540)={&(0x7f0000000340)=@can, 0x80, &(0x7f0000000100)=[{&(0x7f00000003c0)=""/168, 0xa8}], 0x1, &(0x7f0000000480)=""/181, 0xb5}, 0x10160) 07:39:09 executing program 1: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0x0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) 07:39:09 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f00000018c0)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000000)=0x3, &(0x7f0000000300)=0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000001640)={0x0, 0x19, "f2e7097bb6f11eb581cec833bc8e5f1f9b670081304b65a99c"}, &(0x7f0000001680)=0x21) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000016c0)={0x0, 0x6}, &(0x7f0000001700)=0x8) sendmsg$inet_sctp(r0, &(0x7f0000001840)={&(0x7f0000000340)=@in6={0xa, 0x4e20, 0x4, @empty, 0x8}, 0x1c, &(0x7f0000001600)=[{&(0x7f0000000480)="82ffb9b8f3eeb15ebcffc399c792826158014b36be2ba3d8c7ebea6cec34d59428c8299d657dfaf647607fe1638cfcf76edf221109007022c9b0527237af5172c4836fbd4bd6837d2ea316053e153c465f9e947f6526ab64a20a134fb119b12582ccab28757b80af2f2dfde0b43d6c9d0d52d42b5ba2744c550a688ffd97e8d84b4e9f7dbd4fb74794d6878baba2d5dc3627630970c1b5c7da7e180800fe9a015c065bdef38c7e334b70a00832f0263f61ced42dd502b7408021828cbfa22432e49dbe861515c646762fab235efda45d82e68388c2b5a8cfa9c4ca020b451b4be12c4d0e9d3eaa943275866b1fc617b55123e8bb38955cee7af2b5a61f4785", 0xff}, {&(0x7f0000000580)="b9d03c09c4cb8653ffdb834ea08f28226696d9d5045bbeae513e3331fa07c4fdcefd79578bf4e9dca78b15ad033e84c047a55b236eaa2d0f93c528b79331ef3176a5af53870bb33aa3267a2f9e640e60ef61b1ae309b7661b95ce91d26e4c4cd01ea31379441a8ac79fd3988c91bea7f0520647459e929f2ab208e76e4299ca4097ac1654d7300552a2395f4a874196e657003185cdc4191e7532a96bad7f132ea50221c17d0338736b0d13ca0b90c4de3f0246080f9a8b4c0755b4fcea16d574bfed2d2d44666785728899390d3057c8233ae9282bf186497325d1117a6bf1a7b1cf1253778e949cb616a63e31fcdd1225d522f05fcfba49814d9f692fafc7a6d772af67392ebf5fb5ea941fbe6158f21ae2d025c4e684a51b34f2b28298a469df3d7636f2bb9433fd8b778e62a25952dc34da705e98d731599ae583a69fd2f2227b0cc253c82dda06637d4a7fe086e4a1e94528acd5486b9a7a52f2e2164c719e34f630dec9a39fa81ee6b7f7ee50f04bf15d40f5b2d921966320e1df2e4131c6b9d5e6aa049a8d40fad8a6e5209beb5127b3188162453c861d2e7666df7892bb04787968b7f5896266967dc1a7685b24f76ce80b9da46d6e8ca83622285b776586ca410af26a69574b2c8eddcf44182a7a1461f2950cf0755c0716cdb22a4f93f8365da16959ff042d433ee4dce2324ecdda7ec11f70251cb5f0464402629af15ead062516c9caccb050035f3c8d1a8437ae237f4b36e81bb01cd74e084d31636c4f449d37d136eb0b1f388ab0f0dce60a8803318f084454a1dd3c3c85773a3cb01f83c375f14de3460c50e8b8ce6ea5abc0cba9f2f3883bfaebd910613c23e8627591e112053623cf545be5743ca5ef3b954becb9aec772db3e973437cb30d7d17a0c9f938d41e2e13364da2b22bb8778e0c0998afdd6efdc740bc5d847f646565023d3b51c7794290714b75cee7eadd5f77220ced39b480438f4ba1e7776fe3860b10296654440f70949f4ca18bd7dacdc58e3aa2d2c623ea97f18980febc430ceeba1f7f7af29d4969e5864a8814fd57e0411ca87df31ad98f0bdf80b8744608f5771f982db3230800bd718d0919d4756ac90b062d11081bd3a2a34a14d07b154e289d6d0a970a4f91a1795c0607c4c946b361381546cbc2c89a48c68a29bf85dff81c61bbe6b0ad01f3919979d1f6fa07f438dcf829b82bf2c00b05fa5d1551309fa5942b962d01aaa3a69634706b8984a7865b7107b1681e6e499de1be3557287f780fdac42fa6991498d8a9775a251c8a566c4e6ecc874d9f4bd1d5536943b3488b765044a5d26e3fc5cbce9df9b7f0cf91c10a6e1e71bf92af3de7ca3a406d64bd46e7baa3ecc20d30b1ec3785b896673dbc7fba761e8e868360bef675393766d7e377e274ad58e9fb47361038759405df7248dcc584afd6dc0f75385c84ed6bc1743ea35c81b6a982643307eb1489ae52666e157ea66a22432804618678861af0b29ba1c4d108af96e5cdbc71c23578786d7460577bbb6dc31e56458a29a45c480028571bffb016686cea76076672f0ef1fb38646b5124119ba498fbbc65d5861d589c42eb861e689dcae3ed8f78824521316e697fa768a2779ac6a345fd2572599c922b9a4f0ca7e576c4167b58a406ffd5524e2036a626b0c7c7479526253e96b4b83ce9295d92c31bc2f0f75fe5378c4f90ff262637552870955c552d602efe5244764643017d57a9bdb848fff39ffa9be156d8c600689e4be694f26828f9f11daaeceac6c3039af1935858242d016b55175a9b46ab56d7aac9b763ab3d056a6ec8a6d36d024a4c3f95298d3a6fa58fa29bfe6ebcd5791fad4178ef624b215a6aa7e861246b7c3cf00df2e4c07c1bdc279be8b5bc3923094a211c85f7c54f8f35f12a9c06041b74b33549d6b6bc004c5f44330aa0b8f9720e0307ffcde92891dd3d78f467383cf22d41d05258f685f8ee792df025a04309dac2954271f26915daa2035299befe72d8170347a13348f3adf95e4823f399009802cc647aea7a22ae405d2e4f6fbfbe5dd726f81469a2fe29403aec153a0df278fd1804014a3e7a35a26119c06090b86f875df49f95c5e61ecd5af83d379b4b639d132ac0e7848d96eeebb07a1f8de335c188f6bb1d8fced7fa7351c4cb7020e02827938cbce4766f9f74717f330813c18a5536709449161150afc2dc980628c8e34930537634140b5ccaca9f9fd087d325acf245e626e9561219c1598c91882c6761866b2dea435a4ed6ce345beda66a5da875d655bc740cf259759973d502c848fd88bd62c34436950c5e6538df4ca28cc4508ab30f8f733517dfa69b6acd3845b968b407f1afa2fab63e8b2f1eafe591deb89a0989306bd029bf0965f0d3e730c9ad8d75b34b891fa959498a7a57b80889338389ec656b12bbae52610b644749839ccdaa86fb9a6c3bc10a7dc7c8d6667c8096467b7fd8af22187272e83b8f12dd5b2a11ff62883a67aa04d52d021f7a187bced7e759dfe51f225690d045ba8d56bf1bf9b4448704e3acaf579e9be3e12f8788b43924176eb5aaa8d45b78b91def72969f929b5a97a6f2c449ffbfd6712c3923e370d005622590caf83e2c6e6818151b4fd7348432fce0945d27931b84bf85a37c993f6aa4ea1d799b33986011c143a2dbc02b3cb3d5c687e3b004a7f1d637f862f265d03503c923ee487c9e1b7c36abac1d7a375ba63c3b12d86adb2b3a79d4cfd4293b9bb07267ae2868c10227d68dd988cf21967c3fc324daa409211770599dc2129fbc2a5a0242fc886acff8571cac1bb992d40712d69f6338b627abec8353936564b85c51615d87a28b6ba8ee82ff6c4621ebf1bbd760e5c052825a8e8e63159d6bd6728b9dade5b514dbee8356390a95aa2d135e82165f2e2ce1756b28bef7dd84c1f108d6ad4a1788fbf520d1b73e6ed68878861b498cbb0007028f185c75b168b58fd43a6f85634cf9abed20b87107bee122afa058eb73edf75ed322ab1ebf3f0784c1bc148e17bb43284c3297e2f8deef16694071bef522b55831e7fbf1d18bec76a25e8e0c88f7e12229ae3c770db2aaff936904661b924b1dc21cc295638c512cffb8dc9af4c23cb1a5a7cf132e780259f4ce454492c669780e2c3a4d95b18b0c15a3982792fd06b9c4e32cd208b7ac0a9f82d19faf153f10831a2c3b8efebab3adbe415cab8e6f805fe484f336602ae6e7807ffd7d346a1432e81c2fc8264bab0b11c844ccf11c3fe7f441be9ebd152fcc1618059dcdae0f621d32ae65a855cb65cf8d8aa677a07e4305afba8239b082fb869e76107e058c8b774d37170df890eaf8f3850bdddd622c9107cf0debd06f94b9576194ed65757ac5081240fcce038940709ea5f144a66accd6ef95c422a434195aa061f8eacaa0f06bbbfa579489cf3dabfa68130237eed17a975c7932df4aec5e4de30a142a561d2f0c7c6fe84bba9ba720d483ba503901e40729968931b15ce06fb67981c25522410e7dd3622fc38001ddb4b487ad2ae9ec658a599741840963accf94c33ea227e592b23dbb653e8ddb5e3dba8165cc3f27a662ea94e6fec086ac37c6b8e9652fc8be3ec210ad4e85a8e8be7f6c30a21c70db515e928b7e3fec7c5dee188c9975c6544e5ae76f221f0290605dc5f52c1e28fc4149bf78a1f532c630ce139d0196a9052f3a9611e4491e31018c26f40f8ad39368f30fb4785beeb3d79e285be09fa6a52ae46e5bfd329f0c8670cbe8dba3cf9dbc6e002c959fafaecb8776afcf29c4a47457b53b8ae16362396dfe0bac683eda9272d01a9518ca66fa7f2581404b572c0011f91709aa71b19aeca6014b0e9e26bb6d9297fc03871b1ecbe28d72e420a336212b4afdc5daf82af991cdf4fd1539dd5ce9cb60353ef6f06a0cc99516dbcdf166d039901215ec94b0b6fcecdeaee3456d2d5ede32e3e6f078d843728ec48b22b40784afcb6b7b7e74886e912432f736412c057b93da4baf27f77a5cec6a169cdc6aa82f06578f795497dd6fb657cf0bea6586e203aeb1a59f7e490f5849b7eafbfd6d26e351de44a05e73818699df755a217d9264469b756ba059dc1baaabb9b4ae1ac640a0aba4f3de1050224e456230043a6205383cda24803df61e523546123975ec232a46266bf5b9b56ee446ee34dab0b2295783e03eea8982e99f45e88b13cb13989dd634c7d14222580a5517d0718dc0510c069ef05220c64310df2379711be87ca22d1c53625d4a49c3c66768d56f6448763cf105c442ce60b91f9161e6a9090c2fa71a0291eb9b1fae383724461b15ee5ff8e6b8db1d1a0bdb2b533da8d7ea7563c87aaac901555695ee21bbf5c8e1803b21f50036ed90d232b0ca9860ef957d618ef026d522544941e460241dfeb182b327143c934a0555491a0cc75f9404bd51ec6c37053a7826feaca28fd2fc3dbd8f99a50d99b3a35a44c8a185f770034b5d050ae1ac42665ce6fc0a4c301c4ab2cd0e99bd70678616868ca0499f364974a5a88a9029ac4c2f0a937f058adb6b1ee96b144a08f7405e7403817446cf09d05a69000722ea04567cf848e83f9c16f24c75646d23b1d1d8fd2539862c6ec06f6d92876ae92dd495e0dd4d239606bb881b6da4830331770efe482e1c946040c7baaf9aef1160aafd4b4b92618c8bc1c3732a163f83e236f24bae4a303b4fb587afeae59cca262ba8329688e5d5a4eb719072845d284be58609dc0f5d06e39ebc88662b96ce3bdaa61c000db463d124d47461f90ce06a393007434b305dbe10c77f57e7db397028b4389e772a162dd6e8a45255347a77b94cb22160ba0482b7a9290e0e2d6c3ae7e6417b09dd9b6303ed86fc2d025c092ec06373d874f45f22a2323663319ae02dede5926705c08149f8265b47f8e928f485e6f59f7c62b1beccfd2e0b62cd8a8dda3de95db2f1e933406bdfc4a0610f05bf0236ace70305dcc79df169327d83e4202e5f654db09e73f89c47b70798ef4c26cb26ef86998239d5de41d9aa4cc8905b55dc7d08dd5689a84baade8578945a3a3323c6a62c90145f99a7f1e771b63a3147538ebbbdfba0c19e4edb47bd80793c77560ffa01be118d9eacd5f6aa7285b94c6134e4bc6b2c04f9796befd99cac83b5ad71f46d6cdd547b8e649ae88b79e7783e67815b73ac60c05610c2e8437bf3df9bdc2001f0a33ab11efd1e45dfde5f2ad3dd5672f612f2cb2e0e350afd0d2a971c137acd20e0757c8712f224a04270b4d3a7f663a5e1d5d94672f67ba03566f7e259c6a9c54eabd492824d23615ff33289757268a06f4e56922ba52660d4c2a2ef7f5522f534805576b160f2c76bfcbb0c72dcf34db8a9c637bee9aa039a7aacce9904840a03299116d7e0a3e50e46ca4a3c7a5204a11330e28bd2a18d17146ee740c3c7d726e4014ba2016f7cfad7328c1c0632438250d50e0515a9538f276680e9ab2a8e6b1e5415a9b47582265a19b479a600bd462ceb433fd928218183f16a8dc944fd22d6b494688d507489e7cf481efe702f20407e81bdf87d1f7db595b26e92d100fb4c5ba5f2dae903ebae9a6881a1c4ed7233bd357c156a2b55d82b3a20d43a11a29b58e6b4dc70d5a3292aa4d0774be20564d76584036c6de059b40013f5a4746d513db111ac6694547e056f1c7fe470bdf2fe39d70cb4ecae0214933389f52049985c54bf97d01e47264dbcbd0ac826e2bb7c72791d6a2197cf708371773c15ffead0296949d9c7e1800d13c46995ce023974d91fc109a87af54c59b6af2c10d19e414c45495", 0x1000}, {&(0x7f0000001580)="50dbc9a32bd0b2782b3d5fc1310752bfd0def631f0c1f0b20524e4082998d73ad86cbde9a49ae76f7561b2d4293b1b8f180f94b13383a83146eb4ed7c91c88cd7507e635b1fcea56e719319d121aabecd1b95fe4b9e948eb9f860693faea750c519147e2c9e81c2998b36eda06b524052f4aa62835", 0x75}], 0x3, &(0x7f0000001740)=[@prinfo={0x18, 0x84, 0x5, {0x30, 0x2}}, @sndinfo={0x20, 0x84, 0x2, {0x2, 0x1, 0x8000, 0x0, r5}}, @dstaddrv4={0x18, 0x84, 0x7, @rand_addr=0x7fff}, @init={0x18, 0x84, 0x0, {0x5, 0x20, 0x100000000}}, @dstaddrv4={0x18, 0x84, 0x7, @remote}, @init={0x18, 0x84, 0x0, {0x1, 0x5, 0x7f, 0x3}}, @dstaddrv6={0x20, 0x84, 0x8, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @dstaddrv4={0x18, 0x84, 0x7, @multicast2}, @sndinfo={0x20, 0x84, 0x2, {0x4, 0x8, 0x1, 0x5, r6}}], 0xf0}, 0x4010) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000001880)={'bond_slave_1\x00', {0x2, 0x4e21, @rand_addr=0x7}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 743.990150] protocol 88fb is buggy, dev hsr_slave_0 [ 743.995479] protocol 88fb is buggy, dev hsr_slave_1 07:39:09 executing program 1: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x400, 0x10000) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000001380)='fou\x00') getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000001480)={{{@in6, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}}}, &(0x7f0000001580)=0xe8) sendmsg$FOU_CMD_GET(r1, &(0x7f0000001640)={&(0x7f0000000180), 0xc, &(0x7f0000001600)={&(0x7f00000015c0)={0x24, r2, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e22}, @FOU_ATTR_IFINDEX={0x8, 0xb, r3}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008041}, 0x20000010) ioctl$TIOCNOTTY(r1, 0x5422) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000080)={0x2, 0x1}, 0xfffffffffffffdf8) r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000001300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000012c0)={&(0x7f0000001340)=ANY=[@ANYBLOB="20000002d18856fdaa07f5be90e2e45f9ce4d27f061ef9379c30940c2ac6", @ANYRES16=r4, @ANYBLOB="0a0529bd7000ffdbdf25020000000c0004000300000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000) ioctl$TIOCGSERIAL(r1, 0x541e, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=""/4096}) [ 744.054132] misc userio: Invalid payload size 07:39:09 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000080)={0x1, 0x7, 0x4, 0x4, 0x7, 0x40}) r2 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x3, 0x0) ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f0000000200)=""/166) 07:39:09 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendfile(r3, r0, 0x0, 0x9) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 744.298863] *** Guest State *** [ 744.303452] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 744.313083] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 744.322600] CR3 = 0x00000000fffbc000 [ 744.326695] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 744.333163] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 744.339556] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 744.346577] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 744.354937] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 744.363346] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 744.371700] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 744.379894] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 744.394054] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 744.404776] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 744.415074] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 744.424052] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 744.433103] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 744.443977] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 744.451137] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 744.460112] Interruptibility = 00000001 ActivityState = 00000000 [ 744.467121] *** Host State *** [ 744.471702] RIP = 0xffffffff81173b7f RSP = 0xffff8880540cf998 [ 744.478344] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 744.485779] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 744.494319] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 744.501204] CR0=0000000080050033 CR3=0000000054359000 CR4=00000000001426f0 [ 744.508854] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 744.525473] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 744.533291] *** Control State *** [ 744.537701] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 744.545637] EntryControls=0000d1ff ExitControls=002fefff [ 744.552116] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 744.560294] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 744.567735] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 744.575616] reason=80000021 qualification=0000000000000003 [ 744.583090] IDTVectoring: info=00000000 errcode=00000000 [ 744.589703] TSC Offset = 0xfffffe6eec42350e [ 744.595086] EPT pointer = 0x000000005725901e 07:39:09 executing program 4: prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x11) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 744.600820] Virtual processor ID = 0x0001 07:39:09 executing program 0: r0 = syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x1ff, 0x100) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000300), 0x2) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000001c0)={0x1, 0x6}, 0x2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000000)='/dev/userio\x00', 0xffffffffffffffff}, 0x30) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000200)={0x5, 0x70, 0x3, 0x40000000000, 0x400, 0x4, 0x0, 0x0, 0x20004, 0x0, 0xdb9, 0x6, 0x4, 0xa32, 0x4, 0x8, 0x7, 0x3, 0x466, 0xef, 0x7ff, 0x80, 0x8001, 0x3053, 0x9, 0x7, 0x0, 0x4, 0x1, 0x80000000, 0x8, 0x7, 0x7, 0x1, 0x81, 0x5, 0x1000000000000, 0x30, 0x0, 0x3f, 0x4, @perf_config_ext={0x2, 0x800}, 0x8000000008000, 0x0, 0x100000001, 0x7, 0xfffffffffffffff7, 0x3, 0x4}, r2, 0xb, r3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) 07:39:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x0, 0x92000) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000080)=0xfffffffffffffff7, &(0x7f0000000140)=0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:12 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)='\x00\x00\x00\x00\x00\x00\x00', 0x7}, {&(0x7f00000001c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000480)={{0xff, 0x1}, 'port0\x00', 0xe0, 0x0, 0x3, 0x6, 0x7, 0x7, 0x3c54, 0x0, 0x3, 0x6}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:12 executing program 5: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {0x0}}, 0x18) 07:39:12 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_GET_XCRS(r2, 0x8188aea6, &(0x7f0000000300)={0x6, 0x6, [{0x7, 0x0, 0x7}, {0x3f, 0x0, 0x80}, {0x40, 0x0, 0x101}, {0x5, 0x0, 0x3}, {0x5, 0x0, 0x8}, {0x8001, 0x0, 0x4}]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:12 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0xffffffffffffff61) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x38, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x20, @rand_addr="e58ac8222c407bf4811108520c83d690", 0xdf0}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, [], 0x23}, 0x401}]}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000002c0)={r2, 0x5c, &(0x7f0000000200)=[@in6={0xa, 0x4e23, 0x1, @local, 0x9}, @in={0x2, 0x4e22, @remote}, @in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x4e21, @empty}, @in={0x2, 0x4e24, @broadcast}]}, &(0x7f0000000300)=0x10) r3 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000380)='/selinux/policy\x00', 0x0, 0x0) sendto$packet(r3, &(0x7f00000003c0)="7520048d608e9b4cb7c16202a2adea63c3ddee5cbecdf2b0625a850c3b29b21b6d991eed176a08aa8a37a35e697f6bf922ecb2680d7990391adcb5f28c59be943cea8d962f1cc3e12123ffa480cbdc12ddc596b0c7c06f2dacd1790a944dc891dfdc079c9425287da29dce3cfc87d7489702e440b2bdde91f32cc0f445a51997f4113a6d09dc4aa336cf3e45136003d382c881580b8922d35e1c2296839895f22e3a14640d3a9ea82b9227d3c82853826d09ec1d78aee1086a61353e54d692a9e39c297ac0d2b96c77f1917941688056c034c2b163f37a165ae6a16f8e8927da91df7f6627692f7cb2713ae6efcc403b0e8aab9dfb9869fff2", 0xf9, 0x40, 0x0, 0x0) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/checkreqprot\x00', 0x40000, 0x0) ioctl$RTC_PIE_ON(r4, 0x7005) ioctl$CAPI_INSTALLED(r4, 0x80024322) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socket$can_raw(0x1d, 0x3, 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) 07:39:12 executing program 1: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000200)={0x1, 0x3}, 0xffffffffffffffcf) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x260000, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000040)={0x0, 0x0, {0xdf, 0x876, 0x3013, 0x5, 0x1, 0x7, 0x0, 0x7}}) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) [ 747.012384] misc userio: No port type given on /dev/userio [ 747.040909] misc userio: The device must be registered before sending interrupts [ 747.057103] misc userio: Invalid payload size 07:39:12 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$TIOCSRS485(r0, 0x542f, &(0x7f0000000180)={0x101, 0x81, 0x218}) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 747.062894] misc userio: No port type given on /dev/userio [ 747.094839] misc userio: No port type given on /dev/userio [ 747.104969] misc userio: The device must be registered before sending interrupts 07:39:12 executing program 1: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/userio\x00', 0x4500, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) write$evdev(r1, &(0x7f0000000080)=[{{0x77359400}, 0x4, 0x5, 0x5}], 0x18) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000)=0x3, 0x4) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) 07:39:12 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000000)={0x2, 0xfffffffffffffffc}, 0x2) [ 747.152080] misc userio: No port type given on /dev/userio 07:39:12 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = gettid() ptrace$setregset(0x4205, r3, 0x200, &(0x7f0000000340)={&(0x7f0000000540)="af7f87c6cbf98fac15b11a277b4154430896620a6864cf13e0f0589a29744ccf25c9fbdf9779f103c33e4be610deab858e3ff3659c9768ca636b4fe8a098fc0bc46b84faa4147a208801f9016eb5583149d095721e0f631dc879f14eb733d53528188adc3ba721b31ad0e3cd4f0c444702249328fd0be7e5a5e73c1a1c010ce9f3139addbce62256bd0e324ecd1a50f89235ce4330e1877b16a84bf5e3e85ccff1ed33a86e3bbf", 0xa7}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) syslog(0x4, &(0x7f0000000480)=""/185, 0xb9) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000300)=0x8) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:12 executing program 1 (fault-call:9 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 747.399486] *** Guest State *** [ 747.403937] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 747.414004] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 747.424360] CR3 = 0x00000000fffbc000 [ 747.429150] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 747.436563] RFLAGS=0x00000246 DR7 = 0x0000000000000400 07:39:12 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000000000)={0x22, 0x3, 0x0, {0x1, 0x1, 0x0, '{'}}, 0x22) ioctl$KVM_REINJECT_CONTROL(r0, 0xae71, &(0x7f0000000300)={0x2}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 747.453419] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 747.488129] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 747.502728] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 747.515760] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 747.532983] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 747.543797] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 747.554063] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 747.563796] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 747.573178] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 747.582423] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 747.590872] net_ratelimit: 16 callbacks suppressed [ 747.590880] protocol 88fb is buggy, dev hsr_slave_0 [ 747.590963] protocol 88fb is buggy, dev hsr_slave_1 [ 747.596841] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 747.607929] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 747.627323] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 747.636106] Interruptibility = 00000001 ActivityState = 00000000 [ 747.643905] *** Host State *** [ 747.648144] RIP = 0xffffffff81173b7f RSP = 0xffff888053587998 [ 747.661244] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 747.668885] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 747.678609] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 747.685688] CR0=0000000080050033 CR3=000000005b530000 CR4=00000000001426f0 [ 747.704667] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 747.718099] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 747.730619] *** Control State *** [ 747.736503] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 747.746557] EntryControls=0000d1ff ExitControls=002fefff [ 747.753108] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 747.761151] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 747.768538] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 747.775939] reason=80000021 qualification=0000000000000003 [ 747.782686] IDTVectoring: info=00000000 errcode=00000000 [ 747.802414] TSC Offset = 0xfffffe6d398e647a [ 747.814820] EPT pointer = 0x0000000061b8901e [ 747.825454] Virtual processor ID = 0x0001 [ 748.150193] protocol 88fb is buggy, dev hsr_slave_0 [ 748.155446] protocol 88fb is buggy, dev hsr_slave_1 [ 748.470229] protocol 88fb is buggy, dev hsr_slave_0 [ 748.475460] protocol 88fb is buggy, dev hsr_slave_1 [ 748.480762] protocol 88fb is buggy, dev hsr_slave_0 [ 748.485876] protocol 88fb is buggy, dev hsr_slave_1 [ 748.950154] protocol 88fb is buggy, dev hsr_slave_0 [ 748.955291] protocol 88fb is buggy, dev hsr_slave_1 07:39:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) capget(&(0x7f0000000000)={0x19980330, r0}, &(0x7f0000000080)={0x401, 0xcc1, 0x4, 0x9, 0x130, 0x10000}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:15 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) 07:39:15 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000480)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @initdev}}, 0x0, @in=@broadcast}}, &(0x7f0000000340)=0xe8) ioctl$SIOCAX25ADDUID(r0, 0x89e1, &(0x7f0000000580)={0x3, @null, r2}) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x159, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', r5}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000000)={'NETMAP\x00'}, &(0x7f00000002c0)=0x1e) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f00000005c0)) 07:39:15 executing program 5: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {0x0}}, 0x18) 07:39:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r2, 0xae03, 0x81) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_smack_entry(r4, &(0x7f0000000180)='security.SMACK64IPOUT\x00', &(0x7f00000001c0)='/dev/hwrng\x00', 0xb, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f00000002c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmmsg$inet6(r0, &(0x7f00000002c0), 0x0, 0x40004) [ 750.144683] misc userio: Invalid payload size 07:39:15 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) stat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000480)) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:15 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000300), &(0x7f0000000340)=0x4) syz_open_dev$admmidi(&(0x7f00000002c0)='/dev/admmidi#\x00', 0x0, 0x8002) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000480)={'vcan0\x00', r4}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x3, 0x79, 0x1}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$EVIOCSKEYCODE_V2(r0, 0x40284504, &(0x7f0000000000)={0xc350, 0x1b, 0x8, 0x5c1d, "075de87c6c9ff1592d8ec932d2231c2bb559da10667b491e442cf4e435c01952"}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:15 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(r3, &(0x7f0000000180)={0xfffffffffffffdb1}, 0x39) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000780)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:15 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xf, r0, 0x6, &(0x7f0000000000)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:15 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0803", 0xc2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) rmdir(&(0x7f0000000000)='./file0\x00') write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:15 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0xffffffffffffff0f) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$zero(0xffffffffffffff9c, &(0x7f0000000180)='/dev/zero\x00', 0x800, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 750.827382] *** Guest State *** [ 750.834503] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 750.843813] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 750.857485] CR3 = 0x00000000fffbc000 [ 750.861707] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 750.868501] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 750.879718] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 750.887961] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 750.900468] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 750.909500] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 750.922331] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 750.932355] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 750.944876] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 750.964128] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 750.979282] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 750.996883] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 751.014873] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 751.023522] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 751.030999] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 751.038722] Interruptibility = 00000001 ActivityState = 00000000 [ 751.045534] *** Host State *** [ 751.049084] RIP = 0xffffffff81173b7f RSP = 0xffff888051eef998 [ 751.055625] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 751.062576] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 751.071554] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 751.078345] CR0=0000000080050033 CR3=00000000949de000 CR4=00000000001426e0 [ 751.086476] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 751.093997] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 751.101491] *** Control State *** [ 751.105743] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 751.113188] EntryControls=0000d1ff ExitControls=002fefff [ 751.119006] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 751.126995] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 