79ec12f18f61127c225d2f9b1945886c160ae071ddffc18a17bf3aba293a6b7c73716b2c1fcca4a0e94d1738871b4241b8faaba9e352575217ce19c96b108063f6afd65000000000000000907ddaf529837473b27b7c2c2a61d2dc8552eedee72c09b24efc7fd87c8087b50cb6508f35266d4d548f5941c4bacae20ab0b94354ddd30144bb7452c126664ee787342b6cc18a98c570f3fd99c076400ff43bed2af15854606c4c5c2e01227d72cd8683ba1a417250a64667d3b2fca3a60172ef2f567c436507a77c836a1c75cfcf577066512f6e343af6e6c863522cc00c9449691f4d093780f274e7cea497795a980ac4d12eaa6f6d4592d08b780aec10c4b65ad462e0afcc1decbd5803560212e30dc8c2ab298a59d532b9b51da091c9aa0b0afc259b4034a130ad7c5dc278e9b06caba3cd659498d45f3dffcdac7640318c1df03d554b8b255038741fcf0cd280db0e53ffe5a21c7f2b4ad3a6314a147cf0f8056d5f710ed66a555f0b795c48ad1c5ae48438b293b1dc77c0ae81fd2c284549d70f9b1e41e0580c6c14471e10a87712cca33d8edca262e81c6163b25c0e88d6581c044b86904872798902111b1653f7da58667fe3df722bcbe3022061a07278ad485a6ee0798f8b6e3a799332f7994cd455c45ec0447e2b46be87e4e9783291f69d2de749f0e452cae19b4fa9251f2e3d503f8368767d5aaf24b659e3be45e4a5a475d1ee5820f8e167964fe740248a60d41f6f40e7e8a926a3e419bfe12815e736d0536a38a95418d980a3b5d11b943167390ed60a3867b3708e27039299e031f690e8917e7035610cd76dc56d94ce6e43ab5581db70914b02375d5c0c7b54ea76e165033eeb4d9803314a9face91702e5ef2d60c060721499c5a296a4199fcc5fb0487f3862c5b4e7d709087e79fe4482b98e60a9327fca85dda22e910c6dc2a2f9aa2a1625027e5961e18d51281c4acbde8fb7b2baaa45460e650fe9fd70018c9762ffcc4c02b380efc870f0d5a8e5faacd9b8224e3a5640452a4c864c671fe5aa8fd31315948185960f1904e4f41c8f629eeb478aa4d90af18f7b9640008681b09bdfc4a48e8d2ca773d07768502627f51c28463bd3e5850d97c2c67f7af6a4392716cd6b52c5ac63b36120578945457b1b4a41010ca635999d37ff3a2ad14aaeb9f14ae1f70c5ae9d8cf1e577b1eec560e3e345efbbd7be8f8328bc879315ee367736e88c8a4a1144a4059c53df013f14b4a45f8905b48950af49aa7e54c9e2623dea16ddcdfe702af52f34fcd5d31e4592cce766283616e273a948c6a2ba9ce34a3c0d1b68f8992a03309af606db8451619556108a8af93865e7e492d899a4cdd56221819a5cea257021c34e2044a3f2b24cc341ca1358e1bf0b64aaca88108eeca102eaa4ead6e65c2b3a9191a5d748722360b2205e547f20d91db3d1020caf93f23b9f42ddb2c0ca5cf8e1a58ed01a46b51f060619f4d191452e015a88086e585a7d19a1e5f18408f5c0343d0bb03097b94e8b2014d814d2ba3b24e16633cb50c3ea3dbfe318542b2572d778b00ce17207ea5912bb2a4dd9714f30d1f84be34665f2d406343cbd0385706294d50be344f6c17bf7c98cac43b787fac74d0675b73e39a0179ebec4adc102ee94c75ad0c2e0709214d5e1e0631fce381c3fe1a85d79d03e76f5adf2384cf52faadc70f401014622cb8b6e6eeacae5e99e75f1d584504a3091be9fa232337955c1368c7adadb6942ca37b6138fb2babf131b482ae638781f8f4883e869a6ab48f3f520f7987fc8ff9301c5f9cf6df217bbc14079e9d5738798b67c6c54335be1608eeb082abf9ddff4a3c302be6a34f9fa6e04ff170b754a3f14157ce19f9fbc600455a4f17c3d237ea538954d6dbc323397b4ad61c81397a47a75c9a4200a7dedd8902180c96d37ce6efc0f0d8f257a4093bacaddbc4fd22bdc32675450f6529251490d68a923312c570eb8e96b7d1fccd8677d4f6c232b30b127fa40482f1b4f1effbb1ac84f030371379244a164af023fb2f9e571ffe057c3736ed149977f26e1a0c48ba2698b153584301af4d388449913e72bea8ed06ddccf1373871ec5eadd89a67ae4da50e41a0e4fecddb1cd1fa399ca64f1b937403a61ac43c4af90933160dbf6ce9ea055a52af691b16d4d0390d96a33a69a31f82c2cc8296a64f8f24013a10f40e6fe1291efe25439c5337b045cc06a4b40383cdfc8342382b8543d9d61b64bda4c3f5d98f6d4874549694471934245f467e20d558c95c188ff4ed80ae026d1c27b33f6f8f996a3c2d4db80fa872314bb69b015812ec76c0671cb0910ae007ffdc356ec1faec4ad825151da9abfa167e5c3c4161ddc17adaa9fba2b7d08fe369ea7cb02aed2d77cfb6c118182ea4f7f05060ee71cc662b7b678dc5f0f202501cfca129c82104cdf2179687872c5e62a7e766fc051f288b68b56675e507d58dded65859af98913cbfa81e513f15341e4b384f2eea2dfbc10eecb1bc5cc11fdcbd074dabe54c70c14960298634387e0172a7385da6b79c966bd679a17930f53026ee31598f1597077bcb2342216cd8e8669087f37000000006ff2f258e7de42cb7086c748efc4fadc88e1805f7b338e3d5f65682bc10ef3fae4d24e5c03b39fba0f1884c9fc444913ea73654dc9fea3346a6b02b1e2b19b5e53d983ed31a0006b3a0e0fc50cf447036b019b8f634c3fb255303fb11ea508426a4fb32a846addd252df2a6ac749354b45787877f886785ae912a46a19ed3dd47ce42bd4f2dd30b87019d9fee251a2f5efceea649dd5730cbac1802e904dafa3c7ce0adcf333aa2340c5cdcc7388db3a439fbb485bfa16d10412ad6e0934b788632535235d749ecd86477359ccaab5db918090ec0f639124ad70396661bd5222c8003600fa4a36428d7a0e9eb1d53ee0f7898f7ccca95491cb0120ffc89bad2a02d2e428550bce45d19e351c966ed5fdd061be168d654f81b3d81211e88091cd38cf9bd25c40ec27109a78c667ac91fa23b9930ae2435ca5d955b9868f321f39c72c6dfc23e9d73d1c0ea76fe9f53d099bc55ba05934a59b61d623d4adb68423e97284a585871697f6e475b283b8b6dd3206fc2c427d2c433e0e1b39cc62f8547135b826829d5255aaac98da64a839c91e1a58fba6a78e159d9297e7ef264ea77a63e8135311c6c1c401510054dee816773843c80c9853ee612c740f429fa42988eddad651fd742896bc515ea1cc6f0d89cc0996735763e4d72d13743ca3e93eae7f6e752e95389e2980e42fcba045092097e83034386e4300be97f77188120fcb0f2f269e5e7db9ac2317f060966b4719623e4ad78fb68522a2fb521a161c9af200aa0452133b159bc2fd53c1282d88196abbabec7a59000fdafc6c8715159b27b88a2e59ca2074f586b2b565c4d1e4b41f9b35bc871cc1525663ea15e98c14349399806ce8e652e729513ec8ce61fc02417656679fa88cd81add01cd645622186ac1d998dd39dad0e348d8e4274d43a91290b12cf6e326a17c7ee62b828d1c957c1575cd6a22646640b4cbb28c4e56608d6fbfbc22f5aaf7597a19b1e4bf83d0fe7aca0a8fc117b6a54ec5cb8cab2048066a45819586cb16a1e7b0947bf4e27e18971ce8d2bf3443fb09c17a64c384eb14fb401ff19bfbdda242a3fa8821bd2c94e687ad99957799f72b286e88b497804da6ced83e0faf833ef073d845ec1685ce6e33aa17b1e85e03d7355fd1058bced0c6df5d584a12ffa0377895ceebcc11fbfc3422c2409efa14009400fe8800000000000000000000000000010c0058000600000000000000000000724dd0db87581c6579c8ede52755f9d8124166218c11dfc057ebf3f13aabb861d9c983d6289fc45bf7fcca2167a286e9fde355c9b550ed63d097c1a0f4af74dbed6a570d39299c54585ca8396b90458b030257eaddac774f2a51f3d13a960cebbd871e91ba785203ded7ccb414bbfc412fcb033a5e03d90b6daed09207f4035945fe4d7962b5d3ef2ffe9e74de31e9b4658e719975a18d27217461b478a5e4a17984a991a8346edbfbb76a940ad5d0cc88d69a6532daddcee4f45127784c5dbfc04e3f8efcb8a204feb16b9ce521331ed5bc2e06985562d33388152b2ea706ca5ca942ec62d5dbcc70104e65229f59bea47af53b83"], 0x129c}, {&(0x7f00000027c0)={0x18, 0x26, 0x100, 0x70bd2c, 0x25dfdbfc, "", [@typed={0x8, 0x84, @u32=0x428}]}, 0x18}, {&(0x7f0000002800)={0x164, 0x1b, 0x1, 0x70bd26, 0x25dfdbfd, "", [@generic="cbcca9d9657cc73c22b57666dfaf7ffdb7043a6a2f68d8de734458e0320ea1f46d59a149b3e0ed596ccf3c002efeb53ac25a3c97c8369f2a0abe7307f948662415584dd9fb2458c34cb7458a5c0a1651e69a2c4b451a6ebcd8ab763ce30e20c1e4c0e65664f05b2f9ae2d48206e723c8a1ebb928ba6e0c1db2198de07d97a101b54401d12b14d9e77646887e4a6ee437362dc65c54230ac74452e9defd7756d342644ad4c1d3adabee33d28ac5dc151de4803cd1867ccac43b82f80a61f43c8252d1d969a5b1e732b9f0584aa634e1", @generic="e2d63d61e9287de824f4935905aa6aad634e832f07b97c94ddaa63c15420b53e706235b92b648db094517a25ff6a88811b14c5e213d12ca2e9a46fbd085425336c52653d97a43eef19cd89f81a41dda93013020da2b3af578c31c4595ce59e7fea5276a9c314fbe84e232cb08cd1d03e70b165335904914a733fba8597068aafafae676b"]}, 0x164}], 0x4, 0x0, 0x0, 0x4040800}, 0x40000a1) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f00000000c0)=@get={0x1, &(0x7f0000000140)=""/245, 0x8}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:08 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x101, 0x5, 0x0, 0x100000000, 0xfffffffffffffffd}, 0x0) ioprio_set$pid(0x3, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) getpeername$unix(r1, &(0x7f0000000080)=@abs, &(0x7f0000000000)=0x6e) 23:25:08 executing program 2 (fault-call:0 fault-nth:44): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, 0x0) 23:25:08 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ipx\x00') ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r0, 0xc0105303, &(0x7f0000000080)={0x80, 0x1}) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000000)) 23:25:08 executing program 5: pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4800) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f00000001c0), 0xc, &(0x7f0000000240)={&(0x7f0000000200)=@ipv4_getroute={0x1c, 0x1a, 0x10, 0x70bd28, 0x25dfdbfb, {0x2, 0x0, 0x20, 0x0, 0x1, 0x0, 0xff, 0x8, 0x600}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000020}, 0x20000000) write$UHID_CREATE2(r0, &(0x7f0000000040)={0xb, 'syz0\x00', 'syz1\x00', 'syz1\x00', 0x41, 0x2, 0x38a, 0x3, 0x6, 0x2, "688a5d4cede2ab1292935d927e287f1ee4da53a94e75f18685e781ab8d36305bbe76979714940c1b79f1614285ea1fad4ec65a69c54737e24c046e5c0a1a9fa4b8"}, 0x159) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, 0x0) [ 521.779409] FAULT_INJECTION: forcing a failure. [ 521.779409] name failslab, interval 1, probability 0, space 0, times 0 [ 521.803076] CPU: 1 PID: 27515 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 521.811000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.820363] Call Trace: [ 521.822963] dump_stack+0x142/0x197 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, 0x0) [ 521.826615] should_fail.cold+0x10f/0x159 [ 521.830792] should_failslab+0xdb/0x130 [ 521.834781] __kmalloc_track_caller+0x2ec/0x790 [ 521.839464] ? kstrdup_const+0x48/0x60 [ 521.843365] kstrdup+0x3a/0x70 [ 521.846574] kstrdup_const+0x48/0x60 [ 521.850300] alloc_vfsmnt+0xe5/0x7d0 [ 521.854025] clone_mnt+0x70/0xee0 [ 521.857521] ? lock_downgrade+0x740/0x740 [ 521.861683] ? do_raw_spin_unlock+0x16b/0x260 [ 521.866189] copy_tree+0x33b/0x8a0 [ 521.869747] copy_mnt_ns+0x11c/0x8c0 [ 521.873466] ? kmem_cache_alloc+0x611/0x780 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)) 23:25:08 executing program 3: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000040), &(0x7f0000000080)=0x4) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x4000, 0x0) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000340)={0x0, 0x1a3d0, 0x0, 0x54000000, [], [{0x801, 0x0, 0x80000001, 0x0, 0x1}, {0x801, 0x0, 0x80080080000001}]}) r4 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000340)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r3, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, r4, 0x6a65bc0f1b6c398b, 0x70bd2b, 0x0, {}, [""]}, 0x14}}, 0x100) write$P9_RMKNOD(r2, &(0x7f0000000400)={0x14, 0x13, 0x2, {0x8a, 0x0, 0x4}}, 0xfffffffffffffe55) sendmsg$NET_DM_CMD_START(r2, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r4, 0x400, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x40) sendmsg$NET_DM_CMD_START(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r4, 0x40e, 0x70bd28, 0x25dfdbfb, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20028001}, 0x2911ecd357460a67) [ 521.877935] ? selinux_capable+0x36/0x40 [ 521.882012] create_new_namespaces+0xc9/0x720 [ 521.886522] ? ns_capable_common+0x12c/0x160 [ 521.890946] copy_namespaces+0x284/0x310 [ 521.895022] copy_process.part.0+0x2603/0x6a70 [ 521.899622] ? proc_fail_nth_write+0x7d/0x180 [ 521.904128] ? proc_cwd_link+0x1b0/0x1b0 [ 521.908208] ? __cleanup_sighand+0x50/0x50 [ 521.912462] ? lock_downgrade+0x740/0x740 [ 521.916626] _do_fork+0x19e/0xce0 [ 521.920092] ? fork_idle+0x280/0x280 [ 521.923816] ? fput+0xd4/0x150 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)) [ 521.927013] ? SyS_write+0x15e/0x230 [ 521.930727] SyS_clone+0x37/0x50 [ 521.934091] ? sys_vfork+0x30/0x30 [ 521.937638] do_syscall_64+0x1e8/0x640 [ 521.941527] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.946381] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 521.951575] RIP: 0033:0x45a6f9 [ 521.954768] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 521.962484] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 521.969764] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:25:08 executing program 0: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)) 23:25:08 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x20000, 0x0) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000040)={0x3, 0xe7f}) [ 521.969771] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 521.969776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 521.969782] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0) syz_genetlink_get_family_id$tipc(0x0) [ 522.053956] audit: type=1800 audit(1575674708.746:107): pid=27528 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="bus" dev="sda1" ino=16913 res=0 23:25:08 executing program 2 (fault-call:0 fault-nth:45): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:08 executing program 4: r0 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000040)={0x0, @bt={0x4, 0xffff8001, 0x0, 0x0, 0xffffffffffffffe1, 0x1ff, 0x8, 0x4, 0x8001, 0x2, 0x400, 0x6, 0x4, 0x3, 0x0, 0x2}}) syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_score_adj\x00') sendmmsg$nfc_llcp(r1, &(0x7f0000002ac0)=[{&(0x7f00000001c0)={0x27, 0x0, 0x1, 0x2, 0xff, 0x83, "9b23f3a7acc9982c7ecfcd9a1687e1e931c47d9feee357db394daef0cc851af44c10db8f2994b1ca09107f22fdcb2211a37ff7612348192e90ecb02a306859", 0x20}, 0x60, &(0x7f0000000480)=[{&(0x7f0000000240)="f07804ea367c19e750ed0dcf470ecef438c9281d810a91aabe6bed49b76751c5c3fce7", 0x23}, {&(0x7f0000000280)="1e97f65d45beba0f23e5b1f34f1a4077e612734bba49e96535d94020", 0x1c}, {&(0x7f00000002c0)="cf22c8705345caaefa1f7e699eee811d4ced8b789e866232a23b7cb080d848d394ff85a536e0604398688cd2d9c0107f31e2c1ce3f46df57c2d489754df5ab27568b3e599eda6655c9be0da59cdf0f287410ddb6e960b5bb0db93d5f165d55bf3fb23545a5f6175be2d2fab12b07c0fd5e7faaf641612a848cd19db0ab208813d37b9c6c84f17d4d88b9075c392d40e152ee03a08d3d00f81d6173b5e445db09876dbde78ae3517ff0cb4e8a1cf1454ce836c07ccd70a2468a8531086cc986da54af5ba608c612f5bcd9f30c4d6c4c25d21b2528eecd6d10f885e75d4455d866d82555fe9bf2d72aea5ca343a7", 0xed}, {&(0x7f00000003c0)="0ab55b6260d8cf139df7119c6a187af63f837448515d785b05c2bbac9d3aff00de0af8bf1d35b04ebf121decd776e88615bf877bc8f5a8414780731001b25e094506a0f914e5902ba0d385965e0c13aec1bef31f8bf7a7b7e72772e98a1761cf2b9f18931903e87ec866fa657f56c727edd17155ef03111b46d213d513ac8ced40b33124ec0f40a40c94caec3fbd0d4b8f177af48c251a2f65fbb0b1db907922fdcb62812914d34854af9e3b34d934e23a013977b8b8189120c57d", 0xbb}], 0x4, &(0x7f00000004c0)={0xe8, 0x29, 0x0, "f258fdb1ad84115ac04792e0a6ba44b36b434fb31c65aacdfc5c243f3545e2c356f07aee369d11a2720a0980ca06babfe8526c7839a1e841674feaaf66fbe7a90d5a6f66b98713b36bd9a47c8f69bcc4c8277af58c528d018ca1fbe45b05da6f29b334b088717b1ac55be6ccec7dbe1db34be615f4f8f317bf7df36911ad10920d446ff84bac7b27dcfdfd3ed3a09f4e858478e6784c8a94d4323ed9d5e00dedc16893c4b80431f1f3106cd8e3b1e29e47d0995400731415784a10dc5135b357c28394ae5b8021edc55867054d53d80c9966a4ac503c"}, 0xe8, 0x40000}, {&(0x7f00000005c0)={0x27, 0x0, 0x0, 0x5, 0x5, 0x8, "f317b822d76d73264a5d2494ee51bc7ebbd4d838cdcdb8a6ecd0a4830571aae39005b788f40a2a4616511bee703b3038256968e116bc82cd9bcab329a72e18", 0x2d}, 0x60, &(0x7f00000007c0)=[{&(0x7f0000000640)="b153432956fe4fd9cd00e5ecb3f8977660ab05704a73e8a7141ed6f341f5d194447b66a73d5c33a9c1f751c1b4623500a0fdad44963fee", 0x37}, {&(0x7f0000000680)="fd764404118f3ced5ad0186dbd19e5403c976c3650eb538c06b631833f5dd60de73d966021ef91606f8c0d091c839c5230e6cfa86d05cdc3b9", 0x39}, {&(0x7f00000006c0)}, {&(0x7f0000000700)="893270f5bc34a70f3d8788d39cf4120584927d34cbd284460c64c5278dbe6d4d9578f3ac922fc5b0c0fffefd206f71b1e322640476d8fb150955e270c6cf3e04440f330302c7d490e16bef7a656da726e889baf85e3237407a3ffd31ecf8c5470e71c53bb7bce34012bd3afb0bf943ad0f399042c703f77ee95d2d0488eb92f6ea05d67d3905e702db1153f1391dca4f5f11e2e999c39b35f05ce1bce9d50437921b", 0xa2}], 0x4, &(0x7f0000000800)={0x78, 0x108, 0x8a2, "8a5f854484b1a92534a39a8172de06d91418a4dd24373d0e50b6a1496e15baf4bc5f977089c9ddd69c3867586c7fe128e6a4c7a5b7a4db9fb9220a28bbed3fc9ab05beda177be3ee7018af0401dfa12ca00f82dc1d8e3e3ed3a997d0801b1f484f2440"}, 0x78, 0x81}, {&(0x7f0000000880)={0x27, 0x1, 0x1, 0xf, 0x1, 0x6, "6c099db41a3a46d68133a822b627ad7ad49b1cd503f58067c57549f85b9ce17d7bf2e093c09c2cc28a54fe139be77e5fa25b69347d50ea8ae1c634ae2aec3d", 0x2c}, 0x60, &(0x7f0000001a80)=[{&(0x7f0000000900)="472260870d38d273202a0484056aa95bf438c3855c400e2db1ecf16e17b59522a3d2f039088c838efbbbcec84e65e81afad378167adb7b73b4bfe1e24b9e0c7b982f61d474dfcbcd85524f2d0ef6c83990eed8df10eefdce22dd0c062d9a8741256d65cedbde3c3d0662aa4bea2d0ab13ddac4330ba1d7521f92e28b2bcd4c59c6f83063e00245837d", 0x89}, {&(0x7f00000009c0)="d51397e284b918968d5336d0df37f6d8490c046b759d614a005cdb648e57d6aab810e283610b282acc269a209c76ad89589defb2fb9b7778c0b89372d7606dfd76308aafd53154271c69ae7bab595c8cc91d5cd87bcd8bd9d1ac4f0038edf786c3ba81f7a1938b8e93118f670c29347c4e0bfa527817d18ff1b458afdbb4d2192bd138678e8c31948b1000a7040296f4fe6ad85081ddc27e7dba73456e2c2cefa003ae5a6ab143b574bf4867cf0d7808c3595f2bc7090c085941de72f29e1d0fe6d3899e7183353851aee4b2d06164a21f48139389ef00bac8aab198031239eec216708b78b88821ade6d48661eb1f0b7c7c33d3ff0d3e4e9390e65b04c8b8172ec54fbf38cdd1447b84e069baba298b39765c05f73faed4f524c4c099bc0d9310b06471ea57c647efc80193096af68fccc3399e70a1d5d4308a01b29c80641ea208a2f0919dc817884395b100169f40a70e000acaf57aa34c5d0cf818b38afbd31badbafc2d61b0644ae71ad02c748329e9467f398ec85207c41ca5a50974c84e7d6a44990a08e1b55dbdf563f6ee19f0ac04e08945b3de0e5fab1c7d08f8165bc3df2249dd7aa3fbf9ad54d92fc859b12a57ac6e0598c115161bb29c4d5e6393a42094daf2f64a880c0789ef295928780f5cd1c1d20a4271242105ddd5e5690dc8a408cc4c755cfbd6d86385f58150a35839135d68f190ad3175d0422fb36e7164962da67724b8290e049a1be5ab03b53b41e7ee9aa14623465265bc0ae8388202afecf4cf1ebec3f2f3e69da6c33b2d97f28ade5025a1262b0508f5b3b5e1bdd775767934d5e17507dd20447e0b90ebee6169e9c200a81acec612cc3c9974543ef085c4e38b07f7832deb2f0e8cd308d88622585d78620c40ae7572a6d62d940c6ca88a62b89479a2e5b81b5393cd663d3065e01083c89a48d09555d0f465497a5cd912dd6cd048bddb5776da94c133b89b5befd4b74b4f4bf9e641d0b58c143322f940f9942cd3a47e28dbd0c9ac6e8ef699abab81e7fee0bbe33dc24284f9b176ea5df266965271cb260773c9e4d4e61826e68ecaf3176f1c4690b2e4215452b3a3c4a11e6550f69844ddba3877c8d0905e37b37f7dfa0881f73938f592d63fdab26a23d2f3f408f923c621ad0780959538dcf48ae769758bf7f9d69485529d236a426771d288fbb267f315be325df0ab7484b78368725b62e1e9fd953a563bae9a37bb067c2dfb3881cdf6c8d2ebb044e8c572b7802cbb43c7a83da29d836c4a71791ea5672a0ed3b7e06936a3f0cdaadc4a6036e91f7a548139807135d5092ec202a8280c0b2ffad1abf5119b734a8427cf8c81b92d55b5f30b00d668dce072988851851b953666c912b654df755ab35b87094b9bf0ef49243250981729d8d290a3b48d3745bcd51fd92cdb3231fd91ff2f10d175f6fe8e492eff8a25a8b40862036031c6ecc5c3f575580b964babfe21a85c63337c6ca834913c1ecb1be8646a502efe08890191712192606da133109b8575664417160dd6f8ac8abad0259d6185525186bd41d811ed7a2638de8bb081d334f71e03fdcbf496a7833096f31e52eba870ad7776f67ec794004b7597229c34d8012ac37f60f58cb62e4ad59a9d38b7e3317a731fa2e06e6b78cf3575f728c19ebfcc923016c96b954af37a654423111f41abf0fc9b99ff44105d2437721884035043dad241c60d456965d964d0480a5a93793c5b41e50297d3de416303cbf600b4925c44acd870e9e4e8ebe1023ebd409dc53ed5a86577c51dff555a3eb3a1277c278015512bf0ce9225ac8dd7a4dd9ce01a32d1550423c3c1bdde440ff837bbac8111e6ab05c62be420ca6ea53f1a3c8936d8fa9584055ae88c5912811016d215fce845e5cf336417591e181d6d8eeb0bb8b5e33c154ac2905ea1e94b84f0504569f5da8768c3d29c7a8a912e7522f29948149c41a9afce1e4b00275256066b256ab5f86e30b6bc26d78a4f498dc006cbf633bca2271639beafdf6ad37a2d42cb9aefff179bb603f1ca6d58e0398f327147c845970adf2ac7a7e426dac8db9588b30753dd8497957f6798d2d1a9d38b7f7d3e13540fbdd51855161e4c95bbc1dac0348023e922a435574b8bd47de99c68dfa12ffc8c41a68cd4b696be4c9ef429bd3f9357e1e6e9fbf208841c405bc93388567ae6fd200169057031b4a6305f560e6fe8c56004f92b9e9e51dc9849bcd742b877afbebb1a0a5a7a7dc92c4866d87925211ec7d49e7212652ca225c4a3095bb8be64bffc0f964857b0174d7e606001b7442c6a14d4e83912a94b4fe42216322eb8cffdc1cf69e82689b2d6d2862515b5bcd1d3e5cd9a3a346492a2840473af6c47698fc2172ac80a9aebce02274be30c41939bd4a1f48ed47dcc58cc7fc888dbc8100416dd3bcf551edab36d8750754594392eb1625a5e9b0278c5714b42ff2afdd1a41998e1f5febb6f0582d5b543fd9f08e0c5eb1fedefb4570479ec3c4ee0d66091559b746acd42b4951ca968fa0fb7f967228b9a063afab9d06cdf9f1ab9db2d5626f7471f2a7a9ca044ac0c0e5b9841f4438a67436a4079bf01c4d8936ab0cdc8f8d8d86d01a21cd399fe4f3386654f20a79f03f63b7dbb876ce62c174fce87968cf19dc86ca3df444c41ca89710ae9548d8e3543d62f54f5ea5f7a93d30c48502dd592c67d22a1820a90a32718dabd9528a6ef3356cbc8cd135bbcfd104a41d62ece5af34cb575a8749a005cf451179df4da7148e0280879ba0edf00c64956dd5d64ff95781f01bca911e8bd626331d4d6b257c6618394fda507d06512873de8fdd0ae5a85ed587e3196b5f7f8992d8861406f6b444848300c4ecce9ff9fc61e19839bff58c32e844744862c4df77216944665e2c3ad7c44c78df13140a7c2d891ea337e2d14c39465f593a76e975fc4eca55ee0f2fb24702bc4294b21afa7fec95bdf7d61b7d53481db840d138d9af06c2d2f23f8d51f056f01ddf06382f291c73374b98cfac95a7b96a36baaa6af6d7f87e4a54c88e43a0d80c9210358080956f794a5758bd58454416ee97c986d4d4a597431175abaeb3fe1d25c9fc89879b033006ab120f71134ebd5e21f2f111574a0e0bf20efdb394c7ef6b91a591013ac8a23c8f9f87687d91b0f9645f3b46bb2459e123ec36ee6debf4317763260f2a33f9b7e50135a6683cb1d8522e35a23b6970ae3bf1890dd82a546213f6229f09f8b087a0630174b575731d92a933a9bbf0e12707d241cfa040fcd62f45dfb88f3d016bb019d61eacc180336c579d6733bec49cf81a5da34e0a7f4bda43f3c795ccd9a5c9b6200a746e10726ea29906deae949cf31b9bb4f21bd2a64e3731fef8ce198fc66ac6b3bafd8fceda85cea141c613aafb446ca36391bb15c47d8fdd564c6a70e20e92928e61a8e25b9454c4b94be3afee6ee4ad6492dd4d89a4a60662622c675d3332d53e98e1459c1eee84019b3293ce76da764f7600224b0a6c59e0712684d63ff33277a170767c303ae9ea1e2cef9f74ded61e654aee2a38d44e141440c1b34e046797782e75cf134c888989373f14919e16ec13fc92dd063ba89f1108b579934c0057883013a7356ff1dcb10d4e8a30eaad1593758f82281709800bfa38a907fe1c50cedcd2fc62531d23b4b96773f959a07f19c7d15bd0262d344ea47cfbdda240bcb959fed56d2c89db9cc39dfa5e4920df512ca06c6b148aaf185e8a192603e0293a8ea775c568ab436f1c45baae2f032c9a0093c956a357cff50e067c477db2f2bcdc21ff4a69cea7bc3a79a0a455954ec1065afd4614316a7733b9cb5bb23cbb2ce3ae865343acd945546be4bf2399d54c77f78dcb47faf738e6db636b1c722fb9accadcb5f144526ebb7b5d6473a41a844380bbfcc0d059535874384cdd242a3543e2a7b11db8e3bb5752375efcc865a4ade86248aad78bc99fd2411412a155a9621e95de1782f29d2d0ab47746d0d836e3c1b948369aca8eed8cde11a9584ed69ce9decd6ec23de9ed2e24efe65c085500443622618d512d6c9e78b9afb1ed30f229ff81826186b4ecd06e74db8a6b011b7de4f80c36728c1473f0fbc30ea6527ebf59a014c07b804f666c6ae5a4212610bded557de7e844cadc5f90ccdbc4bccd6ceb56bde70684820620d9eacbbd7208a675f3020f9b8152042fc0aec9f36f43750d965cf2efff1426d55710b4589dc321e5c8424c6af2c52ad6bb62ee87550b427d5c6c99c11ae3d21fc01e7013eacf71385c935790bcefad89eff70215c3669f2510c17a1c3d0346d32cea31c6f772cd874dc7701b1012a4957a342b6156fa3a0750ccac72ce5d5e492b9a621755cbbd29022807f41922033ab7b9ce8248ad5001f43220a8e77e8d01bce7b7cd89b4b712b30b82e67eab907c39478dd426dacf6772aafb06885c813006c08bd5d9c3df202b3a11728f6a6663ba852302ab14c2b344e9d8e77fcaaea4eba8e8921bd200e760a9a4cc75c8e86e5a8746730df91d104062a19ca1bc4ec5a9413bf59c8e194d1183f225aaf17dd3c31aa7851760de13a27ced9c6f1f5c5278e18e2b201fbfe01210fc0b4e893d5cd94749fed73538e74e7385bb87388fd905ce9f7897f8c49910a42c8edf2160299d73012ce00ccebba22b3b03cb268041df8545d32c2e53e549422bf15ff6de929569a56eaaa60920dafaa0c57f8c0763b9140967d94e88054f5bb3d55999b0c9559dca1bc420a8731a467a66bf948f67be6bc442d5d9695cc2c48b74015ba6c9ded111ed116c6c78307bef4e3dd0e2ff68f1bd22721f4d08025a26b4a65aada542a8262547f859ad47be3cbeaf8a2eddaa9b5d59e66cde1af9dfb457d50ca8b04e43e7bf3ef5b0de4632e78ea993edc854b68fab83523f3f71ddc3cf09402508656b2e7ce7b67daadf830aa7128b6ff2bf5d85a8a09555d62fd8ef79b0d31048157797d0a9df695ff4d28c7c4aa4e5a8428d68600f85129e65265bda7653982095d1934c3604e42b56f7aab110d5423a04693083359682b1cda1c6cc65cf5640f0a988a516a12bea323c222b1576cc35b349b23321cc8bc1632765939aaa52c2c6a7ab5e631bbbd461e92cdec93bb980d7c5b1a4eb3558f50671d737565d2e7f6ec08197a974fe7a2e4ce0c887483ed3b41098196fdef3ba3fb0870f60e2665d238453042cbc269dc4aecce511f493c93fb4cf8bf0f5215bc55fa245e0a2c4e697691da607466ec24d1a889bc6521e55a806117173e61863d9d929663a3a10171fd28ab67642b9a1da6ce44c2b8a702bc8f1310830b6e6a8d4f0f59a1178ef1a77d25020cd63489acff8c06f446f87fbf0fe19a3b2bab6da09a99f02353303402f890066691c9562f116c30d86c5293161d1c73fca4f4205af492d55b28eb91554abfe47f403ba252eab4e25ebb211df327ed4a8b4c6813dfb3e4760b442d3a57cfd4889686ab3da34f8d2ecdc1a7358915610335737b4dc789e67fbf0295556f3e8f291b1a9f0fb204175a26dd69efdf4a493adb60d6a37cc5a3e30bf55eac44d697f42bf690fdea4d076068b68462f712cfc2c42a4b175e98884168ed2cdf96709d083ac99683ba24fc651ea600a73426bbbf37f70932196d89e99e77d2bed36b9e322ddd06e48efc91767371d297918cd050cc5b35acbfc01218aa6c92fb2d3ef1679009a642e5701bf9524305699a5c53c369dab8e327a7450957bed1fd64fd8bd48a963890d1ce1284896230b57f6af2483b8984c1730b4e5dc4dbbcd8eac904ebee647fa2188a9e03fd112716", 0x1000}, {&(0x7f00000019c0)="49eed49e9da0e1e14ff08fc0a3756ca5f7e882e16861087aa920599eb1622e56d481e8af9290090d35940643b192a34a256383b530bd4234f78d1326369c0346c2838446bceace70ddb61c4178fa78d59ba4ed1e79c73fe7543b77b8b9e1dff9ca10f4b3a72f61a7400a0de3b1cd71c8b6f47fe79235f16575d52485395cf18aebbc8f59e7ebd89871cbf08df6933c3f355686dfab16e779115d22650e00dded35301d19a9", 0xa5}], 0x3, &(0x7f0000001ac0)={0x30, 0x8a, 0x80000001, "6398df9579037e916fe02c36b437cfc6dcb4d030026f78a32c7dc514a213eb"}, 0x30, 0x40004}, {&(0x7f0000001b00)={0x27, 0x1, 0x2, 0x5, 0x3, 0x3f, "31b21f225d4a9d2de7d595e90f7fb35707e02394ef8102fbf89efc518da1aaf334bc654a3fdfa3fc39e6a1e69a5acfae1646ca58a410254f178f2079a57b81", 0x3b}, 0x60, &(0x7f0000001c80)=[{&(0x7f0000001b80)="98d83935a0e7c260e80d01fe2dacb6f29968b20f89b6688f51bc3157f6bc907502b2426dc62e75fd2970cdaf1b1b7024776a79f578eb1aa6065c9f0beb0232be4e35e06d40dd761a952c2a5b70baca8406bccfa9e498d1192cc01a03f7e7f7d53e09fdceb79f99813d67a624aa7fedf85064d33f969483717a0e66d9879445b4200426c5959beb6dab4102e04a3db9cf79413776981cf7428019d0ab72c0d9d8e7fbc2f52e82f7e2b5e113e3637a59fa7ca8670bb8596569929da0b37d0d21368321f69d2be76f9a8cd70585f1e2", 0xce}], 0x1, &(0x7f0000001cc0)={0x10, 0x108, 0x9}, 0x10, 0x14000000}, {&(0x7f0000001d00)={0x27, 0x1, 0x0, 0x4, 0x5, 0x15, "a4d69aa15cc77a88eea25e597baea145dfabe3ca756207a855d74c381a153ddf8ae978014fc16004f2247b4664d5101054d881dfa18af14f13fe389ea015f8", 0x3c}, 0x60, &(0x7f0000002100)=[{&(0x7f0000001d80)="e616791b08b4a6f29b580f06fcbe76b188dd62e20ddf674a659e2702e222baca407f568e0125f9dc1510f4c21cd69d2f3021803f01d4f551b21f0511a4aefaba02d4d141f48aed19c7c44e17f1de4f37538551275f99c3af42df485e73bea093cceb9513717af40a8ff3de91ee26cf5e86ef0add4cb1003893138725b51490d6c9629ca76a53b4ba5522e4a6b63794633991e03f7c93d15325b48ba8ae65cfb8b421f7e8d8698d73f43b02706a9fd72682fc5c91627956ede47f036ea1a31624d7dbd9c4f8f8ebf9f5625e848b6ed82e05a925023fd24c785d00", 0xda}, {&(0x7f0000001e80)="dad9c408729bf034b7e0f2be9aea930b16a0348426571e3125efc6d909df3377dd1a2171e085b15c", 0x28}, {&(0x7f0000001ec0)="298c2b79c214c54ec2a876612809b3d39e514ba96eaeceff67f16db49e3f365e07f5132ab5258f81f9b57d80feced414f785356c2d96cb151a4bc7869ca1dfe154e4de5346851b3b9879ef666d1ee65ed3924855d3c18833cf249e7ee87a9dba9639b48768708d5733666cd37a189e9e8a7deb2ff6c26565f2096085ebb28b88ccd8c7a729dbda2672b4cf47e86c33fff80ff15ee8eeae2c7f30d360594c3e4414ff8c72a3705bfd3bac04adcaeb4cf0ee4e367f18d1ab8f80e866ef2e022c", 0xbf}, {&(0x7f0000001f80)="b586909741", 0x5}, {&(0x7f0000001fc0)="75659cfe7ddddc2ca0f3ec72e2556d313a9b5e64949c8edd83477f2ee7e46243e3e1da4069cce41998abf2ca9bc4081e2b02672ce18a892c1e807b0709c44815b71f52b9196048", 0x47}, {&(0x7f0000002040)="d23dc36793a154592b9e6cba7bf32997e189c30cdff1dae5b5ed019762f9198f7019fb9f924d8eff5fa058c6640b846e0aceacc4d5c8eaf2d4b42bba3e34ceb9e3f45f01511194f71b141081b6e3994514497210113206ac5e4fc40259be3c97aa233bcdd789f56df874f4b3af7f3f070593f1968672486159e1033da8d1ea6c552496ddfa43f5c4d2", 0x89}], 0x6, &(0x7f0000002180)={0xc8, 0x0, 0x1, "d15833fa1cfc80235c5dff31430328e9d1c07528bef6dbe3cce025a5e830317f8ac5b3a02e3bbfe7812b6a9b206e0aa4a8eedfb950b9d300c1d3572a80d51be64d71b72f2fb8b950198531ad4ee79b065a2cbb4a67b35e08e689034bc9f01ec065af8d7bbd1ac5098d9ac024922be19f21d9af173eb30fc2a79cbaf8ab6cc810b8a3932c7717cabbc2465171ba4ecb7f7ae10e9c95e0c0324d8c24a6114d7fc5e96bbf244f6631cf433efb4b24ef1da55a"}, 0xc8, 0x2010}, {&(0x7f0000002280)={0x27, 0x1, 0x0, 0x5, 0x1, 0x20, "825509f43bcd89ec39e4eb6d9dd1a90ce24ef9e50339c25822862530f171602f56eaaa63e3b934598e0c9cf9a4c56bf526504f40ae97d793bad7e3c670be9b", 0x2a}, 0x60, &(0x7f0000002980)=[{&(0x7f0000002300)="fcd6e70b4d233adf0fb1652cb70798ae2954467647e0bf74efd74ced50b1e2f11fbb45d9ad554cbaaecb046e73ccb8dd8c28a2084c23480a07f6a79658a2ad3e65a1d4f65971072754dd90a89214cbbf142a5765d43728158775ae951c8f3b639a892cda00dafa4b5401f8c014a5a73f09c580589fb00f635bbc4f0662c5d9cbf87fee41d5569ef1ecd3ec06daf05eedc4ba0255e838335c79cc005e1abd6d75f380cd9010d5c3ff229e5c6e8963a2fc996d91b7ef28cadc639b93ed2c10c411fd590bb8d93681115469949493ed", 0xce}, {&(0x7f0000002400)="f63b49957ed5cc41cd992ef3018cf03f09245173b240ebe2c577f43beb3c2751b04316d67c272dfcad9072993151f66f8ee9ab8c73c083c39daf827a0c0098d6016ad8a2d49683416892696a5fd9831a7f79", 0x52}, {&(0x7f0000002480)="24b538c2add1e813f809d55df36bdb5e27a4eda8e801ef972816ddbd6ca63035f408802fb49e723c6f8d630b8a0528d8fbccdaf40ccb687996f62ab04bc67079df16", 0x42}, {&(0x7f0000002500)="67681c510ebac50a02f5e6286c028431b07964bf2d70b61468f4a50a3b1ea62402646aac62ce4449df5f96bb4d7f689106cce47df8ade84c2e36885a0c0b910bb36ddd640930eb2c3a59218e67934f1674384525e84e0b27df836ea2acebff3174ad5f5d5136a36b59389f20edd079b8fac5633136b99e1a2b663ad94f1385880e833a6a3a800cb266731e7ab3a8e4945fa30eedc82f46928cf0d8fa0dd3e7423e3e919f3ae82cc78ee00fc8ca78ff6a386fb4f1eb0673d214e584238f6844a155c18ce6feb3", 0xc6}, {&(0x7f0000002600)="0caa2cce181b7be22b762094027a225e6001ae77e59b40bf94a96f0cdc4e7c08ddbf8b98440ef6111ecb0a6b634b16d72862b80b7e4021c4d30128bf4b712693a72fedcfed412e17194b0e71c9009eb75741a0d63707f2a57d32424c5612bf608b3db01232c63c7da511a91204a33aa25166be0f2b0f10231b98a39123054d20655f9ee282ba262743a840ff935cc52c14546ce3688b0f2a19e0842faece63c79093d1fe693a059339862a56d124e541afd6900dc0bd7f93ea2451f5f0bcf403649996531b13e3a2cbf0b05ebb4e9dc33c361e9d5205521dc2", 0xd9}, {&(0x7f0000002700)="36c0fd82b4bbb55da966d46f4e03a29c94f3e4a0c562201d330c93fe25677244e241bd6893ba51645d027395564e7d2508d75d648b4d950f949010b6cd679d72444691f9da882fab25750ed9f1e6a0de9ac6fa087b9d434f35f391711d1e64e16cce23b8acbee6fa7410aa8b23ad84423ec44e7ad5cce426919b13162b1254e3cebc6b79157fe6", 0x87}, {&(0x7f00000027c0)="08e13ca6482009c3b8ef967f453042e664afb9149f0d1d8ea8627b4c339904", 0x1f}, {&(0x7f0000002800)="9cb18fce416fccbe994575932449228f4394b7fbc59d5fbb123cc06e679a3c898fd90ef4e5c237586d9bcff0a48e3d6afee6e8f89a1a0444d76a240f7551c34c77681dfedd3cea2b8cbea6a2e427c7507f30fae04ae789f6e4ca9db1ec69798a62e72e59925e9f81f15768a05ddadb82ceac55d840ff4c1c40", 0x79}, {&(0x7f0000002880)="96ec065962579d2ce3fc6d24a26c0965eae510f7cfc189fe32bb3ed08306003ef328f0b3c5bb30ccb8d7d381d1d595039268b44d6a9020880a6254da174467bb4ea02c01260f0a6a543fe2093dcf4e4f3f16666b1809ac374e2f9e5b25019afd420d7d3e8d4ba6575df11bcc7bc4f6cc2abfdf9c8aabb2256e86cb96ae2217893f38f8837bc37f03583466d0c53458b1d925fcaf7ac471da3f680273ed871463d452603cda510581fb6354b7fcb313f875593fb9bcd2256407a523c2951dad01b7e10be37ca7f8ed9bd5bc55ab9579501f8675dee41bf941042b5d4f8a2aa1295c0b4e0af9bf2f8d3d10149e4a51ae063c", 0xf1}], 0x9, &(0x7f0000002a40)={0x68, 0x6, 0x1ff, "d1db636e1508f90326fd2540fbf3d0f310ae157ff17db34c8de8d700d1be39bf2579ce88dce8801f454cd07e7a06a1a353434546b2f9d142668cb65a873c87333f6a67d803510d2db57cee03193c37619bc7e29f5268"}, 0x68, 0x400}], 0x6, 0x80) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000140)={0x100000001, 0x8, 0x4}) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000002cc0)='dctcp\x00', 0x6) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:08 executing program 3: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) r4 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000380)={0xffff8001, 0x0, [], {0x0, @bt={0x1, 0x9, 0x0, 0x1, 0x2, 0x4, 0x8, 0x800, 0x8, 0x6, 0x3, 0xff, 0x7, 0x10001, 0xe, 0x9}}}) 23:25:08 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f00000003c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1f, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={'nr', 0x0}, 0x3, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) get_mempolicy(&(0x7f0000000240), &(0x7f00000002c0), 0xfffffffffffffc01, &(0x7f0000ffb000/0x2000)=nil, 0x4) mount$bpf(0x20000000, &(0x7f0000000900)='./file0/file0\x00', 0x0, 0x2001001, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'batadv0\x00'}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000009c0)={{{@in6, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000000440)=0xe8) r13 = socket$nl_route(0x10, 0x3, 0x0) r14 = socket$netlink(0x10, 0x3, 0x0) r15 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r15, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r15, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r16}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r16, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r15, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002e00070200"/20, @ANYRES32=r16, @ANYBLOB="ecff120000000000000000de"], 0x24}}, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x1fa, &(0x7f0000000000)={&(0x7f0000000b40)=@ipv6_delroute={0x0, 0x19, 0x442e2731351e2f0d, 0x70bd2d, 0x25dfdbff, {0xa, 0x20, 0x28, 0x17, 0xfe, 0x2, 0xff, 0x8, 0x800}, [@RTA_UID={0x0, 0x19, r12}, @RTA_OIF={0x0, 0x4, r16}, @RTA_ENCAP_TYPE, @RTA_GATEWAY={0x0, 0x5, @rand_addr="fd803468f02e2b6391edf8831222cd28"}, @RTA_EXPIRES={0x0, 0x17, 0xac}]}, 0xfffffffffffffeb2}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r11, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002e00070200"/20, @ANYRES32=r11, @ANYBLOB="ecff120000000000000000de"], 0x24}}, 0x0) bind$packet(r6, &(0x7f0000000100)={0x11, 0x10, r11, 0x1, 0x1}, 0x14) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000cfd000000000026df311347a765", @ANYRES32=r17, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) socket$key(0xf, 0x3, 0x2) preadv(0xffffffffffffffff, 0x0, 0xc40c94d75fb102d0, 0x4) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) pivot_root(&(0x7f0000000380)='./file0\x00', &(0x7f0000000340)='./file0\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:08 executing program 1: clone(0x40000000, 0x0, 0x0, 0x0, 0x0) [ 522.184401] FAULT_INJECTION: forcing a failure. [ 522.184401] name failslab, interval 1, probability 0, space 0, times 0 23:25:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0) syz_genetlink_get_family_id$tipc(0x0) [ 522.211479] audit: type=1804 audit(1575674708.746:108): pid=27532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir326903702/syzkaller.ftciMZ/148/bus" dev="sda1" ino=16913 res=1 [ 522.410520] CPU: 0 PID: 27559 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 522.418544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.427904] Call Trace: [ 522.430494] dump_stack+0x142/0x197 [ 522.434140] should_fail.cold+0x10f/0x159 [ 522.438295] should_failslab+0xdb/0x130 [ 522.442256] __kmalloc_track_caller+0x2ec/0x790 [ 522.446908] ? kstrdup_const+0x48/0x60 [ 522.450790] kstrdup+0x3a/0x70 [ 522.453996] kstrdup_const+0x48/0x60 [ 522.457709] alloc_vfsmnt+0xe5/0x7d0 [ 522.461418] clone_mnt+0x70/0xee0 [ 522.464857] ? lock_downgrade+0x740/0x740 [ 522.469007] ? do_raw_spin_unlock+0x16b/0x260 [ 522.473505] copy_tree+0x33b/0x8a0 [ 522.477038] copy_mnt_ns+0x11c/0x8c0 [ 522.480747] ? kmem_cache_alloc+0x611/0x780 [ 522.485078] ? selinux_capable+0x36/0x40 [ 522.489131] create_new_namespaces+0xc9/0x720 [ 522.493613] ? ns_capable_common+0x12c/0x160 [ 522.498054] copy_namespaces+0x284/0x310 [ 522.502215] copy_process.part.0+0x2603/0x6a70 [ 522.506940] ? proc_fail_nth_write+0x7d/0x180 [ 522.511532] ? proc_cwd_link+0x1b0/0x1b0 [ 522.515621] ? __cleanup_sighand+0x50/0x50 [ 522.519849] ? lock_downgrade+0x740/0x740 [ 522.523992] _do_fork+0x19e/0xce0 [ 522.527449] ? fork_idle+0x280/0x280 [ 522.531163] ? fput+0xd4/0x150 [ 522.534347] ? SyS_write+0x15e/0x230 [ 522.538049] SyS_clone+0x37/0x50 [ 522.541397] ? sys_vfork+0x30/0x30 [ 522.544922] do_syscall_64+0x1e8/0x640 [ 522.548823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 522.553666] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.558838] RIP: 0033:0x45a6f9 [ 522.562019] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 522.569722] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 522.577330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 522.584590] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 522.591860] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 522.599123] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 522.606753] protocol 88fb is buggy, dev hsr_slave_0 [ 522.611868] protocol 88fb is buggy, dev hsr_slave_1 [ 522.616963] protocol 88fb is buggy, dev hsr_slave_0 [ 522.622014] protocol 88fb is buggy, dev hsr_slave_1 [ 522.627070] protocol 88fb is buggy, dev hsr_slave_0 [ 522.632143] protocol 88fb is buggy, dev hsr_slave_1 23:25:09 executing program 4: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/\xf0\x95aY\x9b\xbc\xb6\xc1\x98\x03\x0e\xa0\x8fp\x89oc\xb2\x9eVys\x9d\xe3\xccD\xa6v)\x8e\"\xa8(\xc7\x8e\x05k/I\x93K9p\xc1/\xb3\x8b\t*\xde\xb2l\xe9I\xde\x88\xd30Pl\xe0\xbb\xe6\xc3)V\x9d\xdbu\xea~\x14+\x98nS_g\xafE\xb2X\xd0', 0x2, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x5, @local, 0x1}, 0x1c) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) ioctl$TIOCGPTLCK(r1, 0x80045439, &(0x7f00000000c0)) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) ioctl$NBD_DISCONNECT(r2, 0xab08) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0) syz_genetlink_get_family_id$tipc(0x0) 23:25:09 executing program 4: ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000040)={0x4, 0x0, {0x54, 0x7fff, 0x6, {0x8, 0x1}, {0x6, 0xff}, @period={0x5a, 0x4, 0x1, 0x8, 0x7fff, {0x401, 0x0, 0x6}, 0x8, &(0x7f0000000000)=[0x3, 0x7f, 0x7f, 0x40, 0x7f, 0x8, 0x7, 0x8]}}, {0x51, 0x7, 0x5, {0x1, 0xffff}, {0x2, 0x20}, @const={0x800, {0x9, 0xbec0, 0xfe6, 0x3}}}}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) 23:25:09 executing program 2 (fault-call:0 fault-nth:46): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0) syz_genetlink_get_family_id$tipc(0x0) [ 523.005279] FAULT_INJECTION: forcing a failure. [ 523.005279] name failslab, interval 1, probability 0, space 0, times 0 [ 523.024109] CPU: 1 PID: 27603 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 523.032044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.041402] Call Trace: [ 523.041422] dump_stack+0x142/0x197 [ 523.041440] should_fail.cold+0x10f/0x159 [ 523.041456] should_failslab+0xdb/0x130 [ 523.041466] kmem_cache_alloc_trace+0x2e9/0x790 [ 523.041476] ? retire_userns_sysctls+0x90/0x90 [ 523.041487] ? copy_mnt_ns+0x47/0x8c0 [ 523.041502] copy_utsname+0x11c/0x330 [ 523.041515] create_new_namespaces+0x153/0x720 [ 523.041524] ? ns_capable_common+0x12c/0x160 [ 523.041536] copy_namespaces+0x284/0x310 [ 523.060528] copy_process.part.0+0x2603/0x6a70 [ 523.060546] ? proc_fail_nth_write+0x7d/0x180 [ 523.060554] ? proc_cwd_link+0x1b0/0x1b0 [ 523.060572] ? __cleanup_sighand+0x50/0x50 [ 523.060583] ? lock_downgrade+0x740/0x740 [ 523.060597] _do_fork+0x19e/0xce0 [ 523.060610] ? fork_idle+0x280/0x280 [ 523.060623] ? fput+0xd4/0x150 [ 523.060633] ? SyS_write+0x15e/0x230 [ 523.060648] SyS_clone+0x37/0x50 [ 523.069011] ? sys_vfork+0x30/0x30 [ 523.128202] do_syscall_64+0x1e8/0x640 [ 523.132090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 523.136942] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 523.142129] RIP: 0033:0x45a6f9 [ 523.145315] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:25:09 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) r1 = openat$cgroup_ro(r0, &(0x7f0000000000)='memory.current\x00', 0x0, 0x0) write$P9_RSTAT(r1, &(0x7f0000000040)={0x53, 0x7d, 0x2, {0x0, 0x4c, 0x9, 0x7, {0x65ed29262c72ab89, 0x4, 0x7}, 0x100000, 0x3, 0x7fff, 0x3, 0x8, 'trusted]', 0x8, '\x8b/5proc$', 0x9, '\xa1*vmnet1^'}}, 0x53) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:09 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x24020, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f0000000040)='security\x81SMACK64TRANSMUTE\x00', &(0x7f0000000080)='TRUE', 0x4, 0x5) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) dup3(r0, r2, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r6, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0xc30cd520dc9489b7, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendfile(r5, r3, 0x0, 0xffffffff) 23:25:09 executing program 4: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0xc0286415, &(0x7f0000000000)={&(0x7f0000ff9000/0x4000)=nil, 0x1, 0x3, 0x4, &(0x7f0000ffb000/0x1000)=nil, 0x101}) [ 523.153110] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 523.160379] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 523.167650] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 523.174933] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 523.182360] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:09 executing program 5: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, &(0x7f0000000680)={0x2, 0x17}) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) setsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f0000000100)=0x1, 0xbba5dba3) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r2 = gettid() r3 = syz_open_dev$media(&(0x7f0000000440)='/dev/media#\x00', 0xff, 0x8000) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000004c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0xcb0004}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x28, r4, 0x10, 0x703d2a, 0x25dfdbfb, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x20088805}, 0x6010) r5 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r6, r6, &(0x7f0000000240), 0x7fff) r7 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r7) write$P9_RLERRORu(r7, &(0x7f00000005c0)={0x19, 0x7, 0x1, {{0xc, '/dev/media#\x00'}, 0x8}}, 0x19) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x5ed, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x5, 0x4}, 0x0, 0x0, &(0x7f00000001c0)={0x5, 0x7, 0xb3f6, 0x400}, &(0x7f0000000200)=0xa, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=0x6}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r2, r6, 0x0, 0x1, &(0x7f0000000040)='\x00', r8}, 0x30) write$P9_RREADLINK(r5, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r5, r5, &(0x7f0000000240)=0xfffffffffffffffd, 0x7fff) getsockopt$netrom_NETROM_T4(0xffffffffffffffff, 0x103, 0x6, &(0x7f0000000600)=0x5, &(0x7f0000000640)=0x4) accept$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, &(0x7f00000000c0)=0x1c) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 23:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0) 23:25:10 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) 23:25:10 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x1, 0x6000, 0x2000, &(0x7f0000000000/0x2000)=nil}) write$P9_RREADLINK(r0, &(0x7f0000000180)=ANY=[@ANYRES32=r3], 0x170) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r9 = msgget$private(0x0, 0x8) msgsnd(r9, &(0x7f0000000280)={0x1, "bc4d5460b728c4e6d273742989f6942f5c48d0007ee96ef7ea71c5ff3c351c1252bb8bc70d3ef810d36574c90e0294bebe65fe7793147255084e35c640"}, 0x45, 0x800) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e, 0x0, 0x0, 0x40000000000]}) r10 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x20000, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r10, 0xc040564a, &(0x7f0000000300)={0x5, 0x0, 0x3007, 0x1, 0xffff, 0x1, 0x2, 0x1}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_GET_REG_LIST(r8, 0xc008aeb0, &(0x7f0000000100)=ANY=[@ANYBLOB="090000000000000000000400000000a2000002000000000000000800000010000000ff0f00000000000008000000000000000200000000000000f70e0000000000"]) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f00000000c0), 0x4) 23:25:10 executing program 4: clone(0x787467fac5a119c, 0x0, 0x0, 0x0, 0x0) 23:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:10 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x2}) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) 23:25:10 executing program 2 (fault-call:0 fault-nth:47): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:10 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) bind$ax25(r0, &(0x7f0000000000)={{0x3, @default}, [@default, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) getsockopt$ax25_int(r0, 0x101, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000200), &(0x7f0000000280)=0xc) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f0000000380)={0x1ff, 0x2, 0x1, 0x4}) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/checkreqprot\x00', 0x800, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)={r2, r0, 0x19, 0x2}, 0x10) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000180)={0x6, 0x62}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_GET_MAGIC(r3, 0x80046402, &(0x7f00000001c0)) 23:25:10 executing program 3: clone(0x60049000, 0x0, 0x0, 0x0, 0x0) 23:25:10 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000080)) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x5) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x125f8d7cc0b0b99a, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x20000, 0x0) ioctl$VIDIOC_SUBDEV_G_CROP(r1, 0xc038563b, &(0x7f0000000040)={0x1, 0x0, {0x6, 0x6, 0x3, 0x3}}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:10 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) migrate_pages(r0, 0x1, &(0x7f0000000040)=0x84d, &(0x7f0000000080)=0x2) clone(0x200000, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000000c0)={0x8, {{0xa, 0x4e20, 0x9, @mcast1, 0x3}}, 0x0, 0x4, [{{0xa, 0x4e21, 0x7, @mcast1, 0x4bae4fa3}}, {{0xa, 0x4e23, 0x5f, @local, 0x9}}, {{0xa, 0x4e20, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7cf0}}, {{0xa, 0x4e23, 0xfffffffb, @ipv4={[], [], @remote}, 0x4}}]}, 0x290) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dlm_plock\x00', 0x400800, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r2, 0x1) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000000c0)={r4}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000003c0)={r4, 0x40}, 0x8) setrlimit(0x1, &(0x7f0000000000)={0x10001, 0x1}) 23:25:10 executing program 1: clone(0x4000, 0x0, 0x0, 0x0, 0x0) 23:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 523.701419] FAULT_INJECTION: forcing a failure. [ 523.701419] name failslab, interval 1, probability 0, space 0, times 0 23:25:10 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x12041, 0x0) ioctl$TUNSETOWNER(r0, 0x400454cc, 0xffffffffffffffff) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e20, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'erspan0\x00'}) getsockname$llc(r1, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000080)=0x10) [ 523.796472] CPU: 1 PID: 27673 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 523.804424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.813823] Call Trace: [ 523.816431] dump_stack+0x142/0x197 [ 523.820083] should_fail.cold+0x10f/0x159 [ 523.824253] should_failslab+0xdb/0x130 [ 523.828251] kmem_cache_alloc_trace+0x2e9/0x790 [ 523.832957] ? retire_userns_sysctls+0x90/0x90 [ 523.837545] copy_ipcs+0xf8/0x400 [ 523.841003] create_new_namespaces+0x1dd/0x720 [ 523.845586] ? ns_capable_common+0x12c/0x160 [ 523.850001] copy_namespaces+0x284/0x310 [ 523.854061] copy_process.part.0+0x2603/0x6a70 [ 523.858657] ? proc_fail_nth_write+0x7d/0x180 [ 523.863167] ? proc_cwd_link+0x1b0/0x1b0 [ 523.867247] ? __cleanup_sighand+0x50/0x50 [ 523.871486] ? lock_downgrade+0x740/0x740 [ 523.875640] _do_fork+0x19e/0xce0 [ 523.879095] ? fork_idle+0x280/0x280 [ 523.882810] ? fput+0xd4/0x150 [ 523.886000] ? SyS_write+0x15e/0x230 [ 523.889715] SyS_clone+0x37/0x50 [ 523.893084] ? sys_vfork+0x30/0x30 [ 523.896641] do_syscall_64+0x1e8/0x640 [ 523.900570] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 523.905424] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 523.910613] RIP: 0033:0x45a6f9 [ 523.913800] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 523.921514] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 523.928791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 523.936329] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:25:10 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x104) ioctl$VT_DISALLOCATE(r1, 0x5608) accept4(r0, &(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @local}, &(0x7f0000000080)=0x80, 0x800) 23:25:10 executing program 4: clone(0x18000, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x50000, 0x0) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f00000000c0)=0xb25) ioctl$BLKRESETZONE(r1, 0x40101283, &(0x7f0000000040)={0xcce}) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000000100)=0xeb) [ 523.943606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 523.950894] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:10 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000180)={{0x3, 0x3, 0x1, 0x0, 0x3}, 0x40, 0xfffffffffffffffe}) 23:25:10 executing program 2 (fault-call:0 fault-nth:48): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 524.207454] FAULT_INJECTION: forcing a failure. [ 524.207454] name failslab, interval 1, probability 0, space 0, times 0 [ 524.224326] CPU: 1 PID: 27720 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 524.232257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.241620] Call Trace: [ 524.244219] dump_stack+0x142/0x197 [ 524.247854] should_fail.cold+0x10f/0x159 [ 524.252009] should_failslab+0xdb/0x130 [ 524.255993] kmem_cache_alloc_node_trace+0x280/0x770 [ 524.261102] ? ida_simple_get+0x104/0x190 [ 524.265255] __kmalloc_node+0x3d/0x80 [ 524.269058] kvmalloc_node+0x4e/0xe0 [ 524.272775] bucket_table_alloc+0x3cd/0x5d0 [ 524.277121] rhashtable_init+0x4a0/0x810 [ 524.281278] ipc_init_ids+0xc6/0x1e0 [ 524.285000] sem_init_ns+0x11a/0x150 [ 524.288716] copy_ipcs+0x228/0x400 [ 524.292305] create_new_namespaces+0x1dd/0x720 [ 524.296908] ? ns_capable_common+0x12c/0x160 [ 524.301328] copy_namespaces+0x284/0x310 [ 524.305399] copy_process.part.0+0x2603/0x6a70 [ 524.309992] ? proc_fail_nth_write+0x7d/0x180 [ 524.314495] ? proc_cwd_link+0x1b0/0x1b0 [ 524.318567] ? __cleanup_sighand+0x50/0x50 [ 524.322807] ? lock_downgrade+0x740/0x740 [ 524.326962] _do_fork+0x19e/0xce0 [ 524.330418] ? fork_idle+0x280/0x280 [ 524.334147] ? fput+0xd4/0x150 [ 524.337336] ? SyS_write+0x15e/0x230 [ 524.341069] SyS_clone+0x37/0x50 [ 524.344430] ? sys_vfork+0x30/0x30 [ 524.347971] do_syscall_64+0x1e8/0x640 [ 524.351855] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 524.356703] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 524.361926] RIP: 0033:0x45a6f9 [ 524.365121] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 524.372842] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 524.380119] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 524.387422] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 524.394681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 524.401937] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:11 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0xffffffffffffffff, 0x4) 23:25:11 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x3, 0x2000) ioctl$USBDEVFS_RESET(r0, 0x5514) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:11 executing program 4: clone(0x787467f9cda9c9c, 0x0, 0x0, 0x0, 0x0) 23:25:11 executing program 1: clone(0x4800800, 0x0, 0x0, 0x0, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x4000, 0x0) mmap$usbfs(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x18, 0x8071, r0, 0x1) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x8001, 0x81601) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000080)) lsetxattr$security_selinux(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='security.selinux\x00', &(0x7f0000000280)='system_u:object_r:semanage_store_t:s0\x00', 0x26, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x0) 23:25:11 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:11 executing program 2 (fault-call:0 fault-nth:49): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:11 executing program 4: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x6, 0x200000) ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000040)={0x1, 0x102, 0x1, {0x0, 0x8, 0x8, 0xb92}}) fchdir(r0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) clone(0x787467e9c76159c, 0x0, 0x0, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$TCGETS(r5, 0x5401, &(0x7f0000000140)) ioctl$KVM_SET_GUEST_DEBUG(r4, 0x4048ae9b, &(0x7f0000000080)={0x10000, 0x0, [0x80, 0x10000, 0x72, 0xffff, 0x9, 0xffffffffffffff7f, 0x1]}) 23:25:11 executing program 5: clone(0xd2fad0e257e0e0b5, &(0x7f0000000000)="bb22d51dfbffe4cb0fd40bcddf921e4bad8ffdbe995c9e115ff3d778af070681a6326722d9d85f507d460badba8b0eb23930dfc426ae2eafb2f9df8c2738d528330072eed899783376821a8cad22c9692ea31291cc9244a3b4334d86d0b129944e4295f263cc1c0f2e744a9dedbda3409aea96fd3a9e866e50f9bb8ad749dfa036803f5c05e400ccab9297ed4fe41205d0139254b091ab5b63187f7d30ceba93a3a18b191d1b830e884335c15ce0008e", &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)="5fb4d139a9bdb45d1ae30f705d310e573a928cb008cf8020d286b38ace8e591ec17ea9f6c30f4d5cfce751627f6502cb0ef0ac0022e91d908f55cc008da9b20a9d73941eaecf6f8fe81a004eab0f0d024099391fec2caae8eb99a25c5f5dc6dc294ef496bf85aee9d69d6db13f9aaf6c2a7a3aa9817988876898dc0347054095ea19742d47de78376e9c368580e53739163c5ebedd0c39c7e5284318637e43c0") r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) sendmsg$TIPC_CMD_ENABLE_BEARER(r0, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0xf, 0x0, 0x400, 0x70bd2d, 0x25dfdbff, {{}, 0x0, 0x4101, 0x0, {0x15, 0x17, {0x10, 0x6, @udp='udp:syz1\x00'}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x2004000}, 0x4) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300)='/dev/zero\x00', 0x16c0, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000340)={@remote, @multicast2}, &(0x7f0000000380)=0xc) 23:25:11 executing program 3: clone(0x6a28900, 0x0, 0x0, 0x0, 0x0) [ 524.648288] FAULT_INJECTION: forcing a failure. [ 524.648288] name failslab, interval 1, probability 0, space 0, times 0 [ 524.734045] audit: type=1400 audit(1575674711.426:109): avc: denied { associate } for pid=27743 comm="syz-executor.1" name="kvm" dev="devtmpfs" ino=28 scontext=system_u:object_r:semanage_store_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=filesystem permissive=1 [ 524.768124] CPU: 0 PID: 27746 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 524.776064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.785509] Call Trace: [ 524.785528] dump_stack+0x142/0x197 [ 524.785548] should_fail.cold+0x10f/0x159 [ 524.785567] should_failslab+0xdb/0x130 [ 524.785578] kmem_cache_alloc_trace+0x2e9/0x790 [ 524.785589] ? retire_userns_sysctls+0x90/0x90 [ 524.785600] ? copy_mnt_ns+0x47/0x8c0 [ 524.791842] copy_utsname+0x11c/0x330 [ 524.791860] create_new_namespaces+0x153/0x720 [ 524.791872] ? ns_capable_common+0x12c/0x160 [ 524.791884] copy_namespaces+0x284/0x310 [ 524.791898] copy_process.part.0+0x2603/0x6a70 [ 524.791913] ? proc_fail_nth_write+0x7d/0x180 [ 524.791924] ? proc_cwd_link+0x1b0/0x1b0 [ 524.842922] ? __cleanup_sighand+0x50/0x50 [ 524.847146] ? lock_downgrade+0x740/0x740 [ 524.851281] _do_fork+0x19e/0xce0 [ 524.854723] ? fork_idle+0x280/0x280 [ 524.858423] ? fput+0xd4/0x150 [ 524.861685] ? SyS_write+0x15e/0x230 [ 524.865389] SyS_clone+0x37/0x50 [ 524.868735] ? sys_vfork+0x30/0x30 [ 524.872277] do_syscall_64+0x1e8/0x640 [ 524.876152] ? trace_hardirqs_off_thunk+0x1a/0x1c 23:25:11 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:11 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000040)=0x40) [ 524.880987] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 524.886159] RIP: 0033:0x45a6f9 [ 524.889333] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 524.897027] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 524.904372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 524.911733] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 524.918995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 524.926251] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:11 executing program 3: pipe2$9p(&(0x7f0000000040), 0x80000) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x100) 23:25:11 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)=0xffffff7f, 0x4) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$FBIOPUTCMAP(r1, 0x4605, &(0x7f0000000140)={0x4, 0x3, &(0x7f0000000040)=[0x5, 0x6, 0x9d], &(0x7f0000000080)=[0x7f, 0x3ff, 0x4, 0x5, 0x14fa], &(0x7f00000000c0)=[0x6, 0x6], &(0x7f0000000100)=[0x0, 0x5, 0x1, 0x1, 0x6c5, 0x51, 0x6, 0x8]}) 23:25:11 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:11 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) syz_open_dev$char_usb(0xc, 0xb4, 0x3) accept$netrom(r0, &(0x7f0000000180)={{0x3, @bcast}, [@default, @rose, @default, @default, @default, @null, @rose, @netrom]}, &(0x7f00000000c0)=0x48) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x8, {{0x2, 0x4e22, @local}}}, 0x88) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:11 executing program 3: clone(0x64000, 0x0, 0x0, 0x0, 0x0) 23:25:11 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:11 executing program 2 (fault-call:0 fault-nth:50): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 525.231097] FAULT_INJECTION: forcing a failure. [ 525.231097] name failslab, interval 1, probability 0, space 0, times 0 [ 525.243323] CPU: 0 PID: 27806 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 525.251250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 525.260617] Call Trace: [ 525.263222] dump_stack+0x142/0x197 [ 525.266876] should_fail.cold+0x10f/0x159 [ 525.271018] should_failslab+0xdb/0x130 [ 525.274982] kmem_cache_alloc_node_trace+0x280/0x770 [ 525.280162] ? ida_simple_get+0x104/0x190 [ 525.284297] __kmalloc_node+0x3d/0x80 [ 525.288099] kvmalloc_node+0x4e/0xe0 [ 525.291798] bucket_table_alloc+0x3cd/0x5d0 [ 525.296105] rhashtable_init+0x4a0/0x810 [ 525.300328] ipc_init_ids+0xc6/0x1e0 [ 525.304058] sem_init_ns+0x11a/0x150 [ 525.307774] copy_ipcs+0x228/0x400 [ 525.311305] create_new_namespaces+0x1dd/0x720 [ 525.315886] ? ns_capable_common+0x12c/0x160 [ 525.320369] copy_namespaces+0x284/0x310 [ 525.324440] copy_process.part.0+0x2603/0x6a70 [ 525.329147] ? proc_fail_nth_write+0x7d/0x180 [ 525.333634] ? proc_cwd_link+0x1b0/0x1b0 [ 525.337708] ? __cleanup_sighand+0x50/0x50 [ 525.341950] ? lock_downgrade+0x740/0x740 [ 525.346233] _do_fork+0x19e/0xce0 [ 525.349680] ? fork_idle+0x280/0x280 [ 525.353408] ? fput+0xd4/0x150 [ 525.356605] ? SyS_write+0x15e/0x230 [ 525.360329] SyS_clone+0x37/0x50 [ 525.363680] ? sys_vfork+0x30/0x30 [ 525.367212] do_syscall_64+0x1e8/0x640 [ 525.371186] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 525.376102] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:25:12 executing program 4: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$set_timeout(0xf, r0, 0x0) r1 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="8d81612cff2899c5d4a786a52dbef59d74b9547e619de726b9de70ee53ff52ee46eff7964f5aeaae3a32831e2b337566584de13c181e50fcdc0b352dd0c3bcefc51a889b2c0fb03e2213dbbe6cc353826d3dd0b0efcce2f378178c421fcf99439f0f246108ed8f38d7997d48468e32a9f8e283f060e945d9ec58005e1c8e0545da34ba6148f13d22d536484975e07b89bd3569ab9738c2458bad365797960106b61bee561cec91c38a05082097f65eb338665e2d097371f848dbb6751e30865d9198d13581cec0ac88feed81acaaae4ced768032eb6e8c93836744ffec88d759c2d460391e36e645fa2d9bdff5", 0xed, r0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000180)={r1, 0x55, 0xfd}, &(0x7f00000001c0)={'enc=', 'oaep', ' hash=', {'rmd128-generic\x00'}}, &(0x7f0000000240)="734785fc39ade7e167287aee7726fa7b9b196fe06c1ae401111104879d055225eeef566334e0110c84dac55071037fa710f6854b83d5a361e4c20d6686602d2d184359e23ff7fb04103f630bafefd397da59aa42b5", &(0x7f00000002c0)=""/253) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:12 executing program 1: clone(0x10000, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) open(&(0x7f0000000180)='./bus\x00', 0x549481, 0x20) ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000140)={&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000040)=""/227, 0xe3}) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/mls\x00', 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000200)={0x29, 0x3, 0x0, {0x0, 0x8, 0x0, 'erspan0\x00'}}, 0x29) 23:25:12 executing program 5: clone(0x787467facfa5c9c, 0x0, 0x0, 0x0, 0x0) 23:25:12 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 525.381280] RIP: 0033:0x45a6f9 [ 525.384460] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 525.392197] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 525.399455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 525.406713] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 525.414013] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 525.421280] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:12 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:12 executing program 5: clone(0x4200, 0x0, 0x0, 0x0, 0x0) 23:25:12 executing program 2 (fault-call:0 fault-nth:51): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 525.632709] FAULT_INJECTION: forcing a failure. [ 525.632709] name failslab, interval 1, probability 0, space 0, times 0 [ 525.672368] CPU: 0 PID: 27832 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 525.680313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 525.689699] Call Trace: [ 525.689719] dump_stack+0x142/0x197 [ 525.689737] should_fail.cold+0x10f/0x159 [ 525.689753] should_failslab+0xdb/0x130 [ 525.689765] kmem_cache_alloc_node_trace+0x280/0x770 [ 525.689775] ? trace_hardirqs_on_caller+0x400/0x590 [ 525.689787] ? kasan_unpoison_shadow+0x35/0x50 [ 525.700177] __kmalloc_node+0x3d/0x80 [ 525.700191] kvmalloc_node+0x4e/0xe0 [ 525.700203] bucket_table_alloc+0x160/0x5d0 [ 525.700216] rhashtable_init+0x4a0/0x810 [ 525.700228] ipc_init_ids+0xc6/0x1e0 [ 525.700237] msg_init_ns+0x12f/0x160 [ 525.700245] copy_ipcs+0x317/0x400 [ 525.700260] create_new_namespaces+0x1dd/0x720 [ 525.750407] ? ns_capable_common+0x12c/0x160 [ 525.754833] copy_namespaces+0x284/0x310 [ 525.758997] copy_process.part.0+0x2603/0x6a70 [ 525.763601] ? proc_fail_nth_write+0x7d/0x180 [ 525.768110] ? proc_cwd_link+0x1b0/0x1b0 [ 525.772192] ? __cleanup_sighand+0x50/0x50 [ 525.776450] ? lock_downgrade+0x740/0x740 [ 525.780623] _do_fork+0x19e/0xce0 [ 525.784094] ? fork_idle+0x280/0x280 [ 525.787855] ? fput+0xd4/0x150 [ 525.791057] ? SyS_write+0x15e/0x230 [ 525.794783] SyS_clone+0x37/0x50 [ 525.798164] ? sys_vfork+0x30/0x30 [ 525.801717] do_syscall_64+0x1e8/0x640 [ 525.805617] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 525.810475] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 525.815671] RIP: 0033:0x45a6f9 [ 525.818864] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 525.826580] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 23:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 525.833861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 525.841155] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 525.848435] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 525.855714] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:12 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000080)=@security={'security\x00', 0xe, 0x4, 0x488, 0x0, 0x0, 0xf8, 0x238, 0xf8, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x3f0, 0x4, &(0x7f0000000040), {[{{@ip={@dev={0xac, 0x14, 0x14, 0x15}, @broadcast, 0xffffffff, 0x0, 'ip6_vti0\x00', 'gretap0\x00', {}, {0x7f}, 0x8, 0x2, 0x25}, 0x0, 0x98, 0xf8}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x1, @broadcast, 0xffff, 0x7, [0x6, 0x1c, 0x26, 0x1f, 0x2e, 0x3a, 0x3e, 0x26, 0x27, 0x7, 0x5, 0x3, 0x13, 0x15, 0x29, 0x35], 0x0, 0xffff0001, 0x80000001}}}, {{@ip={@remote, @multicast1, 0x100000001, 0xffffff00, 'teql0\x00', 'tunl0\x00', {0x17e}, {}, 0x6, 0x2, 0x10}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@unspec=@connlabel={0x28, 'connlabel\x00', 0x0, {0xfeff, 0x3}}, @common=@socket0={0x20, 'socket\x00'}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@ipv4={[], [], @remote}, [0xffffffff, 0xff, 0xffffff00], 0x4e23, 0x4e22, 0x4e21, 0x4e24, 0x81, 0x1f, 0x2, 0x1, 0xfffffff9}}}, {{@ip={@rand_addr, @multicast2, 0x0, 0xff, 'dummy0\x00', 'syzkaller1\x00', {0xff}, {0x7f}, 0x62, 0x2, 0x2}, 0x0, 0x158, 0x1b8, 0x0, {}, [@common=@unspec=@conntrack1={0xc0, 'conntrack\x00', 0x1, {{@ipv6=@mcast2, [0xff000000, 0xffffff00, 0xce52ecf28ee1d907, 0xffffff00], @ipv4=@loopback, [0xffffff00, 0x0, 0x0, 0xff000000], @ipv4=@rand_addr=0x7, [0x62b18d8cf1e9538, 0xff, 0x0, 0x1fe], @ipv6=@dev={0xfe, 0x80, [], 0x27}, [0xffffff00, 0xffffffff, 0x0, 0x100000100], 0x9, 0xffffff54, 0x4, 0x4e20, 0x4e21, 0x4e24, 0x4e21, 0x9, 0x2000}, 0x0, 0x701}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x7ff, [0x80, 0x40, 0x1000, 0x4, 0x350, 0xffffffff], 0x1c, 0x5}, {0x3, [0x20, 0x2, 0x1, 0x8001, 0x7, 0x33], 0x8, 0x2}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4e8) 23:25:12 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:12 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:12 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:12 executing program 2 (fault-call:0 fault-nth:52): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:12 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 526.328885] FAULT_INJECTION: forcing a failure. [ 526.328885] name failslab, interval 1, probability 0, space 0, times 0 [ 526.370583] CPU: 0 PID: 27861 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 526.378522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.388931] Call Trace: [ 526.391534] dump_stack+0x142/0x197 [ 526.394597] ISOFS: Unable to identify CD-ROM format. [ 526.395176] should_fail.cold+0x10f/0x159 [ 526.395195] should_failslab+0xdb/0x130 [ 526.395211] kmem_cache_alloc_node_trace+0x280/0x770 [ 526.413531] ? trace_hardirqs_on_caller+0x400/0x590 [ 526.418562] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 526.423679] __kmalloc_node+0x3d/0x80 [ 526.427610] kvmalloc_node+0x4e/0xe0 [ 526.431341] bucket_table_alloc+0x3cd/0x5d0 [ 526.435837] rhashtable_init+0x4a0/0x810 [ 526.439913] ipc_init_ids+0xc6/0x1e0 [ 526.443635] shm_init_ns+0x105/0x140 [ 526.447361] copy_ipcs+0x32b/0x400 [ 526.450914] create_new_namespaces+0x1dd/0x720 [ 526.455529] ? ns_capable_common+0x12c/0x160 [ 526.459949] copy_namespaces+0x284/0x310 [ 526.464027] copy_process.part.0+0x2603/0x6a70 [ 526.468624] ? proc_fail_nth_write+0x7d/0x180 [ 526.473129] ? proc_cwd_link+0x1b0/0x1b0 [ 526.477211] ? __cleanup_sighand+0x50/0x50 [ 526.481463] ? lock_downgrade+0x740/0x740 [ 526.485628] _do_fork+0x19e/0xce0 [ 526.489096] ? fork_idle+0x280/0x280 [ 526.492822] ? fput+0xd4/0x150 [ 526.496032] ? SyS_write+0x15e/0x230 [ 526.499763] SyS_clone+0x37/0x50 [ 526.503139] ? sys_vfork+0x30/0x30 [ 526.506693] do_syscall_64+0x1e8/0x640 [ 526.510590] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 526.515592] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:25:13 executing program 1: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x4000, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000340)={0x0, 0x1a3d0, 0x0, 0x54000000, [], [{0x801, 0x0, 0x80000001, 0x0, 0x1}, {0x801, 0x0, 0x80080080000001}]}) r3 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000340)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r2, &(0x7f0000000240)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, r3, 0x6a65bc0f1b6c398b, 0x70bd2b, 0x0, {}, [""]}, 0x14}}, 0x100) write$P9_RMKNOD(r1, &(0x7f0000000400)={0x14, 0x13, 0x2, {0x8a, 0x0, 0x4}}, 0xfffffffffffffe55) sendmsg$NET_DM_CMD_START(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100002}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r3, 0x400, 0x70bd2a, 0x25dfdbfb, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40000000}, 0x40) sendmsg$NET_DM_CMD_START(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4002011}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x1) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) openat(r0, &(0x7f0000000300)='./bus\x00', 0x40000, 0x2c2) r4 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) bind$bt_l2cap(r4, &(0x7f00000002c0)={0x1f, 0x40, {0x5, 0x7, 0x1, 0x20, 0x3, 0x2}, 0x1fd9}, 0xe) 23:25:13 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 526.520798] RIP: 0033:0x45a6f9 [ 526.524002] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 526.531721] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 526.539002] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 526.546282] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 526.553909] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 526.561209] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:13 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000002000/0x3000)=nil, 0x3000}, 0x2}) 23:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:13 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) 23:25:13 executing program 5: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) connect$llc(r0, &(0x7f0000000040)={0x1a, 0x102, 0x3, 0x3f, 0x9, 0x56, @link_local}, 0x10) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x0, 0x0) close(r1) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3, 0xffff}}, 0x10) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000140)={0xb, 0x10, 0xfa00, {&(0x7f0000000080), r3, 0x81}}, 0x18) [ 526.715334] audit: type=1804 audit(1575674713.406:110): pid=27870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.1" name="/root/syzkaller-testdir368478018/syzkaller.VyChbP/437/bus" dev="sda1" ino=17761 res=1 23:25:13 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x121002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r4, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=ANY=[@ANYBLOB="00000000c4107763febb895f68e1c8f35455f0e1a08eb0eeadd5e54ae3894440045a000000000000000000", @ANYRES32=r4, @ANYBLOB="ecff12000000000040000000"], 0x3}}, 0x0) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r4, 0x1, 0x6, @remote}, 0x10) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:13 executing program 3: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x200002, 0x0) ioctl$KDGETLED(r1, 0x4b31, &(0x7f0000000080)) r2 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000580)='/selinux/status\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc2(0x0) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="24647ec1f9657ec9083514a13a6869137db10c8ecdc02af615eef53c16b248a40fee50ba491a659f14a6864e285cfb0c6a5b38c41d02afc17c5333211d387931a755af5d0ea42fe74bc117f1c5340900000000000000387d82277d991dd0b6729a62eb8dd6bed3a80af3059cff204440ffd39b8f01e9d0a4da4289dc86d100dfbdaa2cd7cee800a448501080d5b838a86b240c3f6eaf8f17ed10bc5f17f06132c72d21d592a7e1d31bc15aa0f03b91796ff6f8eb3f2371f21b8705af3df7e4bd2325c8654c3fc42f71b8983b970cdc68263738eb26a7652cbda8974c379426f8525fafaf4a6b744e5046ff352200ce67bce399f797dd558b68c0dffba8d3750be5fd5f5a74bf206414bbcad334f32da2d4a362fc57", @ANYRES16=r3], 0x2}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f0000000a00)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000009c0)={&(0x7f0000000600)={0x3b0, r3, 0x300, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x1c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0xc8, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x132}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}, @TIPC_NLA_BEARER={0xb0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @broadcast}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, [], 0x2b}, 0x2}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x10001}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x0, @mcast2, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x8, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xffffff81}}}}]}, @TIPC_NLA_NODE={0x4}, @TIPC_NLA_LINK={0xe8, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK={0x20, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5c0}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_NET={0x50, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1f}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xe55}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x10000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x78, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-l\xe9nk\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}]}]}, 0x3b0}, 0x1, 0x0, 0x0, 0x4000}, 0x41) r4 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r4) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000140), &(0x7f0000000180)=0xc) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$getregset(0x4204, r5, 0x1, &(0x7f00000002c0)={&(0x7f00000001c0)=""/212, 0xfffffffffffffeab}) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 526.804486] audit: type=1804 audit(1575674713.436:111): pid=27876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.1" name="/root/syzkaller-testdir368478018/syzkaller.VyChbP/437/bus" dev="sda1" ino=17761 res=1 23:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:13 executing program 2 (fault-call:0 fault-nth:53): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:13 executing program 5: clone(0x787467fbd6a9d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) fchdir(0xffffffffffffffff) ioctl$SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3) [ 526.977255] FAULT_INJECTION: forcing a failure. [ 526.977255] name failslab, interval 1, probability 0, space 0, times 0 [ 527.010094] CPU: 1 PID: 27911 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 527.018071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.027517] Call Trace: [ 527.030119] dump_stack+0x142/0x197 [ 527.030137] should_fail.cold+0x10f/0x159 [ 527.030152] should_failslab+0xdb/0x130 [ 527.030163] kmem_cache_alloc_node_trace+0x280/0x770 [ 527.030174] ? trace_hardirqs_on_caller+0x400/0x590 [ 527.030183] ? kasan_unpoison_shadow+0x35/0x50 [ 527.030198] __kmalloc_node+0x3d/0x80 [ 527.030210] kvmalloc_node+0x4e/0xe0 [ 527.030220] bucket_table_alloc+0x160/0x5d0 [ 527.030233] rhashtable_init+0x4a0/0x810 [ 527.047084] ipc_init_ids+0xc6/0x1e0 23:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 527.047096] shm_init_ns+0x105/0x140 [ 527.076245] copy_ipcs+0x32b/0x400 [ 527.083478] create_new_namespaces+0x1dd/0x720 [ 527.083488] ? ns_capable_common+0x12c/0x160 [ 527.083499] copy_namespaces+0x284/0x310 [ 527.083510] copy_process.part.0+0x2603/0x6a70 [ 527.083526] ? proc_fail_nth_write+0x7d/0x180 [ 527.083533] ? proc_cwd_link+0x1b0/0x1b0 [ 527.083550] ? __cleanup_sighand+0x50/0x50 [ 527.083560] ? lock_downgrade+0x740/0x740 [ 527.083574] _do_fork+0x19e/0xce0 [ 527.121544] ? fork_idle+0x280/0x280 [ 527.125286] ? fput+0xd4/0x150 [ 527.128480] ? SyS_write+0x15e/0x230 [ 527.132207] SyS_clone+0x37/0x50 [ 527.135582] ? sys_vfork+0x30/0x30 [ 527.139131] do_syscall_64+0x1e8/0x640 [ 527.143017] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 527.147861] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 527.153043] RIP: 0033:0x45a6f9 [ 527.156220] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 527.163922] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 23:25:13 executing program 5: r0 = creat(&(0x7f0000000040)='./file0/bus/file0\x00', 0x2) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg\x00', 0x180, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000000)=0x8) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:13 executing program 3: clone(0x787467fb4fa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = dup(0xffffffffffffffff) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000180)=0x3, &(0x7f00000001c0)=0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r2, 0x0, 0x0) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f00000002c0)={0xa, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='bpf\x00', 0x1000000, &(0x7f0000000080)={[{@mode={'mode', 0x3d, 0x7}}, {@mode={'mode', 0x3d, 0x10000}}, {@mode={'mode', 0x3d, 0x2b12fd15}}, {@mode={'mode', 0x3d, 0x2}}], [{@uid_lt={'uid<', r2}}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@dont_measure='dont_measure'}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@smackfsfloor={'smackfsfloor', 0x3d, '}'}}]}) 23:25:13 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = eventfd2(0x0, 0x0) r2 = dup(r0) open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000002240)='9p\x00', 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) clone(0x80000800, 0x0, 0x0, 0x0, 0x0) [ 527.171177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 527.178434] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 527.185687] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 527.192945] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:13 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000040)='./file0\x00', 0x6, 0x4, &(0x7f0000001240)=[{&(0x7f0000000080)="442e1c1753d01d9131736db9cc461f9d9c747c97f74ccf594f46e535bb38e587bb15a41889fa3297b38b74492f50f305c4426e17e34cb9b1fc1b041a63226affcc8e3a1b377cc1c6a0e5719f5ec883a57de7cb9511285e8e44eb5acc451d98fb50fb49b880a403dba672163427608071e4296574256a490d8a4c3a01e7390d", 0x7f, 0x9}, {&(0x7f0000000100)="53dee79325c8d7284a5c6d9c36e252dcf27441a4b1ed73046db95bbe32516d2c", 0x20, 0xfffffffffffffc01}, {&(0x7f0000000140)="96ec58ba38c1eaae2b294f2b942165158dd33df21770573212b0e7a0b1e00acc69e94c383e63a2c737a99e39011e3172f7484fd2fae549779e66c58bc26431ce7faefdfae49c845a4a617c6e23ab5a1f51b7fd2fc699ba7e61193495a142ed2f24bc31f04ae63bd1c52d57af4dfc66a3d9ca2cbd0b0034ad0246ca02b1e2a86a6906856d999233332dee96b3b654311fa155970121c3144be9d7b882a004b68d1b6383f963ffdcd41cc3eb0f531ad9af5d7d5482ddfa16c2c6ed67f14cbac25fc9f295ea81b3d4f0ede3fea1f8e33a4a6699586cf8ae7e4ba150a76dab84ec01d8ef1d1c769ce28f7fe35d9a278f87181e55b8ad633af9bc35b5a2c2bca87098bab0faa9e1646e4bae429ad5ea1b66cb189f57984f0d0e405fe17d8fca52ebb0e11bbd108eba82f04dbaf26252920d9d49edd24ea0a49135cb8995611609174c9af16a970a2093e84782fb8eb9fe28e5e4074b357b91ce058cba4382708c3b0e6f1f14770a66a2de607b11b05e36aed9d91af4b4d46c995ac7fcfbc1636e754515c929aea3ba7ccd57a8a123c4d4e3445984e5d9e156afcd8a34ceec14c9690bf92771fc8724231bf33ec52c2f9d84fbbc387ad6c981900d47897db85572b87524da144ccfac536609ac22232932417d756d0b1fe4b34a877b612d2ef2ebe8fe8cd5b03bb8b25f7b66a66b0b901583b88f130b559938628274f083bc62ab340400e9ebc9d6c1c93ea79081e7e055a3c19303687a4de43f14bec576c2366a8d4bf47e147d02991a988d99e365c8d8c14c4b8b9f1230e19869847382ca8b9cef7a3980d0242a9219d3da7d76086684c3720acd42d7c45d58417c49240e674613bed23cc284f6653ffa2fdbe5d7a4d6a1c8e2ad122be86299b58f471bc390680217c3265233187734d1046535fde095e16d8e649b2493ec311b331d346488f5a362f3577fca7565b1f92e06a2f2976fe9bbc2f656379641a2853427d3666f1dcda8b7ed29c4bc0553563b9f39cab4bb15914050971f4d035a56acd4afd406d19daa84fadba4b118e777751215e382230a895324d7d2ffcdfe48531f280b0f47a39f1c130d6e54750c7e456000d6d63c5a9281546cc9c3ec83902b0f82cea1a2b56db329ede92d21d42df8bd666fa671b4f3e54dea0c2b81e4bce835078ee9b5d99a3c69a715ae1371184de10da95913b50ed0f22d335f234f4e887d4033b1d71c7d230476243b33a90683171f0e2ace112b5e2ad4119105a69fdcac6ab029908682e4a0bda1e56a52e66f81aa6d559e064c059574f3d7a9ad005a99c74b07f8e17c5ef8fba64427d5799d2faced63b0db876a3f8cfb5b446b3db37188137fd27e59dad76e609d3820020045d8319d1df7a6c2aba2fe3156601a5237609c3929012b5a6aff3bdac9d1b2fe4ef774a8e916f62f69d3bcfb61e571ab44fe29adec2f03b1c4205ef723e8f186184c58a9944260d796ead7efe5835408c31955498eb17e6c96a03c7616528d3c4e33ab00e31f2adbbe48d29d78a9508f25eb585a8f6f40c99689a2bf8bfd4b62534098a46c6d69ae47bf414e1095e608d09e6f548e17b5f8bbbb04f42862f6df0a6420895598b0818c7fc4087b4867cbf9d95679b71906aa72a7d7aaab9d3339bf123388ebddd20e83b3ee837ed4d659f24b360a451840cdd6ba9e86f07c887dd1a22ecfca6aeb4aa1cfbf039c6851c3c23e1334766eadc32cc383609b3e9a1899482de9209b6006ec0356c336eeaf4a1b09699a9f35bacd15dfba756628647f873441311a968f8ff68e93280ce404cf32b3806a4b4c094eae334822ac5a13774e37969897a7f1fa07fcb6a099a81c185a7fbb76763cfa4e005ba7dd423bbef3418dcd115f20f2ce04b5ed3fd06cff61ec23397d9d8da325b662faea85f01f62a4096e7c6519c364a068886fbdd4506b8a5f4fdf480b8a7cbcb513b65a8fdb4609a674abaf20990a64857ef078b88d0661d806c23ec24cd96f76ade5dda84024316980c72dabfe53947fd3598f678668404efbe86185193bb6986201f49621b8669ca549c053e832fa0a1ac2d53f0505bd055305ec478ef0c1c50bf3aca3eb68e2d168e245a2cdd7983e5488073a1a47834972bd70a37f01c48de9c1151d5d30f4895f07a0ec3a504209b664236683fe47d23b391397f5878b9dd2bafd8582347b20163145d2b749daa98e8d8de90e850062b66916f181c968689aefc09ca862f18c1cd96e1dffa6f0ff8dfd3d5c8df554dec6f7138a7a5cce3f90b711826b4d5960cb239394bd0df8725d5ccff79b6361ceb75aab69ca8885fe5fac58ae5b69b7e308e322a8e3206693a5f939af979e5f5eef035d2d8d2faba0fb954205f5dc390dd9e9e1699d0b224213258f2d3766108ac30f376e7495dc373e5f56dacadaa9d8f36756cb3461faf7e67396da9ff156d6f03360754ba4edfefe4224cc1e0f6add8ea89e9cc91a7085ce863b146fe542384a1ffc4c4c3f7f70e900263b73da5ab7d15d9b42b102b4b2106795ec77507c2a93a41fe0b9110ae190a7e0abe454a175a205a4ffe197574aa16f234f4945728f548ca0f296e40c5e0a2acb2802a7cd2e4cd60477f76eccbf2bd1dd6fe7c46b5a27bc0e28ea1585ab75f326a1dc142a9510e18ea21971ea61679c9c16529e01d9cb17709de26b40419509b6e36fea9af7674e019d63d2843b9ef95474c7b5e873597f201cf6e47c0d70e734f8a2d92b2d704e2350fc91e499e0cc024167e2ff738a7777858e546d1d2c9916ae90dc707e062928fbd214fd65a7fc33a745543af8b73c73e048f0170ead41027220a898cb82a054f980b0296cef77fbb2d280e870a0cc6bea7539901d6aab2f7c39a04ec20078cafba0e1be53c97868aca4b42855a033e3b47e689b16b404fdb6a4deec217354f80812b41b25a365e6e5b1a25af57a8e4d32f0a25c623e4e120fb82b16db719a2f6dca2f2260e71264e67086f040ebbc7a8479bcfcb58041ee3ba0db4dca61c7a949792d1e3c0f985aa9a023e766cf2479832aa40ebd1c65221f4acebe170b10ea27e6bd15cfcf23f3c568704c50607e3f8366cc3a1f2b5f96fdd7b842044cc89c20c2e7e3090bae44c2eef6b8f22483d89eadcad17450f14e6e8fc043cb961e0b349287c7cb79fc91b111f1aa27d8b192f38358135d11ffaa8f10fd3842dcdae45601ae84bc07e7f09a10800687cfe0cde2282b502402317df18f0c8dc15a813509f5987ba443f9d966e2492b12d238e63f907d19fdb2205332864d8d1cbdf7ff1816785f82894bdf9ca8fbb5dd55d4ca43ad00b31968c83205f51b7fe89d192a174c60272be9796281f5fa6461fa6de77cac499f0c610d4dd8c0ca3dc29e87ff2c862d6e0d1d152d668b1d06e16f81a8635a840eaee3f0443ffe4199896b73235a1a82efaf2d3fb46b64bc5d13a4ab03810cf31c20fa9a4cf56c369e992765f537f2338c66f009cf7dc1431269c15bf08735489258fd315021d6188cc9d4b226f20f982b3911ed08a10c909a0ee306bceea0d3c95cd530e0009cace81175da4ff6c50894b15766747245f97092c2fdf6db3a7dbcf5a43cdf93743cad77d5f231c9740dc431f00473e4d38e7f1838d207c45d63b5a73d59a7694353c8313bfb33b9538de2c0f9e6c89987c046455830d847092d870dc38cbd004440c6387daace4af3d66ca391637b0586dd8c1fb40903a050dd7e92d718f59c2243bd65d9c568875d6b9c6984c9baf18de920ddf6813b7e94224423121accd144773e7a35678abb1775a9b214cad6f5e158361418b9a613fd77e42dfd3f4f6c977b97cfadd318cdb02e5403325e80bd7c5d768a56a2e96ef3eee90da7df446f590f0d74316aa46ab45484a2f057dbf045be7e5bed4d3650961e55479e330c526fcba8a51ecd2ea3abb6a39880c8f54871e9fd498fb45eb5c30028bf11ed644b2a87febd5a5e1db9c21e87c8a3e9fece892c2fd2faae90de94458215223f7303a5165a16374407994b242f2fa4cf0bb95aed7aa1e3ceeeb71166ebf4c0a475d996bf03221f3d87d9f68de98ef4b427ce804bc795184a8cf77644fb6ed40e550a11139ee7a1ea12f939cb81c18cb07fd8e64e56909dbf05f80476694f89d8fc413f1a05ddd5f59a51f7f4a4ce6ef1b674ccf954944fffaa37bbcb8f117a47cfcb116040d42d43d0f27424a3cea660c14467fcdc923d954fc517503bb51180374188b920151155cf709c62fb0622d445cf8c5ff17cf6d9cdffeec30367923596da31de48eacf10a751d286ce8287529f710fccde4c51224f3a96c8d69d33ccbe627f0f8225af85ec50e94f6618c8e06a258e3df1bf194be65301557684faf30ad5e616f6038520a0a076c07e93032ae17f943f253d1df332a86d1481045f84d0a86643ffef7b32c4b4bfa518425b3416bad20752c6201518c257b2828ecad4479b0a2ec29d88491400043b75ec7348f32999902cd7b9a8af705cee73bf1b3419c22bae7f928bd0785886e737633651718301855f5e0ead3ca37f7e01685b2bf1fbb49331d13e1d4a9e0e276e2175f64c55a99d80f5dd30e421cff2b77ae69cfce4882561b558a61cad31b4b9bf7fcb72c42aa89716974dd46393e1850d20efa68947cbda26e38094e57598751831692b783368f261a47524a5c9b7b3ccc2d6bf36eda79c8c2069efff69eacb09fcb3893abff69ad8c798f4df3fd25c0ef70d50c3359cb2222abeb59aa886f767dcd6e34f936571e351bc7137bfcb071dc70f7d504a3ce5430b4b97de5e10ad01cd54cd4191638c8fa4dae887b4e7642930bf804142d1c5ac243ecfdbe0de7b2677c9a2d1c83a01bd4b1928a9468750982ce64b9840f3a7631bc142fa958b1e188e27ed73b0a54f63607a8789bf72dcf708ab2a074305a87e9b96873330680df61c82f972467c294a1cca14c0e20996432fca005d69488422e0f02a1ded51b4432a6574e332deb5ff755d9f21249b0343977b0cb1de30866c0c319fcb5837b0f4ffd76373839c5f29268eb74fb105a9f05f01353cd9743c20a4756898ca6d855a2c841a2632c93ad921702f0750a4a0dd8933f411f4e00bac2e960990423bd87fe33ddcdd232619a8fbf7bda45daced8a9c73b0152edc5040f4f90d44bd8d4e8f6f66818c1d298936655a862da635aee0ce8bb74d5114883b15912ad1d71b002d0a9ae50f7e3390def70a91d03057637519829e89e7be3d86ddecb99e69c51b53c30d66dfd86531c4574d69b00f16907d9d5ecf53b6b095cb96242f472ed8b5372c1e66fd0f95cbc894b458dfe5b3f7d8cb641d04a10919b19431cb19fc57f60a8c22f499ee951f3ecb8f60860c6010cf7743279f91b27041cfedb625085bfe399509fe0e363e8e951a49d41e495aa00b1ff1d21806b56d9e46712cc57720261ee6ac57ded959691a518896378a81e76cf62968a34b947f937f3d1e60bb0a641fa8fcf81fba8bf7a2f902fa9c72c849f96e89c624a8fd4dfd2890dc333cd3c51ff4c7ebe37e213df4b5199ed7fb705910662f9c6e34b9b5aaa0555af018723faa9457c67743ebed50d409716aa43329f83a5a5e1aab3156ba9cada53a5627be3f4bfdd131ee58a28e424f23786a70e2e263405eb01cbda93c10ee2cc7c0bc185dd26ba061b743403aa67eace32f9302e5f7ad5fa9ced441f006638f39be61d96ea16d35e63ea2c665cabcda11a04cef22f0d8ba348d95f93aff0d8af5122a799ef765b7d844e116d0bc57777698e55306e5bf114114debc2a2ba27c05875650bd8d1963199530008a695a320fcf", 0x1000, 0x9}, {&(0x7f0000001140)="265e7b4a0b7ba683893fc411d16a0d9b810193f4f11e5f42fbbf4dfc9ab5add74f40f803d398ce53d422bc48d0d2fd4ac00826748bdfe08d38e5c325212903c458bb41e1691db1684481cb86958055cf386e92d61bcf5caa95b84fc9de8969bb574e971be7de9ab3a57db30c3517378141c5d952b25a5103e644b25bb2fc13000d3f9997885093e006b8005148e5cd7cd9a6f40e97961cd2fd6e9ce6e989b8f176407e55cbd15083ff30c00c80dcbcdedd5fb339fb9833bf9021d6f3f13ff71ca5", 0xc1, 0x1}], 0x1000000, &(0x7f00000012c0)={[{@quota_quantum={'quota_quantum', 0x3d, 0x8001}}, {@quota_account='quota=account'}, {@lockproto_dlm='lockproto=dlm'}, {@norecovery='norecovery'}, {@discard='discard'}, {@quota_on='quota=on'}, {@noquota='noquota'}], [{@smackfsdef={'smackfsdef', 0x3d, '-md5sum'}}, {@appraise='appraise'}, {@smackfsroot={'smackfsroot', 0x3d, 'nodevppp1md5sum\'+!'