751.133821] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 751.141234] reason=80000021 qualification=0000000000000003 [ 751.148207] IDTVectoring: info=00000000 errcode=00000000 [ 751.154118] TSC Offset = 0xfffffe6b4f342782 [ 751.159308] EPT pointer = 0x0000000086f4701e [ 751.164312] Virtual processor ID = 0x0001 [ 752.630172] net_ratelimit: 14 callbacks suppressed [ 752.630177] protocol 88fb is buggy, dev hsr_slave_0 [ 752.640913] protocol 88fb is buggy, dev hsr_slave_1 [ 752.646962] protocol 88fb is buggy, dev hsr_slave_0 [ 752.652188] protocol 88fb is buggy, dev hsr_slave_1 07:39:18 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) ptrace$cont(0x1f, r0, 0xc3c, 0x2) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = getpgrp(0xffffffffffffffff) prlimit64(r1, 0xf, 0x0, &(0x7f0000000000)) r2 = gettid() r3 = syz_open_dev$mice(&(0x7f0000000680)='/dev/input/mice\x00', 0x0, 0x200) setsockopt$rose(r3, 0x104, 0x2, &(0x7f00000007c0)=0x3, 0x4) ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008ae05, &(0x7f00000006c0)=""/235) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x8000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000180)={{0x9e60, 0x7, 0x20, 0x1, 'syz1\x00', 0xffff}, 0x1, [0x3, 0x80000000, 0x44, 0xffffffffffffff99, 0x5, 0x3d0, 0x10001, 0x6, 0x4, 0x3, 0x200, 0x7fffffff, 0x5d, 0xfffffffffffffff8, 0x1b7b, 0x8, 0x1ff, 0xffffffffffff76fc, 0xe9be, 0x7f, 0x7f, 0x9, 0x933, 0x1, 0x4, 0x6, 0x768, 0x0, 0x7, 0x4, 0x2, 0x6, 0xe42, 0xfffffffffffffff7, 0x1, 0xfffffffffffffff7, 0x1, 0x1, 0x594a, 0x9, 0x3ff, 0x9, 0x21f20a9b, 0x100000001, 0x80000000, 0x4, 0x34b, 0x4, 0xeb, 0xff, 0x7, 0xa, 0x1ff, 0x7ff, 0x3, 0x0, 0x81, 0x3, 0x2, 0x7f, 0x5629, 0x2, 0x8, 0x88f0, 0x6, 0x200, 0x8f, 0x4, 0x7, 0x80000000, 0x1, 0x0, 0x0, 0x67, 0x5c, 0x4, 0xfffffffffffffffb, 0x9, 0x2, 0x101, 0x2b, 0x6, 0x0, 0x8, 0x9, 0x26c000000000, 0x40, 0x7fff, 0x8, 0x3c4, 0x47d, 0x4, 0x3, 0x4000000000000, 0x1, 0x7fffffff, 0xffffffffffff8000, 0xfffffffffffffff7, 0x101, 0x100, 0x0, 0x7f, 0x1ff, 0x4, 0x9, 0x9, 0x10000, 0x7fff, 0x8, 0x748c, 0xffff, 0x8001, 0x800, 0x94a5, 0x91, 0x800, 0x100000000, 0x40, 0x6, 0x58, 0x8, 0x2, 0x1f, 0x200, 0x3ff, 0x6, 0x7, 0x1], {0x77359400}}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) 07:39:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000000)={0x0, 0x32, "3b00879896661e192da47518e19b86e587548496406aa8e533df0d103f4f3796f789d1072d767ac1ff86b9ab88d34e9ea14f"}, &(0x7f0000000300)=0x3a) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000480)={r5, 0x1000, "ac8e970110e414c66301dddfec13bfcbd25075e89be6cbdf82f9d153f3b3edd594472a216cede15fe7ab680b3f3d99becace4f27b09dc70620847dc099ea0cafa5116651b7162aa3427d11b5606d528412c9b3c97db30fe33d3c348dee542ba81d4def97120afb3168aa05d912a65ced258624c2dbffe1dabe7461d8d8120e91c76ff4e29aa36a71432754e9052be64a25ca1fe58c4c2f381cad481b6a9958ebe3f83176c432e6546b3851c4796d629e932a7acd3f0d8329027f65523ab72261ea6c243de9aa3764ea84a36ced947843346e748a3b2a83f080baac51cbb4a201d8bb2524fce0cd2a99da4d3475b2d1096ee116c666ba0e45f96a8f5e8488ef6e87b5037904acc96c3c943a7625a61e83c86713f743e7090b5a42d45ba56f6489ed327f8ca6a343b35bef99c2ac2141b707676b464d2147bb704e26b22a836a8ea3008e687ab5a835c5e97d3bc9afa1b75e4a5259784ad2bc4662ab1a2aa21dd5b1aff37a5304961dc90c25c8e1c269d9c46fb5196ea8287b7b68edef3eb6f91bd46619df226a2c7ad4178e6516922607cda8c99037c87b43c46351353e8356f668d3232b69b2f2438e0839329c77cc77e1d1fc55b5bd7289bc49d4b51c61b8bcd4675734adc865752ccb97ccfc79707c436444ddbdd544b5e2af48574021c7ed61b9912e9fb1955e1e1a642b2cd52c937e2803b6a9943ee80f2f9781450130f5730b18521f58eb05efb717a74e8139d71e4d48763c52345970b53ef31475c9b60c62f7ce809d480b3e96425bf43bd682a31ad7f5a4873eca98e2431e59ed8bea9c3b4678578c717e5268d7f7ba57fae550a28648140288f6d36638f1107b104e45f64c633e8d1136be2341982ee96ef02526988e601ee419179a5f197bcf98fd21ef9021064f080f26e3732d2dd874c4ea238dc97de9704cff52d7284f2241cb1833f980a7616cbdc1d618b2a2910868c01b9da1df79963080c2962787c820e9c4d1690f60b1efda34c122e65b794fde42f92a32338ea323e98da46fde0a0b37eb3747de80284787dd37994d82266cecb7809e1d7bcfeab10b6635cfc484c00f8cb09fc7e990e9a92160f310eea89fc31fedd95760a381ed855509525e71e32344438b312173b61ede14212c888cb9fd2480ec33f8048dc9c6ebe80d0f963dae3ec93fd4d571b2d7a4e617b8d12af7f9cbb302ac3365d16ae8e2c65b80a9c6819a531b8af4dd6ec58a0ddd5e982efed8b559ee904a48996c78927fe70792735b23a5b33e32a4d13f08b15d0c3abd86a0648c35de424e0b785d4c969eb0986718c4798c077f251e36367c8ea0d8f1d9a0166b8d72cb791eb21f6df04354c066b918b395f0a676975f3ca58b77eaf0a2e5597aead7b7882c6a4321b1619c559423445cd94d9d5f09783a78f2ba010412d8e0b4c77fa7fc6c0bea2e6dd7d1d91dd4c0dbac08d06e1378ba4499d24690fca2e0890554855b1aa5f2f5150f72a764742b7722861fc518aeb91c2105cccfed268889204906662999ce266b624e4f7a1ab6b6af8ce58e62abe42a1614e23c2abcd7417fe968145ac1063b685dba011f6a05e40621041e6bc122008915dcb980e4cee2ca57dd2937df7ac901f1d361e50b3bad276e2d9254d703baee7323de151776fa9b57c6706e6a224cd0b6f9c5a723dbab058d6ab4cc5ee0354450f5ab7db7ba4ac1a00a071bf29d6e6e9e1ce83f1f9663ceccffddb0dcd661051e2cc3b18ce0b042f50f8a8faefa9bbe074682eec3d4ea9cf126c098524eb74fdf3911197f46d22557370eac08ca11a042dc43d02a0cd9356ee113b92de103e11069da42ddf05d7d8b81679e933b506c219b677ac0734a98660574364e6715dc7188c185a76e56a95515c2e8013b5e8c0010d707d85dd068a1714eed06d06873ee89ba3c319a55d42a5ccf406e121afada99a34bb76c7608687952be7b21fa4c56055ac53f58de3b66c4860cf1162b53e887c0ddc5275a13eccb934815f39cf5897e8c5e0a8b28e12073bb5b1ac2ebc8fe0a608c54e0b5cf70c9784712503a05a1e1f0bf73d6dd5838f33b1eb540a791c4f9bb2c170bd6d5b57e79cca6007acc06cd1ac1f57884f31915984a286f56490cb1a01fd53193ef7499e0c9986058a7f8c4cd2253500ac8df3f3238f69fe555ff77a02addf8d3d9a47c5644e28558b27933b6e3e7969a4b00e8ffc5d99ad24636d0cf935a91854e230119c6db39c6c856123d4cd33b5d214fee32df7970197678c61de4ca0347a347b51e3b237a2e188e0522b0e78d254f0f9ddd59d8343e4044c7a68ffd0d475da4996f48fab2acec416a95462c4072cb8ec493f7b171370abefe69cef1b67a645a2bdc34c60e37311fb774e6664f47a31a52f42c163c5ffe43d9f8a615c03bb4c6aed5674045d8ffab3a351d63955f9e378524394e4db897bfa3005bc457dcfe5d575efd41b6c9bd6e7e7aa0fbf9d62db2dfb558476f016c9f68b326fda2a0f321ac696f4de35eca6ceac7b795cfccebb5e5084aece4300ea1be6bf1feff559732930c90192be3354babf458e428ba73e4ac9848e251f4f7ce6272d67a4a64674bde98dc9c3b9ff172f9825b740bd47b5dad91c8c176f7cd0fd8000121bdd74e480f87852e31bff8af8ae09d2b9c299fdb55622705351b70f5d2d64dbdc1c2943023560a3bdb164ea91e09847f5b8ad3df0b3702834b1ecd87a8e555b976d8d8d002fbe15fc64da8927f84113d4760d0791d14de70249a3841f7be4c4436b7e8146840fafd7faf4d87fe162a416a94661096ee447a5a3fb3984f86ec89d99ec81789439f5a489a0f9c196840b3a39242c3e36450136c09b2442e5c3fc7550dc2f94627cb4be3648aeb2cc6bdb12584c066dd08833238ac5cd4cd771b974b9e3db42e2d1a9b26e9d2ef927ddfc7db578e8a6eb2c2d0c1bca72e07d70c63bafe6ff25d793e485d1dfbc4e923674fff3d7e7ce328c14cf284aca21218578d08fb49153e772928191ef092dcfb54512b85b68e7a487d241386bf7050b4be95fe76cd1b319a44ad5de794a3abb6bde3570dc37d30e930a50d224c1e79b2641504a9add5f9d2133b491375dfc5f5b890179828c703e27551783cc66fb0634e1484eba785985837589e3d293d63a7a5da6986c786f2c2182f3bc0f4142d8d133789c839ff80dee9f62646811e2e95b32dfba42c8dab81f5119252580e06e859f62e08ed6ea0182b5e4b9d2969b914c28f0ff82715ed723e07aae1a863e3d3dc7dedda4b6f3c4448c90b3857970aeadbb1f7ead6c3d8677b6854bda875f0ed4236a4dab4e6e96bf3789a7f2b26a9a7d30639e8b04fa8b5c0ae49c9bd63780f200aeff25f2ae55376a5aabcf0966acaad275af4b02e1d89630d5928bfaffecdf953a7c3b8499a0a62a90748d26a65a899e74f725a7ab4797c96a155b5f61682300748be58a1150c856b44fe9545a1d4276fe980075b66c194893317224de0c616756766e0384e8811a61171ec514f4e8eeb3d23c6fde7bf5e6d730e32fb13b064679cfeb6ebdcfdfef4458969131eb10c6ec25ca8453782613415f4ce2903844f2905d3752f888ce0bb5e3ae5d7921825a157fe820b827f894ff983df20280658f946f80d9055e770bdb7f868a6790d15471253ebe15d80bea209bed1a71ef773b54fbf02600778c2c402635ac2de31a1e6c9e79d984a397e5f824cc45982e96f2813fce1f7767301a312d4b4ea2a35c1468fb0593c326986ae510790be0e8561f9c598a8df5b38248af72b18522cdd95d4ab354e26fb5cdb2466af77d942710c54e5bf64b7f3f3c2d9b39d1a9e197dd13045c63b3bcad75977f0f0a1a85ef862306a329546d28fe9aea823a9ff49351742fb1ef45b81ccad242dd0e13d050ee38d610b3ff7972c6cbc5408b2deb1d194bc745f7be6d40da20b1791a8e3c682c711187031a1184abeab488bd4931fbb1466c22e9a7912fdde59f824a9963be12caa8cff831a64bad7278c22c142c8cee0c27f0e7e00536e17ac7eab0d96338d459e0f4b536bc04777e5e98adcff3cd1246e5a7c4dade1fc8a54175a7261aa3727cfeeb7553eb17598cafdacb67d6d45787e213b11cf6ab47bac84ba3898bd06b3ae20da1f95817a3391e7a99f9ba8e93758e39c5b8147d7a07847a0a1093f6f143aaf5f1b3891eed575a391d620811578453d960e0c6cb4a10ca3710092ad3a88c122a4f0218f407c0433e1870b720c1fbc241b61b3cf359d42d667d2a7cd4289be05b3678f66e375b46dff3a47e59ff533ffbc86f47114c20e110afec860e2d8dc7bcc0191f35979e60aacd74ab7edf2b19120cb9862acd4f1c26ad9b55a35317ccda366e90123a4efcae576f9e4cacc6ace53fc6bdac2274b36bf1dd5f32d357cc036f95bfd51635c36e8bf2b473ffb07fbb8908aee217b8ddab7b3df838bfa2a42d0acd53ac2b8e88ffd320479cfd97fcd70c2d8bd3ac5914eddccde83c63fbf762fcc66b7da7232a4ed61b2a5d24dc5020bbc7d153f1c3c4fb850bd921b9f8718e5fc62fa0a9ca3dca2627f3ae155de224df86671104e57c267ea590af03e8c411e8d85806e57b4e0575b2bc76f8017727be0228a15efcd0bc49f9591d305e554ccfbbcebf3c0946eeeb9ff84631734f453d962ec4107db64e5d87cb9f1f4dbf3637379e834ed76ab2ba8184632121da3b608cb684cd069d7ac5435421a1d5de426669d274c5a7c156b6a22ea71782d9ac1fee7b5ae47d1bfac227c08c8572e750e4b9497467e7b54e89dcfa687eaa9dc3b1cce689f5d7aeedfcb85ae0f5114772d59a8d5acccc318ae4bd39b98f2bd58dd49bed3181bb00d39936de6a67a657e518b2792956152b30f1f95ac6388bfcdf42f1fd4ce87f0deb183943feb715d1055767cc48d2505c62cb88c8eb68af9036592de5e845eb3fe4e040db762b04495778ba9db0ada4c0478e5579e826f60c852eef739fb1adc6f19f018317b1da1f29111619dbea7d676ab5f477fc82ce882af4e42948c6c07340ff7f96f989dc693108b6b51c1b7aa6c3b065a9131373171026fe02e8a4090e7acbd5653cff435c194d7980be550044a5eb7c64161d6417945da35d3c58e31e3e812376573307de0025064cb2a63b5d0faf3081bfdfc56ebfb02bda85a558f8652b1fdb27f646576ddcd0f27e1866826c5298272a0c0e23442c5bc55a99e8e2ef163a609cd15bf60bfc64be17708e59583337837b31048b97abc65e9bae19711d1e513c2e2e048f5c74f2c70372bbdd89eddcbd43bf26c15a1e0649e401affbd7a0c3b1889e0cdc9af3bcca0166deeb030537ddc90e17db4585048e3a19b2829d057691ede41e58f94b9a5d2ac2ebecad0cb95eb7f4020acaf0f27a1b9faf68fc669f1631e4f45cd7e12494c302f48aa978f31dac577bf148b76fd7c9f1979125694104ad0be7850ff87ef4f863e21e842d785c5d3e666b1a2b662adfbb25cc8e9f4499a46472b0e7401c5299359fd1f9de8969a7ca825d1ba653da6d205c89aa976acfa0fd8f0b95f75eaf196d001bb2e6af830c49c071c7ea8365cf84a5e147afb6b9c90fea4099be0ec08b025b4fa98134e1781fab0815fa67bfa2949c891b7ff3b418ee28556040f53ab68363580aea18b9bad8bbc841295b8ccceb11a9ca4238bda25506a996f4ab6116b0332ad094da8d40a4739aa136d0fe5bbc77a27449e392357f65fcf3f7fe3dd45f34e38496603cda69e0fdabeb48e73599c0d704e650b805cdc5175232bd3b4c7bfc1234753f8a8ed1853ab605d71ceabe32e97aea447938b090c"}, &(0x7f0000000340)=0x1008) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:18 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x400000008000, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfffffffffffffffc}, 0x2) 07:39:18 executing program 5: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {0x0}}, 0x18) 07:39:18 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000180)={0xd, 0x2, 0x1, {0xff, 0x2, 0xdb8, 0x4d9e}}) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 753.110159] protocol 88fb is buggy, dev hsr_slave_0 [ 753.115594] protocol 88fb is buggy, dev hsr_slave_1 07:39:18 executing program 0: sched_setaffinity(0x0, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETCONNLIST(0xffffffffffffffff, 0x800442d2, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) [ 753.218078] misc userio: Invalid payload size [ 753.235750] audit: type=1400 audit(1563953958.526:80): avc: denied { getrlimit } for pid=24821 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=process permissive=1 07:39:18 executing program 0: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x1c, 0x0, &(0x7f0000000000)=0x25a) 07:39:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x3) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:18 executing program 3: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000380)) gettid() ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000003c0)) r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x0, 0x84) vmsplice(r2, &(0x7f0000000300)=[{&(0x7f0000000140)="a0d02a6940e24e716337de517ba96b72dfc2014ee66fb2c6ab6a1af5482c552ec5c59c3c920a3d56973850017c68efbc3d58386533ccadc15868f0c0f834937a7c664ed7ea744929af573dac676107f9ffa342b72febd5043b912477c88b77853b697d7911f53bc82e6548de5b93a1c04aab6495297d426b6fff1a61c8ef426be8d6a8c615554007fab77ce51f0a53d6a0945c97a521a11aecda29fb766532d103b561aaf7f3efbc5bd8e8d6691972493dada3aaeeadf7379514878a26ec323e3682f6ceec63d0e67ec5385a4ec42034e2b1f3b3931e92d3770c5532f286b03c9dd0c563a0136c4798b1973b6c682b5d8ec1dd014d245c2181c190555f", 0xfd}, {&(0x7f0000000240)="e7b0f087e218a9507ecaae3f5a9944bada71a9bcd67dd1e7d51e05f97d328e100359b85a19cd52ed69942130af49e8ce1bbc7b0db9c30764b3b61a70f4bdb21650faefe691d0f9a2b0221392d081fd4bfb923a3d8034197dae503e7ab54104216b6b1c9382b84d3dcbd68b7638f1bcf846631abda9918795d8525e39537ceae4de7d3fff", 0x84}], 0x2, 0x2) tkill(r1, 0x38) r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x476, 0x240000) ioctl$KVM_ASSIGN_SET_MSIX_NR(r3, 0x4008ae73, &(0x7f0000000080)={0x3, 0x380c}) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) [ 753.396188] *** Guest State *** [ 753.413855] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 753.467632] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 753.487975] CR3 = 0x00000000fffbc000 [ 753.498281] RSP = 0x0000000000000000 RIP = 0x0000000000000342 07:39:18 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/btrfs-control\x00', 0x2fffd, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000240)={0x2, 0xe, 0x9b28, 0xbb93, 0x0}, &(0x7f0000000280)=0x10) setsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000002c0)=@assoc_value={r1, 0x918}, 0x8) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000200)) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0xfffffffffffffffd) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) setpgid(r2, r2) ptrace$cont(0x1f, r2, 0x0, 0x0) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) accept$unix(r3, &(0x7f0000000140), &(0x7f0000000080)=0x6e) 07:39:18 executing program 0: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x1c, 0x0, &(0x7f0000000000)=0x25a) [ 753.588809] RFLAGS=0x00000246 DR7 = 0x0000000000000400 07:39:18 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e23, 0x80000000, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7ff}, 0x1c) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) getresuid(&(0x7f0000000480), &(0x7f00000004c0), &(0x7f0000000500)=0x0) r5 = getegid() mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)='fuseblk\x00', 0x1119401, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2cff0700006d6f64653d30303030303030303030303030303030303030302c757365725f69643d", @ANYRESDEC=r4, @ANYBLOB=',group_id=', @ANYRESDEC=r5, @ANYBLOB=',blksize=0x0000000000000600,allow_other,allow_other,allow_other,dont_hash,dont_hash,obj_role=vcan0\x00,\x00']) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r7 = add_key(&(0x7f0000000680)='dns_resolver\x00', &(0x7f00000006c0)={'syz', 0x1}, &(0x7f0000000700)="d6ed349fb0da8ba4699dbedc04201d5c29e5adee93d62aeb25c69f1775ab4d19394773c9f2f25688ca13cfc67c3b2f836b8189bae102e72cfd883b99945feb2c81d87409be6488e818f3a37f15ee4961cc12d49fbf1b84e3c96d19272d7f066e46894103228807e9a60d1b4c60f0701a9393610dfc48eda603c581de45269c49711da6f857c7ad5ba25618d690c898b04fd89caa914a7a188f29b35310fa85fe4b91ae8aab015257c4afce09c67eb115dc82149ee1eceba8f9480b9401", 0xbd, 0xfffffffffffffffe) keyctl$assume_authority(0x10, r7) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 753.629857] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 753.651934] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 753.664481] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 07:39:18 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) umount2(&(0x7f0000000080)='./file0\x00', 0xb) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:18 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x5c9, 0x0) setsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, &(0x7f0000000000)=0x5, 0xfffffffffffffdab) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc4c85512, &(0x7f0000000000)=ANY=[]) [ 753.676247] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 753.739257] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 753.765334] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 07:39:19 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe(&(0x7f0000001400)={0xffffffffffffffff}) prctl$PR_SET_KEEPCAPS(0x8, 0x0) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) symlink(&(0x7f0000001740)='./file0\x00', &(0x7f0000001780)='./file0\x00') write$binfmt_elf32(r0, 0x0, 0x0) fcntl$F_GET_FILE_RW_HINT(r1, 0x40d, 0x0) [ 753.798361] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 753.823420] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 753.832582] protocol 88fb is buggy, dev hsr_slave_0 [ 753.832646] protocol 88fb is buggy, dev hsr_slave_1 [ 753.848004] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 753.859210] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 753.871406] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 753.880809] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 753.894188] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 753.909908] Interruptibility = 00000001 ActivityState = 00000000 [ 753.936764] *** Host State *** [ 753.941908] RIP = 0xffffffff81173b7f RSP = 0xffff88805df3f998 07:39:19 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$SIOCNRDECOBS(r0, 0x89e2) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 753.988893] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 754.023698] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 754.037703] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 754.068380] CR0=0000000080050033 CR3=0000000063a4e000 CR4=00000000001426f0 [ 754.089679] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 754.098896] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 754.116426] *** Control State *** [ 754.126090] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 754.142418] EntryControls=0000d1ff ExitControls=002fefff [ 754.148832] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 754.156809] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 07:39:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$UI_BEGIN_FF_UPLOAD(r0, 0xc06855c8, &(0x7f0000000180)={0xb, 0x3, {0x52, 0x8, 0x2, {0x9, 0x9}, {0x8, 0x401}, @ramp={0x80000000, 0x1, {0x8001, 0xfffffffffffffe01, 0x100000000, 0x6}}}, {0x0, 0x1f, 0x1, {0x8, 0x7f}, {0x8, 0x1}, @const={0x3, {0x4, 0xfff, 0x6, 0x9}}}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:19 executing program 5: socketpair$unix(0x1, 0x80000000000002, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0xffffffffffffff7c, &(0x7f00000bfff0)={&(0x7f0000000180)=ANY=[@ANYBLOB="b800000019000100000000000000000100010000000000000000000000000001e000000100000000000000000000000000000000000000000a00400000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bf8bf05e9a7562b5a236daf08bf818bf"], 0xb8}}, 0x0) 07:39:19 executing program 4: r0 = syz_open_pts(0xffffffffffffffff, 0x2780) ioctl$TIOCSLCKTRMIOS(r0, 0x5457, &(0x7f00000002c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_S390_INTERRUPT_CPU(r1, 0x4010ae94, &(0x7f0000000300)={0x2, 0x0, 0x6}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x1ff, 0xd439, 0xfffffffffffffffc, 0x0, 0x0, 0x5, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0xffffffffffffffff]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000480)=0x10001, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000000)=0x2000100000) 07:39:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040)={0x3}, 0xffffffffffffffe0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video35\x00', 0x2, 0x0) fstat(r1, &(0x7f0000000200)) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x7, 0x10000007f) 07:39:19 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000380)={0x0, 0x0, @ioapic={0x1}}) [ 754.164725] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 754.172668] reason=80000021 qualification=0000000000000003 [ 754.180456] IDTVectoring: info=00000000 errcode=00000000 [ 754.187685] TSC Offset = 0xfffffe6a0524aab6 [ 754.192808] EPT pointer = 0x00000000961b701e [ 754.197942] Virtual processor ID = 0x0001 [ 754.390182] protocol 88fb is buggy, dev hsr_slave_0 [ 754.395444] protocol 88fb is buggy, dev hsr_slave_1 07:39:21 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x8, 0x0) r2 = dup(0xffffffffffffffff) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r2) syz_open_procfs(r0, &(0x7f0000000000)='net/sockstat\x00') 07:39:21 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) shmget(0x3, 0x2000, 0x200, &(0x7f0000ffc000/0x2000)=nil) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) syz_init_net_socket$llc(0x1a, 0x3, 0x0) setsockopt$inet_tcp_buf(r1, 0x6, 0x3f, &(0x7f0000000140)="bbc7405c672468f19346b30093776b569c1566423ab061fd410a572bff99b8c8b56f5232314019f42c12c4d99b28e4e535a7a4ccf10b1759a70c9830c5031e6c248f4eeadf0ac9ef911b4e26539b6c69423dc192596842b0780874b754b058c3106d894a03b55a43657cb2666be755274d75ae5a21b9635f37558280c8f1a214be184970b05e3bedae5c1909b9775554a7fb62bb05ba17e782ff3129b4c124f759f3", 0xa2) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) setsockopt$inet_tcp_int(r1, 0x6, 0x1e, &(0x7f0000000080)=0x1000, 0x4) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:21 executing program 5: r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) write$P9_RREMOVE(r0, &(0x7f0000000240)={0x7}, 0x7) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r1, 0x4, 0x4400) sendfile(r0, r1, 0x0, 0x8000fffffffe) 07:39:21 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0) times(0x0) fchdir(0xffffffffffffffff) fadvise64(r1, 0x0, 0x40000000, 0x2) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x0, 0x0) 07:39:21 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:21 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e24, @multicast1}}, 0x115, 0xffff}, &(0x7f0000000180)=0x90) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000300)={r5, 0x2, 0x9, 0x6, 0xb9c, 0x6}, &(0x7f0000000340)=0x14) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 756.691649] audit: type=1804 audit(1563953961.986:81): pid=24930 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir529042699/syzkaller.54L7Db/689/bus" dev="sda1" ino=17767 res=1 07:39:22 executing program 0: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='\x00\xcd\x94\xa4\x84\x00\b\x00\x00\x00\x00\x00\x00]\v\xbf\x9a\xcb') r3 = openat$cgroup_ro(r2, &(0x7f0000000440)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00', 0x0, 0x0) mount(0x0, &(0x7f00000004c0)='./file0\x00', &(0x7f0000000540)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r4 = creat(&(0x7f0000000400)='./bus\x00', 0x24) ftruncate(r4, 0x208200) r5 = open(&(0x7f0000000200)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r5, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000380)='security.capability\x00', &(0x7f00000003c0)=@v1={0x1000000, [{0x1, 0x7}]}, 0xc, 0x2) ioctl$DRM_IOCTL_CONTROL(r3, 0x40086414, &(0x7f0000000240)) preadv(r3, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) recvmmsg(r0, &(0x7f00000045c0)=[{{&(0x7f0000000640)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000140)=""/11, 0xb}, {&(0x7f0000000340)}, {0x0}], 0x3, &(0x7f0000000780)=""/6, 0x6}}, {{&(0x7f00000007c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000000840)=""/122, 0x7a}, {&(0x7f00000008c0)=""/40, 0x28}, {&(0x7f0000000900)}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/132, 0x84}, {&(0x7f0000001a00)=""/208, 0xd0}, {&(0x7f0000001b00)=""/153, 0x99}, {&(0x7f0000001bc0)=""/193, 0xc1}], 0x8}, 0x7}, {{0x0, 0x0, &(0x7f0000002f80)=[{&(0x7f0000001d40)=""/218, 0xda}, {&(0x7f0000001e40)=""/101, 0x65}, {&(0x7f0000001ec0)=""/4096, 0x1000}, {&(0x7f0000002ec0)=""/130, 0x82}], 0x4, &(0x7f0000002fc0)=""/132, 0x84}}, {{&(0x7f0000003080)=@pptp={0x18, 0x2, {0x0, @dev}}, 0x80, &(0x7f0000004480)=[{&(0x7f0000003100)=""/60, 0x3c}, {&(0x7f0000003140)=""/33, 0x21}, {&(0x7f0000003180)=""/191, 0xbf}, {&(0x7f0000003240)=""/209, 0xd1}, {&(0x7f0000003340)=""/107, 0x6b}, {&(0x7f00000033c0)=""/160, 0xa0}, {&(0x7f0000003480)=""/4096, 0x1000}], 0x7, &(0x7f0000004500)=""/141, 0x8d}, 0x3}], 0x4, 0x2020, &(0x7f00000046c0)={0x77359400}) setsockopt$inet6_IPV6_PKTINFO(r5, 0x29, 0x32, &(0x7f0000004700)={@empty, r6}, 0x14) syz_genetlink_get_family_id$net_dm(0xfffffffffffffffe) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000240)={{{@in=@multicast1, @in=@multicast1}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local, 0x0, 0x2}}, 0xe8) 07:39:22 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 756.846208] audit: type=1804 audit(1563953962.136:82): pid=24939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir529042699/syzkaller.54L7Db/689/bus" dev="sda1" ino=17767 res=1 07:39:22 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:22 executing program 5: ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) getpgrp(0x0) setpriority(0x0, 0x0, 0x0) open(&(0x7f0000000180)='./file0\x00', 0x40, 0x1) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 07:39:22 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000300)=0x3, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) fcntl$getownex(r3, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r5, 0x80, &(0x7f0000000480)=""/246) 07:39:22 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) ioctl$sock_TIOCINQ(r0, 0x541b, 0x0) [ 757.432968] *** Guest State *** [ 757.447044] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 757.489738] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 757.506874] CR3 = 0x00000000fffbc000 [ 757.511312] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 757.517674] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 757.535305] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 757.558607] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 757.585595] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 757.598332] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 757.609373] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 757.623512] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 757.633589] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 757.645094] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 757.655235] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 757.666734] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 757.676926] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 757.688666] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 757.698153] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 757.716563] Interruptibility = 00000001 ActivityState = 00000000 [ 757.726968] *** Host State *** [ 757.731147] RIP = 0xffffffff81173b7f RSP = 0xffff88805987f998 [ 757.738451] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 757.746160] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 757.755411] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 757.764169] CR0=0000000080050033 CR3=00000000930e7000 CR4=00000000001426e0 [ 757.771837] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 757.779137] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 757.785564] *** Control State *** [ 757.789222] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 757.796707] EntryControls=0000d1ff ExitControls=002fefff [ 757.802529] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 757.844283] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 757.853961] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 757.878282] reason=80000021 qualification=0000000000000003 [ 757.905613] IDTVectoring: info=00000000 errcode=00000000 [ 757.919523] TSC Offset = 0xfffffe67f0a965c6 [ 757.940233] EPT pointer = 0x0000000085d3601e [ 757.961591] Virtual processor ID = 0x0003 [ 757.990194] net_ratelimit: 16 callbacks suppressed [ 757.990203] protocol 88fb is buggy, dev hsr_slave_0 [ 758.000437] protocol 88fb is buggy, dev hsr_slave_1 [ 758.550214] protocol 88fb is buggy, dev hsr_slave_0 [ 758.555377] protocol 88fb is buggy, dev hsr_slave_1 [ 758.870211] protocol 88fb is buggy, dev hsr_slave_0 [ 758.875370] protocol 88fb is buggy, dev hsr_slave_1 [ 758.880691] protocol 88fb is buggy, dev hsr_slave_0 [ 758.885791] protocol 88fb is buggy, dev hsr_slave_1 [ 759.350132] protocol 88fb is buggy, dev hsr_slave_0 [ 759.355290] protocol 88fb is buggy, dev hsr_slave_1 07:39:25 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = fcntl$getown(r1, 0x9) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setregs(0xf, r2, 0x3, &(0x7f0000000140)="5700ead20e612a7cd87399856308b1f23f7fa903972d1026bd114c167fbe83c65f87803f391653ba976f1136357b6d353a9008db03c57bf6d968e86ce337e2dbafdf14c70d2d5e9827dbd4b376fd66d4867c161df66fd79b444b2c83a3d2d706706da845d5a3d18f71cc3f6d3dd8dc4eaaee66dff06a825a") ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r2, 0x2c) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) ioctl$TCXONC(r3, 0x540a, 0x5e) ptrace$cont(0x1f, r0, 0x0, 0x0) lsetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=@random={'osx.', '\x00'}, &(0x7f0000000200)='\x00', 0x1, 0x3) 07:39:25 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x79, 0xffffffffffffffff}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYBLOB="8600000030362bbb419f8bbe07f57a5ca6703478f9212c729a13d6d98e149de98a0961323687a305a68c7ea7e2632c34563fddceaeb1ea8e44e069e8c832932af00c547d7c6eb83c2d5cfe18f3454c47de62be74a374aa048a2fcf783b180ec32bf1af23145ee6fbb7bdda8a765bc2ab0300b58dc0b2b19438e13e6d349842f31fdd79979fd47fb255a4"], &(0x7f00000000c0)=0x8e) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000340)={r5, 0x76}, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$addseals(r4, 0x409, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, &(0x7f0000000540)="baf80c66b860a9308f66efbafc0ced360f01c5cc263ef30f07660f3880310f0664f30f0964660f380b540c0f01c966b9800000c00f326635002000000f30", 0x3e}], 0x1, 0x0, &(0x7f00000005c0)=[@dstype0={0x6, 0x1}, @cr4={0x1, 0x500208}], 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000180)={r0, &(0x7f0000000480)="7f2a50f384850bb4ad59ed99cf8e257f6856b1c14d98da7255478d56b2090597de78051d2e7f01fcc0dec813b30bec94854851cd9d83d8bc7fc5b985b513c977e9be46b96d444b33818f24ed4563b3df4648edaef8594d43de612c3787875473429bb85ad263b95056cf7ff05abbe11d0df0f95b25a0e319e96d90774391fb4bcd288b7aae94bfda83a0449d4a8914f7c0e74fd370b2ec3a08822691a88713518fde7a6647036c1592fd14dbcf4a"}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:25 executing program 0: memfd_create(0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000200)={'ip_vti0\x00', 0x3001}) 07:39:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x37) ptrace$cont(0x18, r0, 0x2, 0x0) io_setup(0xffffffff, &(0x7f0000000000)=0x0) io_destroy(r1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) socket$rxrpc(0x21, 0x2, 0xa) pipe(&(0x7f0000000080)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) clock_nanosleep(0x5, 0x0, &(0x7f0000000140)={0x77359400}, 0x0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 759.777142] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 0 /dev/loop5 07:39:25 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000380)) write(0xffffffffffffffff, &(0x7f0000000300)="0f426576a9df3222d49f313afc185d08e776f3fb7ab03d8ab035cc4c0f664204aaec1ea93c4062a13b8b3cef7291dd2d8b388ba93c83d1f86d2c5b0b905c81b024af0f090b8e0a26a7416d5662", 0x4d) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$int_out(r0, 0x5460, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f0000000480)={r5, 0x3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000580)={[0x0, 0x1000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400000000000001], 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:25 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:25 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) openat$random(0xffffffffffffff9c, &(0x7f0000000180)='/dev/urandom\x00', 0x240000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:25 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:25 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)=0x14) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 760.440927] IPVS: ftp: loaded support on port[0] = 21 [ 760.476906] *** Guest State *** 07:39:25 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 760.504450] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 760.538616] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 760.589345] CR3 = 0x00000000fffbc000 [ 760.599291] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 760.650884] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 760.656953] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 07:39:26 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) sendfile(r1, r4, &(0x7f0000000300), 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 760.723548] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 760.770276] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 760.778523] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 760.856350] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 760.891135] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 760.911477] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 760.922463] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 760.983902] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 761.021057] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 761.029436] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 761.080331] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 761.086867] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 761.143409] Interruptibility = 00000001 ActivityState = 00000000 [ 761.176098] *** Host State *** [ 761.192576] RIP = 0xffffffff81173b7f RSP = 0xffff88805f37f998 [ 761.214725] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 761.225744] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 761.235059] : renamed from ip_vti0 [ 761.236893] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 761.248136] CR0=0000000080050033 CR3=000000001f51f000 CR4=00000000001426e0 [ 761.255762] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 761.262667] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 761.268883] *** Control State *** [ 761.273018] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 761.280218] EntryControls=0000d1ff ExitControls=002fefff [ 761.286177] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 761.293698] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 761.301164] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 761.308106] reason=80000021 qualification=0000000000000003 [ 761.314654] IDTVectoring: info=00000000 errcode=00000000 [ 761.320575] TSC Offset = 0xfffffe66486d9afd [ 761.325183] EPT pointer = 0x000000008ded701e [ 761.329854] Virtual processor ID = 0x0001 [ 762.060408] IPVS: ftp: loaded support on port[0] = 21 07:39:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000140)="9e80321c3690bae39f826f3c5d004e6a9fa83b10255b47172d7db9602a9c909ffdfd5c4b28f72ff47069c7074a9593d076a084d5def11cd58293844e07ac9d3b532b7728e2017b27c93f0906acecd95bdfc3808cfb6154a2588737704a212ec9ed9b9a0c5ce1f8935d5d4b43ade1587f37035628d569bf9a6a136220eb8adcc8b4b3c11825ea7ce29da9c71385d68ed18c89cd7dcfff88034b725d9f29dfbd8e819da6460ef0c8dca985cbbaeb14b0d2a7e2cfd0cf8c690c2cd4a78f5c01f26d993996d9af1c5e81") ptrace$setopts(0x4206, r0, 0x7, 0xf) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x40000, 0x0) ioctl$TCGETA(r1, 0x5405, &(0x7f0000000080)) 07:39:28 executing program 5: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:28 executing program 4: r0 = syz_open_dev$swradio(&(0x7f0000000340)='/dev/swradio#\x00', 0x1, 0x2) openat$cgroup_ro(r0, &(0x7f0000000700)='\xb8\xcc\x8bP', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000000)=0x14, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x5a, 0x79, 0x5}, 0x7) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) readv(r4, &(0x7f0000000300)=[{&(0x7f0000000480)=""/203, 0xcb}, {&(0x7f00000001c0)=""/14, 0xe}], 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x200, 0x0, 0x9, 0x0, 0x8, 0x4, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x4], 0xf002}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BLKBSZGET(r0, 0x80081270, &(0x7f0000000580)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:28 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(r0, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f0000000180)="6b14680a00004337622ba4ce4cd76889893463fd256f5e4c2a85bb03c5f9885d2dd215dee69f494664a30bf52cc5fb5d4728d5eb94a584ab1b6f4b61000dd7a7a71fb124aa5f7f2a41973ee8b74dfb9d", 0x2a7}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:28 executing program 0: memfd_create(0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000200)={'ip_vti0\x00', 0x3001}) 07:39:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000080)={0x0, @multicast2, @broadcast}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000180)={@loopback, 0x72, r2}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x7, 0x6, 0x2, 0x4000000000012d}) socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000001c0)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000140)=""/209) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:39:28 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000600)=ANY=[@ANYRES32=0x0, @ANYRESHEX], &(0x7f0000000300)=0x2) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000540)={r3, @in6={{0xa, 0x4e21, 0x20, @mcast1, 0x2}}}, 0x84) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) setsockopt$TIPC_MCAST_BROADCAST(r4, 0x10f, 0x85) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x8, 0x141302) statx(r6, &(0x7f0000000480)='./file0\x00', 0x4000, 0x0, &(0x7f0000000740)) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000340)={0x1ff, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 07:39:28 executing program 5: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 763.030185] net_ratelimit: 14 callbacks suppressed [ 763.030192] protocol 88fb is buggy, dev hsr_slave_0 [ 763.040535] protocol 88fb is buggy, dev hsr_slave_1 [ 763.045783] protocol 88fb is buggy, dev hsr_slave_0 [ 763.051318] protocol 88fb is buggy, dev hsr_slave_1 07:39:28 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x4, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x36, 0x5, 0x1f, "c71662875b2c5457cee01d7d806f9995", "129a474dfbfebd8b0f01e30a4ea619387b5f6a42b940bee8536a97d47c85480470"}, 0x36, 0x1) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2802102201ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000ffb000/0x3000)=nil) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0xfffffffffffffff9, 0x3) 07:39:28 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='cpuacct.stat\x00\v\xd9\x1c\xa1\xfe\xa6\xb7T\xc2\xa4\xea\x861\x01\x99\x1f\x14\xc9\x17\xb7\x02\x03\x97\xbbtP\xee\xa8W\x1d\x123|e\x95\xba\x19\xf5\xe5d\xcaX\xe6co\x90\x1b\xe4\xd4xM~C\xd1\x14\xba\xac\xdc\xda\xfe\xd2g\xdc\v\xd3\xdf\xe1\xcc\xb6\xbd]\xa6\\\x8f\x96\xa0\xbdr\x8bw\xe9\xe4\x1dqZ\xc7u\x03\xd2\xcf\xf5(G@\x00\x19\x0f[\t\x13\x05\xe6\x1b\x0eC\xa38\xabHx\x05\x06\xd1\xd9<\xfd\b\xff\x9f\xb4\x98\xe7\x15\xe2\x80`r\xdc\xf9\n\xc3r\x99Z}\x8cF\xabQ\xa1M`4\x15\xa9\x87-\xf9ol\x1e\xef\'\xac(\xf4A\x04\xe5\x13\xcf\xf7\\wu},\xf3\x17\xfb\t\x86\xb9\xdfP\xab\xb9e7\xba\xdan0\x19&c\xf1\xb8\xd1dj\xc6^\x19\x85\x18\xf0\xd2hZI\\64\x9c\xd0O\x8f\x0f4\xefS\xda\x1af\xbb62? p7\x03\xef\x19 9\xd6\xdc\x1e\xc5\x01\xc9\x8e:\";\x95\x8e0\xc4yY\x8e\xce{\x1d\x17.0\x9c\xe8\x81\xac\xf8\x97p\x86\x83(t\xeb _\x11\a\xcf\b1\"\xf2\xfe9\x9f\x8e\xf3\\\x03\xf0A\xfeo\xab\x1f?\x1d\x94\xbc0\xc4\x9a<\"\xb1`-\xcb\a\xa1V\x91\x1bd\xb3\x81XYJ\"q\xe8\x0f\xe6\n#\xec\xf7j)\vx\xc8(\xe8\xf79\xc7\xeb\x0e\xbam\xa5\x9e\xd0\xe7\xe8s\x11i\xb4\xafOBv\xeb!\xb7p-\xb1X*b\xb4\xa9\xba\xc3Yy\x93\x93\xeb\xab\xfb:\fl\x8b\x86\xaa=', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r0, 0x80044326, &(0x7f0000000000)=0x401) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000300)={'vcan0\x00', r4}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:28 executing program 5: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_pts(0xffffffffffffffff, 0x40) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000640)={0x2, 0x8, 0x1ff, 0x40, 0xffffffffffff3c77, "3d46135b4b3cd021e4d2ab64e75f757af5dfcd", 0xdc4, 0x1}) r1 = gettid() r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f00000006c0)={0x0, 0x0, [], @raw_data=[0x100000000, 0xffffffff80000001, 0x4, 0x200, 0x4, 0x2, 0x1a, 0xd0c, 0x80000001, 0xffff, 0x4, 0x5, 0x54eb, 0x7f, 0x3f, 0x3f, 0x7, 0x4, 0x20, 0x7, 0x5, 0x1a74, 0x8088, 0x6e9d22ec, 0x5c, 0x5, 0x34, 0xdc5a, 0x2, 0x6, 0x5, 0x6]}) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r3 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforce\x00', 0xca45e9d540eeb949, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f0000000080)={0x1, 0x0, 0x0, 0x4, {0x1f000000, 0x200, 0x1ff, 0x3}}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f0000000140)={{0x1, 0x6, 0x3f, 0x1, '\x00', 0x95b8}, 0x1, [0x8, 0x0, 0x59, 0xfffffffffffffffc, 0x0, 0xffff, 0x101, 0x6, 0x7, 0xa354, 0x0, 0x100000000, 0x524d5c3, 0x9, 0xfffffffffffffff8, 0x9, 0xfff, 0x6, 0x8a, 0x9, 0xffffffffffffffff, 0x6, 0xfffffffffffff800, 0x49, 0x9, 0x5, 0x0, 0x10001, 0x8, 0xede4, 0x8000, 0x9, 0x9, 0x1, 0x9, 0x2, 0xfffffffffffffffc, 0x9, 0x8001, 0x1, 0x80000001, 0x3, 0x9e94, 0xfffffffffffff800, 0x6, 0x5, 0xffffffffffff8000, 0x40, 0x100000000, 0x4a9, 0x10001, 0xfffffffffffffffa, 0x5, 0x2, 0x8, 0x4c, 0x6, 0x3, 0x37d2, 0x9, 0x8, 0x20, 0x0, 0x1, 0x6, 0x6, 0x0, 0x100000001, 0x1ff, 0x5, 0x6, 0x1, 0x80000, 0x7, 0x100, 0x4, 0x2, 0x800000000000, 0x3, 0x100, 0x8, 0x1, 0x800, 0x5, 0x1, 0x0, 0x1, 0xcc, 0x1, 0x7ff, 0x6017, 0x401, 0xfffffffffffffffa, 0x8001, 0x1000, 0x6, 0x401, 0x7f, 0x2, 0x5, 0x4, 0x28, 0x1, 0x1, 0xe787, 0x1, 0x1d, 0x401, 0x7, 0xfffffffffffffffd, 0xfff, 0x80000001, 0x3, 0x4, 0x5, 0xe7, 0x7ff, 0x10001, 0x4, 0x1, 0x59f, 0x6, 0x8, 0x8, 0x1, 0x1000, 0x7, 0x3], {0x0, 0x1c9c380}}) ptrace$cont(0x1f, r1, 0x0, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000780)='trusted.overlay.origin\x00', &(0x7f00000007c0)='y\x00', 0x2, 0x2) [ 763.510199] protocol 88fb is buggy, dev hsr_slave_0 [ 763.515488] protocol 88fb is buggy, dev hsr_slave_1 07:39:28 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xb, 0x800000002009) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x4, 0x1a200) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r2, 0xc0245720, &(0x7f0000000240)={0x0, {r3, r4+10000000}, 0x8}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet(0x2, 0x6000000000000001, 0x0) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/autofs\x00', 0x8000000000000002, 0x0) ioctl$UFFDIO_WAKE(r6, 0x8010aa02, &(0x7f0000000040)={&(0x7f0000ffe000/0x1000)=nil, 0x1000}) getsockopt$EBT_SO_GET_ENTRIES(r5, 0x0, 0x81, &(0x7f00000001c0)={'nat\x00', 0x0, 0x0, 0x5, [], 0x0, 0x0, &(0x7f0000000100)=""/5}, &(0x7f0000000240)=0x78) getpgid(0xffffffffffffffff) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000600)}, 0x0, 0x0, 0x4000040000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000300), 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(r8, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'bond0\x00', 0x80000000000002}, 0x18) ioctl(r8, 0x800000000008982, &(0x7f0000000080)) r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r7, &(0x7f0000000ac0)=ANY=[@ANYBLOB="2900000006000f0000000000004000000400000000000000000000000000000069127f0f1f4c50325f77727e71405b57a5ecf7ae7b1562bff4c99eef500ade32c473684a8645e6b024020f322903f5bad93ae70100b4c5f4e09e154fb199422ba5fbe2f6b026e54b8ee2a5a9d0c7afe27cbf6ad872554c11f2d718a063a44b44a701c9d350cfcc68c9b06cfb20478fd4dcdc7e27c00ce89799d4bd6ee9fe8b34ad5117fe175bd2879a6f813f09bae8ded663b62f0b058f8e040000000000003ab523a088facf09cfb6554cce7f3aa21ba0a0ef5947901cdd2179958014ac2a6521e785921d963270c9449a7b0949f4d086c1470c1f00000000000000ac20c97996c45194ca3172b5c1ca1fe583f883a171b3e59d16b5e8a7c684635c7588d96ee383f7ff6bcacfb9cae2c4eeefc399b4ae69000000000000000000"], 0x13b) mount(&(0x7f0000000640)=ANY=[@ANYBLOB="cb2b9b5055175d43fca389e340fe96132329a39f92bdef505217695a040000007ee9df5f70f2c901b0443d5bc274a1f1576385a885b764dc4bab00000000000000e7c80493e49ba14620b9ce91fe2210273cba5c743c43d01bf6c0523b7c01d8f6d05182c3c4fa95a918e64e76ecdbf643831e56a1a2b6a7ddf33a0993c1e6a73725556de5dcfe4db16e4519c447a7ac02a3fefc3f94a3c2241a7e07d5f9e8b59e98f5db6b95b47d65af66aa458cdef6248ddbc74add2b9408f0bc4ef800696716d69ff7110e40ebba7dac3c8a44dda4c0d4e6457c1930ef1f0e89a4e4f5b6d9451d5b82a6171ca1ae9bb05485fb7d43b539a755d7eb2b4f2880b9aa841ba7f59cd7478458f18159bbba0958c119a736380e3f2ef9ea900e66e4d204134f75e7bdc5cad74dd34eb0c1d7676eb42f99f56f651a21ce264d69"], 0x0, 0x0, 0x8000000000000002, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f5, 0x0, 0xffff, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0xfffffffffffffffc, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r7, 0x84, 0x1a, &(0x7f0000000500)=ANY=[], &(0x7f0000000340)) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000004fc8)={&(0x7f0000016000), 0xc, &(0x7f000000b000)={&(0x7f000002c000)=@mpls_newroute={0x20, 0x18, 0x21, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_DST={0x4, 0x9}]}, 0x20}}, 0x0) ioctl$SG_GET_PACK_ID(r9, 0x227c, &(0x7f00000002c0)) 07:39:29 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 764.230195] protocol 88fb is buggy, dev hsr_slave_0 [ 764.235484] protocol 88fb is buggy, dev hsr_slave_1 [ 764.790221] protocol 88fb is buggy, dev hsr_slave_0 [ 764.795543] protocol 88fb is buggy, dev hsr_slave_1 07:39:30 executing program 0: memfd_create(0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000200)={'ip_vti0\x00', 0x3001}) 07:39:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000200)={0x80000}, 0xbdb42b97f71bee6) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) capget(&(0x7f0000000000)={0x20080522, r0}, &(0x7f0000000080)={0x8, 0x8001, 0x1, 0x100000000, 0x0, 0x4}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x40001, 0x60) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000180)={0xd257, 0x1ff}) sysfs$1(0x1, &(0x7f0000000040)='mime_type\x00') ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:31 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:31 executing program 2: r0 = fcntl$getown(0xffffffffffffffff, 0x9) move_pages(r0, 0x4, &(0x7f00000000c0)=[&(0x7f0000001000/0x1000)=nil, &(0x7f0000001000/0x2000)=nil, &(0x7f0000002000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil], &(0x7f00000001c0)=[0x100, 0xfffffffffffffc01, 0x1, 0x8, 0x5, 0x5, 0x8ac6], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000000)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) epoll_create1(0x80000) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100007fb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40000, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000240)={@x25={0x9, @remote={[], 0x2}}, {&(0x7f0000000140)=""/235, 0xeb}, &(0x7f0000000080), 0x4}, 0xa0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) syz_mount_image$nfs(&(0x7f0000000300)='nfs\x00', &(0x7f0000000340)='./file0\x00', 0x1, 0x1, &(0x7f00000003c0)=[{&(0x7f0000000380), 0x0, 0x2}], 0x1801, &(0x7f0000000400)='\x00') ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:31 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$P9_RRENAMEAT(r0, &(0x7f0000000300)={0x7, 0x4b, 0x2}, 0x7) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(r0, &(0x7f0000000080)={0x7}, 0xffffffffffffff35) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$x25(r0, &(0x7f0000000000)={0x9, @remote={[], 0x2}}, 0x12) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000340)={0x7004, 0x9000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) syz_open_dev$usbmon(&(0x7f0000000180)='/dev/usbmon#\x00', 0x400, 0x800) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f00000001c0)) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 766.184615] IPVS: ftp: loaded support on port[0] = 21 07:39:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000140)={0x5, &(0x7f0000000080)=[{0x0}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000180)={r2, 0x2}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:31 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 07:39:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:31 executing program 2: r0 = syz_open_dev$mouse(&(0x7f00000002c0)='/dev/input/mouse#\x00', 0x101, 0x1) openat$cgroup_ro(r0, &(0x7f00000001c0)='pids.events\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:31 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000600)={0x0, 0xd7, "9ca5576eb4472e782c24b2e6caa497bc4452581dcb343b3fb8b1f9c190a7635d6fb320b01091d671592be86f7a602e8e34fc4657c75a8d074d7d0b52ec94a045cd294600614328784948aad25fa8476d6068f42228d4e2e574c09c21bf85a9d35b95fb05d5461bdfabf5525f205a58ebc350edfaf6771ba7e29f0678709053bda4c7f6a13cad805fc64a5c2e8f26b4b68b8679bffc19d7a2d77787d8a5ccb2eb6a665c53021cde8a3700f2ebb0b611705678574eb2531059f73b8187debecb4c88f1945e6982d286bacff7cb29a80fbcb2d70180406e68"}, &(0x7f0000000700)=0xdf) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000740)={r4, 0xb3, "d8ff079561f978b03b3e4e05fc6d8a5e035cd50e5f97a29170a2b6edb475b674d8ebb82306e0b12fbee4d29e069326ee70d9ced335bd867180414f3f7f85d8c7c8843edc2084b0b927d624704db8e7277064cac9f0d6cc99896345e36cb6fa3398288ebd2221c0cf419a32a85c6b5a0cae94a79c896b7642510d280f1f5f2871f7d80089e74525d9df3bf6a485f82b2d588db2cb517b447da4e40dd85bb960030defdea76bbe09ae93d8af8222c613d429eb03"}, &(0x7f0000000800)=0xbb) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$PPPIOCSMRU(r0, 0x40047452, &(0x7f00000005c0)=0x7ff) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000000)={0x0, 0xa88}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={r6, 0x5}, 0x8) getsockopt$sock_buf(r5, 0x1, 0x0, &(0x7f0000000480)=""/255, &(0x7f0000000580)=0xff) 07:39:31 executing program 0: memfd_create(0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8923, &(0x7f0000000200)={'ip_vti0\x00', 0x3001}) 07:39:31 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 07:39:32 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:32 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:32 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 07:39:32 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x8010170) r4 = accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fsetxattr$trusted_overlay_origin(r4, &(0x7f0000000480)='trusted.overlay.origin\x00', &(0x7f00000004c0)='y\x00', 0x2, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) syz_open_dev$usb(&(0x7f0000000340)='/dev/bus/usb/00#/00#\x00', 0x5, 0x428000) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000300)=[@timestamp, @timestamp, @sack_perm], 0x3) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:32 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) [ 768.400202] net_ratelimit: 16 callbacks suppressed [ 768.400209] protocol 88fb is buggy, dev hsr_slave_0 [ 768.410422] protocol 88fb is buggy, dev hsr_slave_1 [ 768.960194] protocol 88fb is buggy, dev hsr_slave_0 [ 768.965435] protocol 88fb is buggy, dev hsr_slave_1 [ 769.270135] protocol 88fb is buggy, dev hsr_slave_0 [ 769.275338] protocol 88fb is buggy, dev hsr_slave_1 [ 769.280617] protocol 88fb is buggy, dev hsr_slave_0 [ 769.285712] protocol 88fb is buggy, dev hsr_slave_1 07:39:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) rt_sigsuspend(&(0x7f0000000000)={0x4}, 0x8) 07:39:34 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r0, 0xae80, 0x0) 07:39:34 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x100000000000000) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000740)={&(0x7f0000000000), 0xc, &(0x7f0000000700)={&(0x7f00000004c0)={0x218, r4, 0x128, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA={0x88, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x64}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x612}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffe00}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}, @TIPC_NLA_LINK={0x64, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1f}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x88}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK={0xa8, 0x4, [@TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffff7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}]}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}]}, 0x218}, 0x1, 0x0, 0x0, 0x80}, 0x80d0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000300)={{0x0, 0x2, 0x9, 0x3, 0x5}, 0x4, 0x765}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000780)="bcae4a6286f790eedad53844520cfacf0ab90840b7a45a2edf5873e079b4d7fec944c9f5fec3f483ca09d11bc0b95a25") ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:34 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000002000190f00003fffffffda060200000000e85500dd0000040d000600ea1102000005000000", 0x29}], 0x1) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000200)=ANY=[]) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x56ce2ba621303669) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000200)=@nat={'nat\x00', 0x1b, 0x5, 0x460, 0x1f8, 0x0, 0x1f8, 0x0, 0xf8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x5, &(0x7f0000000180), {[{{@ip={@multicast2, @rand_addr=0xa824, 0xff, 0xff000000, 'sit0\x00', 'ipddp0\x00', {0xff}, {0xff}, 0x21, 0x3, 0x9}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={0x28, 'ttl\x00', 0x0, {0x3, 0x7ab}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x2, @broadcast, @multicast1, @icmp_id=0x64, @icmp_id=0x66}}}}, {{@ip={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0x0, 'veth0_to_hsr\x00', 'bond0\x00', {0xff}, {}, 0x6c, 0x2, 0x1}, 0x0, 0xc8, 0x100, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x8365, 0x3}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0xc, @dev={0xac, 0x14, 0x14, 0x1d}, @local, @port=0x4e23, @icmp_id=0x64}}}}, {{@uncond, 0x0, 0xc8, 0x100, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x20, 0x7ff, 0x1}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x8, @rand_addr=0x8, @dev={0xac, 0x14, 0x14, 0x28}, @icmp_id=0x64, @gre_key=0x3}}}}, {{@uncond, 0x0, 0x98, 0xd0}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x4, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @icmp_id=0x67, @icmp_id=0x66}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c0) 07:39:34 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 07:39:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x4000000}}) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) [ 769.750996] protocol 88fb is buggy, dev hsr_slave_0 [ 769.756994] protocol 88fb is buggy, dev hsr_slave_1 07:39:35 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 07:39:35 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) connect$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0xcc2, 0x80000000, 0x1, 0x9, 0x0, 0x7f}}, 0xa) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000300)={0x4, 0x8000000002, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x8]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:35 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getpeername$unix(r0, &(0x7f0000000180)=@abs, &(0x7f00000002c0)=0x6e) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r5, 0x89e4) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:35 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000000)="290000002000190f00003fffffffda060200000000e85500dd0000040d000600ea1102000005000000", 0x29}], 0x1) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000200)=ANY=[]) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x56ce2ba621303669) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000200)=@nat={'nat\x00', 0x1b, 0x5, 0x460, 0x1f8, 0x0, 0x1f8, 0x0, 0xf8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x3c8, 0x5, &(0x7f0000000180), {[{{@ip={@multicast2, @rand_addr=0xa824, 0xff, 0xff000000, 'sit0\x00', 'ipddp0\x00', {0xff}, {0xff}, 0x21, 0x3, 0x9}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ttl={0x28, 'ttl\x00', 0x0, {0x3, 0x7ab}}]}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x2, @broadcast, @multicast1, @icmp_id=0x64, @icmp_id=0x66}}}}, {{@ip={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffffff, 0x0, 'veth0_to_hsr\x00', 'bond0\x00', {0xff}, {}, 0x6c, 0x2, 0x1}, 0x0, 0xc8, 0x100, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x8365, 0x3}}]}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0xc, @dev={0xac, 0x14, 0x14, 0x1d}, @local, @port=0x4e23, @icmp_id=0x64}}}}, {{@uncond, 0x0, 0xc8, 0x100, 0x0, {}, [@common=@ah={0x30, 'ah\x00', 0x0, {0x20, 0x7ff, 