}}, {@smackfshat={'smackfshat', 0x3d, '#mime_type&usereth0{'}}, {@rootcontext={'rootcontext', 0x3d, 'user_u'}}]}) clone(0x20008000, &(0x7f00000013c0)="17ad742ddc39a3eb03002ea76de5b8a558ad5e04a9d17808dd1dc2d5926a00553ce92bedc2b0fe24a163b8011214393018b5f9d8f8c5d6a824474ef1911ee27a0c7cee762296fc3be07f8ec201e28e8d8ed6ac64a6229ddf91214a334fb026288f515fc96680e55301358f509564f18735443c19313daf00fbdc6390535f3c3bf4b72828fb66dff7680f331a50e7a1d28ae74e6022f1c271e675470a6cf375fdc5b4b99e04f38f07d45042fa693fb4307f5624ff7a819d", &(0x7f0000001480), &(0x7f00000014c0), &(0x7f0000001500)="542aa2cecf395033142c84f58bf518d0adb46dbc") 23:25:14 executing program 3: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x40002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) fsetxattr$security_selinux(r2, &(0x7f0000000000)='security.selinux\x00', &(0x7f0000000040)='system_u:object_r:tmp_t:s0\x00', 0x1b, 0x7) 23:25:14 executing program 1: clone(0x926c687182259999, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x40180, 0x0) sendmsg(r0, &(0x7f0000001780)={&(0x7f0000000040)=@nfc_llcp={0x27, 0x0, 0x0, 0x2, 0x0, 0x5, "c0652fa211a2c69481534b651cbcc358e8bfa66ca6386e9abcfd91740cd6dc64a233d6164daf644efcbc0d65e280c91483336c1d0018f911c3ec96586023f5", 0x2c}, 0x80, &(0x7f0000001200)=[{&(0x7f00000000c0)="23599bbace5245b9b7e76af2213f889ecd43650d68cc4da7c9526f87db3128ea9e588ed57b6b441d145c2c15a2022ce07c3b1fb41e83e6346ef7f016e6be3ba92a09c43a484a726e111e0be21215aeffeaf4f29d0bfcf987b817f0ebe0f5b6ab8e5513a8376923c707c7db62f8713f0a105b35a3b0d4e45327d2d351a3d5f61b46cffd39e14cfca69d3e4bd9b54c5557af432d566ad388491a43f2cdc0472aab2a77877f0c2b0fabc74f1386132cc35adf5187cd9b5b6451f86441c1190d07b3caf53a2c29a50cf2f30a2d94cdf4dfaa18dbdf95be61ee0071b21d0c768d24502a0597b680ffab13b0ff6439a644bc01f94ed6", 0xf3}, {&(0x7f00000001c0)="a7339f35cf8c28d011caf268cdf96db4e3dd040e26c3485b1c8b0cae3a9c5b3f8336a1f70ce96473eb39617718940e09435d46dbf6", 0x35}, {&(0x7f0000000200)="c28d8914eecba678d086c2c6d5cf61a69f5c82f557ecc0dce250a33d947c87aafcda39a16cc2f5d1aada4fd9115f3702f64f8e9be29f72f146dc11fd58f4460cddf0f5d8e185d9342d7924bc8dcfe69eab041985ca22d7974e6cebe8c49b3e116ae0be5f3dc1ad6cef68821a824a91865338a2da652065c4224610eccdaf201c609cc7d4763fc71183719c237ae4f1e30934412e523e65919e15a9b364b2ff2fe544894dbe0e52f851fe6153e0921e87ef77b189f4b38dfa8288a575acca98cda8c2b573824fd71d94dc8ecc3ac55bbc266c434fb4e9b37545a6759372e5badd6d2bb8680c8e5e9d56f480caa3a71794c03847cf06235c01ac296e1091c8e7f5e7f7103ddcbac7e51f910dab29f2f968bea50d532872fe1296d09ebcd799bbf7ff007f77b809578c14311865bb7b0be79e2033d55b3b153b8a61c2bacb339fc0a1c392f3a84a6cc098102e808433266ef67c4884ae5df11d5241d651d130d2137f2840393ae9a6becbbd64dbffab5a7aba94ea8299850c1fda01868dfd945f40853e2c9477701c5e4bda5e00d8aea4d7c8eef2db7dada8ead98a397886725631ed198f77d202134ae4c6e87c040787f64b2b138686a05b4f9fef3cad2d96df73df9ebbdee05e8615439ccc97426c11c379d3393cf28f7be7c85c2ca2534df11f1705becb1c4f4518c73d0bb6548bf2c2903821f39436336b8f4affad5e719bf73ed9142764c4844b021edc8c1c08560c4612fda7f35dba72f8d09071e4cf37b569b7f3e4ef1ba7a64535066e480069cdc1f1684d7125bd3b6a19403e2903d62872aacf6e71b77b98722c58cea330a68af9023bab87b654b01ddeeb25bddf8ce9fb8090374f54d6c2a31508ab2032d67170021e9825fbc5880e6ffbf95887565754f43656448f57b6fa29db98ed3597568f13d90f34e961633a5dd7b6f51eba82c7bdc7d36156e2d664fe46c6486d110235079f5a99a99a62b7d0afac184318f1d70a8b5047340c4ab7210abff7bf1d32ab817820fe4522a85c538999466389716041a7b07bbaa1fe58657fa7864531fb535834110982e0e42e70f06f6854bbd8061985df02e72f846af09ee0407cf88b6fef6308daf2bf07d3a8948856b5d6ffcefb857ff7cb7a4f4f869ccb37408c5d22ad07a7cea391ec4dbbc8795403ddd7f97a5a74dbd0c21430eae3e3e640989760ba79d592ceb928c1e13dea978b268d82094018664f9c74412a8a1517b6474a8e09d4b9a94e676c9342d1df45dc2ad571ef7ad6a17d87daba26d4b774646ef47888c991925acae217bce4a7cb8cf5391a2207825aa0a9fa7369dd5cea1c8db1fe10417531537335183a4f18f61a81902a7640da434067661f1cacae5872bdd385c18c24d65354e64c3eae075457ffa270d816f0901aa46e83bb546148eb3a5160521c245d24a57a8892de061add761f15e3cf06131ccdc5ab16ecf576f04b07031aa00c7f5d36ce74a79ecc761ff0d7292acd4367600703a49f3fd7f568794fd20838780e72b242ab7c29f0182960a463e17823f714bb582958711d0547c66e101b6deeab0e3b525e2f9742548238d67175e1de9a1719bc469d6d5af2ed976ca07fb1347521c19444d19c6ee54e6cb10281edc3d550f5aca199b01ae0afaaecc7d93cebfc5eb8f1f3fb65fdbb4b8ce19e47f73b490df23d0f6f8a88d77117ef3c55cd8f39ae50c6d95e8e9b3c770589318f4791ca0715174a20e6704bcd8bf192480e66d508c975d51b150436aec911c7bb18d1b42e0a4e1027d69b3cebad8fb64ae84ad9f27edfcb5b714a80036d020f27267e7a40fb0a79cf5827742bdfac26b43d69afae7e84955ac204388fe222128e6ae8408ca8eef07e66968c94529b59a24acc888a0964572d39863b7fdad9907ab8b433af700ba82b23b0354a24b4fd97f281a6d7f8e9c91ac8da72c11fcd8895fb6fd6da93a643fd0fd7be4d0da7c5d47ebbd0591eec64db26c410c9ed656826fea8ffef70111be19dd3af72ab8e5e0929bb66663c42676a12041ebe87a366214e18bbbf73e8dcd6df4c3e53e3ed9c181c89090336b31e4d592113fdff99f97c6d33ded52291f16374a65184c294920548f0e03173a95a1c002b4d75a3fde10d1fafe35ce3839ca9d28a69a5a2419a914daa2b7f10210af4cea1283225c7b1bdcc42eb83ecf148a9b85c660db46b13519d57d1ee751344c9e84f41f5bc0a22678f81aa17149ea041091b77f56267e39fb3413c9572f42c9f85bbed8c36c2746f92dbe62df98d1fab8e817176d03a2cad9e16d9d92af99d86323d8dab693997cd9d069e739ca3ffb6103fcabdc822e728a27bcc0da9084ee1c986f7af2537d19218e51cd85cc28ba4b31b2d8918c06ea19f0d1bb1321c8e44d1b5fd0f160e6fd62d20cf22be669ad987184ce42c97bfd410f927f711d218731834ce762954627df7b7a023c07d518ca74c0faa6a9f18aab1e354a06966638dd259f4bd35c5157fc91d41d5de15420a37e0dbf7626bd61ef81c0e9b4ed67f01a78dd5f586418991cd97b81ebc2090957ca5133f21611d7e4d05f03c4ac550d744f4d36b96e5fb5ae2675fe605c0342b3a331dcde74f5330cd648a738de9bab6453fc940072a23fb70686f46e3821b033ac2a79a1bed0c5dba6cce650cc5e891f50e84de78e062532b1956d4e3a3c8f5ada6696d5790eed5364db41df731fec2ba48ceace0dab15211e20775fb9a86b477551a494b7eda1c5ea170263db4efc52aee9a0763a93a2655d2bc8bbdda47b1f4060021c313a66258d4f8c80b888163b3fad96bb2b52dba44e7d4bb9e54cf274bd781db1eee29e138c810be0f24587750b815fd0fd3c61753b0d2c5b18448006181cba04c93cf3f3b2f847e17467f550f559f629bc88d2436b4db81842aad5e4de6e0b9e2225aa61ad69aeed2da6deab78fa312d81bdd8bb22bda13ce3b29c47d967896ff28eb434bc298d28f5fdd345787a9c1cac85c72e0b0c16df729938c40aee46c82a1bc71a69ce77f67ee77eaa463f5cc62ccaad99fa5efba56556ea1ed5c1c384a8b31ffaafd07cce7286db145ef9b257779f87d57e165c8bc987307dd323e3014c37965934d78796928390c7064e1510bbfee6cf745ce69b35c5f7e469b646b429057d83c2eabe6845a6079ef82b26a5b5be04468f747946c0b3e91a27eb8a28e99ddcf3511f47ec3ec3698ae4286a713f08141c755a06d809bc80b927d412ebd7d7465246e6204e13fc919b65e91e1afbc6afc5f0b5143e4b21f076d5b39ccf95a9d9e1e5eabed539c9ec6921c5d0a0d45a0515dbafa5a6b23661536c6390db2f1c58e6e07cb447a32c9fb1e7254ae5b15a8b4618c9777e7d26a1415327f0b2ca1e6548fee4c0f44762b3b1a16a46bae0c3289095fbba3a0f884f38fb7a2162d804bf8de90e23980a72cb395c1c8b21e45e613660ae40d8d1b54a7e463bd8375caaac5e1e155f2b2764eb947a772465b38bfeacd02935cfc852b74cf17fffd3e181ca9d9c6aada2e9cee558dca7adc4ba4e383f193028f8a4d500e2059ef0afa493117921c143fc66bcef9d9702a987c3febefb13d86ef184aa1adeec98bd126ed0ce0e2377bdd217060f3f92d85a5d8f7a4c938e0fa1fde29f1be20b78055f5561ec3d057d45dcb6615d30146c7ec812614e185f319494222c4e99e14f87bf83727d91a6e78097fc49ab7cd4cc449e07808193f41cc7dc8c2332b7de913a0422a55e4e4e50aafbd67287a69b4951ad4bac61d086a70d03af2d57921fbcf878e08b24d5fa34d8d7e0de23b8332ca7b310b0bfd23b9a3b075a96baa490e57c8da0a8931d6ffdc746d6a50ab2e8e24884bd13c8a76a24f4c1c45038f672b14f5e717aa6687b482fb4b736fcfd7c4e361c9e9f2bc4fc880012f9d3ddbb1a903c5687ca48d80f960eab7f7fe95fdbc7f6684f2c688f8f7e5d1d83a73ac2b18a13f5cf6a57f3c2ab7ef1752561112d01a9791155a0426b1a12e3a81eea78e5d98c7352fd0e1f8e3c77f7a3fa3e140d321dbb1d59a86ba18ec416809f7b751b9e855855ff54af27972dd3578bb722b24bb0b6b7a78ee2ebadbf9a548d02d350f7a81c754de2d88a245aebd92dcea890ecbc35cac27b4f03628ef61dd6e96d6a3808e747158e47bb458c36dd8b867957e05dccd2e5a0f0759feb9b0e5231902bc407c6cf79a7a04effd1de23ea4891d9dbdb3dd83bfebbe6e76c446d87e65deae9a51293226cb79c2b293c347811da50c97c2011aa0b3c5425822f3cf67fe8779db11e214e1d14c310201a85c50d39d7a5b220a4f900a976406ed060b9ee3f9ba3ff4302eb8a8694de9974726f3ba539e5efc771be17282d086b47443c6252812cd59b0aebe33cad08bd0cb28d77c72093ae46c18b3c275fb7351cdca4dc33b2fdd1c24e2ec2ca3cf58b3ac3703d1287b516595714ea78879698a27d726aa3cb7f6e2f9785a5b26a998fd6a063cc95abab452796b1e160e82c224d7af50fda10a64c0197b6ff80cc493f45576b06fdd9d8f02b58952ddd895fe9ae631c2567c8ef9fe14f407757d80637e7d4b9df065c60621f57511dabbd16cc6e015692273303effdd3267a3d0c81d342b6e52e71a73c86e0bef4f2e36e993ed8699c1a218749325cbb467005612d0d730d60bea3152f50c1dee12058af0e177ab140699e2f542362c9481660a74d8735756b7cd721d428ac56db92f4bb99a06dd4bb65ae6689446142182692604ccd127e4129de90c749643a26b0dfc4bd2bb6e0804892575cea36010a633bbd5e52a49cb604a7fba96620feb6ae52388a030ed1fe32ee9c9bbad5c3af18ad13f6881dd7ee8397a574e88f7547c800cc7d8d37f59aeca27f382e982494d16fad5023c637a9190d0c3e51596b4012911f805fcfe4c2d0129c6f31561abd445574a723413a1a4ed7b389a65788de2352f597a09c74d78d300df48cd76d3a29a7c017f2958bc00f3303ef49bac05e758d9f9b77e119a04288b9b023cdf63d4cae38fad01c63e0157201e51605326c46f5a55cc80bd53ef0da772cf6104b76817f4880ec4b6509e24379fa820baeb7f3fd581391f4cd5bc957b0c6e6bbceb3933f1fe4d5e4d5e685b677d2a9661b4d447ac7f27c0a08fe39a17c51d56ab2473b73eff4d7b18bedca2038197d9f3f11b3e98c2c2ec36e8af5905beaec690c794d4330d1fe857e0d937cc48c633c93dad735b58f3ddc4a3a3104b47b0fe36b58846519898a3fb56d520d462d7ee01350cc2116d27cf06b03dccc0aedf0af783e0a4f869acb233011d567d7b2b8986af535cbec0d5990b394ce1a5721a93ddd3e809dfc857e4100317d38eb432c13994e9b01d3f2557d9a9b9a1fd94ff0e161bfdf41c6ded0cf4c109e2c61a9db8c63241ac5fe129933288957de51a1c65545b9b41efbdd44acc5a4455d4ad93c4d6169124e8604eeeda1f721255759e8653228f5007f2b5658e9ebdd609447a795b0c1a701c85ecd3f70f0081cffaa2f64ac8b52b5a7c565896ab7a14ec0cd23a44be2afea82076f8901f58be9745b7c46d745725b371361942edb62277474974344af6df8dce13fc330d3bc09f608fda544ba6d37827291bc2d7418d1cbfdef3a0a1c28492245406ac00dffb95a30638fea869c897f798719b67fbbd875610eef66268042c999a99d1172f071f382988c4783a249c2742b218f372c638f3fa12e75954f5d0b89bd63dbece3fc7109eb40a86abe3861f7b88d16a3a8a64e3a995c217450eed2269eb5922c333a8ba30fe639a7898f6d2153d35d77611b67f8095f237", 0x1000}], 0x3, &(0x7f0000001240)=ANY=[@ANYBLOB="a800000000000000130100000010000079b00e25688aa7abda13a35049104a8b3a7a6949bf70c7ff93c749710c815add2fd6fdffc986b211f967219f205bf61d0e380f8126fd13ac86b92187bb6ed6f2acd51e86b6e42c482e43905e3f6671afecb32ca7ec9082efff83322ee5b306606d7de8dedb2d615a9b68a2001000231700000052a0e7c9aba57259523a158a1814590183df9f6cc588a2e37c2d7cf9291ae6028a59e3ce59480000000000000011000000020000009c124c81f17aab4efc50e66bf3c671eb957c8f050655bb03bd0ee8f231c770a0a68e13dea2a19effa0ea1748bd51aeee8239000088000000000000000f0100000001000099d59ded767840aed343b6aeb6f63759cb6c207781b81b83d0135d69db407093f34ed79eaf18bbf967ddb49e822acd4e4abf6351657b103750572666892f97d637cb658809758d630fc4478d1edb36df295db93ba7764c3cbc85b051b95027cc5571c96ef0db8dcf1b8045ed84d1bd7fd4a5bf4cbb40980568000000000000003a000000040000001f20acd58d76a95f0e127ade9a6ecaae25715b1d389de0c041b94455edcfa9f87e7525b95e662475594842120221fad72f8b1d473a2834f1e96d813f9973c07326bc0f6d3848c5aa51ebad6ac46a2648b400000000000000780000000000000012010000ffff0000bda6abc7de9749207cecdc93d38af433cae26f08970c0e7345a8d6fe4853dfe0b5e91f89ea34ccbd514933e50381a8e9d71233a6b41c7e9879d85c072fe8db925f9b7d8414e948f00f7ee3fbb7bdd011282ec98c956defdf45ac904f7f401d98ecc9d20000000000d0000000000000008400000033470000402324884c3c1d47262a70834631803df5669291b2b82dccbc5278e7e384eb9194f1090e9b3510aa4a2418bf9d93f6260a7c50995f5e91e1164751f40ea8867a8f2350b2e8f54799f7043d3ee978de63f57cc01ed87dbc58f8d7de4ff153d714ccbca4052f46411ad4fb67061d6198b90627205eceada5798ea6a1d621aee685044362253f429b1efbcc0abf6996489f9888a3506857a9b854d051ead2c09703a570566c50f09c5b9277f5a72d8b78126a4e34903af08ba1c2000000000000003000000000000000c700000003000000bb355903ad520219ce7fe5cb22791a7d582264a2d33f18a756d901b0aaeb00add20000000000000029000000010000000f917ecb3706ff8306b75fdb4c0ca004862924e382fdbefaeb10b58fdd109b008debf18b4abbddd83d109c7415dd144ace3cfee01abb53285318dfe06b90b827572e7788ffc29ae96be140e56dcdb5157096e2393daeda23a57ebd45f4ac5a277559565d3e925b191f5707c1afb8679525ba79de00000000d8000000000000000c0000004d00000074dc9f66b3a23f483ae013dccd43d723640ffbcdb8457d0ade849d0305124ebdf9ff6da0f489090000003fc08f41fc24e57c26af56c1d0ebbf37ba2fad7371c307ddd87518bf92ac0f8158c8c92aacbf748841e37d0e9dbfd797dafe88e17e0d0362bdf076ae40a60a8fbe7e3bfece2c806a89382443b6948435608b2e41eb8c5e03aee8553955c97f59de63bba07e6436406dc2d77357c8867f66e3c322e835922d1a9906c34d9379a4b96a9cab1af82ac75c1eddbbe1dbd179243a7c47a86d01fda8072300000088000000000000002f010000040000003f5fbfe16a7cf89745bded6484209812ea284c6e53416a20c2f276cb57900c1b8cabb51e8ea5c6cbf1676081b4d8867ecd01eaeaaf5fd33a3148caea913c48899a565c6728d64c054266b049bb48c8fd7b67fb8f0edbd17d2af8ed6057e67be917d45cfea12915c268ca2bbd37f1dd9852e800"/1344], 0x540}, 0x1) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) write$P9_RREADLINK(r1, &(0x7f00000017c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) 23:25:14 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x810000, 0x0) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0)='trusted.overlay.nlink\x00', &(0x7f0000000200)={'U+', 0x400}, 0x28, 0x2) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100004}, 0xc, &(0x7f0000000100)={&(0x7f0000000800)={0x4a4, 0x20, 0x100, 0x70bd2b, 0x25dfdbfe, {0x1d}, [@generic="07836055407760e0", @typed={0x8, 0x1a, @fd=r0}, @typed={0xc, 0x24, @u64=0x8}, @typed={0x8, 0x47, @str='+\x00'}, @generic="7fafbfbed3ae617597bc69b46c9f2460f5db1d81ce7e2c1b75d7a506e9e5cbe20dfab18fc7216f2a285d7bb6fce6ee653c8de0320cdad2cbac2e36952ff610cb849df0bf7cfe77432544055d754ff20bf7232223fccde49a3b19f49b0b6af6609e0b2896d46593e3a12c34b179e6e846a097c3402d20069278a05ab5fa7ab0beaf07d2009d62505c2e604dcd6ed7ea7fe049cd6002a69665675dcf43fc21172083361ee6e6998982d1c5a2f25eaa", @typed={0x4, 0x54}, @nested={0x230, 0x1, [@generic="7864816ab1ad5ebcd2df429476a82789fe1ca43f43f3a8390adf2ad493347edc7112e310072c692409e03704b2a972ce160936f91ad05a1b649aa5c7e06c48818acfbc0cb5011a87aa4801258203032c27381ac6f103eb95a9c04f8557a9e1be36cee06ad21647a600c4f8a75ccff201646b", @generic="19567db74378beb3d96be426b6eff1fa2027bb0d3bda4a2bbdef6451274f536d0e8634c7c032d10c5646b92a764ba582bcd088dac125320719e03ed769ad9c8f76fed4d2b71bb3a449a6ffcebbdfa314c0fec22b2eb06b58ad552f945adc4abfaebbcd3ffe3696dd535b2aa5b93b62ae15e6719107517a60c074a0871adf87549e4d460d37a25bd98bdf0ead856525589dd585", @typed={0x8, 0x75, @pid=r3}, @generic="3c85d6bf19ad18db08c7f1208408d76f7df8c658a52f5e62707cec0545ffbf4319388980e98ee2dde8d0de63e912ce59df68db331b554769927d280d99c5ddf87d7a032809699da63f76d8ab71c24cf3cb9628b74b6f3959d341793b2eb5737a3ee48fadf8fa58287797814252a5435503afa6a507f30f3c79bbc5ff166c56946c041a563460f8637f1688244732332fb1d27e44f80d62eda875dca8f5aa0c1f69e55cda13332a62a4cc965c", @typed={0x10, 0x4, @str='$-.vmnet1\x00'}, @generic="71ca0fafa0b5dd1cb5cdb7e967b149b47828c3c302b34d5a856ac2ceeb1ade7465454e3e9d045e", @generic="cf0e7a4e57a595d1ebbb6291b417530b27f6ac245e99959c00601c2633ba524d7e2e69840ffcffdf17deee6bbbe7bd11e5a98d815a0c4fb843f6"]}, @nested={0x164, 0x73, [@typed={0xd8, 0x82, @binary="5d31bfbb7cc46fb468447511fcb3e93bbd9ea793216d9f8026ef52bc5eff6af4c3e64cef20a817e99729b7e1b5a1989c51d983cb3a52f9f5f4774e9870c1d36dd68df2df51c14d24aaf0022701b87ee8de96336d2f4199a75ea742d6fd001718025435dbbca7233249bf268466a2e69f26c1aba7f1e11023a7f2238a2baec92cfc95ba8d43ded10e7fbfcb5e37a703fe4c353714d34e9828ce3a2a3d1ceb4267c294d088550d2ffe34d1929527b2485a172f608a9fb00b2fc4bbe7dc508c10fadfa69afbc7a421292effa4698780a34022"}, @typed={0x8, 0x73, @ipv4=@loopback}, @generic="5a5d4576eeceed9e678403fea450ba84b843d22591365c1dff738c8a63c22d550d3be78ec7516d290ab6801bd0d8dc5be4fdb82964c4c28a7da7cbb65d50f1fbe1bff7da24266a6216e6cf74fef5f060a5555d82c2c3cc105bf9fff494f9139f246f53cf81583796eec4da3cd79cca4af64bdf5f106ed60b2fffbee06f44279c"]}, @generic="7d533a1bb85b2eb744dce307416340df1347c6d7764c08a5a4e6fba058df6b120c4c23"]}, 0x4a4}, 0x1, 0x0, 0x0, 0x641a9347f2f416c4}, 0x4000000) getrlimit(0x1, &(0x7f0000000040)) ioctl$TCGETS(r0, 0x5401, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:14 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) setsockopt$inet6_dccp_buf(r0, 0x21, 0xf, &(0x7f0000000000)="6a99da0aa32184198c2315ab5a7477680f5eeff7e2d2d796ceb9048ff6931f1951c84911bbddc97fc6ee16f438ca00dff5db270fdbdbaa0822dd599faeea33e9e0c334f8ff11", 0x46) 23:25:14 executing program 2 (fault-call:0 fault-nth:54): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:14 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000000)='\x00', 0x1) 23:25:14 executing program 5: clone(0x100000, 0x0, 0x0, 0x0, 0x0) 23:25:14 executing program 1: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000100)=""/106) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000180)={'security\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) clone(0x82080100, 0x0, 0x0, 0x0, 0x0) r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r2, 0x40a85321, &(0x7f0000000040)={{0x40, 0x1}, 'port1\x00', 0x72, 0x131c5c, 0x5, 0x5, 0x5, 0x3, 0x9, 0x0, 0x4, 0x9}) [ 527.757989] FAULT_INJECTION: forcing a failure. [ 527.757989] name failslab, interval 1, probability 0, space 0, times 0 [ 527.819549] CPU: 0 PID: 27985 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 527.827483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.836873] Call Trace: [ 527.839476] dump_stack+0x142/0x197 [ 527.843120] should_fail.cold+0x10f/0x159 [ 527.847284] should_failslab+0xdb/0x130 [ 527.851263] kmem_cache_alloc+0x2d7/0x780 [ 527.855416] ? __lockdep_init_map+0x10c/0x570 [ 527.859923] alloc_vfsmnt+0x28/0x7d0 [ 527.863651] vfs_kern_mount.part.0+0x2a/0x3d0 [ 527.868156] kern_mount_data+0x56/0xc0 [ 527.872051] mq_init_ns+0x167/0x220 [ 527.875715] copy_ipcs+0x35e/0x400 [ 527.879286] create_new_namespaces+0x1dd/0x720 [ 527.883869] ? ns_capable_common+0x12c/0x160 [ 527.888278] copy_namespaces+0x284/0x310 [ 527.892341] copy_process.part.0+0x2603/0x6a70 [ 527.896930] ? proc_fail_nth_write+0x7d/0x180 [ 527.901453] ? proc_cwd_link+0x1b0/0x1b0 [ 527.905525] ? __cleanup_sighand+0x50/0x50 [ 527.909771] ? lock_downgrade+0x740/0x740 [ 527.913930] _do_fork+0x19e/0xce0 [ 527.917414] ? fork_idle+0x280/0x280 [ 527.921134] ? fput+0xd4/0x150 [ 527.924333] ? SyS_write+0x15e/0x230 [ 527.928054] SyS_clone+0x37/0x50 [ 527.931419] ? sys_vfork+0x30/0x30 [ 527.934967] do_syscall_64+0x1e8/0x640 [ 527.938872] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 527.950865] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 527.956074] RIP: 0033:0x45a6f9 [ 527.960140] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:25:14 executing program 1: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x8000) ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, &(0x7f0000000100)={0xa2, &(0x7f0000000040)="ed5fd659603cabefbccd43ac7186c94277676795f83c906551d5bc84d96a152afa6e8b3c7a0badc895ac9b423530d9ee6cd3d697b5d0cbae57fbdd2288d6ca5258c6de16ad53b4c03ce3fd9831802c9ab1424ad4156af73e2a4fe03a69e562d9aa949ddcb4b96cf1fae6e7f8b4bbdf9eb21689a7b9bde6498446e467fbdb7a83167198024ee4738978a8004085e5885f863d5910c2469084a0c9d766da81d19b3126"}) r1 = socket(0x2000000000000021, 0x2, 0x1000000000000a) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000005001e00000000000000004300000000000000"], 0x18}}], 0x1, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) recvmsg$can_bcm(r1, &(0x7f0000000300)={&(0x7f0000000140)=@x25={0x9, @remote}, 0x80, &(0x7f0000003680)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/233, 0xe9}, {&(0x7f0000001480)=""/217, 0xd9}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/45, 0x2d}, {&(0x7f0000000200)=""/6, 0x6}, {&(0x7f0000000280)=""/104, 0x68}, {&(0x7f0000002580)=""/251, 0xfb}, {&(0x7f0000002680)=""/4096, 0x1000}], 0x9}, 0x140) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) epoll_ctl$EPOLL_CTL_DEL(r2, 0x2, r1) [ 527.967862] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 527.975144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 527.982425] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 527.989700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 527.997001] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:14 executing program 2 (fault-call:0 fault-nth:55): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:14 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = dup2(r0, 0xffffffffffffffff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) write$binfmt_elf64(r3, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x85, 0x40, 0x0, 0x5, 0xd8, 0x3, 0x1bcecb0a25e12866, 0x3, 0x1c8, 0x40, 0x100000001, 0x66dd, 0x3000, 0x38, 0x1, 0x4, 0x401, 0x7}, [{0x6, 0xffffffe1, 0x5, 0x2, 0x2, 0x7, 0xa0, 0x1}, {0x6474e551, 0x6, 0x5, 0x2, 0x7fff, 0x9, 0x69, 0x3}], "572fe633f667f0170112d1c56ce8110cff5ca7fee61be7da3c3b47efa876de722e23dfd636bb3d8f6f99f98255fcdd4bc54e088b9b1c6d45da560b8233addb0b7a17fd3ac645f8a808854c84e8b0089becbfcb7202cb7b15befe3e25856072399d837d9c1daadca75741cd734091c0ba5bc4fa4c049f80b2eaf32f53d29741bdc1f8f4bdf601aba3b8bbbd431c19f08c1e55ed6a82ccd72fe7385f21d5c8ef7fe095e1a1ee0455c1e8d3694b568fdca5bdd699f30153bb49752119171ca8a5571bac3bf6770b9355192bdf7d572fed96ad87bba42d79154ccea897f8f4b26e5ca6f25c72356ba4601ee6aaa2ab5a8f1c8ce9391f286fb9d65411e40df7079a380b65035bf6e995e4c75f35970e79c6db8378aa1b37638bf96dd9b988bbbcb48f4b57236c2a48d3dc1727a45c222f84067878d7a00b26cee0ec1a356b2492bff0a6cf3db5781e09539e2f9ad168599866de46e4b2e632333e8ccc4de75702e019855365b19243453a6b529e617a23d123996e7dc8879ab8f9388b5bb151dfeaf0af028ea00ef51227c19e34f54a4d66d7c41781a2140b2ad2941f5c5bd34678e245d43b5f5c27427be20652aa52c3ba115c738563c3daf5300de13248f250f0df7fbdb8904066196f383b8398a7e99d857bed3bf89df8d70c6cf435f288aea44ce4bc1d14f3e89a9577fb2cda2d7ee4f5d7e6599815cbd07e861be2ecc53cf6d661bc40415fcd4a100f05b106cfc4d4d7d6f4bbb963e0569e6cc02784f2fe5e1944182c061d49428c9ef7aeef3ebe54e1711426ada4836d8b200ddaee60d5fec8372198ef916ab53bafd2ec3da9846a3e087c6d1fa8e70671818c3b8a746005f095c579da1ad74a35515d92bacf690fe0752c524ccc791e8276b34147d7589600477844b383c4292792320db0ae2f2aaf3eb78e29bd7c3aed7dcd2168a22559e0efc25248e70db33257e0a4450cdce165a110463e2bd73d007a202cd70bc5fd5795da0fa30e9f814d71db5472d9b20a4ba37909bc30c1180462678e552fe8a75e7e70aa32fa499c8fc72a37520c783ac2a1d127a0e1ca1881ced71c02a21dfdc48ab988479d6b8db952f066387ca2e1b3acfab042951b16bf31281ccdae751bef8311ea33c5f63570ca4c3e7eb4df950ca000bd597f3296103536efa3a2ac1afad3ce875b1848e48b72cab08549f0f18bb27140c15e4b40094c94e0e34444bd76a30cd863083dcbced0b6244a043a3c896840e0b03da5d0b70e0be64e7683f85b3799987c95a05635a91a0f63775b5e0e781e1850da52a41641c89d31436d1fd07e7c6c0647c7cfd91c189e8ac23b8c3727d374397a1b4b3ffea5c8fb48ecf567b906c2d9827111a9531982a6fadde896c612a2963dc698bad8cc8ca652c4a2b94e311a18b242e9daa2975dd9a396c06c76ff12be3d241b30af24860b98845a7f97dd3183c82346fa8820826fc65d2e5a370f1c4b22929b9a9a843959896c816171658af1a8ae8a4ffab4c1c4b74cfb97dcbf0a882c9c02a264ff3ec62c582b79c8be14b0421ac80d0b61101d2186a1f2e12c679d27e8c76ba654b776c240c65348f3b2a08ea85b500ffe9ab0a8181b936a5fc63b435fdc388ef73a1648625380a19546fdfa7f326fafbdfa240cca656a705e463d00022b76438309703976249630110daabb8f8d54e92d0547b6aeab284dec9b14ee4e38516657a313eac72c21fda0ad8f10c5519c9c915f976457cd6b930b538f52a0f3885c94605aff90dd2f0f0ac6265a67ed2bece67d3bd57c73e170dc5bd795ec2f66a7c40000fffd77af2ec948facbf0567311546a92e77aeafc90de1b5c5a0524c01bb5f88d34c3b5c43546b32aeaa3df0d76eff7130b93b825db7b22bbb2c1b3edb7890af1ac5eab790787f104d1c82ccacc9c514a3f671bcc4bef5ef67a5a9b96e52863b33a1f4b2bac69740408b5a21a5b0d8c3318a4f4734df93548bca5688d792bcc4925c3089ea555928b3278cfa684cd75eff5de6ef4805eeec530909067a59f609dd127c53838f7ba5e85e48d9d41f30953602b01d70771d26cf5fb99dae8ca114a8b73244f352650a452b91c08078aa1a84e26509562dd51ea35e17d60a783dfd61b5db305042c88e82fa8d59ca26bf8d7b55d9f564d285ba179ff7d2ef48917c0a8f54df25ddce3a39e65c64c7f464ec23b8b359e82a302c31616305518d950b27fdce1a30353b79dcd6cae77da9d5bf26b1c5a7bd6d8ddf1f0835db8da029549d7ae4d0657f594d4fd9c9b55841463ae876dca227919452f28ecf8dbef52a7eacf9ae7b3a97c72261ac15524b667972a11697a823bc9b59697a4503d9e956615a09a0565d8d8eaddf646f463423aef8395205be55eb0ddbe28351b34a6c393a248205737b2950e31dff89d9cc9b6bc8224731aa7659f94e2474d4f34f1f96acc93267e49caba126015514ca8d9827ab963a6078faefb6194032ef2abff42a0ea0aa2a6f22aa8db4c6a67502c1da2a8eca080c823644a6989ea5a1f1820abdb314ddaf3d0675bd316300753665cfad0ce6e541e9bdff8f1d1f2d6b62ca4235a388a68ad323f3032128867b3cde67871b40a4c4875af56e20a3dc0f40a0c3af75b83484c6a869dfe3758deaf4a9e573e6bc54b90bee3b3cd29c12d03431a841462abff1cf9ebc11411207f600a3059e48e65ba967792c4d8cd2b3f8271d9aff5ccedc62dafc9eff3a03a77b1c62c95a872a958c0e0e1fb939d9fa934abed4c2b9ce2419a636c4fb4ae8654ffe7d0f80ed30a63eca226118c898c7b8e83c42d6af7a1709ec610d9a49d98e967ab417e2c83708799cb42ff02ce067edec5d4a5cba07d6b45ade44187940dd3d57778753295c879962650196e0bdcfbcff6cb7d40791465b8001a1ea9ef6d78f8610c2afe3b5c4eb1fb4239c8c912cae23c316e445b4193a453c12f9c438b0fdebeb645cba85edbfd0f0f911b67f405c75a50c64e8c12bd524ca2373e11b2125d97760411adb8239e9993e13e7837d60da4d3b618e761133ded9bc6566b8f8779828a684750eee09d9f9ced842a2850d578e3800b646b465d99ca4a61a63adab75c0f35a260e948410488a6e0e424982f8bc9c2de7f21f65f17d675cf91393bffb8c050fbb309ad63137db27edd9b7f30ef3978e3de6df117961f9937a64ae19f45ea5c577b601cf2da90c6703b41e8270640a893cc1e76ec71a42dddf915fae12100c42961c1d951a35dc2ffafc928077c3b0c187ab620b049bc5f4a4d047a9798ac870064ec2f0d1da0af01f03dbdacea5a76f69262da987bb6549add1a5e73bbbfab27a7024922524f23c3a0717ebade015730d64a05cd27b7ebdd85cf4432e4fcf8b3ee0ddae0b6970cc0296cd22a7e4252365f88acf305f566f86f7f8b3d699ea484873b80ae1ce68c98484246b41da6e4a1d1b99b12ddcfce000d91db1dbcf0553515b0b3bc0cefad549f672fe4c396069025a835b2c7a186de38c3d3e2cee3072ea4cab1b542cba39f90bf3c7f193dd5b3a6b326a64ed591c49e5dfb8960481e0748980469a95af86763e6cc5378f4df2844428eccbcc98366abb3f2af549be91b3d25de57ce6c37cb7da349a6cf6d2c600ba25b3cbef312718604c90fd87549df22dea2c3d75a48e8d7c992fd5cc5177ea2d48bf61df7444c99daa569ee6886fa6719fba6db7bb823a05bf92448608a4ca51347f60793d7b7d07447f5335333ecf94fe12c1e4026f7b9819e3afd623c71c854c6dbfbd541fc2ea1643337a8418e92ad3aa8353fbd2f0a3961c76ed8e200c61be0d4704c83cf235721046b63728dffacb6ab226eea36f41259356d823ee247d203005f442ebe07b1c4c65bc7a8b4484947cf45a9dfff150fd078b684fcee90b8089e5009210f2e1839bf09828426a28651c5423c59bbecef32746de05382738ff59d34f3bc9ea13e9d2862ad963f118c84925462a9688a43e27d781679693c3484f62e433cc905b8a302661f69e06ab8066fb97071ef0c0535b8495058274d13f538e27192ef32b868d8e7b91c93dfbec76586e468808e8201abaa97fc5318de066d4a0959b2389b3d1a240c89ec0d7e64eb53c9938780f97bc4313f6bada319002ae87d8b74fb341836e78562a15ef761e47cabd73239ec4e4f8dad9fd3f06d46b55e8ada9b4a69ad1d861a008a020f3d3323930f2441a112ff06c29448d7057add630d4c700539443d3266362def22b3b9986b05572ad9dc4209adfd073df53d4dc4aca14f7ea04c3a165a09832a10662585dda16a5174cc5766ee2355df3d992e95113d664dc80cee64c3166933264c028de1475b05d12360bf693dbce8473f4c34db41e22b5e26b16180451e34ede9c7c1d1e2cd884137bd3f3cd30f93905e55444a35104d088f96006857a1bf517c9f93dad8f6d5ff0be1cdc7e261d56d8a842f0a4a13338031554693b23978f635d4da82d4d65582410c88516d958f69ba22de653a198b490853397a1f8e8c45dcd7843165623d8e3175fcff040476eaee7fdcc0f8710cdf563cb714a707edeb14213117ad7bf7448df57d1166a59d4a0544c6fb4ae098899745533aaf8d98b831981e890506f1a47442a06fd8ff82b6feae8fd96734f98f0d13eb4b3b90b5779d738d82dcac89e067ba12f95bcf9f0ae5d67109adc5c2737937bbd87c230295e9bb9d7f483179a6fe7a71a3a55d3c3627ab46bc9f4f0dca977e28671d8606301685f514da56f1fcd6dc365d6ed6d63d8c3ad1e3e111e6c201413fc3627596e456a1919e0622007f7cfd7654eaca30b5eeb09350787a3472276d8f6407f4ee5affdfe7d873d45716feaa6cc0fdee6dfded6417164cd98ff884a82cf131d84d95d874934f55471fc10152a492a26ca1817ebe491720981ba667192e1892e3c33e507463444186f30e8a00d3b467bfe5f3595f2a8bc9e616355eb20207fd74240235580e5a82cbd9144dc885bfe852a799e31915aafd003a0ada5cc7031036f7e49a7a59660ba12047de9bc18a1e2cfefb2dfcfd671d271536fdeed512835ddedc3d086a812dee67d57380fa4f2153287c734cc9e9f04d6bbee430e0a8d19580eff0bf164b13ca28e90da12b266e5a7c437eda31976359f73d36ec373fe199e73d621217734e3386b2196730631941b32f12ebb2cf0553ea0c6ee1c08dbd1ef17db77c92dbac7e4b57d3e7d7cd21f03b2da634ba28bb9e327ec85f2ab2df31db57c4ae35fae4d41bc6b5c4e40001c469aceb1dbec860a250af5702bafc3362bd1e211299210df697278734e1117a68514dc27f7eae5875072564d19485ede0b61bc833e1ff611e685841e7036f9d8ddede2413bd49740e14e2688643a44d74988370684b7b0d3a8f6c7fd75bcb078720e564763b51d71880778396b069910c17121d5e13abe2156ba22c7bff3cb821a8e3210404b461c578ff1ac7baa9ddba0c5a1592d5ceefe2f1df01859fb8a7534b7e9e80997e7f0c5a36fdf8ec67b624d11ab70b5d0d43ec395ef849e6920e80a3cc14d31bc43810a6ffead440ac871cd79cebb06bfb017efae886df8565ebf9551928fd38312ab949e3d5fb4ef454272051b29b48947eac9b095bfebc9989b56e68919592160bca961c08f588477597a8bf4e7cbbc5eb6122ccadce56a5c76417accfb462129c4169bf951798e80568c2502ca958f182b08b05d0d19291745bdda37fe04a2ed8f017ed006ed83447eb22b752b863139094cf16340c19e510eff61642ba7f6b1328e1f685aeefedafcbc5705ac7bb7cd8cb260a77574a172977ff717148e9", [[], [], []]}, 0x13b0) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000000)) write$P9_RREMOVE(r0, &(0x7f0000000040)={0x5, 0x7b, 0x3}, 0x7) 23:25:14 executing program 5: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(0xffffffffffffffff, 0x80045700, &(0x7f0000000040)) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000000)={0x2, "2ddf"}, 0x3) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, 0x0) [ 528.210318] FAULT_INJECTION: forcing a failure. [ 528.210318] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 528.210331] CPU: 1 PID: 28017 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 528.210343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.239387] Call Trace: [ 528.241990] dump_stack+0x142/0x197 [ 528.245632] should_fail.cold+0x10f/0x159 [ 528.249789] ? __might_sleep+0x93/0xb0 [ 528.253685] __alloc_pages_nodemask+0x1d6/0x7a0 [ 528.258350] ? __alloc_pages_slowpath+0x2930/0x2930 [ 528.258435] alloc_pages_current+0xec/0x1e0 [ 528.258446] __get_free_pages+0xf/0x40 [ 528.271649] get_zeroed_page+0x11/0x20 [ 528.275547] mount_fs+0x1cc/0x2a1 [ 528.278996] vfs_kern_mount.part.0+0x5e/0x3d0 [ 