0x1}}]}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x8, @rand_addr=0x8, @dev={0xac, 0x14, 0x14, 0x28}, @icmp_id=0x64, @gre_key=0x3}}}}, {{@uncond, 0x0, 0x98, 0xd0}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x4, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @icmp_id=0x67, @icmp_id=0x66}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4c0) 07:39:35 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 07:39:35 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x4249b42c, 0x7, 0x9}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:37 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x4000, 0x0) ioctl$RTC_PIE_ON(r1, 0x7005) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:37 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 07:39:37 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000001000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000180)="0f090f070f77de14823ff46564260f443565e808000f0866b89a4f24ac0f23d80f21f86635c00000300f23f8baf80c66b834f40e8666efbafc0cb002ee", 0x3d}], 0x1, 0x20, &(0x7f00000002c0), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:37 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000200)='/dev/dri/card#\x00', 0x1, 0x0) ioctl(r0, 0xffffffffffffffb7, &(0x7f0000000000)) 07:39:37 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0xfffffffffffffffd) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$llc_int(r0, 0x10c, 0x7, &(0x7f0000000300), &(0x7f0000000340)=0x4) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x3, 0x1]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f00000004c0)) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000480)=0x1) syz_open_dev$vbi(&(0x7f0000000540)='/dev/vbi#\x00', 0x1, 0x2) 07:39:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040)={0xfffffffffffffffd}, 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:38 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e20, 0x1f, @empty, 0x100000000}}, 0x6, 0x3196, 0x800, 0x7ff, 0x7}, &(0x7f0000000000)=0x98) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000540)={r2, @in6={{0xa, 0x4e20, 0x7, @empty, 0x8}}, 0x80000001, 0x5}, 0x90) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 07:39:38 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 07:39:38 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'vlan0\x00', 0x1000000802}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000200)={'vlan0\x00\x00\xf6\xff\xff\xff\xff\xff\xff\xff\x00', {0x2, 0x0, @loopback}}) 07:39:38 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x1) write(r0, &(0x7f00000002c0)="0f429fe6583fd2a30eb3a206e7839cb512099f9583af0a77187de80904f1938346e5f1dd96a5e0c753eed92c4078bba4b6c8fed0d374b45c893a2d6602ce68030156d549db6f62f79a8b4c25dc999d06a704409072c90ef21ff1d1e2c538ed9117f930d217c54727b056970ff69fda250df2cd23e84a90411d7173354375176fae7b4ab31bf6d828d051d51b41274518254dcc13dd3d993ee212e56182bec980366521a400b09643cda77ccd3eac27d7ded9b6ed31fa7488c6ccbeaa80", 0xbd) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x1ff) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cachefiles\x00', 0x40, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) readlinkat(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=""/245, 0xf5) ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f00000007c0)={0x1, &(0x7f0000000780)=[{0x5, 0x7, 0x3, 0xdb}]}) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000180)) 07:39:38 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 07:39:38 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r0, 0xc038563c, &(0x7f0000000000)={0x0, 0x0, {0xab, 0x804, 0x6, 0xa34}}) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000cc0)={[0x2, 0x0, 0x0, 0xffffffffffeffffd, 0x0, 0x8, 0x9, 0x0, 0x0, 0x9, 0x0, 0x40]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$VIDIOC_G_ENC_INDEX(r3, 0x8818564c, &(0x7f0000000480)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 773.430208] net_ratelimit: 14 callbacks suppressed [ 773.430216] protocol 88fb is buggy, dev hsr_slave_0 [ 773.440481] protocol 88fb is buggy, dev hsr_slave_1 [ 773.447640] protocol 88fb is buggy, dev hsr_slave_0 [ 773.452838] protocol 88fb is buggy, dev hsr_slave_1 [ 773.910239] protocol 88fb is buggy, dev hsr_slave_0 [ 773.915607] protocol 88fb is buggy, dev hsr_slave_1 [ 774.630205] protocol 88fb is buggy, dev hsr_slave_0 [ 774.635386] protocol 88fb is buggy, dev hsr_slave_1 [ 775.190239] protocol 88fb is buggy, dev hsr_slave_0 [ 775.195432] protocol 88fb is buggy, dev hsr_slave_1 07:39:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x80, 0x1) ioctl$VIDIOC_DBG_S_REGISTER(r1, 0x4038564f, &(0x7f0000000080)={{0x4, @addr=0x8000}, 0x8, 0x7, 0xffffffff80000000}) 07:39:41 executing program 0: r0 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x7fff, 0x0) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000140)={0x0, @reserved=[0x0, 0x10]}) 07:39:41 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 07:39:41 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000001000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000740)={{{@in=@multicast2, @in6}}, {{@in6=@loopback}, 0x0, @in6=@local}}, &(0x7f00000001c0)=0xe8) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:41 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)='\aB', 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0xfffffffffffffffc, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x40100, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) fstat(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@local, @in6=@loopback, 0x4e20, 0x9, 0x4e20, 0x7, 0x2, 0x80, 0x20, 0xff, r2, r3}, {0x5, 0xfffffffffffffff4, 0x9, 0x1, 0x6, 0x7, 0x6, 0x5}, {0x66, 0x101, 0xff}, 0x5, 0x6e6bb2, 0x2, 0x1, 0x1}, {{@in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4d2, 0xff}, 0xa, @in6=@ipv4={[], [], @rand_addr=0x1}, 0x3507, 0x4, 0x3, 0x1ff, 0x100000001, 0xffff, 0x80000001}}, 0xe8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) lsetxattr$security_selinux(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='security.selinux\x00', &(0x7f0000000400)='system_u:object_r:var_lib_t:s0\x00', 0x1f, 0x8d01962fad433d88) r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/mls\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ZERO(r4, 0x0, 0x48f, &(0x7f0000000080)={0x32, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x3, 'none\x00', 0x0, 0x0, 0x3e}, 0x2c) ioctl$sock_SIOCBRADDBR(r4, 0x89a0, &(0x7f0000000140)='rose0\x00') ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x10800, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) socket$inet(0x2, 0x3, 0x1000000000000009) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x5c9, 0x0) setsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, &(0x7f0000000000)=0x1, 0x4) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc4c85512, &(0x7f0000000000)=ANY=[]) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)=0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000380)=""/36) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000140)={0x2, 0x0, [{0xc000001f, 0x2, 0x100, 0x3, 0x7fff}, {0x0, 0x100000001, 0xfffffffffffffecc, 0x100, 0x2}]}) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x8) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x802, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu\x00E\xab\xcbw\x83.\xf3\x8a\xf6\xb3\xac\xfe\x9ek9\xcd\"\x84\x18/~[{\xfb\xc2\t}\xaaCSM^Z\x98\x0eZ\xfca5b\xd6\x92\a\xd6*\xd8v\xd0\xb1\x00=k|\xf1P\xbf\x17\x1b\x8f\xd6LT`V\\\xaeuJ[:\xcd<\xa1L\xec\x9fU\xe9\x14_g=\xfc\x7f\xbd-\xb2\xfa\xee\xe3\a~\x90\xd4\x90\a\x83\x81\xac\x1bWE_\x05;\xefk\x1e\xed:\x90\xc1\xba\x96\xde\xfac\xf0\'&:dn`\xe8\xa6-\x1dh\xb07#T\xa6\xa3\x9c\x91_jM@\x06\x8c\xf5\xbb\x81G\xb9\xa9\x8b\xf3\x8f\xa2\xee', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000000)='cpuset.sched_load_balance\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000680)='cpuacct.usage_sys\x00', 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x12122) write$cgroup_int(r4, &(0x7f00000003c0), 0x12) 07:39:41 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_S390_INTERRUPT_CPU(r0, 0x4010ae94, &(0x7f00000001c0)={0x89, 0xfffffffeffffffff, 0x64db}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000300)=0x14, 0xfffffffffffffffc) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000480)=""/248, &(0x7f0000000180)=0xf8) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) syncfs(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:41 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 07:39:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$PPPIOCGIDLE(r1, 0x8010743f, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) bind$vsock_dgram(r0, &(0x7f0000000180)={0x28, 0x0, 0x0, @host}, 0x10) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:41 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 07:39:41 executing program 0: perf_event_open(&(0x7f0000000180)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x10800, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) socket$inet(0x2, 0x3, 0x1000000000000009) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x5c9, 0x0) setsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, &(0x7f0000000000)=0x1, 0x4) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc4c85512, &(0x7f0000000000)=ANY=[]) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)=0x1, 0x2) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000380)=""/36) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_CPUID(r0, 0x4008ae8a, &(0x7f0000000140)={0x2, 0x0, [{0xc000001f, 0x2, 0x100, 0x3, 0x7fff}, {0x0, 0x100000001, 0xfffffffffffffecc, 0x100, 0x2}]}) ioctl$PERF_EVENT_IOC_RESET(r2, 0x2403, 0x8) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x802, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu\x00E\xab\xcbw\x83.\xf3\x8a\xf6\xb3\xac\xfe\x9ek9\xcd\"\x84\x18/~[{\xfb\xc2\t}\xaaCSM^Z\x98\x0eZ\xfca5b\xd6\x92\a\xd6*\xd8v\xd0\xb1\x00=k|\xf1P\xbf\x17\x1b\x8f\xd6LT`V\\\xaeuJ[:\xcd<\xa1L\xec\x9fU\xe9\x14_g=\xfc\x7f\xbd-\xb2\xfa\xee\xe3\a~\x90\xd4\x90\a\x83\x81\xac\x1bWE_\x05;\xefk\x1e\xed:\x90\xc1\xba\x96\xde\xfac\xf0\'&:dn`\xe8\xa6-\x1dh\xb07#T\xa6\xa3\x9c\x91_jM@\x06\x8c\xf5\xbb\x81G\xb9\xa9\x8b\xf3\x8f\xa2\xee', 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000000000)='cpuset.sched_load_balance\x00', 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000680)='cpuacct.usage_sys\x00', 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x12122) write$cgroup_int(r4, &(0x7f00000003c0), 0x12) 07:39:41 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x4, 0x8000000000, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = pkey_alloc(0x0, 0x0) pkey_mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x8, r5) 07:39:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x4000000}}) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) 07:39:41 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x5) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc0585605, &(0x7f0000000180)={0x0, 0x0, {0x6, 0xa567, 0x0, 0x8, 0xb, 0x3, 0x1, 0x7}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:41 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) [ 778.790272] net_ratelimit: 16 callbacks suppressed [ 778.790279] protocol 88fb is buggy, dev hsr_slave_0 [ 778.800484] protocol 88fb is buggy, dev hsr_slave_1 07:39:44 executing program 3: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) getpid() getpid() ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:39:44 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x5, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$ASHMEM_GET_SIZE(r0, 0x7704, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:44 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 07:39:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000800)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x4000000}}) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) 07:39:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0x400) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={[], 0x3f, 0x1, 0x1000, 0x6, 0x1, r1}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:39:44 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000180)={0x1, 0x0, 0x2, 0x2, {0x80000000, 0x3f, 0x200, 0xbf}}) r3 = semget(0x1, 0x4, 0x0) semtimedop(r3, &(0x7f00000001c0)=[{0x4, 0x3937, 0x1000}, {0x2, 0x9, 0x1000}, {0x1, 0x8, 0x1000}, {0x3, 0xeb8, 0x1800}], 0x4, &(0x7f00000002c0)={0x77359400}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = accept$unix(0xffffffffffffffff, &(0x7f0000000140)=@abs, &(0x7f0000000000)=0x6e) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000001c0)={0xe6, 0x0, 0x4, 0x67fe, 0x5, [{0x38b6, 0x40b, 0x5, 0x0, 0x0, 0x4}, {0x4348, 0x97c8, 0x0, 0x0, 0x0, 0x408}, {0x4, 0x20, 0x40, 0x0, 0x0, 0x5}, {0x8, 0xd1f, 0x800, 0x0, 0x0, 0x80c}, {0x3, 0x9, 0xfffffffffffffffc, 0x0, 0x0, 0x3a00}]}) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r2 = semget(0x3, 0x6, 0x600) semop(r2, &(0x7f0000000080)=[{0x4, 0x7fffffff, 0x1000}, {0x2, 0x8ce0000000000, 0x1000}], 0x2) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) accept$inet6(r3, &(0x7f0000000340)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000380)=0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 779.088477] ptrace attach of "/root/syz-executor.3"[25479] was attempted by "/root/syz-executor.3"[25483] 07:39:44 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 07:39:44 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x7, 0x4) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:44 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 779.350210] protocol 88fb is buggy, dev hsr_slave_0 [ 779.355433] protocol 88fb is buggy, dev hsr_slave_1 07:39:44 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 07:39:44 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$NBD_DO_IT(r0, 0xab03) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000300)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000480)="7d66e4c8f3650ba941df8481426d869f76226057dd37b223ee3076aa827f3ee77a7caf941d7f44077f1c9a55a34faa194346a373ae3f08b8cd6ececbf50f3b43ea7601bfed03805663baedc9b0d12b72452adcb20958965c62fb7c68754dd1b9643c8f43e0b068b462c032bb8086ba16ae23847353dbd4b516305cb04115f76039b70ca7280b7ee54ae2995c238e1e75ea90a211d08c15dc831f", 0x9a}, {&(0x7f0000000540)="9b995b88f1d5f21736fcef9e4d2447637c53db2c2f97d121929437caf9291f12948b9aaec8241e99ca006992f1c1cf66dfd23573ba4055be713dbca4909c3f8818073b3f0537f7ae051788ac9ad19767a2413563c19654e072d728d9dd94ac1ce2181a0604fc771152fc2ee42510899857d79f7b1b41d6d7fa1f6d285f8680feafb7", 0x82}, {&(0x7f0000000600)="6fae545d9ffbe29ccd7bfcf6831cbf7cbe29992866af50a5426d248e3747d28b815d4f7f3a267564cd705f190f169d83bb5d953c200bf72ba95fa5597928357c776f37d6eb3e3b0681ba16c0149786252962c994b1171c2a5ad2396ac595c7d10a9896a28e6b4ac339b48d59572afb1566d930211d76160b246c9a64e4f7ebcd92820bf38b6e94492141f6f1b1c83d3c8e1c13f63ad25dedeb3b66001c5e6a395d4b4944d1ae4c658b83fd9255d9a8683ebb1e4e260f27c9b7b776df9f1112ea378d13d4d96fd9e7", 0xc8}, {&(0x7f0000000700)="49861eaa2c83fb4ca6e75db6622849f707da5d23b9b8f054b1ddece2eb384e759ae55fc6fa9672c0807bd2a8e715c43ffa3e1d6ee395d7e373bdd3bba6b5517c274dd0abb5d3f65ac58c0c7893ea54b4243aaf9da830314cadf5d04a36a5739c3b9a3463eafe1ba12a75ab3ac823847b37b48c7c824cafc3a0e662ea7badeccd2cf9f04a96d354a6e9fada6eb2b0043a55a78f1336ba47e10e9c3034b780fe21e48308db6a45b8d89e5b5bda198e2ec3c89d41a1fdd554ddb078803104d5d53ec5d72a", 0xc3}, {&(0x7f0000000800)="9bdba250ee6910b2968ec7aa1505cd806ecd7caa9d928fa86bc22116cb82eeadb1261df9e7dfa815cd98f4f38f91b50f66c79c3471f1c125db4694558aa1b4fc081928b05d8ecf63278b5ca40e0f7f1e9a32499685aadba98cc54ae3078dbb8bd982e9e8a8e60b0a4ae301359327ea18303dc0e90dc469b67ba41130b1d8ae38", 0x80}], 0x5, &(0x7f0000000900)=[{0xf8, 0x29, 0xfffffffffffff800, "ad82fc724d39a64a2b52f6f55a9e7033fc11a423d6ceaedfe2c155b555a0385f61106e9e595ad04a52bcdc53d62fa8bd5923a9e20e0ec170fcab9c84321cb9ba4427b145e4dd773c2dacfabd72660cd260536f48beecd57724a48d582c55945dc8953813c4d0bfa789ee48d2de3bc55c5a6a91fdbb6facdb647a2eb8ee0da69937b772c6e08cf4eacac956a35f313b2e2f49037e94c7c7ed61e1d588b6dd9d8c874354b48944ab185ca227f01eeea5f88f3f88e5134a7c162dbf402b8c4057333707fca59744a7b01059183d25e24b9e9c32906d1bf37296170f8ce2a94d41eb06d4"}, {0xb8, 0x11f, 0x1, "377e63d010d77b212c5a4422429c103b4c27229009480848a987efa20db959defa29e3cf049bcf93235ad1537d58282450c28210b9bae62e585c3a141c9acfd22290ea710141e50f91b61a7044123d943c9666b5cab477c178d2ea54ded18db19eed3e525d716190e1d1356d0f0e3d03ac01641808237aeac1df278d8f3f937869bfadbefe99e32c0526fc5e5abe110b1d0b7760a6ea59c831a728a938a379eddda16da14e3e"}], 0x1b0}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:44 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) [ 779.670203] protocol 88fb is buggy, dev hsr_slave_0 [ 779.675619] protocol 88fb is buggy, dev hsr_slave_1 [ 779.680908] protocol 88fb is buggy, dev hsr_slave_0 [ 779.686075] protocol 88fb is buggy, dev hsr_slave_1 07:39:45 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000000)=0xfffffffffffffdca, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_PPC_GET_SMMU_INFO(r1, 0x8250aea6, &(0x7f00000001c0)=""/49) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:45 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000900)={0xffffffffffffffff, r0, 0x0, 0x3, &(0x7f00000008c0)=']#\x00', 0xffffffffffffffff}, 0x30) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000940)={{{@in, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}}}, &(0x7f0000000a40)=0xe8) getgroups(0x1, &(0x7f0000000a80)=[0x0]) fcntl$getownex(r0, 0x10, &(0x7f0000000ac0)={0x0, 0x0}) r7 = getuid() r8 = getgid() ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000b00)=0x0) lstat(&(0x7f0000000b40)='./file0\x00', &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000c40)='./file0\x00', &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000d00)=0x0) getresuid(&(0x7f0000000d40)=0x0, &(0x7f0000000d80), &(0x7f0000000dc0)) stat(&(0x7f0000000e00)='./file0\x00', &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000f00)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000ec0)='\x00', 0xffffffffffffffff}, 0x30) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000f40)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}}}, &(0x7f0000001040)=0xe8) stat(&(0x7f0000001080)='./file0\x00', &(0x7f00000010c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000002e80)=0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000002ec0)={{{@in6=@initdev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @dev}}, 0x0, @in=@local}}, &(0x7f0000002fc0)=0xe8) fstat(r2, &(0x7f0000003000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000003080)=0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000030c0)={0x0, 0x0}, &(0x7f0000003100)=0xc) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000003140)={0x0, 0x0, 0x0}, &(0x7f0000003180)=0xc) r24 = getpgid(0x0) stat(&(0x7f0000000c00)='./file0\x00', &(0x7f0000003680)={0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x2, &(0x7f0000003700)=[0xffffffffffffffff, 0xffffffffffffffff]) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000003740)=0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000003780)={{{@in=@remote, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000003880)=0xe8) fstat(r1, &(0x7f00000038c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000003980)={0x0, r0, 0x0, 0x1, &(0x7f0000003940)='\x00'}, 0x30) fstat(r2, &(0x7f00000039c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r32 = getegid() r33 = getpgid(0x0) r34 = getuid() r35 = getgid() ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000006580)=0x0) stat(&(0x7f00000065c0)='./file0\x00', &(0x7f0000006600)={0x0, 0x0, 0x0, 0x0, 0x0}) r38 = getgid() ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000006680)=0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000066c0)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}}}, &(0x7f00000067c0)=0xe8) stat(&(0x7f0000006800)='./file0\x00', &(0x7f0000006840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r42 = getpid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000068c0)={{{@in, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@empty}}, &(0x7f00000069c0)=0xe8) getgroups(0x1, &(0x7f0000006a00)=[0xffffffffffffffff]) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000006d80)=0x0) r46 = geteuid() getresgid(&(0x7f0000006dc0), &(0x7f0000006e00)=0x0, &(0x7f0000006e40)) r48 = fcntl$getown(r0, 0x9) r49 = geteuid() r50 = getgid() r51 = getpgid(0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000070c0)={{{@in6=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@remote}}, &(0x7f00000071c0)=0xe8) getgroups(0x3, &(0x7f0000007200)=[0xee01, 0xffffffffffffffff, 0xee00]) sendmmsg$unix(r0, &(0x7f0000007380)=[{&(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000880)=[{&(0x7f0000000780)="2f5a022b81dc82f477580528a17eaebb8d6ef2ce254652d9754a4381de9c08b5a0c41c54ffa764e53d5e04ffdcc07196ba939515f2861c4bf108d3213f8e03edb9f0eba5b930ea99e883647dc8920b0d46c1fb4d3f086e389032ed0c34efe2955f914d090c442904538b5cc3a93c6786555bac18528f8c965f1834f321388016f53647a81873381dcca46ce30e93a38eae2068a81074c572bc73049a233e05b00ae3fb0a3c6d95c2157cbb30dc2c7276379f621eaf9747f0331d500ce4176f5c751883671daae867b7c93a70054065ac8a02be5b1d735d0d6e045975e251c2de57fe109b2fd0c0c291af", 0xea}, {&(0x7f00000001c0)="c970", 0x2}], 0x2, &(0x7f0000007540)=ANY=[@ANYBLOB="28000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="20000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="28000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32=r0, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r9, @ANYRES32=r10, @ANYRES32=r11, @ANYBLOB="003373255dce0000001c00000000000000010000", @ANYRES32=r12, @ANYRES32=r13, @ANYRES32=r14, @ANYBLOB="000000001c000000000000000100000002000000a2b0a7a1aa20f562937424f9f610d77e721a9dd598bbcb851c8b0c623a592ad9aac11ca09cae01604867563a7891e14b05da7d787c01663a0bfe01ec3c2871cfaafc528841cfbf97d89b771fc54d59403b1ab00a83ea3d30436d00bff7a60ecfc89dc84b41b081567ae091c4ab6973928480c7debff566d60e9a9a8ee301266694999eed50df7d0f1b7cb0333d7bf8bee44a34f87dd3a0878b3a822c3ec811a36c913725c226deff1fe5fbfab7f622427a44e9fc392367a9f43c48c12b787938bdaf820fc16196992d23263fa47668e39982cb1e756b4473c7e1206982feb6dfe24986c23bf0128c777ed7cbdcb19baad7c9dd", @ANYRES32=r15, @ANYRES32=r16, @ANYRES32=r17, @ANYBLOB='\x00\x00\x00\x00'], 0x130, 0x4040000}, {&(0x7f0000001280)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002740)=[{&(0x7f0000001300)="91b23b54aeaa17e5bed4267e0068a30e9bdca788dc", 0x15}, {&(0x7f0000001340)="93ce121db4bf3c9d4fee57384d2b4a6854ee6e3882d3ff5089bab3a9725f887f84b0347d1a2fd7a994900025656abfb1145a25416e3be96b096b2d8b2b24c1f23e184ae1af9e1801e731ab76c336507ec018eeea6c0501ce84ef7d2293aff0e32be1703b8f82a59fcf89b85b8912027525e6e17e06b4f80d11c5", 0x7a}, {&(0x7f00000013c0)="38033d6a69641c72dc09fda9092377a1b2915206fb", 0x15}, {&(0x7f0000001400)="9d5151f614e671343f24f3cbcf4f3336371ef1773be5bcd251eb978a254a991f73d10109caf159ffa26a11ecf0146258d883ad964b7c2e0e7c", 0x39}, {&(0x7f0000001440)="f58f6775c6b4483bfe9adc7003cc3a597cfce14539e29ccc3127efb420d335f3cc5188cf6dbfdd1ad218e7deb0697303323133ec04c218f1ec9e85e0da6a5ca9648fd4af63510f9f185efb617a15d999fd548e9d923d6a909e9cadeb217deee07571a1e78f99a704f0f0ce3b62d69738883673a72847bb867f2728d7ffe4427e20fa9fdb676cd82351bff1b8e1237f4cf03d1d823c60e36d03a57fd35bfb1247f7734131e58a565e0abfc9180fa5811873dec462491ce58ce06361993850d63572a4b8f1f2e69f9f6b2c96abcb7302dd0b2abf4c08457f5d82ee03cb02797f47bb6cc906b4c719a7e50b07d4a2bda28e6e437b2dafbb04a2c69968", 0xfb}, {&(0x7f0000001540)="cc06d0d1bf7e484d9ded788d9d725776d36745dba15b03138cc826de7e544a7b0cfdf6541bcb438fe501730e4192a39185476e1f20edee68f62be6239aea478ce4c2f3cd96b2ff78ce8f6ef137a64e99f3564ec4d9cdc8c124360650c2657d24fa8e890f70202d7a582323dda3fdb8f69f58018d142754a52b5940459e795348946b5e0736dc4a36e2972d07038298797711903eae5f1704bbc77a890d1c024a786dba28bff0818dea9e21ac18de5bda80c27b758d70098f1ee75e2f2533d8c1badb3eb54c004cb42650ba6c8f865a2a8fee7f53535709f3ced04ae2f0ccfc49331acbf597c44dd6ca6fdaa582b3bce5a461b8f7fb4cab5497a26040951ad618e2896fec4a3025bcccc94d91aea0662d38366bed439c8845f7a611ef2e5003aa7dcf7f95143fac5509a1ae9713be793d46db4c2a8b53ea350620e630e0937d3b1cab92083f94bef071c11c3f223c545878d4d655266e36ac0f1a0c9c00b4c3c695e9e5b539a08110fc23d1e3c0c532b77d778b6a54a902ca47894b1291c4d1ede96ba9895d82e731c0fe7128244ee2c64bc69d91f43b9e6228cf36b2e8deecf423dba065ed11b027a4d32576eb8731dce376c249c6522eec1e883ace98395b4abbf6341c5d1d0ab0930fd72d6b88096ff94312b15c7447083aa577e2448e6a9da8afe91f2ebbc3e2171f903b9ad1f07c952358e977d4243043cd155978ddafcf2d9cd4fa28e1d601b3a1622958a5c057315667344f934c0b48ad2daf2be6f13c63aada23df368228e562d3a79bfac3058788fa3ee11d852cb28c90b1631537f88501471631401b04dceb2cee04835020c98bee0d35ee4fc392385a85a1120a215f49a696d46ebcd39a88a7aa0f572a972edac487113db30dd8220150380b403eb474cba6369839e8cbbb988da435565735588aca764beadd5da6210c126bdbc7883e943343f3b46df296c06d593678e04a729f7a32b6d2d55eaa24e8dc68ab2c6b6d853369f4cd860f4166decb5130faa2bc834944b1c2360ad45475a6bfd09edb574a498da6ab29a068ac7b65dc08e2ae39ed977e46bf7ea991a99e579d1c69e9504b17d9f9610ecf647a2e38d4b82f92a911626b3270f5e811d1885c30677a336f0bb3349b47725b031abc368611802be2fe2e7ae82a50f83044c3749743f620537e91022ff3509b8d3112651ffbdc593df84363dc94b2a73d2bc208db9b33a93978383d5baa1c8ddfca0825083f4257ca37ea325db4b37aab78d6fa1202a767ad70d9c7be92bdaf87ba150eb1488719019f56f921ce4009b2eb782022707202c760c95e353b5c9f79e6444867c4549b5f94baa17a9fc487ff33c1211cfd0dc93028d91bb3c6cff82f8ee5ad0e2028a3f6d8dadd6cbe15105b53f7a29d3f1a654c46e1cb2be283357cfc78c389851b6478e93e852c09d3f9d61a945a52d12bbe4f9edba82f6d6452cf0895258979ffdfac99126a08e67f970a331267931f7326c6c66e8075e20404bf3e3d1066a061be462167287ca48217d3e65e4aa123b93014022ce93ecb4170896bdf946513d919783cf666275f371eb1e7aaef14ee28782e37212439de475409668468c933cd89106ec7cc8a66f3c9ba8ff5ef1744a2ed31ed1620b4859a164d5313d0be188a3061ec52f64dea45493f391d2a46a9cd896018d0971525ab2b36a1effc70423afdf1d595b8aef9cd95f9fe88565388239d42f568295e4e394c2ea942194cb42be88db73916cfc19ff2f97fc6f0ee4cd59d6f9d0f7216548ad0a8e8f82cf9f47473f017bc2cb608402956880fe49f500e5af9ab2d323999fc6aba4374cbd3321c9e5dc9d1917b04cb0f77b7e5fed0b5e46d64df0306378ff6c1fde8ff63988ec230a9100a1f42acedd85935e5fce0047bb9088faf0ed4a644eac44f4b3b5383d1f31dab8173a8bc75d31927c37cb0cefd29659016f0c7362f9c98df1f7ea74480d18991a353952fc7592691c3b5cf43663d94c4a26314fcc2f7e476c67b00976f85ec5f68ff4a047eca5a10c7aa13b438ddaef3ef81ea9d86d27a519e3c2622030b82a47bad2bc7cde857f8a9ca98a4ec74752913f163ca86ad5f0124909696e0edd52c27c6de11c8e5c405a4551bf41bd959677ff7a98c7127ac0f8e77397565d63dc6973041565e3cbb21081b9c6bf73bd3ba75f26812a7ba0f9ad176a8f3ec6deeb34da7d1fd20fb9d7b6591c8e1fb4cc637e585584bfcfb9d5c65f31ef959db453ebd6fc54da05114f48b9ca2b3f40e768bdb3502c6e169d5d2f86e82fc68f3a24714db17a79f1a0559aa9d0d7e412092f954b0e10d0f44dbaf4d4cf6b0ada9c378fa1fd647cd39cfaa47b29e1b6a4797f81118369a33879863a229553001ac5efcec1e07961495dd42c1679fbac784871849a6cb8b74083539a52cbdedceb119a55917e122bb37b92541b32b4f9a3143a3c8b58c731bd64edc6072fd652dfce23df69d575694403d54f13bd4398312dbeb4ddb4b78271638d7d5636da6247cc5ac5ecce2eed5b160ca3ad42106ffc6ef0d5dac56ec8294ddab1e795ed769e811697224eb35a7a1b998f124ffcb912e6257ddabf50b4a4fa5e094b145f3ca8904004db447f83df67a634d5440f497c87954b1d3c44f1d48390d2184911626e42633b7913e42ef38f1e4b698bf9056629fcf794e751412595e79247dcf291d9fea638bd0b5ac1c86fcc0ad1d02db1d1189c77e32aecc08cb22ce0edf41604c1457a21854c523738dbc7e60822dd1e90a3c0e0ac0c44b81d9e5287e14eb70ade530088cf263405e8e30f9b656fbba1734413095204d10be5417d8a4e9f7ab2124c2e6f75ee453cd4268119230b664a3c2c085a10a9a194e78b703d0f1d344be6f7144eb97e0ca428227ff81e917a683d370b52d486a69c15002ff0660f72412816a6abb897423d4da8d8775b61e4a4bdf12245ad5ee71e307a3dd2888bae0b9665b8a1dbbbdbef00e544a35b0a560cc23f083f8f741b81fea0509da86c9a6cbd48e1085f22a238cd86a4229bef08852fa9e9c2520a4e6fcffd3c25a5f8babfd4416ec764b4c9510afd4c30aec5fcb76e4d6cfe8e41bb2a7b9e362b4cc165bb663504636437f4e1d1dc0ae6bb192356fc29f33d71b1aa78d485fb5ede27e96c58b5250ea2268646686328fc58b932d913fdf84b96dff73853a3e7d46ac06a864daac3c4f6b671b4a8eff5e8b420561f3b91dd4ff2ef817db66a50a3be761b81101bfada3a8a1afaf2bbb786b6fac9bc94688bbeab62355d278bccd2c3fd6e6579d78c9cc0e6b26a17b7544b232b092565524331f47fd90fa22b6eefa731c4b472e1c08c1b22c83b2215b9419fdc13ef29552a8666833e5d528e62aada256cadd92cf4e50dbe517697fb440defb8dc86cbae2ebbddbdeacb7698388bc88955970636311c011554c87b597c5e75a2b1cda609bf3986c5696e5b690697550e029547ae524842fdc59a9221d30b6f4c0ad232fb8021afb939d97572ae133fcc7b91995f656c4155e09df7e2c164dac72d4f8645bcb9e5f367abdc400560d95b4b0cc7ca36a556e1a1bf982fbeb9a488724baeda12a6ffd3870e66d5d0d3ecca351754a5b3628c4516ba497e4068d68b94ac34d10c96e68f4228895533a8d56e05980f94f15ad4ef682e30272722327f9ee1a99cd0eea1a1f2a7ab854192da9ded1b7193b1c92039bcad26234491eb1d8bf0e08b3be125ccc7afc69242c85ec427fae64d93d3f46327667fc286814c549d99d4d48fd97bb44a7676c7ebba0d5209f49d7249d7431ffb28745f1f93fdad2e1398387bee6af8339532a93c04da23ae48235ebb9ae552a46a53900c5191bb1ad4d45fedd1bc5e8fb43ae2bf7b6809a8b82b2403ef4441e1f75029a549f24841ab3b8311c7669fb5b09b2418775d85770190e51d116eaf4462a92880b436c602b95a34c8c4e7021c1d5dde4afb7b1a43e880b34d86eee4c568da71cc8bed1021214147d3251426cdfb4044dd2e80bff7ed6159efaebd7cc5ba9ba2419c520837299607e0882acc17bbc217fb81f2ad05dc9c6d51d7952356ab87a16df5c320ad18ad4ed3b4a8b1b7731786d6f307f6ae9c0cdb55666b30b7ba5b7e2909b31870bc6371fc4f3629b05ee24c954a7ebaba1771617140c02e1e522ddb031ed506776f46e0b43e571c1f9d53e33ec6d5b261a0f568b49711332355aaebeacbd0ee02c79d4dd5122e23aff6f8b64ae686fe58f3f1d944fb901dc517af7ef0af344490745649dfe19d3f1d689f98a57dc357ef57e17c9f22dccb58210a17728e1a0f532d1b502e93d6c81d9fcbafbfd5b2496b5a57ac7d0bc2bc9cae4f20d9aa4775fc86e410d4ed4018be3aeb8894fc4868a1ba80a6b4248af4c4b5de01a9a7e5be0f8e231e03c5921518a1fa91132af7ad150ee3dcbd3779cc7bbfdb80d1a01a64e8a4b6af1441bb2c21cd8168855acff84801be50a15009cf7c00f167efad8eaca2d37d19724bf5bd69310f9f16fe67c8b0804154ccc12eae57f076096ec7ca0d9c63a4524012e2c2c5c9e76f7dedacb221e8f308a9e47813c935b0a87519d461a3522c2149ea53d8d2e9f7fdb4499008e8f9153111d985558a2fc97f47874b14883dd871a2c0afda844bef9b28fdf13e393df6901122f1886791b7af3ca31af16b77805d6b0a1b00608ada461c5ca1c857767bd6eb03f68b32613fd8014180cd1e3fba458e296a4260d7910eac41a3f03e17aae7f0193f32101e6480c287449a13dd4da26e2ac430a55fe9f689073d6ccfa073303f7274e677c1ca7b4559f0fa566f33bc91a44985e9d98e267c4cca6e5d7957f43603367084fc3f4de4726ae12989499185c586c7babc45ce86606d868a142d5cc82fb8cb77f4e3513b7906aee2568831ecf78d466a1a18719b6164cfea28d0f629e536497e5d7b5565311e59cacf37c6bd42963f86d0bc979b8d1072fdb02d8197a52b0b833e6820f7675200b54c6b0170580335a47c6c5ec9b632052bf99f49c272eece3cb226e2aa0e0468ad801ebade684f0125bb74e67612558c9250d044f47c3d3e661b76b511fd3ab49fe4c450e90927a6822b277abe884fe9b11018ff311e472f6a004681add086447484517ad99d485caaafb71a0e95df23e1f559dcc54af61c61bf676c7493068089daf091d4164a828643718a5107935c54be0ba0b85450e63438fa67c0c3c2b6e5318a2ce1862bf4bb6084c44a3ceb0cabaa300dc600ba4b8d98cdff766c2e6d04bd3231126a44d16d7295f68c23261badc623456966c408f6359aea21b5d65d6490d7f547d5016806ffb5f0a02539565b892fe926c71202307838ac352a29b3567ac99fcd8d62843c92dd7f2f6f20129106a137c29ef65b362a85db2683c3ce68c05bef6cb535b488141194d056c026519088c89f568c0846e663ea004a73f8debe721a2f484500286e092afea1f613ada515d63a6e6eb1c64baa6f02099cc8178991bbbfd0f8cb7b49ab7f7f9f1ecf726b2472adcb15bfee625ee3bd19874a9b6252b4d6e05b56973bf583c9266b5e06f5a1eba5da918cf3c61b72dbd1c4b19c0ef389da12a6b1bdc537a6b974b400de80298a4620c83c031ff1575b8ec6fee9e94c9e288a416fab778f46f6a3c8ee0d87fd61b39740cc9337edeb407d2d7c7ad182b4e9b2fcbdd2846c1736ec1423d6cc951df87e558664464daa630b1652ef952ab5aead8eccce7646cf1c92a0a3c783c781cf7648ea891ff408f8260e126929388e3f5fe550754e9c113c9b43ade749c675c4a30ea412036976d5eea09af5896", 0x1000}, {&(0x7f0000002540)="58602e9037dff7710cd71a90c4019cf5a43d84e809f009250a2bb6018b6963e3da4032e329a6425340ec8c1b6d3643eae9f258d923c558d8407bc4f812602eaecdc4b6b5348c4f602a6199b7ba74721141ec1621df10780f3eb0b42cb569af4dd7113a81b40d9fb1bbb85d1a50e24a8114200c20446e5874fb92885300af3179e7d62dbca29ffed3aa2b8f443c611e91e96a31f12e403e9fd3442c90e19c1880e19d70014c24ee2e3d9823a86723b193a9920e", 0xb3}, {&(0x7f0000002600)="ceb09a2f95560f98694246300f6e90a87e74e17c20d1f92f0b658e91c558c75bd2b3b0fb560f9c4e9ec0457b65d1f16703c1e31abe89c6ea1f4f358db961028bdd702f8b84ebf3f0e5ac60b05a3d7f419ac1f44fc2425628e0d2d47b68b21afa32990c413ec72ac0d9731ee807b1c0fbe6fc27343b2015079352498da2da40dc0e7e8f267991d963029646327499f270cac4dba595cc859c55966f52321df4d590f79fb74d81d85d69f7624373f7b48efa9771788a068a18109538f476f428a42d39", 0xc2}, {&(0x7f0000002700)="f7360ce0590ecbd4a6d83c674a60f2b93b9a2b8be3d4e5bc53aade71974754e2b46f8acf234753def1496ad2a455b3b487", 0x31}], 0x9, 0x0, 0x0, 0x20000000}, {&(0x7f0000002800)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002e00)=[{&(0x7f0000002880)="e105c5dbfec56e61e83a5a19f0a71898eeb3", 0x12}, {&(0x7f00000028c0)="07620f8405616ae4d01ab59bdcb7b07b88483d4c36c60f4190d3d5e6b78713cc0eafe3afa66fd599abc7d6b514864e1a13b5ff2376fa9eb36df74e3cd378ca05c6f4be1826714c26234914edb012b9bea063cc1e0cc45ca449ba7a3f46b83e01c67a06f24f7d46dd4dc6cfa9f8fc91a850e18c9c54a5c2b86e9b16f935ad32818852ab3160cfb4cd8afe2b41e64faef69de369fcec469dceba47118375520d35e62c7ce7bdb405c3277a156fedfcead66bd89f9a6af76d260b589e2d79f6ca4c66a4f76b30", 0xc5}, {&(0x7f00000029c0)="24ebcb9bc9d959a78b9bf1dffa3e9bf9e10c9d29e29b110f5e75bd02c179105409df69f15ee9d1d4d2328edf582b9dc4d871a8f52b86dafc0be6b2cf40ae56ab79fa19471f2ce24bf3c305ae82d90c9673145616ba6da11aad7a767d8ad59a546e21b571fe3769b13d0ffb089ed5ac6ebc542ff966a830e1288184c2f12694ce48c306e6a615befa15358566969b52c846f54343f916a14a84f82a27f1bf7458fa5856c8de07fdba66986c6df51161609bd78cbac847321e61b2e41879c5d54e3d5a8e06de", 0xc5}, {&(0x7f0000002ac0)="dbc5d2eccc21c4048fcc555322b9242a5e4ffe642f8553df0c8171d25ce870f63c97ec77cdb9db39ff478f1d023f45777845197ca9e88794a09d310130103dfcc000976836f5ef4e5af17167f15f48abd9a890c670f1de534663e4fa92d9fd558356294bfd59ea89df10698201f422c64ac75a330c91aadaf5cfa8b4d58495a6d0b1bfef378a0e4965b49544d30201c808466ee320192060782883e1e6ddb5f5f89ec3e1502f2b4d08f5d0516cc0d0198b0fc875e9a94f03c6cf3534bf42a7f64f8a69be1d0a163be7e1b2bae01cdac65d24b98bc8007f22e3fb911ffba9922a92c1", 0xe2}, {&(0x7f0000002bc0)="0001052bd03e0e50f2d30c694a4812ddcbaa0d28718ca141176246d460d55a12187842458b97617ea8e8d4d79addf85e1848e84da4b90666db77c48e2b6e0a288c2a9c9987c1b88b9be9377142893bf514972900cef0871a93e8965905e26d226ca0f52fb69667af6292c54f6c31f837eac27a4c863357b7a056e58e42a57d0d0dc0989b58e65a4da00ee381ff3de600021c1203f57f577eebca8d9ee962c42a7ab8b53394fd22ab9fd0fb4bc81def03df50333530505e1d2ca98c64f9256921bc12016d1552667cf7ed136ab5a0855a6183352d72e72f3a3d94a24b19ee20a0876d28746fc461bb9a3eb2dc025a", 0xee}, {&(0x7f0000002cc0)="b690360028d1e6c267ce8a62d33c64d497f3373a124b8d9cc43fa4093fcf3688546f27e0413d46b9a3111c6552e6e789396761586bf34971f88bc75923c680a7e7c1064c713d773da3fd0a5c007393b1e18fdd91e8b31c0726fbbdb8525fc99ce425f5f04f9fbf885650d0ddb07f4d57753200", 0x73}, {&(0x7f0000002d40)="ce4cb249483d1d5b32f7bade4fbebc754abd456e8a2259fd1afcee5246a2da5510dbcab5358ca6d40260eccc1a0d2b4342be974b7b6d770ba0db3c1b5992128297c36342d2b7660bacb20e585264962d32e89c91fce33053e5f32dab25a69842be66d88234f4bf955bff0f5964510fe440794d716994019ddf45ea634597f4e8235c04de6aa64cfab24a6263f71d2499e551400f649bf192347cbc1b45cc45fcd4e88a7015f945f35584350f1cba1bf9294292bcdd68ea90ff", 0xb9}], 0x7, &(0x7f00000031c0)=[@cred={{0x1c, 0x1, 0x2, {r18, r19, r20}}}, @cred={{0x1c, 0x1, 0x2, {r21, r22, r23}}}], 0x40, 0x4}, {&(0x7f0000003200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000035c0)=[{&(0x7f0000003280)="921c08681ab71662e43cf600a8403188a058e0a396ce602dfd8653dbc5b6de2cf5088d04a96d2037043cea4a192d157f5abc", 0x32}, {&(0x7f00000032c0)="88774da73e0ee9cc458fc5aeecfd2ddb683ea86d7a3158fe4fe2144c67c5da71cda31b98ab", 0x25}, {&(0x7f0000003300)="5d844f5dce70a77b01a0fb58ee59c4ee72d3ede9a2c8cc6a77746a0095f7f53fd039b64c8bd7828bf57184aff14c962b62297d74ef693a6367b06886a2246e2097f01756fc727ded45f1829703cf4c266ceb92b91f480e057bc3fe5f0170faf848c574a3444b70db85b4882719d0cb89ed15c1208f63f4004c9d0b070bfe9dba3e8020eed6c3fdd250c9b43ac9f03771445935a4b124ecffd717845ec6f60f81783cc8bc5ae1cde518d75c6c", 0xac}, {&(0x7f00000033c0)="249679c1309c7909dbae68f7f1c1cddeb3c54858845d113302606b4552f276a37b853f347dc6e53e84f6c4956a05c97403e879c8c8a2f96610587f312bf7fccb5f1702d433380e562bf5642dfab31c0bae0e2badca81f46bae742d90e8b2b8de8dee1b1c9ad83be8b31bdddd17b2816c4685363630bc5a2ed8172983c253fa8d2272b9d547496e08d670e89f2fd597e5d8e9c90100a9e329d0be67bfc2ebf4345260113d88c090741bcc8bdce6dc9ac43449c9f07023c59509b7c62561571e9493de99058408df3c020f0170a46de615c75ed5a0313588a9e856", 0xda}, {&(0x7f00000034c0)="23c61a97e48112ddcb3fad8dd1b39e11a0c022e56f5b2c63c496", 0x1a}, {&(0x7f0000003500)="0ea384945e833ab769a311d28bf90eb7afba2b0ff8532c7ee87dc2526061d250c23cbb7d307ec20f747a1141602b74622b0d55482774430d18d4f417ded5ccceee29330d93f73ed41a0c4f73c191978503b93194df1c067d4994f13ba0290e4158496af0b4c54be097cb05aa258b3a0fa22b163b8e7e946c1b112427dde555d353e21a01fc9b995c0590f378717fb7", 0x8f}], 0x6, &(0x7f0000003a40)=[@cred={{0x1c, 0x1, 0x2, {r24, r25, r26}}}, @cred={{0x1c, 0x1, 0x2, {r27, r28, r29}}}, @rights={{0x28, 0x1, 0x1, [r2, r0, r0, r2, r2, r1]}}, @cred={{0x1c, 0x1, 0x2, {r30, r31, r32}}}], 0x88, 0x804}, {&(0x7f0000003b00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000005100)=[{&(0x7f0000003b80)="51d43e337c3d1665d7457f98b99d42bd851904ddace3524df0291c14707a9cd6663141a6a96ee270f97e6f03b3803f79316a447cd876384a0b38cf678b94381b2817de27eba655f51e8cdf0a03d3a198d70a6661dc1a69bde7e37500831324cd33ec", 0x62}, {&(0x7f0000003c00)="368291c9be9b9cddd6876aa0d09ca23fd5421309376cdda46068c9965d3132ca2403c2b22352c38eadf34a4648e11b275398df954cabe80f6d3f676fed68c8473701e31ab5e66ed01ea2dc30ff6461dc1b13c487fad6dbfb41f2dcf373c440aa785881426873e547c2c68498a0c464f97f5b3b273da5213157c172381142dc524112efc5c48922346604b015c79944758133e444bb11a2df16e2713e95d02fb77e4176ed0ed4b2cf3d550d2d9082cc052fdc27059868650815caa6811b182d6dbb86d7e14ead57ccd91eaea8f12a4f5d59290e7ff2d19c", 0xd7}, {&(0x7f0000003d00)="01cb91cb16cc9ab3f4c73cb69277ff0f4a5d8942528a16b3aa3d450123171ba795b0b6e03230ca449ccb7adbb4d49d1f7441f47d7608dbf0b426a8daa219276a78a641faaae3981fad04befcb8be3c2b6e74bbe86c426d4f1afe41a1e730aabe1872232d36ef7b35b2e192e7454514fe32e0e16d1f18ac09c3b3577cba2108866422a649d576f5712e25b5900a97fa565ca277c8bbb48478c3f6780805bdf730d27d01ac3a20c263277bc9c6dc2a690a54ac28414f5b7408cd491122eeefc94d960ca032cbb80a3395d547cd8993bb61710caf81e1c875d5b6b57ff5863acb15655d77bd764b5a7a7e09f27ff6360a29165355b6931afb292ccb70a579", 0xfd}, {&(0x7f0000003e00)="060aea57aa129d30fe0a597312dec2a50a2812f279852864fcaee22773d5a762601e9cbdbf8fa07c8bf0bddebbc15ad92daeb4948d15831735c6e88f4b2f717485a5829b27e5ea4bea3295ac8d2258a19ce3ebbdd2211ce22ae5d425874cf658548652e3d31297626ea6dd4ba5bbd2429623d885095158391c9657926b586ae2311fbf6345569b3ed2824ff45990a8732635be4989abb9087b659293356a00c3ecb9d4a993dfb8462be7493c97b2b142771a5e1dd48db9a2f97327b2d54a6ad07a4214f188865d5722823080f30c92a67d9571010fe6ccceba8fab23c9ca859855e4d1ef2b5a", 0xe6}, {&(0x7f0000003f00)="1f29653d490050ae0621dbb7f5a796a1bbae14b14ef87d", 0x17}, {&(0x7f0000003f40)="3209d42debeef05493dadf5ba9fbcda32fcd2b458275ba1bfb5329c034e4a0f842a9f7c79e520a8394f7b02bb590f1a169c3ee6bc882235822e7d08b015a48c7e201489c5af984733f5b254e1f1c77d0d2f9800ff8cadc04312f29205a6d2daf018a6cd510a9669c669d875c41b6ddc9a46deac6419fb3a80062c16367f24c030bb5d496f50497720c670977de23269d356c20474f", 0x95}, {&(0x7f0000004000)="f10d81fb2119672f692c21ca660d39624a5171966f37a8a140eb002fd2446c89306c4271c9b49b48950c4fc36b838b5b6cf7ea489db15bb0340a358f210b79feeaa1fb92f7c824df46780458faf37020b6bbc320e13bccad8ca4afd2e4ed90272e22347ad2cdafb25bfc7a59ce116b828b3f1a594d298a68e58d7ddcfb35ff134383a32df1b69b006fe7d75eda57bd87a48e0f8a31419321da0a1fcc7e54d2ff0acec3c6901207af17b41d68ead175a34f59f1faa254b0ff5afdfd72c8256929ec95540b542a07cf7ae497b10d032350170ff1cf2a8380202987b3d1d1bf8b8e0f3b44e9bc5f539b88340e6651325d9263c1bd9a9016a7e0902038ebcbbbec26be3bd87dfd84a6c1c41b576b3181f928ea13662297050425018b4804f54ce15fea9748caeaf58a8c755283629e7822b72eeb3f8407ec8d2051e76588e002db1ec6c461cc7abc70bff58aa57362a35b6e587a4a6fb92d876d69f1310dd36085035521bb870d9b0f76416c5cf6fecc36ccbfe0d377f1ed2ccc87e9b51c5242381d58d6a9ebd38f3e7cf16cead5fe7e658007501649aa87279d0f56b4a5196a03e1506f14a8e01612824c342b16e49d7d373c53ce13749633e3670d5cb30aa58089549e516e5ccaeae2082e2be960b97afd03ccf1fd0722ce369ca6291926c81e1fa440d026b3ca7cc2ca204f5123db431f86bf66f979ae01bc5e77a0d7e9748b7f79344dbef4d9dd8ae2d8bc92e44f2e2c81e38af89a745578bb452a50350e852b571433c190c5b506af6e6059ad5be847fc71f38980c8bf2ffa6018c4025121221aef4fa67754f098d5257d5a8d7774e786cf3c40f0a05aa62b15d1f4d8dd004c7cda756b89205cf0998bbc981a0dc2d054c7b72abeb63d5062419c2e3b6a55663901519c2b8c35c1d9d6ac20a0de9da414421e469c2e3f728627fc0be0787d4f2103e30d11ce676e1514afae99898bb99c148ff6e3adc39f27fc07100474c4ab5971cda0e124498fdfe1662ac475280cc96ff79e98e633cf6f850a261e60cdbe80a6fae2b4a3233d1e74050470e44fc3aeb4cb016746ec56cde9edcda6f5db4ded4986f70c805d18707bdf8aa85e17dad96b2eef13a5d83787e04b85b84e781bc2d5eede22a243d05c52f63853595f9c3b49e35e4510e5de8e6240321938eaf783405bb0e9d363476309c769f760e485e4d889dfbd1f3580b80e1148157a9e32235f4d39c596611fc182800376d206eb60e2fd0d718e465e7be28fb1e4fb6cac679d91a2204943b2a2e5a43aa75e22835278865989b9ac86a93e5f8d237bfd6468760f99030cee34fc2b9a5eae3be6d6ca6b729c3a983bd0604721820e1f8de0db579b9d91f323050c83f305dc3a41848c2ce8be8d0df1d07994fdb96dfd9280e2725aca2ed763243c595a09a584e0d50e96f0a46adb403394d31a1e6f73c5a032c35cab187ac9388bf900d26a242d17a0bb5dfb8e3f64c526cc2fea3029e86c792ad98abafe87e066b2caac3f334b7ce8b3d3f501f0d8e076866b1c00717904dd0b6f9729c1d3affeddb4630d5c5870b7ea3ad55eea90c1be04e0b0de82e05db932977eb89aa9175975a0f69744a62015ad57e7ae1a0e1d64ebd3b512fbfd5d0094a48dd22694f5ccdc3c3c0dcd43681e5b26126adf783d12bbaaa78cc8803d72a21ffead795182ac2699ec0597638333a4b7ff395db3194ace20733caf8862b040d7fbbd9789d55c1cdf3c8fd1efe2a892825a53cf438646a9b12e7031a17a86dec9144bc3cecba726b59e970aa1a7c201b9f6f96e49e94c38653b8122d302d8f1a40272d14956474381b3a8fa2d61b4c1b93f58dc1af035920a04472fd086896d5c3e1fd7cf43a68df7f45f5936b1db70c97271edcef76670d9e80d0df1cc22e2968798242ef7547b8bdc004f3527b8a90dd7dd1518a099ecab5b59e9a945ba3ee14656bc03003d9e8f890ef55db9c8e822aa2391d231f8a4fb5944105f68f6048c7a89f2ea6b6f5a24260f719839a6e4f2e99db80422580c0e5575f7c5c7a97a0b0fe6cd26db46d925a107714d6515fc81dc1de2fa0a90be6faf66a3ca87e281de7c959b7d759ccad19645429ae845ad4d488903f605b7ebcec438fb7e577f3935a2a39681e66bebe4598c93b5f4f20d3753cdf84a770a06b3d81a956e0a1ed19bbc03e7a34615e797147768f89e6d4b8edf9baea2a99d69c690d335db08b84f5f4b337ce127742898e63f88b45cb3712cea4b11a848d7a44664f1f2d91924363bf849d4120a50c1797e6cede2006313860063d957c3ca6e9afa50c5ef67eb14542652a74ea39a9abe157f87004a0118396f86ba8229cd6d88bfb3f662d6e4a273dca9aa7138e4c2503b8c908c481bcaf98d6b62d260f2da77249888767644167b1cab706703000d701cb1cd687db1e34f6afa768fe5e0278a0324e7ce0797ac7a3a77c7fa537f31b407f30dc4e0343a698c97a4b8e1616f80e39242a09a7cea3a1f6e1ef9c2e1f328db927b649db3a54c9f821bd494a1159371220dd02896120be5cc1e7bf69ea3f3b8707d18a2afd5d1d41ab701ed14355ad4c300caa9de44464b762483fec67ca55662c217839b3baab21a760228d026570918e1023a3b7d8678ad1adc4f6f8c42de6f929a9b1bdd2c346793be5e43b6fdfba140f0bbf20715f9d2ad2f9f064c2242f57d27a429a554ad026d988336a49f05454f0d8ab75e56594756fd28b6c561e819e9a73d47ae15e5c977a1d8a9bdaa5d497e5daf2ab25192b19a5a27dc7db67774cdb02e1f52ed5932c31101efab68ca055b1322bb922aa527fd77cd836fb098f982a197efba579ecb4af8f2f87b8bf9175375bae4c1b4f37e8110273b859690552b7c467f6fd3d8d7724151cff0499ed257430d17beb5336da9f71b6ec6b79ae27073e62418ee29c8c6280bb50d525a5c3a05fb248d51666f972c9eb8e6cb9f175de910572b8cd04f6c293ae99440dd52e01a96bdd0dd4d499c5d6d14b57fe49cced5f54772d05370f792e65622645c73de9db86db69a301c0ad9d345daca75639ade5d0680e6b0a77457cc09cdddf577d086e0f388f08829e3940caccf8bde8ef9acc1fbe448a26af09fd4cdfc2a52dbf202cb7382a65fbadc82f29a233c174b2b7ec0c2b1b2b56b095d25967678063d63349b43747840008166ab9caec1e85106a5153af502b15fa926453a0c2f638e5b59853a629601493d83dcb448b7178aa49b9184de4e1f5651e20202b2a92e18cba1c15dfa8c7e493f75415f400cfb6c3ad5f4f16629afa9fc8ed742f8cadc82b1770b939f5266f0c31aa83d69144567201a39358d1ae90b28798d0e39c95de2b7f866fa914afbef482f0b2e126fd259b67dcd3b097060691e31fe83a726a1f26df66c0753589d72ebee318a4adbd4da8c814c8d3e8ab5e81ef8ee089fae8d752e43bda24dcc5dd42a721d49ae233fb88e53221b9e3b0bfe2c0c653203d8a3bf9033e73e825cf6bd47400e610fdb9ae5758e1ea9a0b70df2783ac5a9971edd583ce670c8d8aa84629ba96472b9b86d8464085d4098227aad98049c503bb406375f905d73914e49075cd2dc0b9bf5484d3698a0334f486078eb162c9a5fa60096e754c543d67000b9b078bf7fb82a1dfbc9fac1134b53be415b4165edc80b12567f5d91861b0b50ac21ca1247f391c35e234967c5eb3d1db0e9b51223c8632c98dcdbfffbe980986a1b4fb512a4c91f885efe77d5ce6a226d309afffc78b0422a9dc4958cf13cdd096139a0c53b41081266531a84f67c21649bf7a33edca4370fdf87a5dadfa5fa4c14bcb1d4d43ec5eb5e3f9ae82f1e1bcafe655cb28a8c7520d32411f3f9eb84a85c9a201ab2e8757195867b5a0ed5cdee4f2d9630c66c4f79832dfcd443d1d318cc4c7f9f730c82773799edf1af8852f9b967b2314faf2f3e0b44fce631204b5e41a5b16bdb1a42ffe4208c41bc33b93aa6319fd935eed03a50020c23daaf023cfaddb04fd777f22c15a81677f68bdc0a17d60f35f8bf68812f643d358c8b543fa806dd14aeb05c19fb95988689cd6bfad367041f7657201eb7a883ca5cec865b33c66a5bdbe0edd0346e60dd4a09d6ea4d1e5167bcd2e2eb2a1f5b72624db462e372f94008731c7dff91b5fbb6a0e6da97397c999017c4ba8971e7bad65c6de47e43350d53220b582a19bd33f4c8b122c6a2caea9d32217de4c4392c332a0d64fa0a946f225ce62b9ea1601a635955a3da5a1dc74054dae268018dcfb2ac48b9dc80b7e00b9b47dbfacfbb3a5ef8b9f111ba551f4e0181b1bbf43c3abd0c5d7c6bd7b061548f67be912d609a213d1f786aa6d7b5447fdad333cb5f0e9eb3f0007ab493afb5d0d446c86eacaddae7a17a76bf87476eb4d02e138570ef227bee77b37b48c8ee6544cc898da5d5570738ed44455618c8b4e8bcaa590829d5d2d4c8ccaf72a014bea556b757dcd312bc6471716060c902db76d524fab2364d4ac287630c9e0a92daceabe5eb33a6c6208f0fa34960c24b1bc99cdb9018d107074c08a4aa80702a5376e703f137d2f7f40d569a9167fd717fbbe8332914a7b38d33cd717bb56fb3bdba7f7b5c9a089756983efefa060c1f648783ef332d51574162b6dc7a205909496641368385844cd310e3b080bf948543aa2663a0aa9be05945ceaec28e295e14ede0f055dd6c58d9d75ce2c8893aedcaaf3be2a2205985a6e67b128bc1899db9f06f59af256ee46ca1402e11e5591b04495774c442f07eae006dc6f65ffb54f12c07c8007720777474a8df65ac97771ea34f118573d7f6a3667992f6b032320bb4ccdc369bc55d8e0d7bfa6b89a88fe5f8f559c47bb68214f85f4f21af3741f4078b7e3b71a9c22a55d95d724296cafa5cfd102321c0321a603715805d0f72a834c5317317a19e72012070a9c9f6c74a722d9086bb93be7d4f411c04ec42de5e4fef5693065eb0897881ebc3e3714296a8e49fd7cefc554bb87cb1f83a0f7f3ce28714a52ee3f23e1bfaef5913b071cd03f0b21e3d5ce1b9b88e27e58e12b6909bd54020d39e63917b0c7079ac2c5b7f91d2a42a821196653dd1667637ab97d4f64ddc43bd84b3db49c0d6305201de789c5971e77ed81a2d257dc1e6f2f1f462e044272fffa1e938a011271b15aefcd6a3e7fc053a352cd4f1e07f90c70126dfdc357d711f9514151cd0206aabf5b10ddee7983c4539784e8f872f8d1a3f78632cc1630571559e238f6f1fd6691eec11231a11ef2a9424b1a10955a53b31fb0fc7e58bb6f879c76a08a57c6c9925c45a64de1e3a9cec74733acecfe249deb46da12a856d5ace5023efc0a17dceef1e543474e909ca54a97310db8d89ce754c10418dd0d37e941de45a5bc511ba862b49d8bd182d7635ea3f47c0a470c93d04e7b506e1eaf03450ef10521f8ee3ff917278cffe55c7872c975eed8726e860e916ff0d2e3e3219672fa43ccc6d8356101f58e581099515c51591263af6895b4b44bad3dcf76ccaac2a10d5fe807a77349f8943e4d1cae0fa2e074ed4b64574c2eab6933dd971920e0431d4a808cab4ccd61bbfd89ecba53bfb902e5be1f449aea27c3796bdaa2aa6198ebe9815e73643c1baa086a5f5f0039e9156667ed1be101819eb1b880fa2089859806e023db34f9f5fd86bfe8dee1c2de49b9b2d9fcc3078274115b900fa7b81ee343a598ad8c3ad62fbee0023dce249823ee251b50fe325e0b2b05bb28d7fff4d6d4ed01f9970a80d52b1f193b0af7d1c70dc22212d2f5f0f093030ce15a8ec5fb7696d6691887614468d9d7e", 0x1000}, {&(0x7f0000005000)="302d560cd1c15ee161cf6205b47810a4184ab16a982af692fb9fe5fd3b87641fab5534077d0392f2a66d8bafed8754e010817f4ea7fa294e346df11a534d8464b937bb8c933107d074c964b8702e71763b78c780e2a0f354bc5bbec0ea08f84cd6984adfb36289c224f70296227e8085bb665eaee3d2c24bfbee1f1596c557cb9750a48b06dc992305e1d08647de29a3b0b9727b2dce94b30015f055be3c77fa", 0xa0}, {&(0x7f00000050c0)="360463932bd4dc4a8b94a20338fe0406", 0x10}], 0x9, &(0x7f00000051c0)=[@cred={{0x1c, 0x1, 0x2, {r33, r34, r35}}}], 0x20, 0x4004001}, {&(0x7f0000005200)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000006500)=[{&(0x7f0000005280)="08a96a5a1ab82398dd7647e587933e2d44cd1d4288e3ba2f9ab24b1bfe29a19ab3e76bced3a160d1ab24fbef1692564bd82d5a5deb2180a6d37fe0e43b3820cb726392586cbe7b7067ef8da84c6bb0bf9a01e5d8c79ba0b4f1498cabe1de551657e24fa43c95b6d9c69f8b24a3809f731e2c3f9cc5d064c29eb0e1ccb7f362ea9af0d951379c88a205ce36c482e2a8a50198abe89412acf65c", 0x99}, {&(0x7f0000005340)="177c1ed8e58bdf42f068a195d01e023b7b2267eab39b66420d30f2846fb7efefb84b473eef61e8cc40a8ce21e0dbea", 0x2f}, {&(0x7f0000005380)="ebac7b1631d09d94675ae6fb90d1f25646f67c28859992d7c9a133a98bdcc4f690f56bf6515a6092c81e21e60980ba3af25b7bb07df86f97a177a4503d50ba0710f99896988788fe54bec67c42785daed453e744c798c37617f489258b0fc86024909ad6c44e1856df42236034df15f64506a78bbbd95d398fce76f318508c488ad1bd061342d6882e5892881cbc085b75e1ef68178ec426520a2257da1422f624e2b3d69101456dc30ce59860e9", 0xae}, {&(0x7f0000005440)="0279d2a45041de1a152d36dbd85eb29247e8d5773d71e2f1bda983d1c9b6294f3354ee1fffc9a4932b4404e3337e4be90ff239d864a6a9a05c22644f0a0bf0eccba323c9d8b848a8ba055158e34474", 0x4f}, {&(0x7f00000054c0)="da69e01916401901943e74925ea5ed429e95b25559fac608cacd521dee44650c13eedd6529276d2d398525ffcad8607bb3d57bfd114b3a9a4eb49e34bb4fe3b039ecf5f2e870b2ada8b4d07c8fe35a852c389cc086035a05e9cc1c87be6e52afdbbc10a4cc94da492228c7ff372625f0f098c4c1d1f8f48e930155e655e8e6e19762f9fa65dba258780fc1871be2937b28602efaf9210cceda6da4504789b9ae0caa9f717f55ecbd6d72d83ec390d7ca1fa564a3a63f6e31e188777c5c512830d4309072c184ee950e1b16107e7e05aa7a2ee3fcec5358ac372c1e3567e8ea353ac7e69a6a598574d0afc511d36141f141dd15fa5d8367fcae88f38aab640bf7e3c08fa81c0b476be71d0fd6a65f41f5d82ca17ca1b946e73858c0563a04a686ee862ac4024f57af12f9e4cf3bc629f1eb55de4606bff88c2f75014866b58bfbe1f5e3acf095baf18a3d6ce97cfa3f4599052d9dc009518e9879ee7e673c5f71b6fcd63127e0ea5596babf72cdb5eb7b34754fe76e6ec884d5feedbe8f2c921c424af95689f019da9714bc8fd9b164975f8fd2919cdc80f295c9cac897147a2914afe82d4eb7e7881152cb53249b71fd76a56e168973de11487d3b3963532bae8e6ebdba83e962cf66c19d6dc163f8b3ebad8ec9018ffbe1ae5ea85f9b4f3b0bbebc046c2b44e5e1c9f4347aaa48d8524cc88b0ded747bdc4fe5d2bc36b6151783432382bd6a69ff5c978ef8d9addede9c34016dc331397d46bf7cc269ed47176d169d846e5f63c9b9020feaa66e5995a6ed4fcf572d945b92457730b84bb962c950fc88e663e25cdc3a81f2343258afc5b9ad2c54aa9b0c4a6e82e19081f819af791f44deda0be6cd0c0b4d24557ffd066852302beee9b423e9d8adb733c1fe6912da790edc9b020afafeb797f0a745f1bd480aa1c38a678f354877dfbd629d845481bb014e8929a765465aacf29aa662b0706f31a9bdd0552dd989c1774a4dba864a3aab63bd013a107c726089441c46522f8eb37777f6d0bba8f356a8459016e5a8f3a5a4e873f16fe6c3412ecb646cedb7fd8d3713c04e6d447b0463f7e4fdec390a63da31e94f2823954c0e8034bce8e6c9c12c9b4a88d414eb4a02ddb20f2da6c3f2b1c747995dd0fa406e98c24551128ad7c70c9af5d73776d290a3935c8d88ba28dca2650b58574a91fa3dfb40df4a590b4d5f90e5cfc42c57402a3c6f5462c9379c15822a5a452841d277d14550f6c0fd24c1433f8e634651cbdb6d83302d5480829dfbad08b81374e024ad544758e1380768cb770c42656d23ec893ad56939a05cb515a5fb1fc4711e03fba2b1f242c553dd22a295e4ad960b6351a339e297501bfe538b14a0a73eacf27fc3096eb8a873e792ff27cf0c9ef2a587663fa9b87ecc520f0a8d4b81a4ba3fa41fe97644d025977d3dbb387ed8bb58df13551a06b574bf24121ac0691675606e8a6b03c27e41ec7a668a6286e978bc0fa27aa369b224fb010c2542d54e43b6c9609df6a852ed9375a641bc6b4a7c79567e4abd3dcfbca8d58e2a51e1bfabe3ef5ce89a762ea4b9f24add148d01a611c13f636108c3744dbc2774c89eda361ec77071c225fb71195c42a61cae1688e9e4e7e2d4642060ee7a454e780ab4aa60815bd3ff848214de30412538715f2e43eefd50d03e441a634405f8ff7797c5d2b142e701bee43b68008427ddb0466a38b274c1f6d01dd039aa2faee3080315086abaf5690d8539cf223c63c257db00aa5b919e827c944375f18dfede66fd46379744af4a4b7c0934e14553042b3f0658c4f9a1a478935a4e3ee38315e4717262ba9083c44baf72451552eca481e060c31bf4d4a5ae263b42268ae2fdc20f2d940361d10856e1291accbdb419987d93d3ccae09909c4c3b6184e58c04fe9a15e0e54436474b75e27cf742d3a65545b68fe0dc96f3fd505f8d091a6e73619b82dbcea9252c23345fbfd5903c5f13a0b8e82ef41734b4d7c3b8b2b912a15d1dae4b2f36f96dab2c2cfbe4527dc54b9a583ebd0fe48d2861257ae9889870ca6b9d2984cd48aadc8ca4ab4814c92556b7c2024206a4b1395af9be935ac9501e82bd3c7d036b82f4f5de13783892f534d3df838c9be74ae99023357d2af4773738ffadfea3e97fbb84fd0eedfdd0634c89e9cf716caee8eaa8321fd9dd6418764a4202fa76ebe469cb707cf1d4c731acf0d5c305f4721b1467aec6d12af294e32ed2df8624638c4e220ece424d59ef9bb4b5b4fb430b8a8722333924590936bd53bd38f2b5254d61c1e3b89f401d0bdcbaf2f4f43a5e3cfdc034078f12023cbdcba6241a4bdf58713f3ddaf3947df55cd958917d484c8fdf472f61cbfbd211ae56568149cbebbf87a26a385ef3767debd99605ca79f4373c68d5018a0fa35f85f67d479aa6a95abccc1b18c4c69d2671717d5e68e82f506e51da60d3bcdd67ff8cd68972b3c8caadaa74560039767766a76ca22360d8cfa355e35959c7b09ca9df3461df5f9a6ccdfe6e5376a26366d7657ceeab4f7328c4d6e74213e5fc47fb125c9b11596e6dcd251132a301ba155ee182f476bc6cbc0139041baba0b7cf35c2f83f7dfb5d7fa14d36d00234ec4a6fe3d82d7125a7e0219198ff5b402cc0ece2ec4cf9aa8d57079057147e785e3475c4ac813294599de0bb10229b2256017d4f1dad8577ffaaec6f054a597cb6841c1e8fc119eef18e7fad826364d6913f058a6d5bf34f50a3710962fb1e80146b8e4129232f525c870cc203ef1eebf8751701b97c4900c13fac1fe5cc445db5f9a43c865d243099a6ab1c592533333afec1f34c4b088e155385ce10b0f10f1cf008b775047d8ae87da17062271013dad39414f29cd91ccd84fccf50c8abd78dfb37011df270c4edc3cef27857db0f122dd1748e01bcf3fa50b568813057dd0a53ffbd149ea2b60ba7c8c6e4a48d6c51d8981c1dfff8e23f60b1e04d7d533e95eca3144685da6545470fc483b4faf7ac23836e90d7d15ba462641ea085fd2ba47849d5b15eb9a89377ff3ab030f2e390d57eb7c6a7f71e78c269513702f6625403f2521222a1f79313119a36d6744c1099b2effe16e67c7b3fb08d7bc4b1bec52df4ba3f689efedad8c6a542875527b6d2bf4b7a1cd8549fbd49f07aa3303bf7d4300af6adb7a83dbe00e12675de479a72c54a60a0a903890be6e8f64db9b02896d71a84ca93551ef49bb42fdcabc420ca475e39becf68496f1f0ca9c11b8691c6ad2b19bc15ce540aedd1d1dbd74f3612f2b449b7991a1fa98fe90a3d1e7835849f4ed3f7e9eb4469a190c954ed34440ae0d54687526a81b9523d1de5dd03e4b77f04bf415fd0b1e2b5953aa74404da3ecbd77625e475d112457e17f9575d5d8389ff5d3c27458468384c61b46bfa739f8aa571c3b72716609d106c5332acf8efb601ac3d6363da7afc6e6ce3a2ae3289c5ea92901dff763561486a380b60967f7c8b1d6f3b8d5d9dd1488dd705de7eb10fe00739132c55e2691dbac1ffb35c2c966bcdadb132f28079591216c5873d74234db77b25b653292e062b80f195cbb791540c7a8f9b9208b8684c5a244bef2d214575771ae4f88ffdfdb04e5cc030af0c718169112cf0563123fbc8ad13fca9c866a863bdd60e002ad29e15398d49da4e78126ee832c1cac5e90f3e705877f777ec9adc85fe3fc937b240bb6309254dc255dac3113ae8222ab5642df8b8d779cc72a0995e2d54aeb2065de67ed1001240e8cae6ead2389f05bdd6f3096a8b2ff81700192f229539d1b97cb891764e725c9f44137ac3cfde2781b4fac08384900cd400a51fa3c38c5a49ebc021379ad69e0b6f6df6634686f9e4fd6530b8841aee0d63eecadfefc1bc71ce8a02a956c887c03ec1e2a7a3551c194eaca49088dbe35d12c4cb29f55bd2b05c0979198a2fc736705972b9ca64c364dd9fcc012e7ea68f6af2f70ada4296332dfd19e979e4e760ae1476f5bcbe34408405751392effb878d5abeb0ea3946acc62c03a4e82cb3be145f0bfa950ee251477d5cd3ff0e25af18bc72713ea7b3bc36c9ee99ef4f11fcb62d31a4f2da7e668eec7f83d46cabfb14aa2c5ba9072fd37680b48a7f84a5e62eb667b237427f83e13535b4e4f2c68aa06301097cc88910fbf46c3fee2a7ecc0fea05748b36ca9a0e6aecd6802e48a226967efb7c211c456792fda43b0495cc156075d186792194f02fc4fc7665ae143154e2c7758b0511de54c38e3c0d194b498a334f48280d1d2639857648e16ef884f6e9f8074165896d80589d803fdc909a7627a5a4f1ca3e93feb7aca34f1a59c78d58e9ee2bad2e9de9006380ab09c3fea57f54a7ac8b230a32db979b88c4ef9ac140cbd725dcef0183b9d23f295bc8343e8db031639359c38cb341190c7a6b3a3a155e23c3140dd13812288a9063322aa757047af60fff175a14dec611958773d1112a34f0d72fb4ebacaf33e0dd2d6425d61db1db2a2a9c2494b03347eb4d49eb8d75b361141e991ac27f8f326ad9f88996c2d341b1984e6c4de437661618a895e8443ec2e80a55717412234284226638d0661ea6d68072604bd51e08763665738dca7f397f7e7b6e01c50eb74e78fb1b271b677b49db05e7be4ebe34251a6479acc8881ae28ad5b7afd3e8a580b20bfeb9b8d72fc31a832d04dd2e8c13dd36ba1aeb31fe3bb5ffb5365182415b8ac6bdf19e70e810aa94cea1847d6eb96db2c9856f16631e59ae0ddb3260224903b07c68e420f33e2a9ba61441ad23866e8cff68820c0413ef623ca63d70e043eac5adf4e0c3e727f1ac9e3a41a63120cd2422b23246112a3cfd30448ec2ae71439be9c6cee969305c342aff3f9f2e676b8823d6c056f888f1569fc97cdde70600ac55e5228395b25c9bf6eec18db5e283956afad46987fee8623c053d334962cd46d939db1fbc2877f7d5f5487ecf3e98cd93937a6d4d7a4d0126eaca5ac3eea5eccc26c50cffbd60b3b023e5b7d541efdcfc24a3e3f08b44cf7127ac793c00350569ee37ff53b5f0f4c28d30023147a74889f935daf3742aad81d240e1c458293dab8ba16553932ce5c3b1adb730568cdfa985672a75f9eefe575cdd9297b903f8e518ce972381449333832414ce1acdf999747026867cababf344948089b420e4b4a50c74d643a7ee19e8498c8a390a781e97e20c7016c5daad01baecb0f51f73a4765adfd234356fd9c8df16879d0c04dcb59df3c55832dfeefd3e68faf69ca915d40823ea514b7d0ae0e2895753413bc2b409e598a28495ad1e7952f1e70c2bed6e75cb78871542771bcb4ec8d0d69e58036ecbf7ebdd63a48428295bfca3bea3b045559878167295d71e12461038907a41d927211d567b7530b31822ae3a7872bef8e59489dab01d565e128f55a9caedae2cfae75d0b6268d4b1738654aedf19ef18dbb174e68bf856f04858fabe9ccb760bdae4d10e9be789bf6405a951a806c4ece27351fed6bda61a12b8b21e7da4aea1e97aad56fc42076cc9948026ccb3524c9fe9a1ffd9afd072209466eadaffa0d60bb08c425d246a6b8be81400c869bc08ca1c1baa937c327e28a61da7e8f9138dbefd2be3434b0b2801608a4e886cc1d69132eff3d8f32faa61ee68839b1298e00c37d9b487234751c3cc4118ee2fa278f10d8a4f22cfeec5aa72be0b2edd20b586f5b584458705dd79c00b6cbf6526edd7fc53200862e3235791c684c69464063dde89cfb63b12b5051947bd8d769cc56eda7eb94c6937be68faa644a473472780e37deb16b55b89a7755c9b8204c8", 