528.283484] kern_mount_data+0x56/0xc0 [ 528.287361] mq_init_ns+0x167/0x220 [ 528.290975] copy_ipcs+0x35e/0x400 [ 528.294504] create_new_namespaces+0x1dd/0x720 [ 528.299089] ? ns_capable_common+0x12c/0x160 [ 528.303484] copy_namespaces+0x284/0x310 [ 528.307529] copy_process.part.0+0x2603/0x6a70 [ 528.312100] ? proc_fail_nth_write+0x7d/0x180 [ 528.316579] ? proc_cwd_link+0x1b0/0x1b0 [ 528.320633] ? __cleanup_sighand+0x50/0x50 [ 528.324854] ? lock_downgrade+0x740/0x740 [ 528.328988] _do_fork+0x19e/0xce0 [ 528.332438] ? fork_idle+0x280/0x280 [ 528.336147] ? fput+0xd4/0x150 [ 528.339325] ? SyS_write+0x15e/0x230 [ 528.343028] SyS_clone+0x37/0x50 [ 528.346381] ? sys_vfork+0x30/0x30 [ 528.349918] do_syscall_64+0x1e8/0x640 [ 528.354329] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 528.359175] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 528.364363] RIP: 0033:0x45a6f9 [ 528.367536] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 528.375347] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 528.382609] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 528.389886] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 528.397151] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 528.404408] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:15 executing program 5: keyctl$set_reqkey_keyring(0xe, 0x7) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) fcntl$dupfd(r1, 0x406, r0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) prlimit64(r2, 0xd09484f2b86e8305, &(0x7f0000000000)={0x1, 0x101}, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) write$P9_RCREATE(r3, &(0x7f00000000c0)={0x18, 0x73, 0x1, {{0x46, 0x1, 0x7}, 0x40}}, 0x18) 23:25:15 executing program 2 (fault-call:0 fault-nth:56): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:15 executing program 1: r0 = open(&(0x7f0000021000)='./file0\x00', 0x26380, 0x10) fchdir(r0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x1, 0x0) renameat(r0, &(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:15 executing program 3: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14, 0x800) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000140)={{{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in=@dev={0xac, 0x14, 0x14, 0x13}, 0x4e21, 0x20, 0x4e23, 0x0, 0x2, 0x20, 0x20, 0x5c, r1, r2}, {0x7fffffff, 0xed9, 0x5, 0x6, 0x7fff, 0x1, 0x7, 0x8000}, {0x67, 0x7, 0xc, 0x2}, 0x1, 0x6e6bb8, 0x3, 0x1, 0x1, 0x66a0aefc0f25ca00}, {{@in=@remote, 0x4d6, 0x3c}, 0xcbad2b329d9180b, @in6=@remote, 0x3500, 0x0, 0x1, 0x7f, 0x4, 0x9, 0x9}}, 0xe8) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:15 executing program 5: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000000)={0x2, 0x9, 0x0, 0x6, 0x4, 0xffffffff, 0x0, 0x8f}) 23:25:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, 0x0) [ 528.655331] FAULT_INJECTION: forcing a failure. [ 528.655331] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 528.703857] CPU: 0 PID: 28039 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 528.711806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.721174] Call Trace: [ 528.721191] dump_stack+0x142/0x197 [ 528.721210] should_fail.cold+0x10f/0x159 [ 528.721221] ? __might_sleep+0x93/0xb0 [ 528.721234] __alloc_pages_nodemask+0x1d6/0x7a0 [ 528.721249] ? check_preemption_disabled+0x3c/0x250 [ 528.735476] ? __alloc_pages_slowpath+0x2930/0x2930 [ 528.735488] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 528.735499] ? __alloc_pages_nodemask+0x639/0x7a0 [ 528.760550] alloc_pages_current+0xec/0x1e0 [ 528.764884] __get_free_pages+0xf/0x40 [ 528.768776] get_zeroed_page+0x11/0x20 [ 528.772673] selinux_sb_copy_data+0x2a/0x390 [ 528.777093] security_sb_copy_data+0x75/0xb0 [ 528.781514] mount_fs+0x1ec/0x2a1 [ 528.784977] vfs_kern_mount.part.0+0x5e/0x3d0 [ 528.789481] kern_mount_data+0x56/0xc0 [ 528.793370] mq_init_ns+0x167/0x220 [ 528.797020] copy_ipcs+0x35e/0x400 [ 528.800566] create_new_namespaces+0x1dd/0x720 [ 528.805149] ? ns_capable_common+0x12c/0x160 [ 528.805162] copy_namespaces+0x284/0x310 [ 528.805175] copy_process.part.0+0x2603/0x6a70 [ 528.813622] ? proc_fail_nth_write+0x7d/0x180 [ 528.813630] ? proc_cwd_link+0x1b0/0x1b0 [ 528.813648] ? __cleanup_sighand+0x50/0x50 [ 528.813660] ? lock_downgrade+0x740/0x740 [ 528.835140] _do_fork+0x19e/0xce0 [ 528.838600] ? fork_idle+0x280/0x280 [ 528.842316] ? fput+0xd4/0x150 [ 528.845508] ? SyS_write+0x15e/0x230 [ 528.849228] SyS_clone+0x37/0x50 23:25:15 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x6, 0x0, 0x0, 0x5}, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000000)='net/route\x00') write$P9_RWRITE(r1, &(0x7f0000000040)={0xb, 0x77, 0x1, 0x7ff}, 0xb) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff) [ 528.852602] ? sys_vfork+0x30/0x30 [ 528.856157] do_syscall_64+0x1e8/0x640 [ 528.860150] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 528.860168] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 528.860175] RIP: 0033:0x45a6f9 [ 528.860183] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 [ 528.870206] ORIG_RAX: 0000000000000038 [ 528.870212] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 528.870217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 528.870222] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:25:15 executing program 5: clone(0x4400200, 0x0, 0x0, 0x0, 0x0) [ 528.870228] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 528.870233] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:15 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) setsockopt$inet_tcp_int(r0, 0x6, 0xc, &(0x7f0000000000)=0x400, 0x4) 23:25:15 executing program 3: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) recvfrom$inet6(r0, &(0x7f0000000000)=""/4096, 0x1000, 0x2, &(0x7f0000001000)={0xa, 0x4e22, 0xfffffffd, @remote, 0x2}, 0x1c) 23:25:15 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, 0x0) 23:25:15 executing program 2 (fault-call:0 fault-nth:57): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:15 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = fcntl$getown(0xffffffffffffffff, 0x9) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000040)={0xa2, {0x7, 0x101, 0x4, 0x6, 0x4, 0x64a}}) sched_getattr(r0, &(0x7f0000000000)={0x30}, 0x30, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200080}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r2, 0xf0c550e8195b5257, 0x70bd2d, 0x25dfdbfb, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0xd865a2135750e40a}, 0x0) 23:25:15 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e1e, @local}, 'erspan0\x00'}) ioctl$FBIOGET_VSCREENINFO(r1, 0x4600, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 529.133543] FAULT_INJECTION: forcing a failure. [ 529.133543] name failslab, interval 1, probability 0, space 0, times 0 23:25:15 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0xa337634f50f3addd) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x5) ioctl$VIDIOC_DECODER_CMD(0xffffffffffffffff, 0xc0485660, &(0x7f0000000040)={0x5, 0x1, @raw_data=[0x400, 0x0, 0x6, 0x9, 0xc1, 0x3d, 0xffffffff, 0x4, 0x425, 0x20, 0x2, 0x3f, 0x4, 0x0, 0x0, 0x45d9]}) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) ioctl$SOUND_MIXER_READ_DEVMASK(r2, 0x80044dfe, &(0x7f0000000180)) fchdir(r1) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000140)=""/6) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r3, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$TCSETA(r3, 0x5406, &(0x7f0000000280)={0x8000, 0x7fff, 0x2d00, 0x4, 0x1a, 0x9, 0x66, 0x2, 0x3, 0x9}) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) setsockopt$inet_opts(r4, 0x0, 0xb, &(0x7f0000000200)="32c5d988d6fee9128666706c606e48f6a0b217b48ef4ceb20ec0e1913f6f40463aa0997d7851c27def87d1f84fc84c713f0dbae5916292396bbfbd18cea896baab4c6daf6747d47412b1dde4f2e2b4a9f1a2d124ac5b5d28d792a6", 0x5b) init_module(&(0x7f0000000000)='\x00', 0x1, &(0x7f0000000100)='wlan0-{eth1wlan0security\x00') [ 529.187049] CPU: 0 PID: 28084 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 529.194982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.194987] Call Trace: [ 529.195003] dump_stack+0x142/0x197 [ 529.195022] should_fail.cold+0x10f/0x159 [ 529.195038] should_failslab+0xdb/0x130 [ 529.195049] kmem_cache_alloc_trace+0x2e9/0x790 [ 529.195060] ? lock_downgrade+0x740/0x740 [ 529.195070] ? do_raw_spin_unlock+0x16b/0x260 [ 529.195082] sget_userns+0xfe/0xc30 [ 529.195091] ? set_anon_super+0x20/0x20 [ 529.195100] ? __free_pages+0x54/0x90 [ 529.195111] ? get_empty_filp.cold+0x3b/0x3b [ 529.195122] mount_ns+0x6d/0x190 [ 529.195133] ? mqueue_get_inode+0xaf0/0xaf0 [ 529.195145] mqueue_mount+0xc0/0xf0 [ 529.195156] mount_fs+0x97/0x2a1 [ 529.195169] vfs_kern_mount.part.0+0x5e/0x3d0 [ 529.195180] kern_mount_data+0x56/0xc0 [ 529.195189] mq_init_ns+0x167/0x220 [ 529.195201] copy_ipcs+0x35e/0x400 [ 529.210793] create_new_namespaces+0x1dd/0x720 [ 529.210804] ? ns_capable_common+0x12c/0x160 23:25:16 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x4000, 0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) splice(r2, &(0x7f00000002c0)=0x2, r5, &(0x7f0000000300)=0x3d9b4000000, 0x1ff, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x2c, &(0x7f0000000140)=[@in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x4e20, 0x3f, @empty, 0xffff}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000240)={r6, 0x76d}, &(0x7f0000000280)=0x8) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x1, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_PPC_GET_SMMU_INFO(r8, 0x8250aea6, &(0x7f0000000000)=""/172) [ 529.210816] copy_namespaces+0x284/0x310 [ 529.210828] copy_process.part.0+0x2603/0x6a70 [ 529.210844] ? proc_fail_nth_write+0x7d/0x180 [ 529.300269] ? proc_cwd_link+0x1b0/0x1b0 [ 529.304349] ? __cleanup_sighand+0x50/0x50 [ 529.308609] ? lock_downgrade+0x740/0x740 [ 529.312894] _do_fork+0x19e/0xce0 [ 529.316360] ? fork_idle+0x280/0x280 [ 529.320081] ? fput+0xd4/0x150 [ 529.323292] ? SyS_write+0x15e/0x230 [ 529.327010] SyS_clone+0x37/0x50 [ 529.330368] ? sys_vfork+0x30/0x30 [ 529.330383] do_syscall_64+0x1e8/0x640 23:25:16 executing program 3: pkey_alloc(0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 529.330392] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 529.330408] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 529.330418] RIP: 0033:0x45a6f9 [ 529.351037] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 529.358925] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 529.366197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 529.373469] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 529.380741] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 23:25:16 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) ioctl$VIDIOC_S_MODULATOR(r1, 0x40445637, &(0x7f0000000040)={0x7f, "b4d1c2b92be1bd4861edb1bda7f5487d1c75e7ec7acf700c652af08fb3a7561c", 0x393652a2289ad87a, 0x1, 0x1, 0x10, 0x3}) setsockopt$CAIFSO_LINK_SELECT(r0, 0x116, 0x7f, &(0x7f0000000000), 0x4) 23:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x0, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 529.388012] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:16 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x10000, 0x0) ioctl$KVM_SMI(r0, 0xaeb7) 23:25:16 executing program 3: openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x210000, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x4200, 0x0) getsockopt$bt_hci(r0, 0x0, 0x2, &(0x7f0000000080)=""/202, &(0x7f0000000180)=0xca) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:16 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x48041, 0x0) accept4$bt_l2cap(r0, &(0x7f00000000c0), &(0x7f0000000080)=0xe, 0x800) 23:25:16 executing program 5: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_SET_UNIQUE(r0, 0x40106410, &(0x7f00000000c0)={0x84, &(0x7f0000000000)="faec1e09f96eafde6eea0f16242aced1f37bc53e46b8dc51ccb9afa7038a995b0251080026db5541f8bea175bf2b129bd995ff53c02d4bf47cc1c287b27a00beee27f9f19589907d5b13be5a4c8f53a735bd8460017f3bbfebd7207db97ba1568a8193e9b4823f3aec8e44fbd9b19b2e99b7098d6465593d9e9c793e053563ef8b73767a"}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:16 executing program 2 (fault-call:0 fault-nth:58): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:16 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000080)}], 0x1) r3 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'\x80\x96~'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) r4 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r3, r4, r4}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={'crct10dif\x00'}}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/bsg\x00', 0x8002, 0x0) r8 = gettid() write$P9_RGETLOCK(r7, &(0x7f00000006c0)=ANY=[@ANYBLOB="2000000037000000000000000000000000c6180d27f06ca0e66daf7aedf943bd7fbe5107594c9d5f01977d965233988ce31f3d13096470c6a2c41a174bd695e3f508c6d20ffeb64c45a3059f6b91c11bfd1c73e84aed2a198b92af8996187f3dd56acca69899c009dced02e83de3aa52396fd12c7b7ba53204a3f4e3fd4b77db188781c56ad7de5a991205ac7ddda5ee94a446279b82d7ff88f790bfd860e3460b506776e4103ee3a8260cdefe46b01b24de349100d153dd19ed97ea4b8be7256063819a1b3838eb7c5766ac26800b3184db9ac51c71fea4edc1a49be4ad5892b30863f6a7684a5365cc8fc074981d90ee8f8627e762a98b4ae76e863822e060e28f557d1dcb7b68e3152884c5c79ca39b3ca387c6361c45445dc2ab8186b6d5633bd985b505659015f5954afcbfb0fc02a951fa176ede97ed266558c28ea32d60591cc2cc6f39206ebebc246ef6caef9d1255d60000e87a332bebc933f44e1c", @ANYRES32=r8, @ANYBLOB="02005e28"], 0x20) r9 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e, 0x1]}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = dup2(r5, r10) getsockopt$inet_opts(r11, 0x0, 0x6, &(0x7f0000000280)=""/206, &(0x7f0000000100)=0xce) clone(0x787467fbcfb1d9c, 0x0, 0x0, 0x0, 0x0) r12 = socket$inet_sctp(0x2, 0x0, 0x84) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) ioctl$sock_FIOSETOWN(r12, 0x8901, &(0x7f0000000380)=r13) 23:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x0, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:16 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x8, @empty, 0xfffff9f4}, 0x1c) rt_sigprocmask(0xc7afa94b5cfe2404, &(0x7f00000000c0)={0x9}, &(0x7f0000000080), 0x8) prctl$PR_MCE_KILL(0x21, 0x0, 0x1) 23:25:16 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x0, 0x0) mmap$fb(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000000, 0x110, r0, 0x4c000) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/de1\x8e\x10\xa6\xe1T>brl\x00', 0x80800, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000040), 0x4) 23:25:16 executing program 1: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) [ 529.749628] audit: type=1400 audit(1575674716.436:112): avc: denied { map } for pid=28150 comm="syz-executor.5" path="/selinux/checkreqprot" dev="selinuxfs" ino=15 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:security_t:s0 tclass=file permissive=1 [ 529.792891] FAULT_INJECTION: forcing a failure. 23:25:16 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = dup(0xffffffffffffffff) socket$inet6(0xa, 0xc, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x102, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000180)={0xf, 0x8, 0xfa00, {r1, 0x12}}, 0x10) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x400, 0x1ff, 0x1, 0x6, 0x22ee}, &(0x7f0000000280)=0x98) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000002c0)={r3}, 0x8) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$setopts(0x4206, r5, 0x2, 0x30) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, &(0x7f0000000000), 0x4) [ 529.792891] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 529.838241] CPU: 0 PID: 28160 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 529.846184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.846189] Call Trace: [ 529.846208] dump_stack+0x142/0x197 [ 529.846228] should_fail.cold+0x10f/0x159 [ 529.846239] ? __might_sleep+0x93/0xb0 [ 529.846255] __alloc_pages_nodemask+0x1d6/0x7a0 [ 529.846266] ? check_preemption_disabled+0x3c/0x250 [ 529.846278] ? __alloc_pages_slowpath+0x2930/0x2930 [ 529.846293] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 529.846309] ? __alloc_pages_nodemask+0x639/0x7a0 [ 529.869917] alloc_pages_current+0xec/0x1e0 [ 529.869932] __get_free_pages+0xf/0x40 [ 529.869943] get_zeroed_page+0x11/0x20 [ 529.890061] selinux_sb_copy_data+0x2a/0x390 [ 529.890079] security_sb_copy_data+0x75/0xb0 [ 529.890092] mount_fs+0x1ec/0x2a1 [ 529.890104] vfs_kern_mount.part.0+0x5e/0x3d0 [ 529.890114] kern_mount_data+0x56/0xc0 [ 529.907034] mq_init_ns+0x167/0x220 [ 529.915824] copy_ipcs+0x35e/0x400 [ 529.915839] create_new_namespaces+0x1dd/0x720 [ 529.915851] ? ns_capable_common+0x12c/0x160 [ 529.915863] copy_namespaces+0x284/0x310 [ 529.927661] copy_process.part.0+0x2603/0x6a70 [ 529.927682] ? proc_fail_nth_write+0x7d/0x180 [ 529.927689] ? proc_cwd_link+0x1b0/0x1b0 [ 529.927706] ? __cleanup_sighand+0x50/0x50 [ 529.934913] ? lock_downgrade+0x740/0x740 [ 529.934931] _do_fork+0x19e/0xce0 [ 529.934945] ? fork_idle+0x280/0x280 [ 529.934958] ? fput+0xd4/0x150 [ 529.934970] ? SyS_write+0x15e/0x230 [ 529.952576] SyS_clone+0x37/0x50 23:25:16 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb], 0x5000}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000240)) perf_event_open(&(0x7f0000000000)={0x0, 0xfffffffffffffff1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f00000001c0)}, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x402c5828, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0x4010ae42, 0x2) [ 529.961123] ? sys_vfork+0x30/0x30 [ 529.961140] do_syscall_64+0x1e8/0x640 [ 529.961149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 529.961168] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 529.972970] RIP: 0033:0x45a6f9 [ 529.972976] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 529.972988] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 529.972994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 529.973000] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x0, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:16 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) setsockopt$netlink_NETLINK_CAP_ACK(r1, 0x10e, 0xa, &(0x7f0000000200)=0x1, 0x4) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xe4, r2, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x34, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc2a0}]}, @TIPC_NLA_NET={0x58, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x20}]}, @TIPC_NLA_BEARER={0x14, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_LINK={0x1c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x22008000}, 0x800) [ 529.973006] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 529.973011] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:16 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f0000000040)={0x3d, 0x1}) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000000)=0x7) 23:25:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03]}) 23:25:17 executing program 2 (fault-call:0 fault-nth:59): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:17 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:17 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000040)=@generic={0x3, 0x20, 0x2}) 23:25:17 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000000000)={0x1, 0x46ba}) 23:25:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03]}) 23:25:17 executing program 5: clone(0x83001500, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x0, 0x80800) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000140)=&(0x7f0000000100)) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x101002, 0x0) connect$netrom(r1, &(0x7f0000000040)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) 23:25:17 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) prctl$PR_GET_DUMPABLE(0x3) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000040)=0x0) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1, 0x0, 0x0, 0x2000000000000, r2}) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000080)={{0x25, @local, 0x4e24, 0x0, 'fo\x00', 0x12, 0xc89b, 0x48}, {@multicast2, 0x4e23, 0x93f0c3dc5a8116b, 0x6, 0x6cc, 0x6}}, 0x44) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x5, 0x0, 0x40, 0x8, 0x2}, 0xc) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ceph(&(0x7f0000000100)='ceph\x00', &(0x7f0000000140)='./file0\x00', 0x3fe000000000, 0x1, &(0x7f0000000180)=[{&(0x7f0000000280)="af4548ce5e93c11b09af837d9cdbac8ef0c76cd8ee1c64acc191af15f43012bed17bf882dccdcf02d7e6d148bd9f77835fc798acfa78f191adcb4fc8d53fd6b236ddb53fc2912bba3f9c07ae6e594252d88af2dbf2c1e0fa9da0a8cf95056f20599b709a3374149d84eeb885599da00422a67a92eac54038de8f0fc1d043", 0x7e, 0x5}], 0x800000, &(0x7f0000000200)='fo\x00') [ 530.387724] FAULT_INJECTION: forcing a failure. [ 530.387724] name failslab, interval 1, probability 0, space 0, times 0 [ 530.468965] CPU: 0 PID: 28212 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 530.476894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.486244] Call Trace: [ 530.488830] dump_stack+0x142/0x197 [ 530.492450] should_fail.cold+0x10f/0x159 [ 530.496586] should_failslab+0xdb/0x130 [ 530.500548] __kmalloc+0x2f0/0x7a0 [ 530.504142] ? __list_lru_init+0x6b/0x660 [ 530.508278] __list_lru_init+0x6b/0x660 [ 530.512241] sget_userns+0x4e0/0xc30 [ 530.515953] ? set_anon_super+0x20/0x20 [ 530.519935] ? get_empty_filp.cold+0x3b/0x3b [ 530.524414] mount_ns+0x6d/0x190 [ 530.527779] ? mqueue_get_inode+0xaf0/0xaf0 [ 530.532105] mqueue_mount+0xc0/0xf0 [ 530.535745] mount_fs+0x97/0x2a1 [ 530.539120] vfs_kern_mount.part.0+0x5e/0x3d0 [ 530.543615] kern_mount_data+0x56/0xc0 [ 530.547496] mq_init_ns+0x167/0x220 [ 530.551111] copy_ipcs+0x35e/0x400 [ 530.554639] create_new_namespaces+0x1dd/0x720 [ 530.559208] ? ns_capable_common+0x12c/0x160 [ 530.563603] copy_namespaces+0x284/0x310 [ 530.567649] copy_process.part.0+0x2603/0x6a70 [ 530.572228] ? proc_fail_nth_write+0x7d/0x180 [ 530.576735] ? proc_cwd_link+0x1b0/0x1b0 [ 530.580786] ? __cleanup_sighand+0x50/0x50 [ 530.585006] ? lock_downgrade+0x740/0x740 [ 530.589140] _do_fork+0x19e/0xce0 [ 530.592578] ? fork_idle+0x280/0x280 [ 530.596279] ? fput+0xd4/0x150 [ 530.599454] ? SyS_write+0x15e/0x230 [ 530.603152] SyS_clone+0x37/0x50 [ 530.606498] ? sys_vfork+0x30/0x30 [ 530.610031] do_syscall_64+0x1e8/0x640 [ 530.613903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 530.618732] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 530.623902] RIP: 0033:0x45a6f9 [ 530.627073] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 530.634767] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 530.642020] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 530.649273] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 530.656528] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 530.663785] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:17 executing program 5: 23:25:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03]}) 23:25:17 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:17 executing program 3: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r1 = semget$private(0x0, 0x0, 0x38) semctl$IPC_INFO(r1, 0x4, 0x3, &(0x7f0000000240)=""/155) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f0000000080)={0x1, @loopback, 0x4e22, 0x3, 'sh\x00', 0x4, 0x146b, 0x34}, 0x2c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fgetxattr(r2, &(0x7f0000000000)=@random={'system.', 'systemppp0*,\xe3vboxnet1\x00'}, &(0x7f0000000040)=""/36, 0x24) acct(&(0x7f00000000c0)='./bus\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x0, 0xfffffffffffffffe]}) [ 530.929327] Process accounting resumed 23:25:17 executing program 2 (fault-call:0 fault-nth:60): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:17 executing program 5: r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0x440040, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f0000000040)=@ccm_128={{0x2a658428041027a8}, "23db90d1a5fd0736", "4b5e0422b0afcde6dc6a260536382b55", "77d75a07", "eb7850d8e32421c8"}, 0x28) clone(0x80050400, 0x0, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) r2 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x63, 0x80301) syz_mount_image$bfs(&(0x7f0000000400)='bfs\x00', &(0x7f0000000440)='./bus\x00', 0x743, 0x6, &(0x7f00000008c0)=[{&(0x7f0000000480)="1e8e46fc337d2c524e0c73bcf0ea867bbe94acab1594d147e8334f0e2696866b4c4a8a114a58c1bb755b62dc160679f6033a05b8a1cdee90d17f876fe0694ce4b76b63559eeb626830566d972072b59a3c44a37a14d234d6efd3ebc7fe4bf363", 0x60, 0xcde1}, {&(0x7f0000000680)="56de6fae01035dc05c7e5d385d607a3591c7d28a43c36acf7ec4d7cc4b5493bc9a8b70115a96d5a877fd042b95019ab885dd46341e7ce50da03340a6475309ababe05e4fc1bbdc06c0bb5dd4474e7036ac38ff43350c481b753f270cef949084f6da03d3c28de5dede98e834a698c2d571a0fbe28dcffd763a6b83b043d16f63c56dbd832ad66a113e6cb02ddea50c6c70516e32b98a14ce6108570d906f8ab3b5ef838592b104b590a809c95db2f5bde859962b50ab984830f0beba1fcd648408349205b255c0b92c355b60f68510", 0xcf, 0x4}, {&(0x7f0000000780)="c3a031a3e391b53497f24359fb860cc8754f1c2f80f7f4a1683ee0b711c180473c075f72e2dffc201fca87b073d857657a8b18d14002c749fdf0c11e3e48286925bb80237741c691a18719e76fdb84cce515d3290c866a9a453673207fb4bb46748637bca8d664f3465e834c8668d2b120cb9cc9ed878601a0c7ef6ba25c57bc0ea1e972b59caf10d842bfa2efe509117b76674ec45a76c15bb8b10b1134a0f9a6550103be0b44e886ff085e23fb97159890a45b0ace115a2b916e4f684e2da9fb2b97de89fcecdd7371cfd04fb3d470b36e23a5c77b3ecc904bbbcf0df2164c160f261403ce4943a5ef6f4a8394bb249abc8f", 0xf3, 0x6}, {&(0x7f0000000500)='r', 0x1, 0x2}, {&(0x7f0000000540)="2e7d06f6ac", 0x5, 0xf259}, {&(0x7f0000000880)="a7c4ed1e650a3d74ba0c575ba49b0f71839a5cd3460115252fcb3e8c7f15f4e81df4432ac7306f2ef01d36df25", 0x2d, 0xfffffffffffffffd}], 0x1000002, 0x0) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x40000, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(r4, &(0x7f0000000000), 0x10000000d) ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000200)={0x0}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)) ioctl$DRM_IOCTL_DMA(r3, 0xc0406429, &(0x7f0000000380)={r5, 0x7, &(0x7f0000000240)=[0x1, 0x10, 0xc195, 0xffff, 0x2, 0x5, 0x5], &(0x7f00000002c0)=[0x800, 0x8], 0x20, 0x1, 0x9, &(0x7f0000000300)=[0xffff], &(0x7f0000000340)=[0x8]}) ioctl$DRM_IOCTL_LOCK(0xffffffffffffffff, 0x4008642a, &(0x7f0000000080)={r5, 0x20}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r2, 0x4010641c, &(0x7f0000000640)={r5, &(0x7f0000000580)=""/139}) r6 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r6, 0x7, &(0x7f0000027000)={0x1}) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r7, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r8 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r8, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r8, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r8, 0x1) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="01000008", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r8, 0x84, 0x6d, &(0x7f00000000c0)={r10}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f00000000c0)={r10, 0x5}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000280)={r11, 0x54, &(0x7f0000000180)=[@in6={0xa, 0x4e21, 0x2, @dev={0xfe, 0x80, [], 0xf}, 0x5}, @in6={0xa, 0x4e24, 0x8, @local, 0x4}, @in6={0xa, 0x4e20, 0x2, @empty, 0x3}]}, &(0x7f00000003c0)=0x10) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000080)={r5}) 23:25:17 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x10000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) recvmmsg(r2, &(0x7f0000002b00)=[{{&(0x7f0000000380)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x80, &(0x7f0000002740)=[{&(0x7f0000000400)=""/68, 0x44}, {&(0x7f0000000480)=""/158, 0x9e}, {&(0x7f0000000540)=""/4096, 0x1000}, {&(0x7f0000001540)=""/231, 0xe7}, {&(0x7f0000000300)=""/17, 0x11}, {&(0x7f0000001640)=""/4096, 0x1000}, {&(0x7f0000002640)=""/92, 0x5c}, {&(0x7f00000026c0)=""/76, 0x4c}], 0x8}, 0xad2}, {{0x0, 0x0, &(0x7f0000002a00)=[{&(0x7f00000027c0)=""/115, 0x73}, {&(0x7f0000002840)=""/83, 0x53}, {&(0x7f00000028c0)=""/153, 0x99}, {&(0x7f0000002980)=""/126, 0x7e}], 0x4, &(0x7f0000002a40)=""/129, 0x81}, 0x2}], 0x2, 0x43, &(0x7f0000002b80)={0x0, 0x1c9c380}) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000000c0)={r3, 0x91, 0x3ff, 0x5, 0x8}, &(0x7f0000000100)=0x14) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x200, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x600000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x34, r5, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, 0x0, 0x4101, 0x0, {0x18, 0x17, {0xa, 0x3, @udp='udp:syz0\x00'}}}, ["", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x400c8}, 0x40c1) 23:25:17 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x0, 0xfffffffffffffffe]}) [ 531.191232] FAULT_INJECTION: forcing a failure. [ 531.191232] name failslab, interval 1, probability 0, space 0, times 0 [ 531.218065] CPU: 0 PID: 28261 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 531.225995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.235359] Call