0x1000}, {&(0x7f00000064c0)="5e55e057b05380b21f214172935d6556ff750d75c3b1b436fde78ac391830a974585bf", 0x23}], 0x6, &(0x7f0000006a40)=[@cred={{0x1c, 0x1, 0x2, {r36, r37, r38}}}, @cred={{0x1c, 0x1, 0x2, {r39, r40, r41}}}, @cred={{0x1c, 0x1, 0x2, {r42, r43, r44}}}], 0x60, 0x40000}, {&(0x7f0000006ac0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000006d40)=[{&(0x7f0000006b40)="fd238adb75a09132afa538ff87bb2b255d0e661b6417cc104975021ab22f2e320f05a04b1e4e2d709a9a9d87f08f2906d9971d9b0c585a827f4280825d115e13666ae28aaf4f06d13113e912a007f8bf623281a952784bfbf4867294c4d401c2f96580daae", 0x65}, {&(0x7f0000006bc0)="c4f1b8e9f5dd6c710be593d5f7c46e8e61cc9cb8a528eec0fbef71e56343e06ef70cc68f3d6648693ec65c7caeacbcb8a43697d79552a9cc0aee3be78ff2c01be39fdec5dfb3fb9f47d79c370a31375a700c717beafbad78588fce362845321dfa6e3ab35bcfc3e2d7a80a6b7dc80026ba3ba3b1255e963d011e3339b47742fa373b497cd1fe0db84ab78fa8459a00e94dd8172abd44913ced38dcf8bcf0fd9f23f38eddcb04b266e12fa2b38293477a2cc232f6fcb39e6e706936687cef66547d0b4c934da22206263eb0023a87d1c883327ba9bfca43b12a20e8e067", 0xdd}, {&(0x7f0000006cc0)="b222ba7190e76180e355308cfd6e5b35af51c96f08568c3e47670ffb6a5ee40b601a73499017f50924dc89d76b75011c7229f8f5c77fad22ac1d9a99ef3f82fc04fd910b9323e13a29", 0x49}], 0x3, &(0x7f0000006e80)=[@cred={{0x1c, 0x1, 0x2, {r45, r46, r47}}}], 0x20, 0x24004000}, {&(0x7f0000006ec0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000007080)=[{&(0x7f0000006f40)="0818c11d01907c122f816d3725d063dd1dca80eba416162114f033e041c7617f6b7f889297e9984f8f00afc77528d14bf040f2c021688890e54c8d63396ac622033e964fedde41c99ab6984bbf5a78d931e4a7edf3da0ca1d61eb5563bf4b8952ba9d47cf46de3353e72b535e089", 0x6e}, {&(0x7f0000006fc0)="734f515af2a9a12c3d0923aeefe31849d40909a24033f99e93112297f5c4dd3e08a7d0c5d1a479634d5ea46d31a52c8fa10bdae751512a337be94cad837413366e2d8063352679be4a040fc528a72698e69cb70fb1e985f18686b9cab8a7f149c1013e8580ef1cf13748a50bbe5d29e6dbba99ca51d44d6b7ab491a043a27c3d073cc62e01c955fbb6a0efa495f038ee8cd8f44660f222874f34eea8e08015dc96798ebaba35a500f07d", 0xaa}], 0x2, &(0x7f0000001140)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r48, @ANYRES32=r49, @ANYRES32=r50, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r51, @ANYRES32=r52, @ANYRES32=r53, @ANYBLOB="000001000019f75563c60b300000000000000000", @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="38000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r2, @ANYBLOB="30000000d8000000e9ffffc4166c90f7725db4658da5c3f66fa0150001000009", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="30000000000000000100000001000000", @ANYRES32=r0, @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r0, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000001000000", @ANYRES32=r2, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00'], 0x110, 0x20000000}], 0x8, 0x48050) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r54 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000180)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r54, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r55, 0x8912, 0x400200) ioctl$KVM_RUN(r54, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_NMI(r54, 0xae9a) r56 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r54, 0x4090ae82, &(0x7f0000000380)) write$ppp(r56, &(0x7f0000000480)="3f16bce50e787d3278cf1c4f0eb37101a2d8dda4ed40d7f9ca38b257c1c5ab4679582eaa5ea9e6fe6631fcddc6101c56ded9bdf3d2270772a36fb2019bb3d74316c0775e758f893586af4055636ef3c5f27dfb26bf67b5712ad7af4d512926568b270403bf27e11802a027e3e0f84edd01e852fc9f0a24193d55900a8c12205e75a7d34d863cd26942e6822d35cebfe5084b67", 0x93) ioctl$KVM_RUN(r54, 0xae80, 0x0) [ 780.150182] protocol 88fb is buggy, dev hsr_slave_0 [ 780.155356] protocol 88fb is buggy, dev hsr_slave_1 07:39:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r0, 0xae80, 0x0) 07:39:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x100000001, 0x200) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f0000000140)=0x4) ioctl$PPPIOCCONNECT(r0, 0x4004743a, &(0x7f0000000180)=0x4) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ioctl$LOOP_SET_FD(r0, 0x4c00, r0) ptrace$cont(0x18, r1, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x2, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000240)={0x8, 0x120, 0xfa00, {0x1, {0x8, 0x0, "b71bf1f5da9ace1c8ee5545a5a5ebb7983a091b9f2ce9a4d8239db0657a01369f5f43e5bc7c16f83ea220c70d3cf0c51f1a83d5a9adaa3c2a7a8ac0b35751526821f8f3db4df87773fe00af71d3cc087d91f8bbffe8296b34afe1a9ce331d548fce6bd4f7ecd18936c1dbd9a636b5cdcdd92b2f58b4f3550b205b9f7919e699b720f28eca1afd18a8848a7f3153f851c284ce6246525bda9a70662daa795eb10c967d45e70b63f4eaae071cd21df1f7619f382cda09055f04d5721d92c49b740acac7b88ddf5549c87edda995d8effb53043870a890d70c97efd42c4c79aefd3eba4c7fb99e01c2117e23185529df31d3cd1bfbf0fdf2b319af465e3bd1c784e", 0xab, 0x8, 0x80000001, 0x8, 0x7181, 0x0, 0x2, 0x1}, r2}}, 0x128) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) fallocate(r0, 0x20, 0x1, 0x52) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:39:47 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000", 0x3f, 0x10000}], 0x0, 0x0) 07:39:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x3f, r0, 0x0, 0x0) 07:39:47 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) getsockname$ax25(r0, &(0x7f0000000300)={{0x3, @bcast}, [@default, @rose, @null, @rose, @default, @remote, @default, @bcast]}, &(0x7f0000000000)=0x48) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:47 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000180)) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x6, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f00000002c0)={{0x2f, @rand_addr=0x800, 0x4e20, 0x1, 'sh\x00', 0xb, 0x5, 0x33}, {@loopback, 0x4e20, 0x0, 0x3, 0x2, 0x2}}, 0x44) 07:39:47 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x4, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000180)='trusted.overlay.upper\x00', &(0x7f00000001c0)={0x0, 0xfb, 0x36, 0x5, 0x1f, "c71662875b2c5457cee01d7d806f9995", "129a474dfbfebd8b0f01e30a4ea619387b5f6a42b940bee8536a97d47c85480470"}, 0x36, 0x1) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:47 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000", 0x3f, 0x10000}], 0x0, 0x0) 07:39:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x210040, 0x1) rt_sigsuspend(&(0x7f0000000040), 0x8) r2 = socket$caif_seqpacket(0x25, 0x5, 0x5) clock_gettime(0x0, &(0x7f0000000840)={0x0, 0x0}) recvmmsg(r2, &(0x7f00000007c0)=[{{&(0x7f0000000140)=@x25, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000080)=""/25, 0x19}, {&(0x7f00000001c0)=""/246, 0xf6}], 0x2, &(0x7f0000000300)=""/152, 0x98}, 0x80000000}, {{&(0x7f00000003c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000440)=""/172, 0xac}, {&(0x7f0000000500)=""/246, 0xf6}, {&(0x7f0000000600)=""/194, 0xc2}], 0x3, &(0x7f0000000740)=""/100, 0x64}, 0x6}], 0x2, 0x2041, &(0x7f0000000880)={r3, r4+10000000}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) clock_gettime(0x0, &(0x7f0000000900)={0x0, 0x0}) utimensat(r1, &(0x7f00000008c0)='./file0\x00', &(0x7f0000000940)={{}, {r5, r6/1000+30000}}, 0x100) ptrace$cont(0x1f, r0, 0x0, 0x0) r7 = dup3(r1, r1, 0x80000) mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r7, 0x0) 07:39:47 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x400000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x8000) ioctl$KVM_RUN(r2, 0xae80, 0x0) setsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, &(0x7f0000000300)=0x5, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:47 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x28, &(0x7f0000000180)}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0xfffffe6f, 0x79, 0x2}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:47 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000", 0x3f, 0x10000}], 0x0, 0x0) 07:39:48 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f424852", 0x44, 0x10000}], 0x0, 0x0) 07:39:48 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RTC_AIE_OFF(r0, 0x7002) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000300)='y\x00', 0x2, 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:48 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) write$FUSE_WRITE(r0, &(0x7f0000000180)={0x18, 0x0, 0x8, {0x9}}, 0x18) ioctl$KVM_SET_NESTED_STATE(r0, 0x4080aebf, &(0x7f0000000780)={0x1, 0x0, 0x2080, {0x6000, 0x4000, 0x3}, [], "32eff1b0ee1d24f2d43373ed0b834d2dfc95aeffc9fbb8c269b703ec4b762a6955d4994ad7e35c8e8bfb64c3de18a61d27dce2b5a3bad3ed35740015f6063b1bd37fd5a4d9e7b562c688c7278f98121e7fee121c8581f3835df1f67143be08c6baff6efac4318ef51341c6f5634437d27e6d1742545e5ff175584cd54f794b483c1db450479c85991382dc4f9314f0a1dea86034a5ec71a70b611107c7383f31b4e60a48192d20070e7d5ebdec5c5f619683dcfc9af5633730ad075cf32b214b51f24ea1f30d5abe2f32fdbec77747b2529c63c4b55b7a33d36480f0996bfa8b249f0f2fb4af867b0b3cc8323c318476a0c2e41653f4d83863e2b2b942108a9f5eadffbb75db78749b9c7ea4560d45f78109b10062c5df3de92a9739f83bb666af95accef7d9ddf7523898295bb323fb8240b1d19c6b296e170f55a3d0ccd594a6b91df14831bb381768e72673c5fe1f0e8181b6a05aed3ed8610b09a5fdfdcf3108984987ef64706c9932e9b16fe499f204175ab144edc0bd0ed59debff1598d4a24c26acce014f70c370941b0376bd834669b80483fc78c79c2424823484c3374afaa4ac2f8b7e5348ac523dee6cb3652c7dfd0ec575c934ccbce0cee1dcad93dddd83656927413f1cff47420d81859ad446c7bee32ca152bd9a99352f9840907780ee9fc339b81d9b8743c7e7865ec94d43d10c47f623ba5ea626dbbee5beccda20e967fead0668f4f92c3fe28ab310ba74967d8504058a3930520c5d5cdff139afa6c7865069fa92279cab24614b13a553bee5febf3da8fda54ee886e755e92736f2444829482a61b0507d8bbbf4cb96a298796da007a11b18d4c8d1f9310f003270d4c44cc2724b4e168cf32bfa64e00861453fb1cd276f857e5fdbd93a6e8b4fef3e0dd278bb21d2b3b5921c3c75b758efe080bb36c370d9679b571e493d59eb43a0b9e5c2018fc3b3bc955204b24a677f25a0b2e87049baf01045b427b3d327412f9cba880bfbc1202505b45a1aaa1f32e1c45a9d998cf24ec08e56bea34e258e63447c40242e0c2dad26d077e9f1ac25da106a45192fa24f7c07193a44d3955dfe2d4e04a0191b93833b1f7c41a9d7badeca35deb36f51ed58612ddba65f5c68a3d843343887f7f7c95310ae7c55fe640142b923ce7b82c008a6b085eb22d5076e6c7acb797130e17f6cfd8718cd3e8ae61c808d2bdd1af261072b1aa1ca521873f1e23ca420c06ee10ec97b3ac0009536b30236ec09854652425ada8f11aeff3b22360405c099e13182d65c7a1f5deb5b677ce98810c5a3808b27c2f592a8a1219cb8d39eab974d2c9a772dcbbf108b9e8df8be230c9869b1ba64840c4a94ee6e89101f82a2336b60f4dfa72bcb2dd8861c5c7797e098ad1f3a9e88fd67d0cb01e213cb610a200e52374bd9040d072a115fbd44dc48528f6132ea08c2e3955955668fbe8dc681e03de8ba7e67c2d1a32373f683d05cf9ea755fe9b3591f2c3c24060b75fbb3b694fad9e6c8b0ed261b4bcf7996f1d2212d276294a126fc449d273afad7bf55be4aa78e0479d32ef3e14e648f342920980c9f652ac96239b7a5899323e982240a59d5ebbb3bd41660d09d78f76c76d472cccc3eeebab4e966c81b871dfcc813a5316bb48e6d80e2cf94fefa60df01ab0e816819d8bf83b111a13385afa74b3860422e3c7ff258982b210ec2a35aefb77f5f1e26cb862dfd2fe450ea4f6a0a7123255ddcb4c86414acd92d2057388f07209246392f4d337bba6be65895179969944e403b7613405656b14cbd18d63c3a72bb6670808832ef50a7e3f722bed3a0fb0f25b4369c532963bafa084eff0848b69225f2106e518e040040ddfc027e927d1eef29ba045d78520e007fa4a501ed02772250988916d57c8a5fc80f9dc4fe00ce54f8da7e92d3221ead9280130662a53b51c0c9494d698cf20e9d682f4e45b41b47bfe16c7239f4956fbf72d658d41262bb03c6629b307e04a8e1ad2ff46ecc3c20ddec6a10b24e680ad4abeb774bd3aed81b3a799055e93d0078c6da51318c8eed65a1f08dc13cf8beb412da84652bc24a595621bdabb09f13f1fe477aaf26616de8a206462d92669852203c7390b87567b7b744d91313e7fc64245cf828e952151d95a96d906615d362421d275e0c15da68fd6ba6e9f7784d0490b681d3879f55dd9d4b47437bee35dcb645ca6b0aadc9893842e6e717d2440b27d0a23bb3168704993c397f668a1d9c5594e3173f9c598eb2b86b2e4454f0144a05b022fc54ae6e2a9c961e008eea1c0cece6178e62003e019c61272c78843c500dda8842e2240c3e300b1f0daf660520398c472f297a31733b8c9f76189c7a356d8a0f680c3ca1cb7750c24bcad422779e02159bf49fb57e1366545075a304ac6a4136957b3ddc950da8833738a18fadeffae93d2cf3182f03294466c68ce19d95ff8fbf01ad06952b371e7b4e170a5d751ced7bf29f5ba357f0adf6adedb54fe94f19c2232af6253726a9a711e25c44260707a9516ceedd195b7f329a9a830a8d5688a13b515a5b5604d10b063af15e7f6e0133a6c52164cb487728cbd98446c0b7ed9067897e529c5693c145f29b43b6d8c2cdf950b652cdb7f3ea4de3b3b3effd776680d8cfa2f20ec2e0901109ea873f22dd62c52ef75d8ce7c5e3850cdae08ce227b31637db55c5c4e22780d33c5856901a68d5347b90bf0f1f4d8d63079fcb09661f523435d0b3dead7697401f365b8c878b5dd42be24dcc4cab92e4c03c9d03e4f0ec793310e78973fd072318b3cce671e73b0725e276357646d50abffb35af0485ecd585a13d1ddad585feb8f66912f27a047469305cb623242fc43a52e3e8299ccf8cc6b30a3e16008298a1c73423c79a3e646fb58d10e6a88aa8369658949697b60ddf6ada9777f04ead5e8ff3814aec94a87b1801b4701ef73939d92f9462a18e6828abf9dbddc01ef9c1b9517063f81e41c22caf6a7abdaa17f83cdfc215e317e660bf5e1e09beb026d0db4e0a8c40e8d53b48db053a2e95a2c06c5ac7c13340637a3fa007d6fabf3b52a54b968ff13d4e79c23ddd972732a7a4de9309a7a16c6f70b40f269a3de9e3f7eab70ba6bfad04eca0fff8339e8be145cf5858e135fa8771c2004d5b37c79fd0a6542b65e52eee1694381301f83a5831f23b0ec996f47937310183e5dc4bf6434b4364d87fb75f101141b3367750bb6b4206d21e2e1cd0ebbaf2a881f746a7633c687fddc9514ea02c085ab4b9052e02e2feca9e0576d3721839c44888373897308095c189b0e51109af415d03d2ec425d1eb282f7f229d3b3377d03882955ae55c7ab8702fd31bf1858ef89cb766ee310d313948eee4478e9d5577b5c19ef3d0044881381d1f4ffbb3e90b8a341bab32663ef46de9a432c3f1ae60b7420f4212e6d8e6e8755a42ec3b7c8d3af7f06fc0a93dcfe186f90ebd055fe2389c3765e7da16103f858bf3c28a8fa737df09dd2f5621d8b7e8f4ff7fb62df8944a7756985f236bba664f1e5fdaac631e044a17f5d887bdf7b1c0a43dc591a3b81cc76b0878356769eca6f09f74121d0734053960e55aa842ab4ec30c4f0ee2acdb870f1c7cf8d5e7c0347b238863f5314db06e3013f4c6fca43845f87b67b58bcdc1ee1cec970b2da0c9cb6e94daf0a1e93f734cddf851bad5f35874e278a17e3028ae3ac6f102d876c5c5a306a5aa1324d63a7923ef047578fc3e5c9576ef00b63173518349badd3f35ef906f9bcff06044f869595da20ca8eb05fda52b58107519f49a7a8aedbda86165c2ef48b0503ae59cd51c2d02ffcef7d4f279e9489f1a941c04d7bf6d51d5a32bc9b3acfbccda1bbb23d3fb6451adeb87e9a46b2b823a3c0782100ef5d7454ca98d2009d0e1ee767e1c44db36afb09df31850580c1f11c9646cbf4176c1dca96cc81b9f0426d29715444902bf8e30d3b24191ddc5fba56373e4d19fb6a312fa08d2fbd238cb5affd3f4a1fb0c25804740ab385e2761ab3abac372da5329eb85919979bb87392150d111ddc9206a65443ceb86c328c5614d6427732b804d20c7047c9025d02679e6dcce97f8e3f495757164dd8eb51e7d9b1a00f121bba98a52ff0ed230c28f53a65fa33e3d3a024a6657632ca4245373e9c80062b5664d1b0a0b90f1bb0b953f494fd685a2ba5ce045ac994abf7132e585daf94fc4ad22c2eae96a817275fff608c5293600f85c461d31b92f3b62cd5bddebcf6c65338160edd73bc2bfe55f9dd57e7db1046cef8b88009b2b90c122e1209964f52bb3bbfa038a2e84ed82f41f719a1d9a8f230dcadb666227fdd7a05e388eef6a5932350a24a64cc1390594f57292ca16aa57af981269cf00f4668342b18833281da57274ae972b479b6c2babc330935b20c214ea9fc3572b2d63a4009c59494735331d1165e3b10da3da5ccaaaae59822b6e3b8bf3d3537b72c2abad790359b77de0b42910a8f9d8d2cff2deebdb2e05c82e6fd1d04b6a6687bc904141c34c3a395adacc15d4ec4e2d560d82e7269608b4703c30638eee1993293bbded7406d7987b3112b5f8b34ee4d2a6192ffefed8543a161ef1377ee170733c31795a4862e0ee278235ad9154ff2bc3025437451d0e71ec7c76eb7c672ad06a79927ff9089ec21540e14aefd3ebe0fc087e05a591f81b72a3cf060417dd7cad982b7661cd07d0f8a0e6a51a1f23bab1bc196c52eacebae020820e4aa7ecbb3fd10cf4a2c90c819cec31af99d8d1d654f9b0ddcd0e6ebd660067b6f77343aa7df5103fefd4d1f29ebe4757def62f44363b15e0a25c06b363f0d3a7758ec39f8fc04e9f7fe948ce813594c6cf25b44e2dab717db544c3a360fb79bbd157f0447b3d99af4df858e209e56369b525edc0ede12253a1155aa3c01f08f16bbf66e2c74af71ea9b19901a10344e01f03e9c993229aac1c0fcb8d10a6941ad631f40350312320f010940dc4690e0009bfa3ffd6d2811c98759cf3289dd998da457952afacda64aa0a734b8ce67817dd3762b00fa3b968f59bc2fbb26afd8a85af451ed681d367556a3f1aee5d8d3987769ddd62a65d44bc72c5541705e2afc44571e1168f97d8c8b81e501bcdf7cdd10a9d4c59155f7ab5b735ec0d14ecdcdb2a9a04c7859325c2e8b21aa7799a964bd50647b9ff9f3dca6f07dfbd7a24b98fdccdcf927eb9f54b0b9e4bbd98971078ae846884f25308a62a30e866939f53c7c39c4780df23b495c2fa36181f92a4f37cb42bf03e6e2d0a7eca6dcc99b8ca84e28981d18a4a7b9ad64877b525f2b9ff1f89c3bd71f940a0c52fc48d94d6985b91d695671c25e46389e07fb6215f9de3a901f6d23c1c5126b83ef3df94b47866917c444118a5cd46d1d077bf4e72c5e707ab86d596c3707d5e7abf8bf07556217060ae6dfd27c0408e06f41e6863a0c97a71fb37f670d24fb9944539ef950c1b07f9ca0edc00a5a7ad60ece64cb37404c37134f37ac6ecf5d729facc92b97424fbdaf7b5eb85488354894b3cfe6fdca0b71b961d458b38b7bb0424be767f9eae1941b3dfd565f10ad24ff080a41f3ec8a3978f7babdb1ce019b67e6c4f96e1b85559c43981f6f5d1b2bbddc49833392ca9a9e13141bcf0b2f47060468fd68a2847273211006e5e01dc71592c13f197c0b426cfcce76aecc7a199bc6888cd6838c2af0983fc117939e993a0fa225ba5be1fdff430e889eb39272d517b3fed30e5d3ed7d346beb6a498f9a48e932fe799e54625a25736c46e291759086b83fde755dea72c1dca57d3206501bc2c0d0846a1", "1089933c00c0b27aab27339e2cd7dc23c5b1770f2e3b768be47efaebbcf07c0ac9ff8992b4490898acfe59dc98e1610e1cddf60e77922b6e134ba86bb87bbea9b7f547ae446503bb62a88e57bf5c5e217f0ace092e6d5e2824ba007154bf6b46a3d2a2273c03657066343e3843a84ae0f1384a3d4fe69c24c540d77ec45a1b2d9990cbcbd17aeb8e2b1750e53c6ae6166c4677fe9650f17d9d116126f2e9ed121b04e38cd09ac2ed340cd71649e83c93e86eca5e855ed57450f994616cd2b340be704b7937ad1fa44998623695a5750d3549d1fae336d45610dd4e0ada9ffddaba298e5d903fd66e2a20d835c27e643d47fef072d2b093ab689623eee0f1197f4cb1d463251caeda099593c1630a0910ff6ed0ccdb08bc148fa4066d2e4c45ffe48ac4e2921e786fd62b05640380348e9526d3f7afbcc5fc7fd85cc956504fbb7b53e4ccf6228aea7569aebf71c2619d7c33fa508fb4a7ea419db526ffde10dd898c2fc9a373c1fc22747cb0f0f05f5906ae2c1dfd4bd1ca3c9e748a6f57f8818d6007a7b0ef92664f5d82263c74d67ae6ee190013662ebb7428e15c56f6ccba6f20d1f3aed99cd9e497fc43bb0e27eb697b1490b0d0a3cc2e28f8624fc1dff651993ccbf9ed449a6ebe1519b709164c602ecd67a4f48969287c2b2dd134b9892805540141e93a3c54797fd27c4dc10ee19f09ab24a6d297ad439ce3772e7a32b4f5cb6a8b6d771b383e1aaf19d08a5940634473fd5f2c5000c4f174bf624d17999d22633eb01f6f1262b264ac051f8cbe9a2f5ddb37ad0c9ebdc5eaab29238cc55994fd0e08c431807cbfb2a8fd7d6c85d2260532f7dfb7f77eaf4f7211ff71270f70fa11412e5212743be1fddb01d58f009b5e0419fea57a1c6038a16dfb29589040e16606e37dc8967a0d6cd166145f846e7e39db5ea6b2f7c83ba2fa1e8d702e9c5e66162191640380a1b9b4184bc53d2a00610d02c093e50950022654cbbd0ba25093164009016c603c0a9aa2d12f9bd78cb296110ada453dda74d236afdd2bf99ee29082b58079616798b84a26d09f03eb523367d84db59f72bc6a60dc12c42cd946e79307a4855ae5cbb3c263a07f5350c861e2c715cc9f8782cc1148c98cdc7c201d0475e963fb8619356f83606b97059913072f4c606d8c04a9e0d9b54cf8c09cb2a5d72c76f387690f676a8ab5cb67aea1b42dc7a46b9fa3c27cc91e5a364c22e0d2e94d8a4013597c22fee0f8db4b02cd55bdf618e26a2e43dbe66054e32e7c7c89d5d17f8163b9d6fc904f2b87ef9d2c0362552560d05dbb8ce168435065a1c4c5d41060b73afe03979ac16a7e2c120d01632e19297f7fc992a2d7f506ce73220924341095fa4162805b79ea28a09b65e07da876f7cf94031b2f323642877c44fd60675d6c794e4b4c1d9ef62c0c04104cf7dd62d5b85e6472ba46a193b1c4ee0c4b704af95a81e356c9582754ddaae9b4c22f9de7a9a6abaa13fddd4b4d3e0dfb50862be656909819717697f38170aa862cf21490ccbad2be9788b56cd9efd44f5ba8cc33eadac6b7c179bff81d676f49531bc95a6bb6e4411b60552057d425bded6ce25484702e1bbd2c63ce33ac4e31d3ad3efeff75a693bb9c025b1afb223d6820a87c8e704dcf9a808fb1bf6529892793976a2c8ddd62c1eae42896f8625d83de15d708ceda2712b38f48835d807bbd52bfaf2a4bfd75bfaa3165906d405f13d86afb275b819e21a273530be872c88441954937673d8cd8ecb9cc8fa67ee3a813228363a1fa177ab4a0b57c62daebaf5830990e746dd9bd4b3a55922326a1b0fa5e038e6d77af38f870a2f4bec7aea030799bfc81d5af14d5fa77e8f3eaf3b62e90d9f243487ddaafd469fde44f17d595c3055b29c747f69d6f35d612f35f07a5537c298405f88f378ba0be0d56ac9d11483eef543aa3ca86a6993e04fa76edd975ae251f7847e29ab4a6e9b8b6ecd3ba0c69d6518176e44909dfee50b0c41a37a8c51834e52af4263408f52d02518ac98d358038512785e678504e710a01b59e861ed33cf448ec76b64bd638ad8f25284ab47bca4ba4466ceadb6b643069c94792d309a66dfc56b7867c685dc3fe552bbad4296a3767ff7686a1cf8871489a04c2f9020d64cedb0474a96abcaae139ce74f2e11e2ddb80be0406574127aefb0f0f6a97120c079a27ca6667a02489d0c924dd8357ff19872dff3e1617c8ebe3b0c673dc5f013128fefe9b134ed3689c2c26606df55f78af10f15be542e1b07e33013d54a676e4e6edca7c3ae65eea3d6a7a0cda8df7c03e31ca3d65ac19a11ce70aa2c0d3ab03fbf1da834328b9bda68ac11f55d0c98c44bfe501e4f6b30772fea162fa6e6af3ec7c3d8b4f99d7dcb62fc87580ebf37cb2a9920df7c97d5efa56fc780f47ef12a144de95b7bdba5e1c7ff8f1d5b77d0fa842970e20fcf69bfb077ccf24a9e608d1a93b1d87b996031707469248af3a28985912a0788a9b2b1ffea848447739d1e88e274506f91199dc316fef86e06f25b8c02d0aa2cc192ec04ea57cc1bb463f8f10078863d8bce400bbbf3ab59488cbb1cb8d5ad4a80037613ac44b3905f520bcfa800a2789df4d2d78f9fddb19ebda1de2cb8d4292317c7cbeb08901680dda2c50c66ebdbf2d9008afcc0fb1c180332f21425c9f61880ee59b6d0879513d2fb8afd3bffc2c5bbad2958207249582bfd9f569c3762e1c6fec3664b3639e4ea43b1928e2e5340d899c3604fd8cc1b661915cb1139d42f9df810aabf1fa86e382b43e4a511a4e761a6f4395eccd4aeaba9847dd1d9ab234a837912d1e114dff60a95ce880c7d7e8c95507715320a61fcb51db882a6e377eb03bc0cd5fc72ed92f4ecc6108ce7bdc25f4ac342980959fbeb760df76b611fac7376250432b7a285c9c6f0b04434f5c3e560a0221470c608cac79eb72ec9341862c938ec8e02390de823748f5b897a756631c0feeb5706df596429b509298d17951f071fc0b3fe8c7de918b3549ec736b4af0b191a82f438e9931561dafe56d28a018196322bdc91a5bf987aafdc4eb58d80979f15f786ac45db8eee9d6c5183e6b99095f6625c7abbdd7917d124a96b89c1297d2a9c216fdb52d740e25c6e48cbd9e7358a402a59c4e5bd8ecfafc2d3749fc16857ef24722b37e7baffd34f092027ae555c0784ee5ac73cb2145536fda33f8b183efdada441f8f5ecd767ade5bc7f76a6bc28b9a0c478e66d7c3461434e003364e4abaaa8cd9e1da59d14cd9d77cf125447070a8400396f69633716f1746305425faa989d19e337d2c0039ea5846d3d927ca2e143135e797732c8297598d7325d7781b4b293895d8c07f53c3c6540c655365ef415583be87a249a331adabc0e0f7dd7b64a0870c9c2d02631a33b9f06d724def6ed39ea1b9b9f56cca6ee45f52cff8aa887ae6e8545c53fdfb4c939d54b2f6559927beddc21573b61245b66597e47951ffe48d8864d30f44c713764c9c983ab79d434d7b9b32cd5257ec3b89ae251a2436d5bd91b8784e820a12d3b7048fd7bc2200d2873d78db58eec228858109eb433727da1537424f62c25b1197ac14213d7f155d4872440184047a92cbf4f72d79ec2c69f9a2041abd25963e8bf430d42d3d5fca2332f4a74767491a11def28e5a2b4188e1b390486819a7a9744e6573fa09332e87b34403e9024060b826faceeaf9660cbe1106abaa33d2195bd2ed05524a9af59a9da73c5c78b7738935e5e904aef9b663343eb4446b6910fb030b7205d700109310df7d5ea1703ebc11b47ead7c1b4d8a13a64d37f2f702722832f388890bb22ede0cf3fa535e69a28b0a22634a30695a2e55ad443064362862a2246118de7518beaebf83af110327de44c77d453674a4994b173b7bf70555edd0e2e33e91cf453cb53c39dbe31c4ca8640742807fb8c071143df3965a5c32e5e82fb2eef5fe6b92498ce61b5f6ea86a55d6373a3443d256970be510c119052498f9d3153b8742e69c0047f46e92551073221c50f1dd46d2302998da69c3ff679e6adc3fd7b55302f9e4b8424d9f5af73e404d3e29c38c542abfe145ca37ca23e98569f741f47395d54cc0df13d54fa91da7b0de237cd0f46ff31533f5a998cda6569245b190acf968af245bb19a6520feb5fbd776348dbf111967b7e74418e4dbe293dfb103e4fe4028e491806a284aa04e3fb2c1a18bef5d5fb6c0a86acef6f1f964b8ceeef1fd77f9dff2db25161f3f1d8802a0ea1146c011d9b7680270992c343651e4d72e5d8fb7e1aa5f575725e57a6b5e247a23a290b338866e8071fe9fbaa1693f5d7bd6e4ca4f394dbff3165e392f967b7e633fa28e53f991ab0a41a40d747b88afde0424e962d24c4bc72a3fbc30a8d3cd3fba341e0b5ac72697e4e82f441c22781bbead89185a02ef450953e1a2031aeded95525ca71454e44b6e187bc0639c7135d155afc45cd7962bc151627295603a9678b09371561e9eca807e4be50fa946afc49bb75a5f4d06878a5b0082d4cd93443d42d1c9cb0525e9cb93f9be2f05fde7d2c3fa1ca817a06a12b2c6dcf9ec6f15eba9eb5cb7aadb3d154ff398d9a75b3f322bbad86e3431a0b4dff6a75e6f31232fb1bc644903d729229245f4891233fbf1c31fb34af625132518dab0529e6eebd4abc7a9d8acd27f8a186e03771153582f958a0797ef110b7b210205d1d3998bd08429fbb46f7521953abf520d0c943c11fe263d65fcb98a4f092253aaef2c49291b5f655ad7a238970d22fac2781909f5f76dfaef7714cefcec2ab0c4d4e3e92ffca12072b734d52d3905d09702867f372238770682fc4fa14550b6f4a66ec8cddc3bbf8675ddbbc4bb2478ad1ca2213379f787e0e873af3ea39a9bd6edef19dfee3391c4234d6e25f53840598921953e22fa13166a5f1c270ce138e8f292521292a440e6dfe1c454981bbd1dee5f05eb3769ca708cfa855bbcffd2bb56774fae2541edcd17ccff460a723b59ef1b2b8cded51815e368f728d78d1c6bbda0f20c0a2bd69b8e0e09ef07abb96256836c2bfd8f582a43d41c20d85720c5189c42b68f4c4baf02bd07fc7586bbd4c0c49603ca631cd7d9859560b3c3c2f2f81edbfd23d8dda6676d53b684407337821e8ad9e1fd0ac4b22ec71e1278811f3c9bbb99a82ff4686fe8126eb68e93ef214fb9cefa4cda6d31aa4b3367689c4b1565c522c5763109b28d3ef3aeb9cb3ea48572ecb63f0d0cd13c07fa80eccc4b7b5c5d555185524f068058976ee7b6be4e08aec769068e94b36857c107973c5b4676b7e89ac90e67fbb6ce35a3cc45d45a2763a8c15601177d0ba315b60bb01d5885d8b57ea8c0e90e577a04a6a10f7b02053ceb6580a03bd49f575b478c4609ec33596d5da8a01d3bcd338b2196bd2168a572b60726d3ed3bf920bcb5e4a4a5d26b6e16175a46030681e96b137031c82058ce6e7067ba7fe1a271e7f21ce42a05e4f348bf2fac1fae02a727a5a84dd425f30f9f1cd622d4cb7b926c91349212a56ef235a08bd6b69732b9e08c15ef927395cb5124b0c6e37a7a643471bc5f6689ac203df7f60049e3534086f3b976a8e05276c44802dc2ec23cdc47160164bb6bedaf8e4c1c99e4ae0ad4141c7bae4465845154c34c74ca63d57c45c21eac8ba13838ab68897845c9889690c7d72e3ee1c6add92011cf90644a58138659c0eb4322f43fe381dc77f438cf5f392eb8cdc07ab851ad0589a85dbe961d9f4178fc6b1be42a1ff744c38842c54c9388e6d02a82717b6771be0b7d58f4406d597eafb3bb"}) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 783.117478] *** Guest State *** [ 783.128267] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 783.155982] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 783.167841] CR3 = 0x00000000fffbc000 [ 783.173899] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 783.179979] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 783.179994] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 783.180009] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 783.198096] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 783.214494] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 783.223062] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 783.231852] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 783.239903] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 783.248031] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 783.256166] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 783.264927] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 783.273057] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 783.281186] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 783.287616] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 783.295211] Interruptibility = 00000001 ActivityState = 00000000 [ 783.301547] *** Host State *** [ 783.304819] RIP = 0xffffffff81173b7f RSP = 0xffff8880536ef998 [ 783.310947] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 783.317406] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 783.325367] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 783.331411] CR0=0000000080050033 CR3=0000000050e65000 CR4=00000000001426e0 [ 783.338562] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 783.345396] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 783.351586] *** Control State *** [ 783.355090] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 783.361927] EntryControls=0000d1ff ExitControls=002fefff [ 783.367464] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 783.375104] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 783.381876] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 783.388660] reason=80000021 qualification=0000000000000003 [ 783.395817] IDTVectoring: info=00000000 errcode=00000000 [ 783.401416] TSC Offset = 0xfffffe5a123f89ab [ 783.405827] EPT pointer = 0x000000008af5001e [ 783.410688] Virtual processor ID = 0x0001 [ 783.830150] net_ratelimit: 14 callbacks suppressed [ 783.830155] protocol 88fb is buggy, dev hsr_slave_0 [ 783.840381] protocol 88fb is buggy, dev hsr_slave_1 [ 783.845710] protocol 88fb is buggy, dev hsr_slave_0 [ 783.850905] protocol 88fb is buggy, dev hsr_slave_1 [ 784.310227] protocol 88fb is buggy, dev hsr_slave_0 [ 784.315622] protocol 88fb is buggy, dev hsr_slave_1 [ 785.030221] protocol 88fb is buggy, dev hsr_slave_0 [ 785.035483] protocol 88fb is buggy, dev hsr_slave_1 07:39:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x403, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000080)) 07:39:50 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f424852", 0x44, 0x10000}], 0x0, 0x0) 07:39:50 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000340)='/dev/input/mouse#\x00', 0x8, 0x2000) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000480)=0x4000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f00000004c0)=""/23) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000000), &(0x7f0000000300)=0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r1, 0x84, 0x1c, &(0x7f0000000500), &(0x7f0000000540)=0x4) r5 = syz_open_dev$admmidi(&(0x7f0000000840)='/dev/admmidi#\x00', 0x4, 0x0) ioctl$TIOCGETD(r5, 0x5424, &(0x7f0000000880)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) vmsplice(r3, &(0x7f0000000800)=[{&(0x7f00000006c0)="3991e03e13c83bbf0d582ba92c06665b112ae091edad165e987b8b516295c1c434d1791b4975587d5622c9413f44ac53cb1cb5e43a99d85fd74e0ab815f0a4868edd75e4bb7a1b4d221e309f747c49734b49721eafff2a64cca06a81eeb96779382a32a51ab337ec4f8c51a4bd082765f156ca515a6ce8e473", 0x79}, {&(0x7f0000000740)="c774351d31ae7ad9172cdb24419b76f45b83cef06db0970c811a8868c230f379c72efc2315a0f2deb923d75a312b49daabe8b1903a56b92c4ca2c46c42aee8fcf8fec7404a628f0d71811689270b6456be145e94b8c0880d36f612d0858ae942c709696da9373849bd5ca97cc8dc13a104d36f1bbf3048755ccb09f5e66bc68a1f0072850d917f0da8bd513e4b6a1a50d00878b0bcf9fa5a1e5823942d4b310ce30f090d96bc55d756b2dd28", 0xac}], 0x2, 0x5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$PIO_FONTX(r4, 0x4b6c, &(0x7f0000000580)="8440a3ec79dcf1ae26ee10787c73a780cf0be7298ff249fff61c47e5de6aab6f121fb3cc1a247424fb473f8f41d98ad887eb1f229d4381f48e58df1410e84202d29ce5fcd762e77f4bb7c333f0e27a5be88f3ac667181abe6d65244a5553e7fd51d8ffbc97934eef26f82da015fb0c1c27cfe90548112b0f49502a0a847d5fb3db10f654e73c178b1acc3fb7") ioctl$KVM_RUN(r4, 0xae80, 0x0) epoll_pwait(r1, &(0x7f0000000640)=[{}, {}], 0x2, 0x4c83450c, &(0x7f0000000680)={0x2}, 0x8) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) 07:39:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x79, 0xffffffffffffffff}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYBLOB="8600000030362bbb419f8bbe07f57a5ca6703478f9212c729a13d6d98e149de98a0961323687a305a68c7ea7e2632c34563fddceaeb1ea8e44e069e8c832932af00c547d7c6eb83c2d5cfe18f3454c47de62be74a374aa048a2fcf783b180ec32bf1af23145ee6fbb7bdda8a765bc2ab0300b58dc0b2b19438e13e6d349842f31fdd79979fd47fb255a4"], &(0x7f00000000c0)=0x8e) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000340)={r5, 0x76}, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$addseals(r4, 0x409, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, &(0x7f0000000540)="baf80c66b860a9308f66efbafc0ced360f01c5cc263ef30f07660f3880310f0664f30f0964660f380b540c0f01c966b9800000c00f326635002000000f30", 0x3e}], 0x1, 0x0, &(0x7f00000005c0)=[@dstype0={0x6, 0x1}, @cr4={0x1, 0x500208}], 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:50 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = syz_open_dev$vbi(&(0x7f0000000180)='/dev/vbi#\x00', 0x0, 0x2) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f00000002c0)={0x3, &(0x7f00000001c0)=[{}, {0x0}, {}]}) ioctl$DRM_IOCTL_DMA(r5, 0xc0406429, &(0x7f0000000780)={r6, 0xa, &(0x7f0000000300)=[0x6, 0xfffffffffffffff7, 0x2, 0x7, 0x10001, 0xa26b, 0x7, 0xacf, 0x1, 0x80000000], &(0x7f0000000480)=[0x3ea], 0x24, 0x2, 0x0, &(0x7f00000004c0)=[0x1, 0x1], &(0x7f0000000500)=[0x808]}) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$cont(0x20, r0, 0x3, 0xb0) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:50 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f424852", 0x44, 0x10000}], 0x0, 0x0) 07:39:50 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000180)={0x0, @multicast1}, &(0x7f00000001c0)=0xc) recvfrom$packet(r0, &(0x7f0000000480)=""/141, 0x8d, 0x40000001, &(0x7f00000002c0)={0x11, 0x0, r6, 0x1, 0xfff, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) 07:39:50 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = msgget$private(0x0, 0x40) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f0000000580), &(0x7f00000005c0)=0x0, &(0x7f0000000600)) getgroups(0x5, &(0x7f0000000640)=[0xee01, 0xee00, 0x0, 0x0, 0xffffffffffffffff]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000006c0)={0xffffffffffffffff, r0, 0x0, 0x2, &(0x7f0000000680)='}\x00', 0xffffffffffffffff}, 0x30) fcntl$getownex(r1, 0x10, &(0x7f0000000700)={0x0, 0x0}) msgctl$IPC_SET(r5, 0x1, &(0x7f0000000740)={{0xfffffffffffffffd, r6, r7, r8, r9, 0x40, 0x6a6}, 0x5, 0xffffffff, 0xd2, 0x6, 0x2, 0x8, r10, r11}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000000)=""/64) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 785.564614] Unknown ioctl 35075 [ 785.600238] protocol 88fb is buggy, dev hsr_slave_0 [ 785.606108] protocol 88fb is buggy, dev hsr_slave_1 07:39:51 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x79, 0xffffffffffffffff}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYBLOB="8600000030362bbb419f8bbe07f57a5ca6703478f9212c729a13d6d98e149de98a0961323687a305a68c7ea7e2632c34563fddceaeb1ea8e44e069e8c832932af00c547d7c6eb83c2d5cfe18f3454c47de62be74a374aa048a2fcf783b180ec32bf1af23145ee6fbb7bdda8a765bc2ab0300b58dc0b2b19438e13e6d349842f31fdd79979fd47fb255a4"], &(0x7f00000000c0)=0x8e) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000340)={r5, 0x76}, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$addseals(r4, 0x409, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, &(0x7f0000000540)="baf80c66b860a9308f66efbafc0ced360f01c5cc263ef30f07660f3880310f0664f30f0964660f380b540c0f01c966b9800000c00f326635002000000f30", 0x3e}], 0x1, 0x0, &(0x7f00000005c0)=[@dstype0={0x6, 0x1}, @cr4={0x1, 0x500208}], 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:51 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) 07:39:51 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) getsockopt$inet_dccp_buf(r0, 0x21, 0x8e, &(0x7f0000000480)=""/163, &(0x7f0000000000)=0xa3) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040)={0x1}, 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x10000, 0x0) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000140)={0x4, 0x8000000000, 0x2, [], &(0x7f0000000080)={0xbb09ef, 0x0, [], @ptr=0x9}}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:39:53 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) 07:39:53 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x79, 0xffffffffffffffff}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYBLOB="8600000030362bbb419f8bbe07f57a5ca6703478f9212c729a13d6d98e149de98a0961323687a305a68c7ea7e2632c34563fddceaeb1ea8e44e069e8c832932af00c547d7c6eb83c2d5cfe18f3454c47de62be74a374aa048a2fcf783b180ec32bf1af23145ee6fbb7bdda8a765bc2ab0300b58dc0b2b19438e13e6d349842f31fdd79979fd47fb255a4"], &(0x7f00000000c0)=0x8e) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000340)={r5, 0x76}, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$addseals(r4, 0x409, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000580)=[@text16={0x10, &(0x7f0000000540)="baf80c66b860a9308f66efbafc0ced360f01c5cc263ef30f07660f3880310f0664f30f0964660f380b540c0f01c966b9800000c00f326635002000000f30", 0x3e}], 0x1, 0x0, &(0x7f00000005c0)=[@dstype0={0x6, 0x1}, @cr4={0x1, 0x500208}], 0x2) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KDGKBMODE(r0, 0x4b44, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:53 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$net_dm(&(0x7f00000001c0)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r4, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r5, 0x200, 0x70bd2c, 0x25dfdbfc, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:53 executing program 4: r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x8, 0x0) openat$cgroup_ro(r0, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:53 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000200)={{0x8, 0x4, 0x5, 0x5, 'syz1\x00', 0x5}, 0x6, 0x401, 0x4, r0, 0x8, 0x100, 'syz1\x00', &(0x7f0000000140)=['vboxnet1$+keyring)mime_typeGPLposix_acl_access{\x00', 'md5sum\x00', 'nodeveth0ppp1lomd5sum^trusted:self\xb3\x00', 'posix_acl_accesscgroup^vboxnet1\x00', '\x00', '*\x00', '\x00', '!bdev\x00'], 0x85, [], [0x89, 0x7, 0x6, 0xf6]}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) setsockopt$inet6_dccp_int(r1, 0x21, 0x1b, &(0x7f0000000080)=0x6, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) gettid() 07:39:53 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) 07:39:53 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000000000)={0x7f, @local, 0x4e24, 0x0, 'sh\x00', 0x10, 0x2, 0x3}, 0x2c) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000300)={0x5000, 0x10000, 0x8, 0x8, 0x1f}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x403, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000080)) 07:39:54 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 07:39:54 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x10002, 0x0, 0x3, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000000)={0x101ff, 0x0, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:54 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = geteuid() quotactl(0x2, &(0x7f0000000180)='./file0\x00', r4, &(0x7f0000000780)="4e40cbd92b779182487a612e8c7d5b6c7450990971a33b3109a0376207a09ece7abef6805dbb314c1572e37cb0e7cf08409edfadaa0391207ebcf069540328b14a0cfcbc9b741f66026975fb60fd24bcc258f0406a12686af69f5796041f6870194d327bdc76a0599b978ad263d65b6b71befa75bf2e8284951a9cdf54cc2b671c610c787ecc56b5fc7d300e80ab7243aa499b2e5e17abb4ef33bd977afa98fe2af88cdafd309bb0b7700c03961b6b31752c81ddbefaea5409310d025220445bc819d63cb988114fccfa4bdfb97b7293564bcab9") ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 788.894851] Unknown ioctl 35075 [ 789.115375] *** Guest State *** [ 789.118777] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 789.128125] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 789.137294] CR3 = 0x00000000fffbc000 [ 789.141589] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 789.147876] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 789.154243] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 789.161191] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 789.169682] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 789.177867] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 789.186060] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 789.194892] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 789.200241] net_ratelimit: 16 callbacks suppressed [ 789.200249] protocol 88fb is buggy, dev hsr_slave_0 [ 789.203172] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 789.203186] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 789.203197] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 789.203211] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 789.208286] protocol 88fb is buggy, dev hsr_slave_1 [ 789.213365] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 789.259281] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 789.265878] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 789.273492] Interruptibility = 00000001 ActivityState = 00000000 [ 789.279940] *** Host State *** [ 789.283263] RIP = 0xffffffff81173b7f RSP = 0xffff8880536ef998 [ 789.289373] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 789.295903] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 789.303852] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 789.309872] CR0=0000000080050033 CR3=0000000084b0e000 CR4=00000000001426e0 [ 789.317063] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 789.324588] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 789.330982] *** Control State *** [ 789.334481] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 789.341399] EntryControls=0000d1ff ExitControls=002fefff [ 789.346905] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 789.353920] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 789.360710] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 789.367322] reason=80000021 qualification=0000000000000003 [ 789.373728] IDTVectoring: info=00000000 errcode=00000000 [ 789.379205] TSC Offset = 0xfffffe56ce90ea82 [ 789.383614] EPT pointer = 0x000000005d55901e [ 789.388039] Virtual processor ID = 0x0001 [ 789.750203] protocol 88fb is buggy, dev hsr_slave_0 [ 789.755536] protocol 88fb is buggy, dev hsr_slave_1 [ 790.070306] protocol 88fb is buggy, dev hsr_slave_0 [ 790.075728] protocol 88fb is buggy, dev hsr_slave_1 [ 790.081079] protocol 88fb is buggy, dev hsr_slave_0 [ 790.086233] protocol 88fb is buggy, dev hsr_slave_1 [ 790.550206] protocol 88fb is buggy, dev hsr_slave_0 [ 790.555566] protocol 88fb is buggy, dev hsr_slave_1 07:39:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) 07:39:56 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 07:39:56 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000480)='/dev/input/mice\x00', 0x0, 0x200) accept4$packet(r4, &(0x7f0000000580)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000500)=0xffffffffffffff40, 0x801) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000180)={0x0, 0x20}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000340)={r5, 0x9}, 0x8) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r6, 0x8934, &(0x7f0000000000)={'rose0\x00', 0x8}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:56 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000180)={0x7d92, 0x5, 0x1000}, 0x4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:56 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) [ 791.658966] *** Guest State *** 07:39:57 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 791.693503] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 791.703931] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 791.714329] CR3 = 0x00000000fffbc000 [ 791.718989] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 791.726972] RFLAGS=0x00000246 DR7 = 0x0000000000000400 07:39:57 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000000)) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:39:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x403, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000080)) [ 791.746685] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 791.756226] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 791.785049] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 07:39:57 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48}], 0x0, 0x0) [ 791.824609] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 791.856664] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 791.873122] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 791.912447] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 791.924794] Unknown ioctl 35075 [ 791.938308] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 791.955890] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 791.965591] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 791.983867] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 791.998754] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 792.019644] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 07:39:57 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000300)='/dev/cachefiles\x00', 0x200, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000640)='/selinux/policy\x00', 0x0, 0x0) accept4$bt_l2cap(r5, 0x0, &(0x7f0000000340), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000480)={0x0, 0x6, 0x30}, &(0x7f00000004c0)=0xc) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r5, 0x84, 0x6c, &(0x7f0000000500)={r6, 0xdc, "00dc709eec19112ff6e5dfb33c3c6e652d8b5d7a35fef64761d934fe3db89bafb9b999439ab2e36f48587a820d0625a05a894ba68d26a5ff7b79fbd3da69076364f7a45894973e59794274715cef25761f47e5f33b9dcfdb91fff2e2ddc7b72ac8cc29d5a6d9b1c33fcf9d53c49ac470c3e175a39243e58ef5d7bcdb39df01f21d213645af468011ff4b12653394a6607cb529c52e5c155b2e97bc4a49caf051d6799fc4121efbe8130e72567a0c7b2b0b3bef4f67d290f72f7b74012e555d8e15b7e3bdadeedf390b3a6f786bf665b1f62d30ff1bfa65398e1ecfc3"}, &(0x7f0000000600)=0xe4) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 792.028444] Interruptibility = 00000001 ActivityState = 00000000 [ 792.035918] *** Host State *** [ 792.039710] RIP = 0xffffffff81173b7f RSP = 0xffff8880806a7998 [ 792.047624] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 792.055605] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 07:39:57 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48}], 0x0, 0x0) [ 792.093201] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 792.125332] CR0=0000000080050033 CR3=0000000096a02000 CR4=00000000001426f0 [ 792.152448] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 792.161514] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 792.169469] *** Control State *** [ 792.175878] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 792.187192] EntryControls=0000d1ff ExitControls=002fefff [ 792.193705] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 07:39:57 executing program 5: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48}], 0x0, 0x0) [ 792.221383] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 792.261839] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 792.275844] reason=80000021 qualification=0000000000000003 [ 792.288339] IDTVectoring: info=00000000 errcode=00000000 [ 792.295156] TSC Offset = 0xfffffe557a764da8 [ 792.301124] EPT pointer = 0x000000005b53101e [ 792.323404] Virtual processor ID = 0x0001 [ 794.230157] net_ratelimit: 14 callbacks suppressed [ 794.230164] protocol 88fb is buggy, dev hsr_slave_0 [ 794.240321] protocol 88fb is buggy, dev hsr_slave_1 [ 794.245480] protocol 88fb is buggy, dev hsr_slave_0 [ 794.250629] protocol 88fb is buggy, dev hsr_slave_1 07:39:59 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x0, 0x2) write$UHID_CREATE2(r1, &(0x7f0000000280)={0xb, 'syz1\x00', 'syz1\x00', 'syz0\x00', 0xfa, 0x0, 0x2, 0xfff, 0x8, 0x40, "602f81dda5c2fa2b300d65ee979f3cf5cc8c509f77373d025df9c14ef72e9d44638c5dc5487615750ded7d95c5d090416976b11976332edb4d567d520fc9bfffb8dbc3d57ded3600d3bf9bd289173dcbedde1a0b19e8f54f40bf6b882ce5f41cd787ca861dc3030af2be3415d323aa14c017d97ac319fbe168cd9a87e48a7b4dcf7904e41163f73eeb18d5195ba34169c00e1b088f9e64459675cda1a63842c6ee9a70ca85209b1a27d64c1519bc4311c9468179f3513c5409e738bbc703f54a3bd0b47c17937d965f999723d80b3e9a288eb91de6c5a843d646cbc1575ccc4fcde7199a22b4b65a4e74df1c0770752f86ceea35b7abfa934fc0"}, 0x212) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x100, 0x0) name_to_handle_at(r2, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x83, 0x6, "d60dcfaede2d12193e15cb5810c9a150023ffb49301db785cf09102d72bcf15578cf1afb924e28acad65d3036a718f894c6593a6744023bf6cc486099e1a010399a186fadc30e0001a5ed956999a6465e78b21061dc322d7846ba0b24e34dda15618a805adc820b01ae7942231ae19a9691c61999710287d0d5fbd"}, &(0x7f0000000200), 0x0) 07:39:59 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x0, 0x0) openat$cgroup_ro(r0, &(0x7f0000000340)='cpuset.effective_cpus\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:39:59 executing program 5 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:39:59 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000001180)='/dev/kvm\x00', 0x40040, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000480)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20400}, 0xc, &(0x7f0000000300)={&(0x7f0000000780)={0x398, r5, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xed}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_MEDIA={0xd0, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf305}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xbed1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x326}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffffd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xb095}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}, @TIPC_NLA_MEDIA={0x20, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MEDIA={0x114, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x53a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x581}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x40}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffff7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x948}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x94}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}]}, @TIPC_NLA_BEARER={0x8c, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x2, @mcast2, 0xe21}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x200, @ipv4={[], [], @empty}, 0x81}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000001}]}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth0_to_team\x00'}}]}, @TIPC_NLA_MEDIA={0x5c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffff7bd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa8f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2b}]}]}, @TIPC_NLA_NET={0x2c, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffffffffffb}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x40}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffff}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x68b6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}]}]}, 0x398}}, 0x8000) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000180)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000001100)={0x53, 0xfffffffffffffffe, 0xe2, 0x9, @scatter={0x6, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000b40)=""/155, 0x9b}, {&(0x7f00000004c0)=""/9, 0x9}, {&(0x7f0000000c00)=""/223, 0xdf}, {&(0x7f0000000500)=""/17, 0x11}, {&(0x7f0000000d00)=""/143, 0x8f}, {&(0x7f0000000dc0)=""/91, 0x5b}]}, &(0x7f0000000ec0)="9fae564eb41597f943a27d3a33de82ce2b5223ea6486403f4657147f249cce15938775fd0137ec54ddb90e8bd283e067fca97c0b077b3d756e755b849ee03c18ea54f9798280003113ffcb8d4271d7843b8184197590a9751acb25638b2b690565d600af6fc4dc4a6f3e61d0ec130db8dc0ca7393ac94be06307fe6f723edc1b6868e353907f1263dbb0c7e555120b478b36e4647592a19184aaf862d5aeb46a28d079d89cd8a5cbdda38a77037abde79f9999711e787a42cd0ae445fe9f1c6a6a58270ffe0e1e3702a40e8aa683d5ac910ce8c9af8a89dd31ef66bf0522b6e158c0", &(0x7f0000000fc0)=""/201, 0x0, 0x2, 0xffffffffffffffff, &(0x7f00000010c0)}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 794.548791] FAULT_INJECTION: forcing a failure. [ 794.548791] name failslab, interval 1, probability 0, space 0, times 0 [ 794.561090] CPU: 0 PID: 25805 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 794.568266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.568276] Call Trace: [ 794.568316] dump_stack+0x138/0x19c [ 794.568339] should_fail.cold+0x10f/0x159 [ 794.568363] should_failslab+0xdb/0x130 [ 794.592234] __kmalloc+0x2f0/0x7a0 [ 794.595825] ? __sb_end_write+0xc1/0x100 [ 794.599938] ? strnlen_user+0x12f/0x1a0 [ 794.604013] ? SyS_memfd_create+0xba/0x3a0 [ 794.608329] SyS_memfd_create+0xba/0x3a0 [ 794.612453] ? shmem_fcntl+0x130/0x130 [ 794.616404] ? do_syscall_64+0x53/0x640 [ 794.620516] ? shmem_fcntl+0x130/0x130 [ 794.624493] do_syscall_64+0x1e8/0x640 [ 794.628440] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 794.633348] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 794.638592] RIP: 0033:0x459829 [ 794.641817] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 794.649574] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459829 [ 794.656971] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be748 [ 794.664315] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 794.671630] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f96fb7256d4 [ 794.678931] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:00 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$DRM_IOCTL_MODESET_CTL(r0, 0x40086408, &(0x7f0000000000)={0x8}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$IMSETDEVNAME(r0, 0x80184947, &(0x7f0000000300)={0x2, 'syz1\x00'}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 794.710181] protocol 88fb is buggy, dev hsr_slave_0 [ 794.715439] protocol 88fb is buggy, dev hsr_slave_1 07:40:00 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000001980)='/dev/full\x00', 0x1, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000001a80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001ac0)=0x14) bind$bt_hci(r0, &(0x7f0000001b00)={0x1f, r1, 0x3}, 0xc) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x20000, 0x0) sendmmsg$alg(r3, &(0x7f0000001880)=[{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="6201427dddec3f3aec42a3e83dd3e97a233b2c6153e74556dc93e0d5ce723b8e117f192770ab341c5dedd95bf07a865fd06b2c3f75c524088d7c113d51b8520fa21a731b78", 