Trace: [ 531.237966] dump_stack+0x142/0x197 [ 531.241616] should_fail.cold+0x10f/0x159 [ 531.245776] should_failslab+0xdb/0x130 [ 531.249742] __kmalloc+0x2f0/0x7a0 [ 531.253295] ? __list_lru_init+0x6b/0x660 [ 531.257440] __list_lru_init+0x6b/0x660 [ 531.261402] sget_userns+0x500/0xc30 [ 531.265966] ? set_anon_super+0x20/0x20 [ 531.269925] ? get_empty_filp.cold+0x3b/0x3b [ 531.274334] mount_ns+0x6d/0x190 [ 531.277689] ? mqueue_get_inode+0xaf0/0xaf0 [ 531.281997] mqueue_mount+0xc0/0xf0 [ 531.285617] mount_fs+0x97/0x2a1 [ 531.288975] vfs_kern_mount.part.0+0x5e/0x3d0 [ 531.293458] kern_mount_data+0x56/0xc0 [ 531.297339] mq_init_ns+0x167/0x220 [ 531.300949] copy_ipcs+0x35e/0x400 [ 531.304474] create_new_namespaces+0x1dd/0x720 [ 531.309040] ? ns_capable_common+0x12c/0x160 [ 531.313432] copy_namespaces+0x284/0x310 [ 531.317477] copy_process.part.0+0x2603/0x6a70 [ 531.322048] ? proc_fail_nth_write+0x7d/0x180 [ 531.326526] ? proc_cwd_link+0x1b0/0x1b0 [ 531.330580] ? __cleanup_sighand+0x50/0x50 [ 531.334813] ? lock_downgrade+0x740/0x740 [ 531.338947] _do_fork+0x19e/0xce0 [ 531.342386] ? fork_idle+0x280/0x280 [ 531.346088] ? fput+0xd4/0x150 [ 531.349265] ? SyS_write+0x15e/0x230 [ 531.352964] SyS_clone+0x37/0x50 [ 531.356311] ? sys_vfork+0x30/0x30 [ 531.359835] do_syscall_64+0x1e8/0x640 [ 531.363704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 531.368536] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 531.373710] RIP: 0033:0x45a6f9 [ 531.376881] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 531.384572] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 531.391823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 531.399073] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 531.406326] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 531.413579] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:18 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r1, 0x0, 0x0) r2 = getuid() syz_mount_image$hfs(&(0x7f0000000000)='hfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x2, &(0x7f0000000240)=[{&(0x7f0000000080)="c2b2c2719e91e3226d0b58c33b059d355cf60f8edc28648b573f46b14aa9e5db92d3b358f6c84df0db86084777c542e10de1b2ebefb9e43aace18868e41297d8e37236db4d2e49d716881d1d8bfb5bb854c0fb7f28a1d1c6de18697a24c1fd0ab6681f6e203c41e3c76c67aeb0b86d8764377de6f872c8ff35e3e7a5bf4c80def3e6745a555937812076657832d6c17597c9c46b229a90ac8cf3e6b89a35ecf301a4b63ffe60a3cbe4f4592b1e506592e213b5cfc87d5090ea", 0xb9, 0x4a76}, {&(0x7f0000000140)="c364d495866a81419994123b0feea49952e1dd3d1c6909bfef5722011484f844ca1d06774c332d0afd68206377445a20749a7a5228ecb5906f2ef42b50a8b9c392e1220a9d064b5255861500105024861c69c6231ae4579a39f694173a80946ddc4782fb0b338467dcf58705b2ef7d28e7dbe3d6198ec4c1c06c7a630ca023f5b7362c9c7aa736eff3a489518ed096d228a74e7e2f6019e9d283c1cd81464ac70a135b9e4a501dd903b278b360cfd9f9f87bd53a7c94f252108644d098ef77630fd38e31f0070a092160888d8c164fcc0ab698bc7160e6a3e0fb76de879f4304934169ceccda08732c11ffe31dd5707f6ca777b5b0432c968c1d4b35", 0xfc, 0xfe80}], 0x2080051, &(0x7f0000000280)={[{@type={'type', 0x3d, "a890ed70"}}], [{@euid_gt={'euid>', r1}}, {@smackfsfloor={'smackfsfloor'}}, {@fowner_eq={'fowner', 0x3d, r2}}]}) [ 531.499776] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00720000) 23:25:18 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0xe05, 0xa80) setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) 23:25:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x0, 0xfffffffffffffffe]}) 23:25:18 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:18 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) r0 = getpid() tkill(r0, 0x9) syz_open_dev$tty1(0xc, 0x4, 0x1) 23:25:18 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) dup3(r0, r1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:18 executing program 2 (fault-call:0 fault-nth:61): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:18 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SIOCX25SFACILITIES(r2, 0x89e3, &(0x7f0000000100)={0x5, 0x1, 0x6, 0xc, 0x9}) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setattr(r1, &(0x7f0000000080)={0x30, 0x1, 0x1, 0x0, 0x6, 0x0, 0x0, 0x100000001}, 0x0) r3 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r3) write$P9_RUNLINKAT(r3, &(0x7f00000000c0)={0x7, 0x4d, 0x2}, 0x7) r4 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r4) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f, 0x8}}, 0x20) write$RDMA_USER_CM_CMD_CONNECT(r3, &(0x7f0000000200)={0x6, 0x118, 0xfa00, {{0x3, 0x1f, "493292b1f65932b792851a367662d7cbeb19379b48f3f83d15cbfa323f803aa05b76e33776b54005a3b76c0104a0fa2532591b94f05a4138edbc00fe4fbe226703eed6f1c18ad27096192bcf0b84a2b9845ecc79538e74a1e3a796ce500393f439a6c5368074d356d963c1b1fbeccf6c47b11434afcef7add411b41fd3eddfde9a15f3465752da5973e2d67250571e2928c5c1577f1e4cc98fbf286145f3f7d80f76e7562a5a5887988818b07dca3d685914fea69d5836931c5c099191303c36d8794b9ad68bf85abaa626b3067c9328a71c3efe62828daff8aaaa4780566949fd63d80d29ed75cae0fed4bd19c86dc4cf8748f6c0378c8ddb60466e48e3a1fa", 0x1f, 0xcd, 0xa8, 0x6d, 0x2, 0x40, 0x9}, r5}}, 0x120) r6 = syz_open_procfs(r0, &(0x7f0000000000)='attr/exec\x00') mount(&(0x7f0000000340)=@loop={'/dev/loop', 0x0}, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='cgroup\x00', 0x2000, 0x0) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffd000/0x2000)=nil, 0x2000}, 0x1}) [ 531.886720] FAULT_INJECTION: forcing a failure. [ 531.886720] name failslab, interval 1, probability 0, space 0, times 0 [ 531.938393] CPU: 1 PID: 28314 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 531.946336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.955682] Call Trace: [ 531.955717] dump_stack+0x142/0x197 [ 531.955735] should_fail.cold+0x10f/0x159 [ 531.955751] should_failslab+0xdb/0x130 [ 531.955761] __kmalloc+0x2f0/0x7a0 [ 531.955775] ? lock_downgrade+0x740/0x740 [ 531.955786] ? register_shrinker+0xbd/0x220 [ 531.982096] register_shrinker+0xbd/0x220 [ 531.986256] sget_userns+0x9bf/0xc30 [ 531.989976] ? set_anon_super+0x20/0x20 [ 531.993960] ? get_empty_filp.cold+0x3b/0x3b [ 531.998398] mount_ns+0x6d/0x190 [ 532.001780] ? mqueue_get_inode+0xaf0/0xaf0 [ 532.006108] mqueue_mount+0xc0/0xf0 [ 532.009747] mount_fs+0x97/0x2a1 [ 532.013122] vfs_kern_mount.part.0+0x5e/0x3d0 [ 532.017627] kern_mount_data+0x56/0xc0 [ 532.021523] mq_init_ns+0x167/0x220 [ 532.025156] copy_ipcs+0x35e/0x400 [ 532.028705] create_new_namespaces+0x1dd/0x720 [ 532.033297] ? ns_capable_common+0x12c/0x160 [ 532.037714] copy_namespaces+0x284/0x310 [ 532.041785] copy_process.part.0+0x2603/0x6a70 [ 532.046384] ? proc_fail_nth_write+0x7d/0x180 [ 532.050894] ? proc_cwd_link+0x1b0/0x1b0 [ 532.054992] ? __cleanup_sighand+0x50/0x50 [ 532.059236] ? lock_downgrade+0x740/0x740 [ 532.063393] _do_fork+0x19e/0xce0 [ 532.066863] ? fork_idle+0x280/0x280 [ 532.070581] ? fput+0xd4/0x150 [ 532.073781] ? SyS_write+0x15e/0x230 [ 532.077500] SyS_clone+0x37/0x50 [ 532.080871] ? sys_vfork+0x30/0x30 [ 532.084415] do_syscall_64+0x1e8/0x640 [ 532.088308] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 532.093160] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.098348] RIP: 0033:0x45a6f9 [ 532.101536] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 532.109248] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 532.116530] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 532.123794] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 532.131045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 532.138319] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 532.166918] BFS-fs: bfs_fill_super(): No BFS filesystem on loop5 (magic=00720000) 23:25:18 executing program 5: clone(0x787467fbcff1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:18 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) dup3(r0, r1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:18 executing program 0: 23:25:18 executing program 4: r0 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000008, r0) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) mmap$snddsp_control(&(0x7f0000fed000/0x13000)=nil, 0x1000, 0x0, 0x100010, r1, 0x81000000) clone(0x80000400, 0x0, 0x0, 0x0, 0x0) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x149102, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r2, 0x10e, 0x8, &(0x7f0000000040)=0x2, 0x4) 23:25:18 executing program 3: clone(0x832c25c09f1a9982, 0x0, 0x0, 0x0, 0x0) 23:25:18 executing program 2 (fault-call:0 fault-nth:62): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:18 executing program 3: clone(0xca204100, 0x0, 0x0, 0x0, 0x0) 23:25:18 executing program 0: [ 532.308411] FAULT_INJECTION: forcing a failure. [ 532.308411] name failslab, interval 1, probability 0, space 0, times 0 [ 532.341885] CPU: 1 PID: 28341 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 532.350074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.359434] Call Trace: [ 532.362023] dump_stack+0x142/0x197 [ 532.362042] should_fail.cold+0x10f/0x159 [ 532.362060] should_failslab+0xdb/0x130 [ 532.369808] kmem_cache_alloc+0x2d7/0x780 [ 532.377928] ? lock_downgrade+0x740/0x740 [ 532.382087] ? mqueue_i_callback+0x30/0x30 [ 532.386334] mqueue_alloc_inode+0x1c/0x40 [ 532.390494] alloc_inode+0x64/0x180 [ 532.394131] new_inode_pseudo+0x19/0xf0 [ 532.398111] new_inode+0x1f/0x40 [ 532.401486] mqueue_get_inode+0x89/0xaf0 23:25:19 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3f, 0x8440) accept4$nfc_llcp(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x60, 0x80800) 23:25:19 executing program 4: clone(0x787467f5cf3979c, 0x0, 0x0, 0x0, 0x0) [ 532.405554] mqueue_fill_super+0x113/0x1f0 [ 532.409790] mount_ns+0xec/0x190 [ 532.413157] ? mqueue_get_inode+0xaf0/0xaf0 [ 532.417484] mqueue_mount+0xc0/0xf0 [ 532.421107] mount_fs+0x97/0x2a1 [ 532.424461] vfs_kern_mount.part.0+0x5e/0x3d0 [ 532.428952] kern_mount_data+0x56/0xc0 [ 532.432847] mq_init_ns+0x167/0x220 [ 532.436478] copy_ipcs+0x35e/0x400 [ 532.440021] create_new_namespaces+0x1dd/0x720 [ 532.440031] ? ns_capable_common+0x12c/0x160 [ 532.440043] copy_namespaces+0x284/0x310 [ 532.440054] copy_process.part.0+0x2603/0x6a70 [ 532.440071] ? proc_fail_nth_write+0x7d/0x180 [ 532.449040] ? proc_cwd_link+0x1b0/0x1b0 [ 532.449061] ? __cleanup_sighand+0x50/0x50 [ 532.449073] ? lock_downgrade+0x740/0x740 [ 532.474618] _do_fork+0x19e/0xce0 [ 532.478084] ? fork_idle+0x280/0x280 [ 532.481805] ? fput+0xd4/0x150 [ 532.485014] ? SyS_write+0x15e/0x230 [ 532.488751] SyS_clone+0x37/0x50 [ 532.492123] ? sys_vfork+0x30/0x30 [ 532.495674] do_syscall_64+0x1e8/0x640 [ 532.499579] ? trace_hardirqs_off_thunk+0x1a/0x1c 23:25:19 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) recvfrom$rose(0xffffffffffffffff, &(0x7f0000000000)=""/43, 0x2b, 0x10000, 0x0, 0x0) 23:25:19 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) dup3(r0, r1, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:19 executing program 0: 23:25:19 executing program 4: clone(0x900000, 0x0, 0x0, 0x0, 0x0) 23:25:19 executing program 5: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000040)={0x3, "8292db"}, 0x4) syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) ioctl$SIOCGETNODEID(r1, 0x89e1, &(0x7f0000000000)={0x2}) clone(0x0, 0x0, 0x0, 0x0, 0x0) [ 532.504437] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.509631] RIP: 0033:0x45a6f9 [ 532.509639] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 532.520544] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 532.520550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 532.520556] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 532.520561] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 532.520567] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:19 executing program 2 (fault-call:0 fault-nth:63): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:19 executing program 0: 23:25:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r5, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_ax25_SIOCADDRT(r5, 0x890b, &(0x7f0000000080)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x80, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r6 = fcntl$dupfd(r1, 0x0, r3) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f0000000040)=0x1f) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_GET_NESTED_STATE(r4, 0xc080aebe, &(0x7f0000000240)={0x0, 0x0, 0x2080}) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x101) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x400c00, 0x0) ioctl$sock_inet_SIOCGARP(r10, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) bind$netlink(r10, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbff, 0x1000515}, 0xc) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 532.666615] FAULT_INJECTION: forcing a failure. [ 532.666615] name failslab, interval 1, probability 0, space 0, times 0 [ 532.712314] IPVS: ftp: loaded support on port[0] = 21 [ 532.717900] CPU: 1 PID: 28374 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 532.725816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.735177] Call Trace: [ 532.737775] dump_stack+0x142/0x197 [ 532.741422] should_fail.cold+0x10f/0x159 [ 532.745584] should_failslab+0xdb/0x130 [ 532.749572] kmem_cache_alloc+0x2d7/0x780 [ 532.753774] ? mqueue_alloc_inode+0x1c/0x40 [ 532.758111] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 532.763570] selinux_inode_alloc_security+0xb6/0x2a0 [ 532.768679] security_inode_alloc+0x94/0xd0 [ 532.772991] inode_init_always+0x552/0xaf0 [ 532.777213] alloc_inode+0x81/0x180 [ 532.780915] new_inode_pseudo+0x19/0xf0 [ 532.784874] new_inode+0x1f/0x40 [ 532.788224] mqueue_get_inode+0x89/0xaf0 [ 532.792287] mqueue_fill_super+0x113/0x1f0 [ 532.796508] mount_ns+0xec/0x190 [ 532.799874] ? mqueue_get_inode+0xaf0/0xaf0 [ 532.804206] mqueue_mount+0xc0/0xf0 [ 532.807833] mount_fs+0x97/0x2a1 [ 532.811184] vfs_kern_mount.part.0+0x5e/0x3d0 [ 532.815682] kern_mount_data+0x56/0xc0 [ 532.819558] mq_init_ns+0x167/0x220 [ 532.823176] copy_ipcs+0x35e/0x400 [ 532.826708] create_new_namespaces+0x1dd/0x720 [ 532.831293] ? ns_capable_common+0x12c/0x160 [ 532.835707] copy_namespaces+0x284/0x310 [ 532.839850] copy_process.part.0+0x2603/0x6a70 [ 532.844433] ? proc_fail_nth_write+0x7d/0x180 [ 532.848932] ? proc_cwd_link+0x1b0/0x1b0 [ 532.852996] ? __cleanup_sighand+0x50/0x50 [ 532.857216] ? lock_downgrade+0x740/0x740 [ 532.861358] _do_fork+0x19e/0xce0 [ 532.864805] ? fork_idle+0x280/0x280 [ 532.868530] ? fput+0xd4/0x150 [ 532.871728] ? SyS_write+0x15e/0x230 [ 532.875444] SyS_clone+0x37/0x50 [ 532.878820] ? sys_vfork+0x30/0x30 [ 532.882382] do_syscall_64+0x1e8/0x640 [ 532.886272] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 532.891115] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.896319] RIP: 0033:0x45a6f9 [ 532.899507] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 532.907220] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 532.914500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 532.921766] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 532.929024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 532.936291] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:20 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x1000080002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:20 executing program 5: clone(0x20000000, 0x0, 0x0, 0x0, 0x0) 23:25:20 executing program 0: 23:25:20 executing program 2 (fault-call:0 fault-nth:64): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:20 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x80, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000040)={0x2, 0xdfc7}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r3, 0x0, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setresuid(r5, 0x0, 0x0) r6 = getuid() r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r7, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r7, r7, &(0x7f0000000240), 0x7fff) getsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000300)={{{@in=@remote, @in6=@ipv4={[], [], @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@broadcast}}, &(0x7f0000000400)=0xe8) syz_mount_image$jfs(&(0x7f0000000080)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x9, 0x2, &(0x7f0000000200)=[{&(0x7f0000000100)="8285656c74997e3915c57684", 0xc}, {&(0x7f0000000140)="6203a916e358dd8d77c784af80d9c5ea1f855acf64ee3cca900bcb941a1d48140c0f7d9d7e948306d9ea5c7f3564207c6c514481fad5fd87d6fb5702219ae9bd87d60f39da6f30fb7e13ab6d99bbc7339713b956c14cd75240116809074d22af86e50e448f09ae577374dd5353dc71f7429758ee883670d7162a39506aa27e861feb668943557415e60aec4aaff97b393fa6f08e5741d21208223dd4d249006a7141a67dc9", 0xa5, 0x2}], 0x40010, &(0x7f0000000440)={[{@uid={'uid', 0x3d, r1}}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@errors_remount='errors=remount-ro'}, {@grpquota='grpquota'}, {@quota='quota'}, {@umask={'umask', 0x3d, 0x4}}, {@noquota='noquota'}, {@integrity='integrity'}], [{@smackfsdef={'smackfsdef', 0x3d, '-em1'}}, {@seclabel='seclabel'}, {@euid_eq={'euid', 0x3d, r3}}, {@uid_eq={'uid', 0x3d, r5}}, {@pcr={'pcr', 0x3d, 0xf}}, {@euid_eq={'euid', 0x3d, r6}}, {@audit='audit'}, {@fowner_gt={'fowner>', r8}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@subj_role={'subj_role'}}]}) 23:25:20 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000200)={0x4, [0x3, 0x2, 0x87, 0x3]}, 0xc) r1 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x50200, 0x2) ioctl$VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f00000000c0)={0xb, @pix_mp={0x5, 0xa7, 0x10077618, 0x3, 0x1, [{0x64}, {0x4, 0x3}, {0x4, 0x100}, {0x6, 0x1}, {0x4, 0x9}, {0x7, 0x5}, {0x7}, {0x4, 0x1}], 0x8, 0x4, 0x0, 0x2, 0x6}}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$FICLONE(r0, 0x40049409, r3) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x200000, 0x0) setsockopt$netrom_NETROM_T2(r4, 0x103, 0x2, &(0x7f0000000040)=0x80, 0x4) 23:25:20 executing program 4: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2, 0x0) clone(0x787467f86ee0d9c, 0x0, 0x0, 0x0, 0x0) 23:25:20 executing program 0: 23:25:20 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x1000080002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 533.808099] FAULT_INJECTION: forcing a failure. [ 533.808099] name failslab, interval 1, probability 0, space 0, times 0 [ 533.890308] CPU: 1 PID: 28401 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 533.898352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.907724] Call Trace: [ 533.910313] dump_stack+0x142/0x197 [ 533.913931] should_fail.cold+0x10f/0x159 [ 533.918066] should_failslab+0xdb/0x130 [ 533.922113] kmem_cache_alloc+0x2d7/0x780 [ 533.926265] ? mqueue_alloc_inode+0x1c/0x40 [ 533.930598] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 533.936172] selinux_inode_alloc_security+0xb6/0x2a0 [ 533.941279] security_inode_alloc+0x94/0xd0 [ 533.945608] inode_init_always+0x552/0xaf0 [ 533.949856] alloc_inode+0x81/0x180 [ 533.953479] new_inode_pseudo+0x19/0xf0 [ 533.957446] new_inode+0x1f/0x40 [ 533.960822] mqueue_get_inode+0x89/0xaf0 [ 533.964872] mqueue_fill_super+0x113/0x1f0 [ 533.969101] mount_ns+0xec/0x190 [ 533.972452] ? mqueue_get_inode+0xaf0/0xaf0 [ 533.976761] mqueue_mount+0xc0/0xf0 [ 533.980372] mount_fs+0x97/0x2a1 [ 533.983723] vfs_kern_mount.part.0+0x5e/0x3d0 [ 533.988204] kern_mount_data+0x56/0xc0 [ 533.992073] mq_init_ns+0x167/0x220 [ 533.995683] copy_ipcs+0x35e/0x400 [ 533.999220] create_new_namespaces+0x1dd/0x720 [ 534.003787] ? ns_capable_common+0x12c/0x160 [ 534.008180] copy_namespaces+0x284/0x310 [ 534.012227] copy_process.part.0+0x2603/0x6a70 [ 534.016800] ? proc_fail_nth_write+0x7d/0x180 [ 534.021278] ? proc_cwd_link+0x1b0/0x1b0 [ 534.025329] ? __cleanup_sighand+0x50/0x50 [ 534.029547] ? lock_downgrade+0x740/0x740 [ 534.033683] _do_fork+0x19e/0xce0 [ 534.037123] ? fork_idle+0x280/0x280 [ 534.040823] ? fput+0xd4/0x150 [ 534.044085] ? SyS_write+0x15e/0x230 [ 534.047787] SyS_clone+0x37/0x50 [ 534.051136] ? sys_vfork+0x30/0x30 [ 534.054663] do_syscall_64+0x1e8/0x640 [ 534.058534] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.063380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 534.068556] RIP: 0033:0x45a6f9 [ 534.071729] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 534.079436] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 23:25:20 executing program 5: clone(0x3d40b4694bb99004, 0x0, 0x0, 0x0, 0x0) [ 534.086692] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 534.093948] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 534.101219] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 534.108485] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:20 executing program 0: 23:25:20 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000001300)='/dev/vcs#\x00', 0x8, 0x101000) getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000001340)={'filter\x00', 0x32, "50434187393b649e8d86ea5b21883ec381cc71a2dc26df3e44529b356587fe2dd2a46c4fa16f0e5997a83e63e2ea6d5c76ef"}, &(0x7f00000013c0)=0x56) r1 = creat(&(0x7f0000000000)='./file0\x00', 0xa) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000040)=""/28) 23:25:20 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) close(r0) 23:25:20 executing program 5: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/142, 0x8e}], 0x1, 0x5) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:20 executing program 2 (fault-call:0 fault-nth:65): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:20 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x1000080002, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:21 executing program 0: 23:25:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fstat(r1, &(0x7f0000000140)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r2 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r2, 0xc0845658, &(0x7f0000000040)={0x0, @reserved}) setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000100)=0x63, 0x4) 23:25:21 executing program 0: [ 534.343407] FAULT_INJECTION: forcing a failure. [ 534.343407] name failslab, interval 1, probability 0, space 0, times 0 23:25:21 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:21 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$binderN(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x800) ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0xffffffff) r1 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$SOUND_MIXER_WRITE_RECSRC(r1, 0xc0044dff, &(0x7f00000000c0)=0x8) [ 534.423234] QAT: Invalid ioctl [ 534.439117] CPU: 1 PID: 28437 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 534.447068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.447074] Call Trace: [ 534.447092] dump_stack+0x142/0x197 [ 534.447111] should_fail.cold+0x10f/0x159 [ 534.447128] should_failslab+0xdb/0x130 [ 534.470825] kmem_cache_alloc_trace+0x2e9/0x790 [ 534.475493] ? __lock_acquire+0x5f7/0x4620 [ 534.475510] selinux_parse_opts_str+0x3c1/0xa30 [ 534.475520] ? trace_hardirqs_on+0x10/0x10 [ 534.475536] ? selinux_sb_show_options+0xd50/0xd50 [ 534.493589] ? trace_hardirqs_on+0x10/0x10 [ 534.497839] ? d_instantiate+0x7b/0xa0 [ 534.501747] ? save_trace+0x290/0x290 [ 534.505569] ? find_held_lock+0x35/0x130 [ 534.505580] ? d_instantiate+0x7b/0xa0 [ 534.505590] ? lockref_get+0x46/0x60 [ 534.505605] superblock_doinit+0xeb/0x200 [ 534.505616] ? selinux_parse_opts_str+0xa30/0xa30 [ 534.505633] selinux_sb_kern_mount+0xa9/0x230 [ 534.505643] ? delayed_superblock_init+0x20/0x20 [ 534.535509] ? _raw_spin_unlock+0x2d/0x50 [ 534.539668] ? lockref_get+0x46/0x60 [ 534.543389] ? mount_ns+0xc1/0x190 [ 534.546935] security_sb_kern_mount+0x7d/0xb0 [ 534.551425] ? mqueue_mount+0xc0/0xf0 [ 534.555237] mount_fs+0x14e/0x2a1 [ 534.558685] vfs_kern_mount.part.0+0x5e/0x3d0 [ 534.563186] kern_mount_data+0x56/0xc0 [ 534.567060] mq_init_ns+0x167/0x220 [ 534.570670] copy_ipcs+0x35e/0x400 [ 534.574199] create_new_namespaces+0x1dd/0x720 [ 534.578767] ? ns_capable_common+0x12c/0x160 [ 534.583162] copy_namespaces+0x284/0x310 [ 534.587218] copy_process.part.0+0x2603/0x6a70 [ 534.591789] ? proc_fail_nth_write+0x7d/0x180 [ 534.596267] ? proc_cwd_link+0x1b0/0x1b0 [ 534.600324] ? __cleanup_sighand+0x50/0x50 [ 534.604555] ? lock_downgrade+0x740/0x740 [ 534.608690] _do_fork+0x19e/0xce0 [ 534.612133] ? fork_idle+0x280/0x280 [ 534.615830] ? fput+0xd4/0x150 [ 534.619005] ? SyS_write+0x15e/0x230 [ 534.622725] SyS_clone+0x37/0x50 [ 534.626093] ? sys_vfork+0x30/0x30 [ 534.629636] do_syscall_64+0x1e8/0x640 [ 534.633511] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.638359] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 534.643532] RIP: 0033:0x45a6f9 [ 534.646705] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 534.654397] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 534.661651] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:25:21 executing program 0: [ 534.668905] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 534.676161] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 534.683415] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:21 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x2000, 0x0) ioctl$IMCLEAR_L2(r0, 0x80044946, &(0x7f0000000040)=0x2) getcwd(&(0x7f0000000080)=""/4096, 0x1000) [ 534.717721] binder: 28455:28458 ioctl c0044dff 200000c0 returned -22 23:25:21 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:21 executing program 2 (fault-call:0 fault-nth:66): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:21 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) gettid() 23:25:21 executing program 4: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r2, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r2, 0x1) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f00000000c0)={r4}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r4, 0x8}, &(0x7f0000000040)=0x8) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000680)={&(0x7f0000000080)=[0x0, 0x0], &(0x7f00000005c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000600)=[0x0], &(0x7f0000000640)=[0x0], 0x2, 0x4, 0x1, 0x1}) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_generic(r0, &(0x7f0000000580)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2080}, 0xc, &(0x7f0000000540)={&(0x7f0000000140)={0x3e0, 0x10, 0xab8635274f347ed9, 0x70bd2a, 0x25dfdbfe, {}, [@nested={0x17c, 0x52, [@typed={0xc, 0x41, @u64=0x76d5}, @generic="b90513f2b7cece9c07aecaef590c03517d4d45470e60e2573903311d3da89c28c5391c94866cd7d032a1f7927e192c45c01d68a77089d0cd0cf1e4e6c95a68e53f87b633a4a3a58a2f6aace4662a6e5b4924b2db67efaa481ee48a2feda5d226c97fb4e118cadb97ce9effa52c361df76601ac85c0666e3751e1", @generic="9bc6f1cd63bb230efb81122a321a4a955fa28d4a14d71beec56f5a3e06665468a942553db77ad92e61cb5734550b35da099c3f46af97cb43ae0c6cc970021d09e85d6bf9f5367698c3ecce5de99c66a59629a53e1e86d2fcbd06178362f1216c59c8236391c3359d897ed06dad828a3b9cd3bcfca38d2f94d755d162c901ea82e15537c1de0e5a330286e8d765b3d3b64365a8b0b98c3e73870e2dc48d80160eced134605fff2fbb0f8e709dae31100a8552d80ea330a2c8aad67ec0d8dd2e13e2a29364ee9fc8b7d586fcc848b18d37e481943b51c549a908c995a37508d9b2291e596f80a89ed4f62791cdf26ef8ea3f7f"]}, @nested={0x1ec, 0x91, [@generic="be484c297de9f31bc0905e6525233a196977b3bb09d34a3b91a1ce7ea5adb8df9244711deb2720784b9a2e50fc6f0b54f16cdc08e770c930233bc79e56f9083173f1d0dcb5d116a65fabf4a514cb4511e1583c4597bae907dd86be941eac7b83f1290e4410", @generic="844c7beafdb5053fc780df04507ebe7d935ffdddc8710f1a86324c6660fc2ef707789b4aec8389c2a14c0cffa2be819b57e2a7bf3c5a865bdc7465260a84f0f74ab4bc5698e4557daf86adfc7d96e691b6c77bae0325918618e27f3546e898d088610ee78b06d2d9e53da558d6dec87762a6e903ebd5722a1ebe571c5e3b9a4e437c1877a4d1436e6561e6b57a9ba7b5c7b6ffb74e6194ff0faba08668446f92a4f1f9d9cf057162f73d61786e3e065bc330192e3231151fff32d21ca1485a016f35457409d51765c3f96edf79354bd353b28ad8981b539584df12af2eb1ef7d11", @generic="36249707d79f27eed31cd3c22c1f1263dc65ace6f1d4f40337651da52aec823fa749de95cd8788b1d25bcb4afd7312eb443cbb6c932f29225a8e363856c1c1c934fcc71a4f613ce8a5a7acc5c34b27a8b6b6f48ce0ab35696a9cb3b811efa6948e994422c2820a8fcb49a377ca4772c36d1b47469f1ce07520e027aac75451f97e70d21311537e52f2428c26ff1d3863b8edcfd3c4671efb8f98bcd7d196a86fecc3"]}, @nested={0x48, 0x88, [@typed={0x8, 0x41, @fd=r5}, @typed={0x18, 0x71, @str='trustedem1keyring[\x00'}, @generic="eb101d0a0f4c30d21e0cd70e1475eaa662127d0a23c71372f76009ef2dd371431813"]}, @typed={0xc, 0x1d, @str='^proc%\x00'}, @nested={0x10, 0x2d, [@typed={0xc, 0x1f, @u64=0x8}]}]}, 0x3e0}, 0x1, 0x0, 0x0, 0x10000}, 0x40000) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:21 executing program 0: 23:25:21 executing program 5: prctl$PR_GET_KEEPCAPS(0x7) clone(0x8822800, 0x0, 0x0, 0x0, 0x0) 23:25:21 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:21 executing program 0: 23:25:21 executing program 3: ioctl$sock_SIOCSIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 534.931269] FAULT_INJECTION: forcing a failure. [ 534.931269] name failslab, interval 1, probability 0, space 0, times 0 23:25:21 executing program 5: prctl$PR_SET_SECUREBITS(0x1c, 0x10) clone(0x8000, 0x0, 0x0, 0x0, 0x0) [ 535.001081] CPU: 1 PID: 28491 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 535.009018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.018378] Call Trace: [ 535.018399] dump_stack+0x142/0x197 [ 535.018429] should_fail.cold+0x10f/0x159 [ 535.018453] should_failslab+0xdb/0x130 [ 535.032784] kmem_cache_alloc_trace+0x2e9/0x790 [ 535.037466] selinux_parse_opts_str+0x42c/0xa30 [ 535.037480] ? trace_hardirqs_on+0x10/0x10 [ 535.046382] ? selinux_sb_show_options+0xd50/0xd50 23:25:21 executing program 0: [ 535.051315] ? trace_hardirqs_on+0x10/0x10 [ 535.051327] ? d_instantiate+0x7b/0xa0 [ 535.051337] ? save_trace+0x290/0x290 [ 535.051346] ? find_held_lock+0x35/0x130 [ 535.051353] ? d_instantiate+0x7b/0xa0 [ 535.051363] ? lockref_get+0x46/0x60 [ 535.051374] superblock_doinit+0xeb/0x200 [ 535.051384] ? selinux_parse_opts_str+0xa30/0xa30 [ 535.083997] selinux_sb_kern_mount+0xa9/0x230 [ 535.088481] ? delayed_superblock_init+0x20/0x20 [ 535.093237] ? _raw_spin_unlock+0x2d/0x50 [ 535.097371] ? lockref_get+0x46/0x60 [ 535.101071] ? mount_ns+0xc1/0x190 [ 535.104596] security_sb_kern_mount+0x7d/0xb0 [ 535.109075] ? mqueue_mount+0xc0/0xf0 [ 535.112871] mount_fs+0x14e/0x2a1 [ 535.116312] vfs_kern_mount.part.0+0x5e/0x3d0 [ 535.120806] kern_mount_data+0x56/0xc0 [ 535.124685] mq_init_ns+0x167/0x220 [ 535.128296] copy_ipcs+0x35e/0x400 [ 535.131823] create_new_namespaces+0x1dd/0x720 [ 535.136390] ? ns_capable_common+0x12c/0x160 [ 535.140796] copy_namespaces+0x284/0x310 [ 535.144958] copy_process.part.0+0x2603/0x6a70 [ 535.149530] ? proc_fail_nth_write+0x7d/0x180 [ 535.154032] ? proc_cwd_link+0x1b0/0x1b0 [ 535.158083] ? __cleanup_sighand+0x50/0x50 [ 535.162305] ? lock_downgrade+0x740/0x740 [ 535.166457] _do_fork+0x19e/0xce0 [ 535.169898] ? fork_idle+0x280/0x280 [ 535.173688] ? fput+0xd4/0x150 [ 535.176866] ? SyS_write+0x15e/0x230 [ 535.180593] SyS_clone+0x37/0x50 [ 535.184202] ? sys_vfork+0x30/0x30 [ 535.187742] do_syscall_64+0x1e8/0x640 [ 535.191622] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 535.196466] entry_SYSCALL_64_after_hwframe+0x42/0xb7 23:25:21 executing program 1: r0 = socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 535.201650] RIP: 0033:0x45a6f9 [ 535.204824] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 535.212529] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 535.219788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 535.227133] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 535.234388] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 535.241641] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:22 executing program 3: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selin\x05\x00\x00\x00\x00\x00\x00\x00t[pending_bools\x00', 0x1, 0x0) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 2 (fault-call:0 fault-nth:67): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 0: 23:25:22 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r0, 0x800443d2, &(0x7f0000000500)={0x4, &(0x7f0000000480)=[{}, {}, {}, {}]}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x200, 0x0) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f0000000440)={0x1, 0x0, 0x1a, 0x0, 0x71, &(0x7f0000000040)}) [ 535.473213] FAULT_INJECTION: forcing a failure. [ 535.473213] name failslab, interval 1, probability 0, space 0, times 0 [ 535.496845] CPU: 0 PID: 28527 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 535.504960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.514432] Call Trace: [ 535.514455] dump_stack+0x142/0x197 23:25:22 executing program 3: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3}, &(0x7f0000000000)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000000)=r3, 0x4) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 5: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0xe0101, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000040)='lo\x00', 0x3) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r1) epoll_wait(r1, &(0x7f0000000080)=[{}], 0x1, 0xc1) [ 535.520652] should_fail.cold+0x10f/0x159 [ 535.520668] should_failslab+0xdb/0x130 [ 535.520678] kmem_cache_alloc+0x2d7/0x780 [ 535.520688] ? retire_userns_sysctls+0x90/0x90 [ 535.520704] copy_pid_ns+0x1af/0xa50 [ 535.520719] create_new_namespaces+0x267/0x720 [ 535.520731] copy_namespaces+0x284/0x310 [ 535.520743] copy_process.part.0+0x2603/0x6a70 [ 535.520760] ? proc_fail_nth_write+0x7d/0x180 [ 535.520766] ? proc_cwd_link+0x1b0/0x1b0 [ 535.520784] ? __cleanup_sighand+0x50/0x50 [ 535.520795] ? lock_downgrade+0x740/0x740 23:25:22 executing program 4: r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$CAPI_INSTALLED(r0, 0x80024322) r1 = open(&(0x7f0000000000)='./file0\x00', 0xec382, 0x8) r2 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r2, 0x7, &(0x7f0000027000)={0x1}) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r2, 0x114, 0xa, &(0x7f0000000040), 0x1) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000200)={{{@in=@multicast2, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@dev}}, &(0x7f0000000180)=0xe8) mount$9p_tcp(&(0x7f00000000c0)='127.0.0.1\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x10050, &(0x7f0000000300)={'trans=tcp,', {'port', 0x3d, 0x4e24}, 0x2c, {[{@mmap='mmap'}, {@cache_loose='cache=loose'}, {@msize={'msize', 0x3d, 0x7}}, {@aname={'aname', 0x3d, '*mime_typeem0em0:,'}}, {@msize={'msize', 0x3d, 0x20}}, {@aname={'aname', 0x3d, '#'}}, {@msize={'msize', 0x3d, 0xf7}}, {@afid={'afid', 0x3d, 0x2}}, {@access_any='access=any'}], [{@measure='measure'}, {@audit='audit'}, {@fowner_gt={'fowner>', r3}}]}}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x0, 0x0) ioctl$SCSI_IOCTL_SYNC(r1, 0x4) clone(0x1bab1ea58a8fb115, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 1: r0 = socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 535.520807] _do_fork+0x19e/0xce0 [ 535.520818] ? fork_idle+0x280/0x280 [ 535.520830] ? fput+0xd4/0x150 [ 535.520838] ? SyS_write+0x15e/0x230 [ 535.520849] SyS_clone+0x37/0x50 [ 535.520855] ? sys_vfork+0x30/0x30 [ 535.520867] do_syscall_64+0x1e8/0x640 [ 535.520874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 535.520891] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 535.520898] RIP: 0033:0x45a6f9 [ 535.520903] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 23:25:22 executing program 0: [ 535.520912] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 535.520925] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 535.520931] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 535.520936] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 535.520942] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:22 executing program 1: r0 = socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:22 executing program 2 (fault-call:0 fault-nth:68): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 5: prctl$PR_SET_SECUREBITS(0x1c, 0x2) socket$nl_crypto(0x10, 0x3, 0x15) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/142, 0x8e}], 0x1, 0x5) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 4: clone(0xa86b9364cc7ddb36, 0x0, 0x0, 0x0, 0x0) [ 535.807357] FAULT_INJECTION: forcing a failure. [ 535.807357] name failslab, interval 1, probability 0, space 0, times 0 [ 535.868107] CPU: 0 PID: 28555 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 535.876176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.885769] Call Trace: [ 535.888369] dump_stack+0x142/0x197 [ 535.892009] should_fail.cold+0x10f/0x159 [ 535.892028] should_failslab+0xdb/0x130 [ 535.892039] kmem_cache_alloc_trace+0x2e9/0x790 [ 535.892045] ? kmem_cache_alloc+0x611/0x780 [ 535.892056] ? retire_userns_sysctls+0x90/0x90 [ 535.892074] copy_pid_ns+0x1f5/0xa50 [ 535.917612] create_new_namespaces+0x267/0x720 [ 535.922190] copy_namespaces+0x284/0x310 [ 535.926371] copy_process.part.0+0x2603/0x6a70 [ 535.930967] ? proc_fail_nth_write+0x7d/0x180 [ 535.935469] ? proc_cwd_link+0x1b0/0x1b0 [ 535.939531] ? __cleanup_sighand+0x50/0x50 [ 535.943894] ? lock_downgrade+0x740/0x740 [ 535.948056] _do_fork+0x19e/0xce0 [ 535.951506] ? fork_idle+0x280/0x280 [ 535.955246] ? fput+0xd4/0x150 [ 535.958430] ? SyS_write+0x15e/0x230 [ 535.962322] SyS_clone+0x37/0x50 [ 535.965678] ? sys_vfork+0x30/0x30 [ 535.969215] do_syscall_64+0x1e8/0x640 [ 535.973090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 535.977924] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 535.983100] RIP: 0033:0x45a6f9 [ 535.986273] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 535.993966] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 536.001221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 536.008490] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:25:22 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:22 executing program 3: clone(0xaca143237ca647e0, 0x0, 0x0, 0x0, 0x0) 23:25:22 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = getpid() r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$cont(0x1f, r0, 0x3, 0x105) [ 536.015762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 536.023026] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 536.048835] QAT: Invalid ioctl 23:25:22 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x2000, 0x0) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000080)=0x4) 23:25:22 executing program 5: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r0, 0x40184152, &(0x7f00000001c0)={0x0, &(0x7f0000000180)=[&(0x7f0000000000)="8f4778351edec258d764398113bce484bd190d70d981fe10d9e96527752242393ab3e7f7813c41fa60d3bd4087aa3a5e7628ddc274caca2018f811756ef5b9387ef3f5b2fff1d0b6e75968c7388a6499fd01e32bd7068c0d38af4c709e8ce9de40a15221d0e2b9075d2f54bbf673638dc818cd7d7e5cda186fd0827d971558107d93fc3ca400a8c7c80ba38a187c", &(0x7f00000000c0)="9fa3b7091e1198fff9708a1f613d3dce8ca5435361c7e44c5b9370e2f12536a6fb0071c33742a86cb4f6a25a8a01543f9f51f3c99bd0a2f0caca7a6e80a35a64323c0f289c5208ba791883e498869050876d113dfe0d42aa095f924c32dab88e2adb564128d00879e0cd7e05cf361f451ec04165799b43a968465829e4a60e859da5c4551d"], 0x8}) 23:25:22 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, &(0x7f0000000000)={0x7c, 0x40, 0x28}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = fcntl$getown(r0, 0x9) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x0, 0x100) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000240)={0x8001, {{0x2, 0x4e22, @multicast1}}, 0x1, 0xa, [{{0x2, 0x4e20, @remote}}, {{0x2, 0x4e20, @rand_addr=0x3}}, {{0x2, 0x4e23, @local}}, {{0x2, 0x4e24, @loopback}}, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x15}}}, {{0x2, 0x4e20, @remote}}, {{0x2, 0x4e20, @broadcast}}, {{0x2, 0x4e21, @empty}}, {{0x2, 0x4e21, @local}}, {{0x2, 0x4e23, @broadcast}}]}, 0x590) ptrace$cont(0x18, r1, 0xfffffffffffff4b7, 0x4) 23:25:22 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:22 executing program 5: clone(0xed16ab9202a7684d, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 2 (fault-call:0 fault-nth:69): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x134, 0x1000) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x6000, 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000180)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 5: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f00000003c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x1f, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={'nr', 0x0}, 0x3, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) get_mempolicy(&(0x7f0000000240), &(0x7f00000002c0), 0xfffffffffffffc01, &(0x7f0000ffb000/0x2000)=nil, 0x4) mount$bpf(0x20000000, &(0x7f0000000900)='./file0/file0\x00', 0x0, 0x2001001, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'batadv0\x00'}) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000009c0)={{{@in6, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000000440)=0xe8) r13 = socket$nl_route(0x10, 0x3, 0x0) r14 = socket$netlink(0x10, 0x3, 0x0) r15 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r15, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r15, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r14, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r16}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r16, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r15, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002e00070200"/20, @ANYRES32=r16, @ANYBLOB="ecff120000000000000000de"], 0x24}}, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x1fa, &(0x7f0000000000)={&(0x7f0000000b40)=@ipv6_delroute={0x0, 0x19, 0x442e2731351e2f0d, 0x70bd2d, 0x25dfdbff, {0xa, 0x20, 0x28, 0x17, 0xfe, 0x2, 0xff, 0x8, 0x800}, [@RTA_UID={0x0, 0x19, r12}, @RTA_OIF={0x0, 0x4, r16}, @RTA_ENCAP_TYPE, @RTA_GATEWAY={0x0, 0x5, @rand_addr="fd803468f02e2b6391edf8831222cd28"}, @RTA_EXPIRES={0x0, 0x17, 0xac}]}, 0xfffffffffffffeb2}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="440400002400070500"/20, @ANYRES32=r11, @ANYBLOB="00000e00ffffffff00000000080001006362710018040200040406000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000500060000000000000005000000"], 0x444}}, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002e00070200"/20, @ANYRES32=r11, @ANYBLOB="ecff120000000000000000de"], 0x24}}, 0x0) bind$packet(r6, &(0x7f0000000100)={0x11, 0x10, r11, 0x1, 0x1}, 0x14) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB="2000000011000cfd000000000026df311347a765", @ANYRES32=r17, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0) socket$key(0xf, 0x3, 0x2) preadv(0xffffffffffffffff, 0x0, 0xc40c94d75fb102d0, 0x4) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4) pivot_root(&(0x7f0000000380)='./file0\x00', &(0x7f0000000340)='./file0\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x0, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:23 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/142, 0x8e}], 0x1, 0x5) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 536.569761] FAULT_INJECTION: forcing a failure. [ 536.569761] name failslab, interval 1, probability 0, space 0, times 0 [ 536.611885] CPU: 1 PID: 28630 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 536.619824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.622307] QAT: Invalid ioctl [ 536.629184] Call Trace: [ 536.629205] dump_stack+0x142/0x197 [ 536.629223] should_fail.cold+0x10f/0x159 [ 536.629240] should_failslab+0xdb/0x130 [ 536.629252] kmem_cache_alloc+0x2d7/0x780 [ 536.646793] ? lockdep_init_map+0x9/0x10 [ 536.646804] ? copy_pid_ns+0x4f/0xa50 [ 536.646819] alloc_pid+0x5d/0xc70 [ 536.655051] ? do_arch_prctl_64+0x1a0/0x560 [ 536.655064] ? copy_thread_tls+0x4cd/0x7a0 [ 536.655080] copy_process.part.0+0x272f/0x6a70 [ 536.655097] ? proc_fail_nth_write+0x7d/0x180 [ 536.679940] ? proc_cwd_link+0x1b0/0x1b0 [ 536.684000] ? __cleanup_sighand+0x50/0x50 [ 536.688223] ? lock_downgrade+0x740/0x740 [ 536.692362] _do_fork+0x19e/0xce0 [ 536.695805] ? fork_idle+0x280/0x280 [ 536.699505] ? fput+0xd4/0x150 [ 536.702679] ? SyS_write+0x15e/0x230 [ 536.706377] SyS_clone+0x37/0x50 [ 536.709725] ? sys_vfork+0x30/0x30 [ 536.713253] do_syscall_64+0x1e8/0x640 [ 536.717125] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 536.721959] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 536.727169] RIP: 0033:0x45a6f9 [ 536.730341] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 536.738045] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 536.745301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 536.752560] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 23:25:23 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r0, r0, &(0x7f0000000240), 0x7fff) r1 = socket$inet_sctp(0x2, 0x1, 0x84) sendto$inet(r1, &(0x7f0000a34fff)='H', 0x1, 0x0, &(0x7f0000030ff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="e8", 0x1, 0x0, &(0x7f000052a000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r1, 0x1) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) msgget$private(0x0, 0x40) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000000c0)={r3}, &(0x7f0000000000)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000280)={r3, 0x80, 0x20}, &(0x7f0000000300)=0xc) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000600)=@assoc_value={r4, 0x8}, &(0x7f0000000640)=0x8) ioctl$NBD_CLEAR_QUE(r0, 0xab05) syz_mount_image$reiserfs(&(0x7f0000000040)='reiserfs\x00', &(0x7f0000000080)='./bus\x00', 0x7fffffff, 0x5, &(0x7f0000000380)=[{&(0x7f00000000c0)="2d5d96918a47f89a7c208bf80255b7668a9bfce21833c9fb664dce0e2c095277cedb49ea37ebb5ce0cab7e372dda081dd49ae11bf1d9538c9dcc20dd22f1af14fda8faf0f06f34283913a29bb219fb543e625a0c247a7a8eb1ac604694d4fe433f8733e183f4d4c57c7e11f27cc3ee3ac15468aaaf9e74425a480bc825b2b36d08de9955a245d37174141dac4d3b3b7048517218db6ec919c7dbde161726c6e42f8e18b3bc2813be2db3622c6a9bb3fe526e3d957868", 0xb6}, {&(0x7f0000000180)="bf43de7a2d04de2a9090a8a88a533dffc59c51b02e2c798c7c0f7e9b6c9cd1d3ca5e1662fb73b01f1c4c349625630067097986e4996d9d6c8af339899baeccacfb0520c9e2523210", 0x48, 0x1}, {&(0x7f0000000200)="fdb978cb726987dc62c5d62dc466971ca0ad75b89621c550e8c21ec2151195c8b996b07c71e6ca9a8c4b8c5dde89937fff27", 0x32, 0x1}, {&(0x7f0000000500)="3190b75e0a86a4040000000000000000da64b0e25d58577800000000003daa12ff30a33a868d8295beeef40187418ed629d7aa6aa16441c633c1cc4697b002cfba9591659255578072d6fa7d82b9bad9e6bb6273bab2eb0375780a04a78adea69e12a78352d0f8f92318d9576f492695ba9c5917017f2019f73fab8f4389c8dd2b0dd23accc700ff32fadc71396736b9274c859e6d1f844b9135a0fe50549dc1a211cbe5234f0e6f5e0cdb43c8ab5e3f8d875ce07e38bc8f315a0ba40c8b9a4c0aabddfc59da2b6f95cf5deacca0463a3a42095deabac100"/237, 0xed, 0x6a6}, {&(0x7f00000002c0)="f446a7b0aa61126cedfdb8d3f6df830d95f07dffcd727e78f3efe757708917cc63", 0x21, 0x7}], 0x10000, &(0x7f0000000400)={[{@expose_privroot='expose_privroot'}, {@commit={'commit', 0x3d, 0x7}}, {@jqfmt_vfsold='jqfmt=vfsold'}, {@data_ordered='data=ordered'}, {@hash_rupasov='hash=rupasov'}, {@data_journal='data=journal'}, {@user_xattr='user_xattr'}, {@noacl='noacl'}, {@data_writeback='data=writeback'}, {@commit={'commit', 0x3d, 0x6}}], [{@obj_role={'obj_role', 0x3d, '^)'}}, {@seclabel='seclabel'}, {@dont_appraise='dont_appraise'}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}) [ 536.759824] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 536.767111] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 536.797744] overlayfs: filesystem on './file0' not supported as upperdir 23:25:23 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:23 executing program 4: r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000540)='/selinux/commit_pending_bools\x00', 0x1, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x800) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000080)=""/87, 0x57, 0x4, &(0x7f0000000100)) syz_open_pts(r1, 0x280000) getsockopt$CAN_RAW_JOIN_FILTERS(r0, 0x65, 0x6, &(0x7f0000000000), &(0x7f00000005c0)=0x4) 23:25:23 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) preadv(r2, &(0x7f0000000140)=[{&(0x7f0000000080)=""/142, 0x8e}], 0x1, 0x5) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x6, &(0x7f0000027000)={0x1}) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000040)={0x7, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {0x0}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000080)={r1, 0x3}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 537.076555] QAT: Invalid ioctl 23:25:23 executing program 2 (fault-call:0 fault-nth:70): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x6000, 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000180)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:23 executing program 5: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) r4 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000380)={0xffff8001, 0x0, [], {0x0, @bt={0x1, 0x9, 0x0, 0x1, 0x2, 0x4, 0x8, 0x800, 0x8, 0x6, 0x3, 0xff, 0x7, 0x10001, 0xe, 0x9}}}) 23:25:23 executing program 1: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:23 executing program 4: 23:25:23 executing program 3: clone(0x81000, 0x0, 0x0, 0x0, 0x0) 23:25:24 executing program 4: clone(0x54051800, 0x0, 0x0, 0x0, 0x0) [ 537.314682] FAULT_INJECTION: forcing a failure. [ 537.314682] name failslab, interval 1, probability 0, space 0, times 0 23:25:24 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:24 executing program 3: clone(0x108c9000, 0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x400000, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$BLKRAGET(r2, 0x1263, &(0x7f00000000c0)) sendfile(r1, r1, &(0x7f0000000240), 0x7fff) ioctl$SNDRV_PCM_IOCTL_LINK(r1, 0x40044160, &(0x7f0000000080)=0x7) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_ASSIGN_DEV_IRQ(r3, 0x4040ae70, &(0x7f0000000040)={0x8cf5, 0x17, 0x5, 0x801}) [ 537.384753] CPU: 0 PID: 28688 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 537.392702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.402067] Call Trace: [ 537.404670] dump_stack+0x142/0x197 [ 537.408314] should_fail.cold+0x10f/0x159 [ 537.412483] should_failslab+0xdb/0x130 [ 537.416467] kmem_cache_alloc+0x2d7/0x780 [ 537.420640] ? check_preemption_disabled+0x3c/0x250 [ 537.425668] alloc_vfsmnt+0x28/0x7d0 [ 537.429394] vfs_kern_mount.part.0+0x2a/0x3d0 [ 537.433902] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.438940] kern_mount_data+0x56/0xc0 [ 537.443036] pid_ns_prepare_proc+0x1e/0x90 [ 537.447286] alloc_pid+0x9f0/0xc70 [ 537.450839] copy_process.part.0+0x272f/0x6a70 [ 537.455610] ? proc_fail_nth_write+0x7d/0x180 [ 537.460113] ? proc_cwd_link+0x1b0/0x1b0 [ 537.464202] ? __cleanup_sighand+0x50/0x50 [ 537.468442] ? lock_downgrade+0x740/0x740 [ 537.472598] _do_fork+0x19e/0xce0 [ 537.476077] ? fork_idle+0x280/0x280 [ 537.479817] ? fput+0xd4/0x150 [ 537.483020] ? SyS_write+0x15e/0x230 [ 537.486741] SyS_clone+0x37/0x50 [ 537.490111] ? sys_vfork+0x30/0x30 [ 537.493658] do_syscall_64+0x1e8/0x640 [ 537.497560] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.502412] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.507617] RIP: 0033:0x45a6f9 [ 537.510804] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 537.518519] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 537.525798] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:25:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x6000, 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000180)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 537.533077] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 537.540362] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 537.547664] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 537.557967] audit: type=1804 audit(1575674724.246:113): pid=28682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir290644921/syzkaller.3X6sTI/310/bus" dev="sda1" ino=16945 res=1 23:25:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x6000, 0x0) r3 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) renameat(r3, &(0x7f0000000180)='.//ile0\x00', r3, &(0x7f00000007c0)='./file0/f.le.\x00') clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 537.673174] audit: type=1804 audit(1575674724.286:114): pid=28682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="ToMToU" comm="syz-executor.5" name="/root/syzkaller-testdir290644921/syzkaller.3X6sTI/310/bus" dev="sda1" ino=16945 res=1 23:25:24 executing program 4: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setgroups(0x1, &(0x7f00000002c0)=[r1]) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000080)=0xc) setgroups(0x1, &(0x7f00000002c0)=[r3]) setregid(r1, r3) 23:25:24 executing program 2 (fault-call:0 fault-nth:71): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:24 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 537.920021] FAULT_INJECTION: forcing a failure. [ 537.920021] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 537.963147] CPU: 1 PID: 28730 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 537.971083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.980447] Call Trace: [ 537.983075] dump_stack+0x142/0x197 [ 537.986722] should_fail.cold+0x10f/0x159 [ 537.990892] ? __might_sleep+0x93/0xb0 [ 537.994804] __alloc_pages_nodemask+0x1d6/0x7a0 [ 537.999488] ? __alloc_pages_slowpath+0x2930/0x2930 [ 538.004543] alloc_pages_current+0xec/0x1e0 [ 538.008876] __get_free_pages+0xf/0x40 [ 538.012808] get_zeroed_page+0x11/0x20 [ 538.016704] mount_fs+0x1cc/0x2a1 [ 538.020168] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.024944] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.029972] kern_mount_data+0x56/0xc0 [ 538.033873] pid_ns_prepare_proc+0x1e/0x90 [ 538.038118] alloc_pid+0x9f0/0xc70 [ 538.041675] copy_process.part.0+0x272f/0x6a70 [ 538.046260] ? proc_fail_nth_write+0x7d/0x180 [ 538.050831] ? proc_cwd_link+0x1b0/0x1b0 [ 538.054907] ? __cleanup_sighand+0x50/0x50 [ 538.059153] ? lock_downgrade+0x740/0x740 [ 538.063313] _do_fork+0x19e/0xce0 [ 538.066779] ? fork_idle+0x280/0x280 [ 538.070507] ? fput+0xd4/0x150 [ 538.073700] ? SyS_write+0x15e/0x230 [ 538.077408] SyS_clone+0x37/0x50 [ 538.080771] ? sys_vfork+0x30/0x30 [ 538.084316] do_syscall_64+0x1e8/0x640 [ 538.088202] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.093078] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.098286] RIP: 0033:0x45a6f9 [ 538.101491] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 538.109206] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 538.116479] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c 23:25:24 executing program 5: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) r4 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000380)={0xffff8001, 0x0, [], {0x0, @bt={0x1, 0x9, 0x0, 0x1, 0x2, 0x4, 0x8, 0x800, 0x8, 0x6, 0x3, 0xff, 0x7, 0x10001, 0xe, 0x9}}}) 23:25:24 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x20001, 0x0) mq_timedsend(r0, &(0x7f0000000040)="94af91cc28010af066896f1128a0241f25bc4c71aaa4fed26c1a64b25f3eb1ba107fa405a32781ebce", 0x29, 0xffffffff, &(0x7f0000000080)={0x77359400}) 23:25:24 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x72a00, 0x0) ioctl$KVM_GET_IRQCHIP(r0, 0xc208ae62, &(0x7f0000000040)={0x0, 0x0, @ioapic}) clone(0x4000000, 0x0, 0x0, 0x0, 0x0) 23:25:24 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6(0xa, 0x1000080002, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:24 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x6000, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 538.123839] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 538.131114] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 538.138396] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:24 executing program 3: clone(0x9010b00, 0x0, 0x0, 0x0, 0x0) 23:25:24 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:24 executing program 4: clone(0x787467fadfb9d9c, 0x0, 0x0, 0x0, 0x0) 23:25:24 executing program 4: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x400, 0x0) ioctl$NBD_SET_BLKSIZE(r0, 0xab01, 0x1e) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:24 executing program 2 (fault-call:0 fault-nth:72): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:25 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={0x0, {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x14}}, {0x2, 0x4e21, @multicast1}, {0x2, 0x4e20, @rand_addr=0x217}, 0x210, 0x0, 0x0, 0x0, 0x8, 0x0, 0x3, 0x0, 0x6}) r0 = semget(0x3, 0xae942043ba6721a6, 0x20) semctl$GETNCNT(r0, 0x1, 0xe, &(0x7f00000000c0)=""/239) [ 538.325236] FAULT_INJECTION: forcing a failure. [ 538.325236] name fail_page_alloc, interval 1, probability 0, space 0, times 0 23:25:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x6000, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 538.378552] CPU: 1 PID: 28764 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 538.386491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.395855] Call Trace: [ 538.398469] dump_stack+0x142/0x197 [ 538.402118] should_fail.cold+0x10f/0x159 [ 538.406279] ? __might_sleep+0x93/0xb0 [ 538.410182] __alloc_pages_nodemask+0x1d6/0x7a0 [ 538.414866] ? __alloc_pages_slowpath+0x2930/0x2930 [ 538.419919] alloc_pages_current+0xec/0x1e0 [ 538.424339] __get_free_pages+0xf/0x40 [ 538.428234] get_zeroed_page+0x11/0x20 [ 538.432125] mount_fs+0x1cc/0x2a1 [ 538.435585] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.440089] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.445119] kern_mount_data+0x56/0xc0 [ 538.449039] pid_ns_prepare_proc+0x1e/0x90 [ 538.453284] alloc_pid+0x9f0/0xc70 [ 538.456844] copy_process.part.0+0x272f/0x6a70 [ 538.461469] ? proc_fail_nth_write+0x7d/0x180 [ 538.465974] ? proc_cwd_link+0x1b0/0x1b0 [ 538.470056] ? __cleanup_sighand+0x50/0x50 [ 538.474298] ? lock_downgrade+0x740/0x740 [ 538.478458] _do_fork+0x19e/0xce0 [ 538.481911] ? fork_idle+0x280/0x280 [ 538.485672] ? fput+0xd4/0x150 [ 538.488869] ? SyS_write+0x15e/0x230 [ 538.492584] SyS_clone+0x37/0x50 [ 538.495978] ? sys_vfork+0x30/0x30 [ 538.499520] do_syscall_64+0x1e8/0x640 [ 538.503475] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.508334] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.513535] RIP: 0033:0x45a6f9 [ 538.516762] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 538.524574] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 538.531854] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 538.539215] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 538.546492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 538.553763] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:25 executing program 4: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) r4 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000380)={0xffff8001, 0x0, [], {0x0, @bt={0x1, 0x9, 0x0, 0x1, 0x2, 0x4, 0x8, 0x800, 0x8, 0x6, 0x3, 0xff, 0x7, 0x10001, 0xe, 0x9}}}) 23:25:25 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40000, 0x0) 23:25:25 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:25 executing program 2 (fault-call:0 fault-nth:73): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:25 executing program 5: clone(0x91c2b1c2e640490f, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) accept4$x25(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x12, 0x80000) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r1, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xa4, r2, 0x200, 0x70bd2d, 0x25dfdbfb, {}, [{{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}, {0x8, 0x4, 0x1}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0x4, 0x2}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0x4, 0x2}}]}, 0xa4}, 0x1, 0x0, 0x0, 0xd20aadafe99e0cbd}, 0x0) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x246800, 0x0) setsockopt$sock_void(r3, 0x1, 0x24, 0x0, 0x0) 23:25:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:25 executing program 3: clone(0xa000c000, 0x0, 0x0, 0x0, 0x0) 23:25:25 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 539.054687] FAULT_INJECTION: forcing a failure. [ 539.054687] name failslab, interval 1, probability 0, space 0, times 0 [ 539.108267] CPU: 1 PID: 28800 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 539.116214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.125604] Call Trace: [ 539.128206] dump_stack+0x142/0x197 [ 539.131858] should_fail.cold+0x10f/0x159 [ 539.136021] should_failslab+0xdb/0x130 [ 539.140004] kmem_cache_alloc_trace+0x2e9/0x790 [ 539.144682] ? lock_downgrade+0x740/0x740 [ 539.148847] ? trace_hardirqs_on_caller+0x400/0x590 [ 539.153871] ? do_raw_spin_unlock+0x16b/0x260 [ 539.158379] sget_userns+0xfe/0xc30 [ 539.162005] ? set_anon_super+0x20/0x20 [ 539.166114] ? get_empty_filp.cold+0x3b/0x3b [ 539.170551] mount_ns+0x6d/0x190 [ 539.173926] ? proc_get_inode+0x620/0x620 [ 539.178092] proc_mount+0x6a/0xa0 [ 539.181582] mount_fs+0x97/0x2a1 [ 539.184959] vfs_kern_mount.part.0+0x5e/0x3d0 [ 539.189495] ? rcu_read_lock_sched_held+0x110/0x130 [ 539.194607] kern_mount_data+0x56/0xc0 [ 539.198496] pid_ns_prepare_proc+0x1e/0x90 [ 539.202730] alloc_pid+0x9f0/0xc70 [ 539.206287] copy_process.part.0+0x272f/0x6a70 [ 539.210943] ? proc_fail_nth_write+0x7d/0x180 [ 539.215448] ? proc_cwd_link+0x1b0/0x1b0 [ 539.219530] ? __cleanup_sighand+0x50/0x50 [ 539.223774] ? lock_downgrade+0x740/0x740 [ 539.227930] _do_fork+0x19e/0xce0 [ 539.231505] ? fork_idle+0x280/0x280 [ 539.235241] ? fput+0xd4/0x150 [ 539.238449] ? SyS_write+0x15e/0x230 [ 539.242177] SyS_clone+0x37/0x50 [ 539.246338] ? sys_vfork+0x30/0x30 [ 539.249893] do_syscall_64+0x1e8/0x640 [ 539.253790] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 539.258655] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 539.263849] RIP: 0033:0x45a6f9 [ 539.267027] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 539.274736] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 539.282013] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 539.289346] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 539.296627] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 23:25:26 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 539.303899] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:26 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:26 executing program 2 (fault-call:0 fault-nth:74): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:26 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 539.471541] IPVS: ftp: loaded support on port[0] = 21 [ 539.503193] FAULT_INJECTION: forcing a failure. [ 539.503193] name failslab, interval 1, probability 0, space 0, times 0 [ 539.518948] CPU: 1 PID: 28827 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 539.526877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.536248] Call Trace: [ 539.538863] dump_stack+0x142/0x197 [ 539.542511] should_fail.cold+0x10f/0x159 [ 539.546677] should_failslab+0xdb/0x130 [ 539.550662] kmem_cache_alloc_trace+0x2e9/0x790 [ 539.555341] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 539.560821] ? sget_userns+0xfe/0xc30 [ 539.564633] ? rcu_read_lock_sched_held+0x110/0x130 [ 539.569663] selinux_sb_alloc_security+0x46/0x220 [ 539.574512] security_sb_alloc+0x6d/0xa0 [ 539.578681] sget_userns+0x196/0xc30 [ 539.582391] ? set_anon_super+0x20/0x20 [ 539.586381] ? get_empty_filp.cold+0x3b/0x3b [ 539.590799] mount_ns+0x6d/0x190 [ 539.594173] ? proc_get_inode+0x620/0x620 [ 539.598332] proc_mount+0x6a/0xa0 [ 539.601795] mount_fs+0x97/0x2a1 [ 539.605169] vfs_kern_mount.part.0+0x5e/0x3d0 [ 539.605181] ? rcu_read_lock_sched_held+0x110/0x130 [ 539.605193] kern_mount_data+0x56/0xc0 [ 539.605208] pid_ns_prepare_proc+0x1e/0x90 [ 539.605219] alloc_pid+0x9f0/0xc70 [ 539.605237] copy_process.part.0+0x272f/0x6a70 [ 539.631363] ? proc_fail_nth_write+0x7d/0x180 [ 539.635874] ? proc_cwd_link+0x1b0/0x1b0 [ 539.639992] ? __cleanup_sighand+0x50/0x50 [ 539.644245] ? lock_downgrade+0x740/0x740 [ 539.648412] _do_fork+0x19e/0xce0 [ 539.651875] ? fork_idle+0x280/0x280 [ 539.655587] ? fput+0xd4/0x150 [ 539.658785] ? SyS_write+0x15e/0x230 [ 539.662512] SyS_clone+0x37/0x50 [ 539.665879] ? sys_vfork+0x30/0x30 [ 539.669446] do_syscall_64+0x1e8/0x640 [ 539.673336] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 539.678168] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 539.683340] RIP: 0033:0x45a6f9 [ 539.686512] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 539.694221] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 539.701488] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 539.708754] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 539.716639] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 539.723894] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:26 executing program 4: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) r4 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000380)={0xffff8001, 0x0, [], {0x0, @bt={0x1, 0x9, 0x0, 0x1, 0x2, 0x4, 0x8, 0x800, 0x8, 0x6, 0x3, 0xff, 0x7, 0x10001, 0xe, 0x9}}}) 23:25:27 executing program 5 (fault-call:3 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:27 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:27 executing program 2 (fault-call:0 fault-nth:75): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:27 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fchmod(r0, 0x3f0) ioctl$TCFLSH(r1, 0x540b, 0xffffffffffffffff) clone(0x4a041000, 0x0, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x8) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$NBD_SET_TIMEOUT(r0, 0xab09, 0x200) ioctl$TUNGETIFF(r2, 0x800454d2, &(0x7f0000000040)) 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:27 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 540.470977] FAULT_INJECTION: forcing a failure. [ 540.470977] name failslab, interval 1, probability 0, space 0, times 0 [ 540.545282] CPU: 1 PID: 28854 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 540.553217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.557124] FAULT_INJECTION: forcing a failure. [ 540.557124] name failslab, interval 1, probability 0, space 0, times 0 [ 540.562571] Call Trace: [ 540.562631] dump_stack+0x142/0x197 [ 540.562656] should_fail.cold+0x10f/0x159 [ 540.562672] should_failslab+0xdb/0x130 [ 540.562681] __kmalloc+0x2f0/0x7a0 [ 540.562702] ? __list_lru_init+0x6b/0x660 [ 540.595883] __list_lru_init+0x6b/0x660 [ 540.599885] sget_userns+0x4e0/0xc30 [ 540.603608] ? set_anon_super+0x20/0x20 [ 540.607598] ? get_empty_filp.cold+0x3b/0x3b [ 540.612000] mount_ns+0x6d/0x190 [ 540.615357] ? proc_get_inode+0x620/0x620 [ 540.619496] proc_mount+0x6a/0xa0 [ 540.622939] mount_fs+0x97/0x2a1 [ 540.626294] vfs_kern_mount.part.0+0x5e/0x3d0 [ 540.630775] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.635775] kern_mount_data+0x56/0xc0 [ 540.639648] pid_ns_prepare_proc+0x1e/0x90 [ 540.643877] alloc_pid+0x9f0/0xc70 [ 540.647422] copy_process.part.0+0x272f/0x6a70 [ 540.651995] ? proc_fail_nth_write+0x7d/0x180 [ 540.656475] ? proc_cwd_link+0x1b0/0x1b0 [ 540.660526] ? __cleanup_sighand+0x50/0x50 [ 540.664767] ? lock_downgrade+0x740/0x740 [ 540.668901] _do_fork+0x19e/0xce0 [ 540.672339] ? fork_idle+0x280/0x280 [ 540.676036] ? fput+0xd4/0x150 [ 540.679222] ? SyS_write+0x15e/0x230 [ 540.682920] SyS_clone+0x37/0x50 [ 540.686283] ? sys_vfork+0x30/0x30 [ 540.689847] do_syscall_64+0x1e8/0x640 [ 540.693728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.698578] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.703872] RIP: 0033:0x45a6f9 [ 540.707069] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 540.714781] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 540.722040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 540.729295] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 540.736549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 540.743805] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r1, r0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 540.823717] CPU: 0 PID: 28859 Comm: syz-executor.5 Not tainted 4.14.158-syzkaller #0 [ 540.831769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.841137] Call Trace: [ 540.843751] dump_stack+0x142/0x197 [ 540.847407] should_fail.cold+0x10f/0x159 [ 540.851566] should_failslab+0xdb/0x130 [ 540.855547] __kmalloc_track_caller+0x2ec/0x790 [ 540.860222] ? do_get_msr+0x100/0x100 [ 540.864025] ? msr_io+0xba/0x210 [ 540.867402] memdup_user+0x26/0xa0 23:25:27 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200) ioctl$USBDEVFS_RESET(r0, 0x5514) 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 540.870946] ? do_get_msr+0x100/0x100 [ 540.874749] msr_io+0xba/0x210 [ 540.877954] ? lock_acquire+0x16f/0x430 [ 540.881936] ? kvm_get_msr_common+0x1130/0x1130 [ 540.886612] kvm_arch_vcpu_ioctl+0xc8f/0x32e0 [ 540.891113] ? kvm_arch_vcpu_ioctl+0xc41/0x32e0 [ 540.895791] ? kvm_arch_vcpu_put+0x3f0/0x3f0 [ 540.900213] ? lock_acquire+0x16f/0x430 [ 540.904195] ? vcpu_load+0x1e/0x90 [ 540.907743] ? vcpu_load+0x1e/0x90 [ 540.911292] ? vmx_vcpu_load+0x945/0xde0 [ 540.915364] ? __mutex_lock+0x36a/0x1470 [ 540.919440] ? handle_ept_violation+0x440/0x440 [ 540.924122] ? lock_downgrade+0x740/0x740 [ 540.928276] ? mutex_trylock+0x1c0/0x1c0 [ 540.932345] ? get_pid_task+0x98/0x140 [ 540.936240] ? find_held_lock+0x35/0x130 [ 540.940306] ? get_pid_task+0x98/0x140 [ 540.944209] ? kvm_arch_vcpu_load+0x419/0x750 [ 540.948714] kvm_vcpu_ioctl+0x80d/0xd10 [ 540.952689] ? kvm_vcpu_block+0xbb0/0xbb0 [ 540.952705] ? trace_hardirqs_on+0x10/0x10 [ 540.961068] ? __f_unlock_pos+0x19/0x20 [ 540.961081] ? save_trace+0x290/0x290 [ 540.961091] ? __f_unlock_pos+0x19/0x20 [ 540.961101] ? __fget+0x210/0x370 [ 540.961109] ? find_held_lock+0x35/0x130 [ 540.961117] ? __fget+0x210/0x370 [ 540.961129] ? kvm_vcpu_block+0xbb0/0xbb0 [ 540.961138] do_vfs_ioctl+0x7ae/0x1060 [ 540.961150] ? selinux_file_mprotect+0x5d0/0x5d0 [ 540.961157] ? lock_downgrade+0x740/0x740 [ 540.961166] ? ioctl_preallocate+0x1c0/0x1c0 [ 540.961177] ? __fget+0x237/0x370 [ 540.961192] ? security_file_ioctl+0x89/0xb0 [ 541.013145] SyS_ioctl+0x8f/0xc0 [ 541.016501] ? do_vfs_ioctl+0x1060/0x1060 [ 541.020667] do_syscall_64+0x1e8/0x640 [ 541.024539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.029370] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 541.034544] RIP: 0033:0x45a6f9 [ 541.037727] RSP: 002b:00007f5d4120ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.045419] RAX: ffffffffffffffda RBX: 00007f5d4120ec90 RCX: 000000000045a6f9 [ 541.052687] RDX: 00000000200000c0 RSI: 000000004008ae89 RDI: 0000000000000005 [ 541.059941] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 541.067196] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5d4120f6d4 23:25:27 executing program 4: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) r4 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000380)={0xffff8001, 0x0, [], {0x0, @bt={0x1, 0x9, 0x0, 0x1, 0x2, 0x4, 0x8, 0x800, 0x8, 0x6, 0x3, 0xff, 0x7, 0x10001, 0xe, 0x9}}}) [ 541.074450] R13: 00000000004c3b39 R14: 00000000004d90b0 R15: 0000000000000006 23:25:27 executing program 5 (fault-call:3 fault-nth:1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:27 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:27 executing program 2 (fault-call:0 fault-nth:76): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:27 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000600)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc5e]}) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r10 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0xc2000, 0x0) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) poll(&(0x7f0000000080)=[{r3, 0x316}, {r4, 0x20}, {r7, 0x88}, {r0, 0xd4917099e4652f5b}, {r9, 0x4404}, {r10, 0x1001}, {r0, 0x315a7a517afde0e3}, {r12, 0x240}, {r0, 0xd084}], 0x9, 0x6) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xdfd27) 23:25:27 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:27 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:27 executing program 3: clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x480800, 0x0) accept4$unix(r0, &(0x7f0000000180), &(0x7f0000000000)=0x18, 0x4b4c52a0d3a721b0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000100)=0x1, 0x4) 23:25:27 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r3, 0x7, &(0x7f0000027000)={0x1}) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000080)={@local, 0x20, 0x2a5040ebfdd3a5e6, 0x1, 0x3, 0x5, 0x1}, 0x20) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x5c9003, 0x0) ioctl$USBDEVFS_RESETEP(r4, 0x80045503, &(0x7f0000000040)={0x7, 0x1}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) 23:25:28 executing program 0: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 541.328455] FAULT_INJECTION: forcing a failure. [ 541.328455] name failslab, interval 1, probability 0, space 0, times 0 [ 541.417277] CPU: 1 PID: 28918 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 541.425218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.434571] Call Trace: [ 541.437184] dump_stack+0x142/0x197 [ 541.440811] should_fail.cold+0x10f/0x159 [ 541.444964] should_failslab+0xdb/0x130 [ 541.448941] __kmalloc+0x2f0/0x7a0 [ 541.452489] ? __list_lru_init+0x6b/0x660 [ 541.456632] __list_lru_init+0x6b/0x660 [ 541.460689] sget_userns+0x500/0xc30 [ 541.464399] ? set_anon_super+0x20/0x20 [ 541.468378] ? get_empty_filp.cold+0x3b/0x3b [ 541.472783] mount_ns+0x6d/0x190 [ 541.476151] ? proc_get_inode+0x620/0x620 [ 541.480289] proc_mount+0x6a/0xa0 [ 541.483729] mount_fs+0x97/0x2a1 [ 541.487084] vfs_kern_mount.part.0+0x5e/0x3d0 [ 541.491744] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.496745] kern_mount_data+0x56/0xc0 [ 541.500629] pid_ns_prepare_proc+0x1e/0x90 [ 541.504847] alloc_pid+0x9f0/0xc70 [ 541.508375] copy_process.part.0+0x272f/0x6a70 [ 541.512949] ? proc_fail_nth_write+0x7d/0x180 [ 541.517431] ? proc_cwd_link+0x1b0/0x1b0 [ 541.521489] ? __cleanup_sighand+0x50/0x50 [ 541.525710] ? lock_downgrade+0x740/0x740 [ 541.529846] _do_fork+0x19e/0xce0 [ 541.533285] ? fork_idle+0x280/0x280 [ 541.536984] ? fput+0xd4/0x150 [ 541.540160] ? SyS_write+0x15e/0x230 [ 541.543859] SyS_clone+0x37/0x50 [ 541.547206] ? sys_vfork+0x30/0x30 [ 541.550730] do_syscall_64+0x1e8/0x640 [ 541.554614] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.559445] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 541.564618] RIP: 0033:0x45a6f9 [ 541.567791] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 541.575492] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 541.582744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 541.589997] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 541.597341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 541.604785] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:28 executing program 4: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x1, 0x2) 23:25:28 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x20000, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000040)) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:28 executing program 0: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:28 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0xa) 23:25:28 executing program 2 (fault-call:0 fault-nth:77): clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:28 executing program 0: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 542.045993] QAT: Invalid ioctl [ 542.059727] FAULT_INJECTION: forcing a failure. [ 542.059727] name failslab, interval 1, probability 0, space 0, times 0 [ 542.078080] QAT: Invalid ioctl [ 542.113930] CPU: 0 PID: 28951 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 542.121876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.131237] Call Trace: [ 542.133833] dump_stack+0x142/0x197 [ 542.137472] should_fail.cold+0x10f/0x159 [ 542.141625] should_failslab+0xdb/0x130 [ 542.145603] __kmalloc+0x2f0/0x7a0 [ 542.149150] ? lock_downgrade+0x740/0x740 [ 542.153295] ? register_shrinker+0xbd/0x220 [ 542.157617] register_shrinker+0xbd/0x220 [ 542.161793] sget_userns+0x9bf/0xc30 [ 542.165506] ? set_anon_super+0x20/0x20 [ 542.169483] ? get_empty_filp.cold+0x3b/0x3b [ 542.173891] mount_ns+0x6d/0x190 [ 542.177251] ? proc_get_inode+0x620/0x620 [ 542.181394] proc_mount+0x6a/0xa0 [ 542.184849] mount_fs+0x97/0x2a1 [ 542.188218] vfs_kern_mount.part.0+0x5e/0x3d0 [ 542.192730] ? rcu_read_lock_sched_held+0x110/0x130 [ 542.197745] kern_mount_data+0x56/0xc0 [ 542.201640] pid_ns_prepare_proc+0x1e/0x90 [ 542.205901] alloc_pid+0x9f0/0xc70 [ 542.209455] copy_process.part.0+0x272f/0x6a70 [ 542.214054] ? proc_fail_nth_write+0x7d/0x180 [ 542.218548] ? proc_cwd_link+0x1b0/0x1b0 [ 542.222638] ? __cleanup_sighand+0x50/0x50 [ 542.226871] ? lock_downgrade+0x740/0x740 [ 542.231031] _do_fork+0x19e/0xce0 [ 542.234487] ? fork_idle+0x280/0x280 [ 542.238201] ? fput+0xd4/0x150 [ 542.241390] ? SyS_write+0x15e/0x230 [ 542.245108] SyS_clone+0x37/0x50 [ 542.248469] ? sys_vfork+0x30/0x30 [ 542.252011] do_syscall_64+0x1e8/0x640 [ 542.255897] ? trace_hardirqs_off_thunk+0x1a/0x1c 23:25:29 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:29 executing program 3: r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1}) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) fcntl$lock(r1, 0x7, &(0x7f0000027000)={0x1}) bind$isdn_base(r1, &(0x7f0000000080)={0x22, 0x7, 0x2, 0x6, 0xef}, 0x6) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000000)={0x4, 0xa, 0x4, 0x800, {0x77359400}, {0x5, 0x8, 0xff, 0xf5, 0x80, 0xc2, "3c814c87"}, 0x6, 0x0, @userptr=0x2, 0x4}) membarrier(0x20, 0x0) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:29 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 542.260746] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 542.265933] RIP: 0033:0x45a6f9 [ 542.269115] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 542.276824] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 542.284093] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 542.291361] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 542.298633] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 542.305920] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 23:25:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$sock_inet_SIOCGARP(r4, 0x8954, &(0x7f0000000100)={{0x2, 0x4e21, @remote}, {0x306, @local}, 0x0, {0x2, 0x4e20, @local}, 'erspan0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r4, 0xc0305302, &(0x7f0000000040)={0x3ff, 0x0, 0x400, 0x542, 0x3f, 0x10000}) r5 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r5) getsockname$inet6(r5, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4}, &(0x7f0000000180)=0x1c) ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x3ff) 23:25:29 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) [ 542.683148] ================================================================== [ 542.690975] BUG: KASAN: use-after-free in put_pid_ns+0x80/0x90 [ 542.696953] Read of size 8 at addr ffff888095393390 by task syz-executor.2/28951 [ 542.704484] [ 542.706123] CPU: 1 PID: 28951 Comm: syz-executor.2 Not tainted 4.14.158-syzkaller #0 [ 542.714012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.723368] Call Trace: [ 542.725966] dump_stack+0x142/0x197 [ 542.729606] ? put_pid_ns+0x80/0x90 [ 542.733241] print_address_description.cold+0x7c/0x1dc [ 542.738530] ? put_pid_ns+0x80/0x90 [ 542.742166] kasan_report.cold+0xa9/0x2af [ 542.746327] __asan_report_load8_noabort+0x14/0x20 [ 542.751266] put_pid_ns+0x80/0x90 [ 542.754755] free_nsproxy+0x104/0x200 [ 542.758564] switch_task_namespaces+0x98/0xb0 [ 542.763074] exit_task_namespaces+0x18/0x20 [ 542.767407] copy_process.part.0+0x3c67/0x6a70 [ 542.772009] ? proc_fail_nth_write+0x7d/0x180 [ 542.776512] ? proc_cwd_link+0x1b0/0x1b0 [ 542.780595] ? __cleanup_sighand+0x50/0x50 [ 542.784841] ? lock_downgrade+0x740/0x740 [ 542.789010] _do_fork+0x19e/0xce0 [ 542.792479] ? fork_idle+0x280/0x280 [ 542.796201] ? fput+0xd4/0x150 [ 542.799397] ? SyS_write+0x15e/0x230 [ 542.803120] SyS_clone+0x37/0x50 [ 542.806515] ? sys_vfork+0x30/0x30 [ 542.810068] do_syscall_64+0x1e8/0x640 [ 542.813963] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 542.818822] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 542.824017] RIP: 0033:0x45a6f9 [ 542.827817] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 542.835535] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 542.842820] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 542.850218] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 542.857498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 542.864762] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 542.872639] [ 542.874254] Allocated by task 28951: [ 542.877956] save_stack_trace+0x16/0x20 [ 542.881914] save_stack+0x45/0xd0 [ 542.885349] kasan_kmalloc+0xce/0xf0 [ 542.889043] kasan_slab_alloc+0xf/0x20 [ 542.892935] kmem_cache_alloc+0x12e/0x780 [ 542.897695] copy_pid_ns+0x1af/0xa50 [ 542.901390] create_new_namespaces+0x267/0x720 [ 542.905956] copy_namespaces+0x284/0x310 [ 542.910002] copy_process.part.0+0x2603/0x6a70 [ 542.914582] _do_fork+0x19e/0xce0 [ 542.918014] SyS_clone+0x37/0x50 [ 542.921363] do_syscall_64+0x1e8/0x640 [ 542.925237] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 542.930405] [ 542.932015] Freed by task 7: [ 542.935026] save_stack_trace+0x16/0x20 [ 542.938980] save_stack+0x45/0xd0 [ 542.942415] kasan_slab_free+0x75/0xc0 [ 542.946292] kmem_cache_free+0x83/0x2b0 [ 542.950247] delayed_free_pidns+0x89/0xb0 [ 542.954443] rcu_process_callbacks+0x7b8/0x12b0 [ 542.959100] __do_softirq+0x244/0x9a0 [ 542.962897] [ 542.964507] The buggy address belongs to the object at ffff888095392b58 [ 542.964507] which belongs to the cache pid_namespace of size 2264 [ 542.977407] The buggy address is located 2104 bytes inside of [ 542.977407] 2264-byte region [ffff888095392b58, ffff888095393430) [ 542.989449] The buggy address belongs to the page: [ 542.994376] page:ffffea000254e480 count:1 mapcount:0 mapping:ffff888095392200 index:0x0 compound_mapcount: 0 [ 543.004328] flags: 0xfffe0000008100(slab|head) [ 543.008895] raw: 00fffe0000008100 ffff888095392200 0000000000000000 0000000100000003 [ 543.016772] raw: ffffea0001c7b6a0 ffffea0001a710a0 ffff8882194d1080 0000000000000000 [ 543.024644] page dumped because: kasan: bad access detected [ 543.030333] [ 543.031955] Memory state around the buggy address: [ 543.036878] ffff888095393280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.044230] ffff888095393300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.051571] >ffff888095393380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 543.058912] ^ [ 543.062792] ffff888095393400: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 543.070131] ffff888095393480: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 543.077483] ================================================================== 23:25:29 executing program 4: clone(0x40000, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xe8, 0x8400) write$midi(r0, &(0x7f0000000040)="b2beb7bba2c7e8399c7ea1ae090e709ff0901afe08cb534fa993f46cc91abbca05bb1c1fed83042fd5a16d05dea1328f53dc488ea7d7e61b057e6b542c93391ba314412b9a5b4dcbb823dcdefce3a48a4b9e31add5ba2425f2e59da4e73a145e7b3a5c76787d7630ace04820a4f54fb9b81c00e3ddd5a811b59edc6e3be8d8221178d6332b018084d722b86b68eae3acfb40b6175335b854d682ec243bd4c1833633ad2fcc461c4258e0866ccca26acf494b67fa55e147a05326400ced8b9b20365d6ff866839c44c7239c49b0ef8fd0724254edfd3faab8e003c8387248564466f96891732b0b67a8a1", 0xea) r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f0000000540)={0x0, @data}) ioctl$TIOCSBRK(r1, 0x5427) fchdir(r1) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f00000002c0)=@req3={0x2, 0x400, 0xff, 0x80000001, 0x8000, 0x20, 0x4}, 0x1c) ioctl$FBIOGETCMAP(r1, 0x4604, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r2, r2, &(0x7f0000000240), 0x7fff) ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x7a, 0x12, 0xf, 0x5, "71f79baa673998dfe92905d26135ba9526a9e312531e5cad603840510a6921c59752df150e193fae59a63bc8050cbdefe9d24e1453c8752a3940e3010b5c7fb7", "5d9572e9f36e006141d42a097b0e157b0bad0b0e11cd00e6297f03c2b299c218", [0xfd, 0xffffffff]}) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) memfd_create(&(0x7f0000000500)='/dev/dmmidi#\x00', 0x1) write$P9_RREADLINK(r3, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2) sendfile(r3, r3, &(0x7f0000000240), 0x7fff) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f0000000280)={0x0, 0x0, 0x1, 0x9}) 23:25:29 executing program 3: utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x7, 0x81}) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:29 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x787467fbcfa1d9c, 0x0, 0x0, 0x0, 0x0) 23:25:29 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x1000080002, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 23:25:29 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = semget$private(0x0, 0x8, 0x0) semctl$GETZCNT(r1, 0x0, 0xf, &(0x7f0000000600)=""/4096) semctl$GETVAL(r1, 0x4, 0xc, &(0x7f0000000000)=""/160) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0x4008ae89, &(0x7f00000000c0)={0x8c, 0x0, [0x4b564d03, 0xfffffffffffffffe]}) [ 543.084822] Disabling lock debugging due to kernel taint [ 543.098746] Kernel panic - not syncing: panic_on_warn set ... [ 543.098746] [ 543.106238] CPU: 1 PID: 28951 Comm: syz-executor.2 Tainted: G B 4.14.158-syzkaller #0 [ 543.115334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.124696] Call Trace: [ 543.127287] dump_stack+0x142/0x197 [ 543.130921] ? put_pid_ns+0x80/0x90 [ 543.134551] panic+0x1f9/0x42d [ 543.137756] ? add_taint.cold+0x16/0x16 [ 543.141730] ? ___preempt_schedule+0x16/0x18 [ 543.146150] kasan_end_report+0x47/0x4f [ 543.150146] kasan_report.cold+0x130/0x2af [ 543.154489] __asan_report_load8_noabort+0x14/0x20 [ 543.159428] put_pid_ns+0x80/0x90 [ 543.162893] free_nsproxy+0x104/0x200 [ 543.166699] switch_task_namespaces+0x98/0xb0 [ 543.171201] exit_task_namespaces+0x18/0x20 [ 543.175560] copy_process.part.0+0x3c67/0x6a70 [ 543.180171] ? proc_fail_nth_write+0x7d/0x180 [ 543.184669] ? proc_cwd_link+0x1b0/0x1b0 [ 543.188738] ? __cleanup_sighand+0x50/0x50 [ 543.192977] ? lock_downgrade+0x740/0x740 [ 543.197130] _do_fork+0x19e/0xce0 [ 543.200582] ? fork_idle+0x280/0x280 [ 543.204298] ? fput+0xd4/0x150 [ 543.207523] ? SyS_write+0x15e/0x230 [ 543.211233] SyS_clone+0x37/0x50 [ 543.214595] ? sys_vfork+0x30/0x30 [ 543.218138] do_syscall_64+0x1e8/0x640 [ 543.222031] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 543.226880] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.232069] RIP: 0033:0x45a6f9 [ 543.235257] RSP: 002b:00007efc0d5a9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 543.242966] RAX: ffffffffffffffda RBX: 00007efc0d5a9c90 RCX: 000000000045a6f9 [ 543.250235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0787467fbcfa1d9c [ 543.257503] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 543.264772] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efc0d5aa6d4 [ 543.272041] R13: 00000000004c0df1 R14: 00000000004d49e8 R15: 0000000000000003 [ 543.280966] Kernel Offset: disabled [ 543.284607] Rebooting in 86400 seconds..