0x45}, {&(0x7f00000001c0)="1ff81209504bf20448c50c7fdc7a53cf67015c5ab02e54554792010c4f2b09cbcc413d99004491a54e0413b776a330a91594c5772bc457b5e0ff4a971f47fc97081408aa99b278c286baf5d6accc8a05852ef1274e560bba988dd77e1f62e215b8c8999c85c8a637c74efb3254ad5d47070a1eadda42aa1386c1f817fefa6c562b4616c0968d8cc6aeb8227b40db374e2f5efa18308b8ad7a82f31ae861d63960170a8771b72b481b092f75165801631205811f5352c70fccab0a820218b7cdbc4d6a91079a645400207d7fd895fa15624cfe24102e8894fb61ddf69175a136ba4ad5517cfae6d7f70b364352d8f330511b2e73e2b53fa5efb617140056aa21b10b2a21b2067d6cc4696eaef91340b82c2409bf61fdfca66361137d7a31a74b529ea33db78026d14af5f23810fd09491c26a163fd1292b7af06dc054a9163c798129730a6efa9fb265aca0dd954a59e73137054c06a6b64c1a78af7cf37a041dfce7f6d0be7feee1c43afa05e931ecbb85b25fb25b93063ca83b470e5c3b808bc85ca1bec4d14ce366efd1bb0e4f2dea7a354e480592da430302e539ac2b05f502d3e5ac411fde72422cbff5da374c68e6ec38232f2020a3455dc1782ad83dc026cc62cd858588d41273d5aeee5fa4dafb00f7c2058dbfcecee312d3763f885cd0e95918cb2c5ca58a52873ae51b0c2003c09ff76e3fa75c451ff7d9a723fa13f9e0342a5a3c6127b120cf6da967e66cebb2345725b8ac38cd8914c7dbd16ff7c46628d9ca085aeea162728abfe87051490ac0014eb4917f93c886942c43ecf27e9bc607b95888fbe51dad351ace1ecaf59266c5c2c10a42cdd8c719fa182e79e043405697f9aafe1226f88bf747496b1e5841a6fe12d53673c6464a30f3fdb8fcc34c5ff6ec395541bcf2beb28de4951f8ed3cc831b862ce3b087f1030ae736ff83dfe8fb7d5460fdf9d8920537308b23f4fb34034dd9770019abdf57bc4d04308089bdecd558e8f240901625881f44cb45793d0f30990f950a8bd3a85bb5cf2112c08d4f91536d86f05f53aeae8db8bbcb0189a4550304d4bb010d5748b20e90ab37bb6922c157ee3d715c5abd551b6c0ad56a57ca382cd85a40f1f92643ab4394c3aefd6bf8af40a5879d277c2894c6a7a72ac25357100b81cc89e5d35314fe9e228fafbc330133f7feb3236048fea566daf25ab4b6845d575db29fbde92e7c98ae872c988d51d8b7c8584d059af1ba7c3a5f366260e01049fe9ba56cfd73565234b9a96c2785959647551ac584bf2312021e88226629c301119cd4ee0666be939842c722ceecd8848e1c3c5cf2186d05cfe68eb1ca6ed9ad75cc0c09542c731ac5b9b3f12f9eb1fa1e95104377d2b78f32e451f21201233a4fec52a613e7a16d033d0e5b13ffff67c69923d64630046f5ac5202ad4576f6b290b7eb4a4908ca17843a883c8463194b0db45a4b198fac8ce66db8ac606b4b0b59b34977e7be7cfd75befe09f4b9fad092f509e003eab3b56c83bbd39c7925278fdddafd9f87d20c072571ef9e16392bcb1a5f1f356d59d9590cf561879212ad1a5d71e7441ded990342ebbdb68a42dc5071a8629d4e1b1f0d340d9d15adaed7fa32abcfd5f57e25605689050014382d4bd8416bd467e1653836e3aebba4e1c2a749807b8035bea1abc76111d4c4770362c6af2b8fcf825585a03d1649bc59f9d89346ad6d25cae5b66e039b0dc95d1386d1356757385b4c1c3cc8928a264f8454f880dfc749604ef29d18a4853bd16f80179373b3376753987599588f7b08658c9a40a0d45b3e4575543748bd25048fe2f42af40c88487d57b9182fac85fdd73089892a9e2188486bb3c3373b84744c6db2353dc4ac0600ce78b89f035562a81b28b066e21506bc9a65a8f2ac0b7f1a527ac6a6894c37faa65c85b23cd9d64a014fa570084020c59ffb391ae06b692862b622c39e04cb343e8ff67e7b3c2e51ebf2d5d326d69a55fee3e39881100618ba7205251c407ff0d1858bfa15c83100cb991d82bbbe5a0a6033fa13c1eb24ccf4ed4e1055d6935dc74702d967ba4a422d6e953213594a7ad84f390233d538df8ea8ecf5b904f970e92c8401ac026936dded910caccc5ba6e6a30f30ebe39ac4e5f150dcc20879922784b38b40b55ceb2ccef7f9dfac60eb701aa2781607c3fa3942696237a4b82cbe5070de36480c6140a3996dbb3e24940896dc021acc37e72834c106560724b68d7ad4f3496f296301981373b7eb7c49e1b439f88ef9c1cc3a488d1367390ab30e9d02fe69a2ce1fd24dc50faf4353bc253e890a154624e40e6b8acf0fa4dd173348a799762b66c2ebbc3e1a820af230f33c89eb28761cb156f5d2d9cdda8c06e9bab78001a63795f6856f94bcee4c772643651a104ee3fc1b1ab852f00597b31765a571b5d4984f1a76c4923e337fa6a0a304c963aa869ab3c5d132802e7847bed5dc4ebfd2ad33022a78c2fb373a59c762219425e42fb51f2f4965648e2193ddca51cae5cda6420e767cd10270aa155998a6984fb7b8cfa1dbea87c96201e68bbd30fc246ff19c8d8fffd698029a7e8ab1fb7ea7936b8332861ae096167a30d0c12956285a408cdfb904885fc6461753962f5a3f2acea97aa51bd6ab1f3f14bf7b0cb963875f5e667af9617e957e701745d5b0136e22a1040d31c197f7b0ab754d5e3590032d556d879618e087ed38caf68fd31dfa77d47510fa02b6881bb0a9abcb9d408b1e27da075cc4fed497166c82ad539b70c09a00cd2bf8d0f4d8f2d3ac05a1f3e698f53bc09ab09310cb27ae407085ed1f0cfb054d4a52970977be2697118005820c728d99a908091a84672ba26e5d5ec5fb57a5175f85036b280bdf436c375c56e4fb5e2ca1f523ce9891c7c7ee13b61a8aab2f5c96c2b7a5de615c6c620e529a09d63e471dfde103ecda35b4cf64c16d3f80457a75a8eb8173739b1eb3977110ca3960c392b7ace1bd60d3d0021539c31f368e3085d680c9587dac1721601f8c15fb7872aeeb731c0aaf2f51e322b1277198a0dfed310626c23cd088241bf81fdf73549d7afcffbc9bb932414f68f1c7fa559a2e9dec20054e7ab3afe9d932475d897c9894a1ee32d1fd64d3945a8702474870671ac3fdf987a5a36f7117065990a2d7d5dcdb3c34b10e215cb61af818da9750c68f9a656027fe7045e9f6b153e1e8b74357cc6d893a6afab08239f612435368606366d285116e11e3226003865bf1dd14ac0c735fe24e5f446d7c8640530016067f91facb71b0077d4993e84e59a511e3eec506374c7f146135d5b8d924cdac0f799e2c595b9ba002037f377e9041bace3d70e015eb4ad5bca2e98ba0d5d958ba390745de858b2b35aae7d2e0052dacfb0188573aeea20642af7117c84bc7c7630a685d8502866c504e1792b2c40f1890a6853390955ceedc06cbaf53a301f96f8e110369ed6c8a6b9777c34244da0eaea6eda2762c9210d30a28f400f0d82e886f4fc11d578178718d07e1e660bdc379d899697c79aeeb892f9485290a94a0199764d2ece0264b8f92462e157e382ee6df70225298e2f4f028f7e139385709a1461e447949e416b65dc2c5044a2d5ac525623b799b8df0cf46bde0d4206cbf090d8d015c52b5fa54e661631f359ec0a0c712b2b5e31000880326b2e5495ee25c4675ce7de5731635e13b57b55bb257450772b8b0c0873e1e6f523532c645590a4340dc0821ba8e31f40f3060ac24060aaf6cc5de705d53194950f26d8b347a33bdc92e259c4b1e7850f20b11ae7a0ed560fb7c3a5f384b2bc51f84c24309799e498216b714206ba26377ec799d13d58c272b02b0dac14c8c70d13ae278d30a848537b70ae3d8a9323319a51a0c695acd73e25bcbcc76e36ba44e3f637f018db0aadeb02ba95a370fa527b454ac5f321b0687216ea622679af8941e186b1856bcd30f7560cd5c82eed95b4f4eb2a4ff9e5334512676beb7ab10d4d51c5cba947589235bc31f4eed71d64d17717708329be449b1b25a8412b07fee8a3db69665504b3c72dab46365ea8ec48a94ddf0923a28b40f08e8d033987fd75dab08c422caabea07da2ee26a607e62e89124a35a0516c6a0ce56710efbbe8a5f9370b23a859c9a28379e87ca9cbd31af5c02ad285908c3f07a94b0ac444e09db2fdf4a8978739d44c7c60f4a5eab0c8e1513fdc7a70f2997f1f1e9ed1e8bff28b252f5ce1e836d09884bf606f77453c1400015ce1c1cdc6295acfa1b58a35ad1f0d1d3dc6535c1776e5228d7318336f0f36287922445ee7f557898263ddb448b675695ceb02c09f11edb308e0f02cbd662e279c70daa8575a202ee2f8d07dd6c3026e12d6ede2441a8b7ff3044b2f2bb35ca20246d0ee2afd5620ac81d166b6612162711c9f0b726a1e8a603a5069df40875d58d34c06d8f1bcda9638ee27ffdb2fbd791e8587d2d48ecff96816b34db97d86389582ce763a3581fa1a12e6f4708fde3bc57822812f37450d5f55d21a98532315301984f501b479f1fddc36026e8aae5097eded731e5fdaae68d7fa5cf26e2368f90fb2c4e055f041da9a0e03f545a7d081af7db31c9bc802be12dcc5fc4e668f07d7b594b89d59f1f404876b14c747a598bd54af20ee0cb627c5abe6c706ad0b93d50a1fbc696ad549c5107f9340cdc15ebb65ca58375d44a99a5b7ce187b3c21f5eb2ecacbe027cd0ed03dae5f35ed0e4c456180697aac2062a6ace768a971aea15139e01e1f9b5ad492e2563a4747e0cf4bcf1e593f990a6d34cab00271484218411225dcc440310c4914b66f10dc92604445de5c6850883cea21bea067fb75f51ca993a407a4aaa756404138426ce9127b88aa72e2459187ee35e0be11207f909143da6d77970155d3e75f502b9791ae3e1b2a047ebd799ea24e04f4e94d2f2222ddd02ac621435664dd40d7fb04f13b8af2f66ce7b9649c0c89716407b4722ed198a9884acb8bda7b7d6fc07710ee8d07a380ea01902bcc81e7c2c3f99cd3524fd5c596cf8d0fb07625ee4bbaf4592cca9579c1d5d0fc0f98ef2d1d31d48315055e5e977d62f2d688de7a110e494ab562e4b716c1e71f3152a18dae7504091b18b8073d539604c3bd789dc93c75d6e462c8a84246f6dcde0b83e5b8b1d97c26bdcb1486e155c6e5b1b02206a840087e223221010d524f43c81f87a8d8e7da4cf5b9e7e13a97ed800a4651d581955a54196e424b9337f95daa11761b5866d9f8051b5e1c8dba52a7e35457f6e522ea7057c7e5b3138b4c17f3d7efc525b8dc521bbd26e7add24c5c0e9000f0cc7b3587af5026cd2a6cb2ae9b4065293b745d1e12eea65e8c996a830b43926f47b40c0446e49c1de920b0e8fc14f29201da1286dc67bed879117dff2ca8d07db9030bb22981cbb331a61a7f56355cc0724a85545908aac8c5e37aacefd833878a49ff7af037181b2799541092e8935089feb6c60eae7e8ca5d13767a813fdf228ce8fee661ab6e7f8b6025f8219f908a9e5b327866e8f3eff9b932de604c7e294d7c53283535e9a6b3bff7cad8fc8ad42da35e3acfd0e0128ca512f81667ebd85d7342fae8613629d5afa843cf1bf0b573036ab8e098c61e6fe0c8c3ff04bbd53393625b713649da598278772a366c94f274b3b827da4ba035487853cba370091c81910a7fa099f38261f268dcd4068ec4270422132f43e61c50418eedc78b7962496d8a6cd5188941e2158c8ec01a39fc754ad48115213b4fa7684c05b652e39a3884092066c3d85f2a0104d319db9cae8353e8009ac8", 0x1000}, {&(0x7f00000011c0)="c7f4ca70d47d5638600475f7592823a8f8736613c4b3c0c68c11399cf52d6a373cf8e02b91a61688bce698f88702cd19db95f7ae7e79efc20cfb42ba17665087688856065b3fcf3127dccf030651ffb9", 0x50}], 0x3, 0x0, 0x0, 0x20000000}, {0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000001240)="1eacbfd5e02785b17a0d6e68d9f9", 0xe}], 0x1, &(0x7f00000012c0)=[@assoc={0x18, 0x117, 0x4, 0xa99}, @op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x78, 0x40000}, {0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000001340)="5b90", 0x2}], 0x1, &(0x7f00000013c0)=[@iv={0x20, 0x117, 0x2, 0xc, "b9a55e37c7de93794aa1f195"}, @assoc={0x18, 0x117, 0x4, 0x4}, @iv={0xe0, 0x117, 0x2, 0xc5, "2984fa4b4530fe87c050eda8fdb342715b6297cdfa2d1fe469689b0737e97665b22be2a64e7c11e601c9bf404d9ef42e6c614bd10e2f6d67a37ac753dd4759f01027a6cb0209ad70605940dc8ee1a1fc25ebeb04e226a34f06fd48eb6c6d6ee872397bfb1c048cc2281a8eeedae022bfcbd8adad8c083ff4810afb5afb7a883878c7fe48094caf483ff6826285801819ac0ca522fe890faaabe5a417fdee32c8f77cccdd220d7fe82476b8667c906589a988af4408aac43b692fd01a8fd1265517e9560fe6"}, @assoc={0x18, 0x117, 0x4, 0xf}, @iv={0xb0, 0x117, 0x2, 0x99, "12fbfb3c7bf013db2417d58679e8dcc2d0ae1a0d1e5d354e12455ab07f3654b6efbe1b20ce8085de56c11e3373f560581e2f91b690041fcf94f3b426a7bc4a77c5d8219b61371e8e71caba384edf2689f2199e31b3bdb0a1224e224833cd5558572e762ae76224b0a5495c3bf58928f776a7e38b823ea321e11a5ca2a19e7d7ca26863f2493b0c252f016ad8e075816402ef8dc8c00a71eaca"}], 0x1e0, 0x4000000}, {0x0, 0x0, &(0x7f0000001840)=[{&(0x7f00000015c0)="2a012742869567d52fb3866407632105d458676ec7c504b43e558c117c37c92fa1c5cdb49bece6e7cd4916e9265edf431bb0dfbefe9a3792fd93e53fe01b35828fec473cb29f64b84929ebb0bfa4b30d821ceec308bb6b8ac87a696d10bc3b5d910fc981a08d993516bbd2ddfc6fd8b3ed90f2eafa6a039d31121741914f2c49383670137a9d057f3a212ab485885370a17eeb52ee1df65d236a2d5220b5363846b542309d7287a88d813a67e3bbcff88014328cb073377d97973494854eaf", 0xbf}, {&(0x7f0000001680)="6bdd6275c2836de565adef03e19517af7886783c92a6a48769f59be860be553b5dd62430389c38f138da8cbe42a62763af377a3a94e680ee13d594b8f3bf65865bc3ed2a555332ef2f4860a5b93cea0ca876bf987c689feef3d302fc928e66202a759d352da82f06a96a58d627da574790cfbe495d46400d25a4cbc75b052f06b5c2e5a1e93e8f457f52ac4e04a8bc0be864413f628dd2d718", 0x99}, {&(0x7f0000001740)="637fe630c97bcb48afec95c4d565e898f5b4258f58d3ce4fd6d82b991e585d158985c092b3f0740914ae82d62a152fc41724c604149321fa852af6f388a644ea12fcf851c3f3fdb258608cf384bc23460a4d229cc429b24acc5ce172f6a7727dcecaf3bc9022a08b984e531d111d70471e5ec6eab8c813b18808dd1e659b01a6f29fb0387df90b569253c5d8fb5e55f406904f0bcb61f5f3c42c505e98f42404841ac8c3c4e65508ac5ea0b93df2fc1daa0d5d963919738f4da4757a22fd9db9fce7b215f40a9b703dc6c5dae47cfcf9723a71f1a26918bf164704d1a747e7d5788f", 0xe2}], 0x3, 0x0, 0x0, 0x800}], 0x4, 0x40000) ptrace$cont(0x1f, r2, 0x0, 0x0) 07:40:00 executing program 5 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x403, 0x0) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000080)) 07:40:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xffffffff, 0x200) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x6, 0x6, 0x6, 0x7f, 0x8}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000180)={r2, 0xffffffffffffff2c, 0x2, 0x8}, &(0x7f00000001c0)=0x10) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x8000000000000000, 0x0, 0x1, 0x0, 0x12d, r0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000200)={0xfd, 0x0, [0x4, 0x7, 0x1, 0x10001]}) [ 794.911735] FAULT_INJECTION: forcing a failure. [ 794.911735] name failslab, interval 1, probability 0, space 0, times 0 [ 795.002308] CPU: 0 PID: 25822 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 795.009508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.018894] Call Trace: [ 795.021562] dump_stack+0x138/0x19c [ 795.025292] should_fail.cold+0x10f/0x159 [ 795.030157] should_failslab+0xdb/0x130 [ 795.034208] kmem_cache_alloc+0x2d7/0x780 [ 795.038407] ? __alloc_fd+0x1d4/0x4a0 [ 795.042550] __d_alloc+0x2d/0x9f0 [ 795.046072] ? lock_downgrade+0x6e0/0x6e0 [ 795.050360] d_alloc_pseudo+0x1e/0x30 [ 795.054203] __shmem_file_setup.part.0+0xd8/0x400 [ 795.059102] ? __alloc_fd+0x1d4/0x4a0 [ 795.062951] ? shmem_fill_super+0x8c0/0x8c0 [ 795.067434] SyS_memfd_create+0x1f9/0x3a0 [ 795.071640] ? shmem_fcntl+0x130/0x130 [ 795.075658] ? do_syscall_64+0x53/0x640 [ 795.079859] ? shmem_fcntl+0x130/0x130 [ 795.083812] do_syscall_64+0x1e8/0x640 [ 795.087966] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 795.092878] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 795.098149] RIP: 0033:0x459829 07:40:00 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:00 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 795.101396] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 795.109172] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459829 [ 795.116480] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be748 [ 795.123799] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 795.131144] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f96fb7256d4 [ 795.138455] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:00 executing program 5 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x403, 0x0) [ 795.320678] FAULT_INJECTION: forcing a failure. [ 795.320678] name failslab, interval 1, probability 0, space 0, times 0 [ 795.348015] CPU: 1 PID: 25856 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 795.355214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.364938] Call Trace: [ 795.367573] dump_stack+0x138/0x19c [ 795.371248] should_fail.cold+0x10f/0x159 [ 795.375434] should_failslab+0xdb/0x130 [ 795.379472] kmem_cache_alloc+0x2d7/0x780 [ 795.383710] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 795.389252] ? rcu_read_lock_sched_held+0x110/0x130 [ 795.394386] ? shmem_destroy_callback+0xa0/0xa0 [ 795.399092] shmem_alloc_inode+0x1c/0x50 [ 795.403169] alloc_inode+0x64/0x180 [ 795.406893] new_inode_pseudo+0x19/0xf0 [ 795.410860] new_inode+0x1f/0x40 [ 795.414216] shmem_get_inode+0x75/0x750 [ 795.418231] __shmem_file_setup.part.0+0x111/0x400 [ 795.423214] ? __alloc_fd+0x1d4/0x4a0 [ 795.427058] ? shmem_fill_super+0x8c0/0x8c0 [ 795.431592] SyS_memfd_create+0x1f9/0x3a0 [ 795.435800] ? shmem_fcntl+0x130/0x130 [ 795.439816] ? do_syscall_64+0x53/0x640 [ 795.444838] ? shmem_fcntl+0x130/0x130 [ 795.448752] do_syscall_64+0x1e8/0x640 [ 795.452682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 795.457565] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 795.462869] RIP: 0033:0x459829 [ 795.466072] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 795.473829] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459829 [ 795.481110] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be748 [ 795.488418] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 795.495725] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f96fb7256d4 [ 795.503060] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 795.520321] protocol 88fb is buggy, dev hsr_slave_0 [ 795.525556] protocol 88fb is buggy, dev hsr_slave_1 07:40:00 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000780)={0x0, 0x0, @ioapic}) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:00 executing program 5 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:00 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x40000, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) r6 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_ADD(r5, 0x4c80, r6) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 795.728435] FAULT_INJECTION: forcing a failure. [ 795.728435] name failslab, interval 1, probability 0, space 0, times 0 [ 795.743126] CPU: 1 PID: 25872 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 795.750328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.759820] Call Trace: [ 795.759869] dump_stack+0x138/0x19c [ 795.759892] should_fail.cold+0x10f/0x159 [ 795.759912] should_failslab+0xdb/0x130 [ 795.759932] kmem_cache_alloc+0x2d7/0x780 [ 795.759955] ? shmem_alloc_inode+0x1c/0x50 [ 795.759975] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 795.760002] selinux_inode_alloc_security+0xb6/0x2a0 [ 795.766377] security_inode_alloc+0x94/0xd0 [ 795.766397] inode_init_always+0x552/0xaf0 [ 795.766409] alloc_inode+0x81/0x180 [ 795.766419] new_inode_pseudo+0x19/0xf0 [ 795.766430] new_inode+0x1f/0x40 [ 795.766442] shmem_get_inode+0x75/0x750 [ 795.766468] __shmem_file_setup.part.0+0x111/0x400 [ 795.766485] ? __alloc_fd+0x1d4/0x4a0 [ 795.826388] ? shmem_fill_super+0x8c0/0x8c0 [ 795.830780] SyS_memfd_create+0x1f9/0x3a0 [ 795.834991] ? shmem_fcntl+0x130/0x130 [ 795.839045] ? do_syscall_64+0x53/0x640 [ 795.843082] ? shmem_fcntl+0x130/0x130 [ 795.847203] do_syscall_64+0x1e8/0x640 [ 795.851157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 795.856071] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 795.861337] RIP: 0033:0x459829 [ 795.864579] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 795.872332] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459829 [ 795.879640] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be748 [ 795.886944] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 795.894248] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f96fb7256d4 [ 795.896164] *** Guest State *** [ 795.901584] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 795.913951] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 795.924604] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 795.936744] CR3 = 0x00000000fffbc000 [ 795.954358] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 795.965855] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 795.973217] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 07:40:01 executing program 5 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 795.981353] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 795.990268] protocol 88fb is buggy, dev hsr_slave_0 [ 795.995481] protocol 88fb is buggy, dev hsr_slave_1 07:40:01 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockname$inet(r0, &(0x7f0000000000), &(0x7f0000000300)=0x10) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 796.030452] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 796.044331] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 796.059375] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 796.089475] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 796.090635] FAULT_INJECTION: forcing a failure. [ 796.090635] name failslab, interval 1, probability 0, space 0, times 0 [ 796.103646] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 796.128908] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 796.151147] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 796.154168] CPU: 1 PID: 25877 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 796.165297] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 796.166358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.166364] Call Trace: [ 796.166395] dump_stack+0x138/0x19c [ 796.166419] should_fail.cold+0x10f/0x159 [ 796.166437] should_failslab+0xdb/0x130 [ 796.166451] kmem_cache_alloc+0x2d7/0x780 [ 796.166480] ? lock_downgrade+0x6e0/0x6e0 [ 796.166495] get_empty_filp+0x8c/0x3b0 [ 796.166505] alloc_file+0x23/0x440 [ 796.166518] __shmem_file_setup.part.0+0x1b1/0x400 [ 796.166529] ? __alloc_fd+0x1d4/0x4a0 [ 796.166539] ? shmem_fill_super+0x8c0/0x8c0 [ 796.166559] SyS_memfd_create+0x1f9/0x3a0 [ 796.166568] ? shmem_fcntl+0x130/0x130 [ 796.166580] ? do_syscall_64+0x53/0x640 [ 796.166589] ? shmem_fcntl+0x130/0x130 [ 796.166600] do_syscall_64+0x1e8/0x640 07:40:01 executing program 5 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 796.166616] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 796.175745] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 796.184340] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 796.184354] RIP: 0033:0x459829 [ 796.184359] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 796.184370] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459829 [ 796.184376] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be748 [ 796.184382] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 796.184388] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f96fb7256d4 [ 796.184394] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 796.209567] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 796.230976] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 796.282153] Interruptibility = 00000001 ActivityState = 00000000 [ 796.304878] *** Host State *** [ 796.332132] RIP = 0xffffffff81173b7f RSP = 0xffff88805e10f998 [ 796.343247] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 796.356782] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 796.371855] FAULT_INJECTION: forcing a failure. [ 796.371855] name failslab, interval 1, probability 0, space 0, times 0 [ 796.387239] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 796.402533] CR0=0000000080050033 CR3=000000008864c000 CR4=00000000001426f0 [ 796.416079] CPU: 0 PID: 25884 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 796.423551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.433210] Call Trace: [ 796.435876] dump_stack+0x138/0x19c [ 796.439669] should_fail.cold+0x10f/0x159 [ 796.444513] should_failslab+0xdb/0x130 [ 796.448568] kmem_cache_alloc+0x2d7/0x780 [ 796.452887] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 796.458400] ? check_preemption_disabled+0x3c/0x250 [ 796.463510] selinux_file_alloc_security+0xb4/0x190 [ 796.468610] security_file_alloc+0x6d/0xa0 [ 796.472900] get_empty_filp+0x130/0x3b0 [ 796.476937] alloc_file+0x23/0x440 [ 796.480544] __shmem_file_setup.part.0+0x1b1/0x400 [ 796.485528] ? __alloc_fd+0x1d4/0x4a0 [ 796.489393] ? shmem_fill_super+0x8c0/0x8c0 [ 796.493787] SyS_memfd_create+0x1f9/0x3a0 [ 796.498057] ? shmem_fcntl+0x130/0x130 [ 796.502028] ? do_syscall_64+0x53/0x640 [ 796.506063] ? shmem_fcntl+0x130/0x130 [ 796.510035] do_syscall_64+0x1e8/0x640 [ 796.513998] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 796.519023] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 796.524294] RIP: 0033:0x459829 [ 796.527545] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 796.535342] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459829 [ 796.543095] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be748 07:40:01 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) write$FUSE_BMAP(r0, &(0x7f0000000300)={0x18, 0x0, 0x6, {0x200}}, 0x18) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000340)={0x7, 0x30395056, 0x3, @stepwise={0x82, 0x0, 0x7, 0x1ff, 0x5, 0xed}}) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000000), 0x4) r4 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x3]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r6 = fcntl$getown(r4, 0x9) stat(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_netfilter(r0, &(0x7f0000001d80)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x108110}, 0xc, &(0x7f0000001d40)={&(0x7f0000000580)={0x17bc, 0x8, 0x3, 0xa10, 0x70bd28, 0x25dfdbfe, {0xc, 0x0, 0x4}, [@nested={0x1460, 0x96, [@generic="0cb9920c576492b95ad6103598ee1c5711c87f3d91f31545fc286708a28da9635e7c1fee216e74a1c7b10e9edcb4c49e3ccd1b39041718589d4213f00c8b005619ce25267521e4f3e9d2732f47e948b6a17bc60a2b0cf949a99191daad5081545e37f584b82c828ad21c4a14607fbf89dda1a8a6852b05d626f294d50d2b585e7ccef275541b8646e302fd2f8b0bf9411762095798514d7f48f9a437e962977dc70686fa660d5c3e25fc318e90ffa6a81271ea71b8fb6ea221355e2a2eb9373cce2837af2f56abbdb5aca38eaa847603e42687f3687110c97e65e989880e3b29f46f1e276d02fe810ba518484f314ec4094531c181c844b1a496e632977718621174f6ab79c50ad4ac4231fd9304d190d95e9511c68536825101647623389b717ef322c65fd531e35fe7c32ba1e5faf77716aeeafa0d3bc164bbdf2201b48b9e5df913014120538c0859a3963e381b04bf60f72ea4d44e2247d420975b4c2497961af99b2488f5133f5bb91208e5a3c184fdf1916861c4b82470caa87c6fa6d4c059f8d1dfa4bc0d799f932970b14ff953a32819f40e763aea4fc1e0f3cc2c3581b13a9d7bfc65bc7ae200b916dd88338aa24d64fb9423bf4c4df87c916382459d0b52d715accfe7c30c6a0dca2bb251859a66668d994d01ac21b7f4654ba1effa3fee62b2801267e327672240235f0267b6abb5af077324888950a0e085a498b5a901c0204dcbf5e9c93d825067eaa257fd4c86f72eee60639fbaff282beaa9740ca4ad2c4f8e9971db8bd0a4c8031193cfa922e632dcae8116242189fe992b27007172f9ec89fee6e3894717657f809a53fc092fc94d8e4dcc7a38af32c427bd526d4e93378ea8f9580ab98577a4365f15578b8e3acdf23ba6645c9fb248013ea3ec12ffdc028c6a320fa75c400de3a1db93fde9f7fc5a508c8f9fb5710768c879ca9e3bd8025f0d5e7f08ca3b83ceb047bc65aa74450f4e0bbdae0a9832e66a7f2706917d1ff6dc966158fc50ec60e646b1d8031b83f6d958e27739238a2f1f780fba8114df3003a95042ff5e8cb952039786b300005a60885f5085d7a02609edb112c20b469920b918e0a0862eb60aa01bbabc8ef0ec2a48f36b3b87a3b9ca8ead7cdca3eba30c062d64849e2eced0fc000c1f3d190cff5b6413dee0f2f880b1f61724e4b3e7549a5f7452d8c2a27158c2f33a3d9d2d94cd1621be2fc791f491ff75ce399dfad07fca0d3c80c29e85536333d3cab9e0a95dcf2ef120e9222981dbb660c01d2dd9fed2054299a9bf17ec8ee6203a9e67474a55105ce8df6bddb5ddd41d3d8405b3f423cdd7d076c7c9bfa76e7289fb4a332ef5da55efd319e8aae3e1eea087856b071ec593ad5ab6e35b118f6855364366a73fdec8a325adb9df18907cc029fc956d825329881dddd2479104c9f74eca7fc58a440e2c940e6a8ca0128219bc7a3d6142762d0d0b2ac95752aca6e5cb92e71936aa4422ccccc15d7731678b75b4f99456be97eed8295431f53b1529a498c4c3fb92b0258e280dbe5eb38d31a4fd34667ea5373de359ae2c66a51f98093b71a43b3ffaf771784c7219e241053287f6d14f6688a9d21e8e4117f6a3bc9900998b7ff238262a36ab2900908262642abb342e73f6f5317df1d3a4c2e83d6f9f43fe205c03dbc5d1bf895e87d3a939844bd1916c75db687abedabf0c9d6bcbd1d12d2cd2009cf83319360e3ba50131f4a33ee77a51f925322f3f35721bbb92c32bd064bd77dbae985acf6d106b6be2a076754e9c1ed586c7894cdc0187781a7988250d37c431f1e6579ce5ccdccc565b28fecd548091fa445527f24b87c8280a86fa0f4c0e5ff375aaf05de32ac5dba729497233fb3182b31273357a4dea824f0cdb0c8fe1221df7a164eb774ff459a8411506faf13cdee02ca54412b38d8c058593b7037dd764ec46603e29b165322af58985dbc628ae7c18682dd57131f25ccfe93d8bed2c639dad3bbdf49a8f60a507c7f0039067f4fb32ab361fce9b6e638620480c54e8edb22ee7ebc8a79c25c33aa3727334c67d3629827c99c470d6cd5261f2509c3d6c5d0bbe4f8d453b659c509b3b6953c23a7e877c69e2055fe1db51726cd89b3a1b4fb40af6963239e96cc2fed5a657219bc684e8b68e4b09d229eacc86aa85fe40647d6621fa3f0b7ecd6dacf2e4073af8baa5fe0b5856d7178a891ed8234453abe2ee3909e0eb0f4d9412a4c0a2f96816d7d1bb7fc5396009424e68273bd620de3c922a03b13a76e717bd8e2e3518ff00f03e3368b56f9ebfd96ecc591526854a496ccdb7c72b6f07c966c70ae51088022d44980de50e7cf719442b33c9fe92f56fd990999461e7e5ebf126a8d579c556b7cea377d21e3f272469025aa0291f9002b9915fc3517399a3ca04c67f4a37429cde958d0a61b0d7966875e36c6ba53ecaa94364be9ef7f8cd9fa2c87bfa6e5cfa9e23b4f34adf3bff27d08d73907ef9e5a8880cec44698a9d107fe663cecdb70d2358cdded4a2d92d6ae35ad9811df25b4fe36f8937848e1dfb7b39fb86ed78ff3e3c73bf650add4ffa9a7ff381006e11f1b43ab05987ccbac971992a1d6a85da2224ab249c7ed279647662377ea80170a73fcceb301b007fb89d0545105de867896f2c8b2a55ef703ccac5f36709e5578c24004482c6fae7d83b21d9a720caa0715f183f90547a8ec47614184504fead1da17c37abea242062b75f2ffa804508e30f0be67fe337f2c6fdb689f797bdf71cba1ac6c778e769396ffd4cdd08ffbca8fea31250de781e3781074357ae2489fc1dbe3f7093dbcc20ed51a99519215732d618d5f09054c7b7dc2db6a85d0b0a365c184f83ab8443c617d31edb857a2c91dea8db88b3cd10bd588c3a4cbb7fe6f50e21747bf96614d0dd568ea0ff531cddcc7c34fa0e51e07feeccd539f24b84bd8ecab9facba72eea3503d3b5bb7ef68e5b963f0f3b631d2c3549346439b93ae518bbdd5e85ea95773a1dba59196e85585ecd17f40345eb4c3e488a4451c165ceaa696c97a9225c1c2fafcd2e5fc48b55977d561c99508406b05f652c5203b8d97a3f044edee88d3284180d815bdccf689d67b598b42d738989f2364fd8bdd733e6c1465d66fbf481f533ce89f787fc2b846f896486515536938523d127516c8960c6ce8258a8dfe6416717cc59dc69210903cdbc67ad1ff854b64f3b8a89fbe7cb6b7abdd67c45ee5fb2a77bfe15d9adad2e368eabd0ee4520b7fc3d6b8833bdf0a1f94e2156971483d8d6728e575e7c821983255290ce8ab349c134dfc9fd5f418b1a2bf2dbf083476ac64495edeaa87281159835cacefe78a99451aea1267e9b47daa89ad8739d129818011c46dd92b2f78f8037b25478d1149ed74b74be69c8e8049b83204166853ace78bd51ffa14269ce7774f81cf69b2230cd9d71b63f8f48d6dee85319f59fda7ccfb22d25dc849edc8221574d0495bc97b582cc830e348897d09834e5118ecf0393374046476072eb9b4cd637be47e99ad86e4e14202cc9f24f5f6e2991576c2c449bc8c2cba19f5623fde66c56fa5aac1cca06fa0a9d41aeb7e08810d65783b1cf80936c0af2b2ea5df4c84343a4e8a93f39f63193c874f6ae76150a5e426c94043d2730326003f2d8c6408d191bc72f859717547c3bc18917011fb0bcdb5cdfdb5536fbd378177bab80ba92cdb0fd1223509f2446c0c205c01d7990e6d297841accdb33042676cf8d76aa95cc2a4de4d381023becb4277288e64c8331cf60b49e2b68518ae5fde212ec649f2f335a73c1c3410e8d6bfb63991ea3e352fa6ed8ec4b930011d6cf581241067f4f3fd33fb589ec123d9762fd616cb6cf87214f15b0240825e2db4b7d9a1683802359191454559c0ff1b0cc0994bda9f3676d1417fa9df9a4ac9d82e58ba0e374daf1bd997e4754a23c0ba6ed340c8a19f16e08db08f8996f977153d963e4541299c98dd38a8d58c652cb380f5159e84a38777272a1c73521b60351d97c00cc4b9de3663ebc56aab190f82f854b80a627cf813393896100395e7f087ef1c4201805722a986a64501dc73ff2d45128c5a8f17f587910392a4cd275f650b0900cbeb19ecfd4efa2ff9824a620c4f1e40ebe19a500bf722bdf7fbe06374dc519b5d6367b9194946728c893160029d5eddde7e799f99f08aeaeea810f81949963eda25cfb8fc0878e72119b58b078f2eab4a492e857d55bfb677fc53427e33414c12fa19bc0276025e271edcadfe701bb57ea055e2891d1a5553e515a7f437e8dd99f8f899ee2b46c533934f57461cedebad813b56d8c4bab6d3127dbe7280e8c598eafad05be5ed47ca7a41f09237298ca65a169cc210acbd39f26c4b7d35c2790a69121124be0f0db564e7ff6a138ea295ea30a0fabda85197653304f538231edfc21292d4f5e8f5b0bd79f2ec05e7ad4f76f8924fa19fdd05a0f7a2950c91a6b094cda2997b3076abe14466ba5c7c69a6a011d33d41217d332f82798f88b317228dae1d486568a805bba808f4e4ee4ca71b1935a6ceaca63fc40ab91aca98f7faa98e5ac1defa8d2f4ab431541b112f4d374f380a98c62c1763812283eee9c8081cedfcc2b565e375333eca7afc98197f3ff01505e52c9766d56ebadf2d3655b861d60d2e95513b4e3aa4dbe196122702c9afe618b2e486c640f034d86a2d45e0a18e7f5231638beaac88ad84995c55ce1afffc2b6e266f95e83f09da43af619eebfba7d2177a7dac550f2ce4c90051bf714a6380ce8da9488f3d16581421c5e044f60a38ef32e285681f91d845f0d4bde6b2a053548f7fef27d2a7991a5b38c6ec1fd5cae8772c32225488a7aa9b164a381bf4cca5ee82920c16620e7a59311384e675cef2abcc8642b28ace379325842a90d745de757c3dedac2fe81126ffccfe4db2cc4d03ae82b3b3380e3d46f38712af05fbd5619f5a569a194c6d2bdd1a57243c8704c8cfae61d58d71923fc5b9926cf9e3f5636def6596b3a6cc97e57ce6f9096e4c67a910a83561482e0b04d422017ffda9703fd35f32be1587d4fc4cd282abee819a15908bcc07c40715778f0f26fbd511f7db783dfef6d0d5d57f4fd7d6f2623dbc4d7e72963d79e6091e01f4ce74b4fc6cce62c20cf354dd96aa5aa81b388ed783b13c97d68323360fcf572babdedef3a605f4f3169212c10b99bfb8b71e86309c49fa212864eeb2a6f192dd88d1f67795b11e9e7dd1be6a23a58f6c5930b2dbb3a3e77a0b70858d2cff1b5425d13367544321b947a7b2f15662e7a6bd75dd3ed43629a7e08835dfbe7676c5808d545c1a095f8a5648449fe3f78854b538712c4c1d70aebd5475b8c6d28d2c3a517da881fbff30db551624b9624357afb55f5cad7919876e9b9895193ef0861cafd80af2977d2b51403bd12605be528cd34ef836af8a879086d936b712338c0a8d34b4bdb17921ae5ff6addf1d946cfbf9b14af56d1eb70879f368ef44af3ffcece79ec52312dd2d655aa03bb18fe7f1ed0a0627bb0907adee9976f4a9740a8e33eb736e5a023cccbefd507be060d5aafe00327f90b28d90ab2b6f16c9b4bfa4d27cac903232392af2b88e1435ed8e855ae960f542062dbb629acecbd326d9cfea0f4074fc2324805394a7530d34115e5ec06649d9ab415b2ffda3c61449aa4710ca6caec36dfc4f89a28108856286ab5b75db784c3bb4030df2efa62e3fa45981ee5faede299700bbcecee9ea5763a1f9542975084ea1bb999ca94a4d8ce43ef593d4d8db56c5b756accf84e62d3e38e8ecdbb9855b2", @typed={0x8, 0x91, @fd=r2}, @generic="624a0dce3f513d17957c881920d845", @typed={0x14, 0x5, @ipv6=@mcast2}, @generic="f24a8e4d2b57aaf368b5e5c3ba8496b394f37d5db484e659355b51fe38157ff968a460b1a3bc5c3766e63317bf6a67cc575890ed5de4490b602d80aff97d18000080df7ceb1847180f0de66a18bb2170038fa0ea4c86694e8b19c262aac033a47563f5814032110303169168b32025eb19301b193f9a7a3999476aa38dff03d52766c4edcc1d36de1094d85dcf0b8dd4166a6a8e496612e4c4982ab62eb68a1c31b8c96eab985b1782695359a88d50c5d9203964825178648ebce053e7d44d550a86ca6c186596e9af30c31e43a5a0c24680af273475dfd265b460bbbbdcb9d3506e5090fb178a7ff617a5cf1dd85d9a4e4ce082fb3792685bac790fda3a", @typed={0x8, 0x1c, @pid=r6}, @generic="a5ee2584811662be6b4f13c987a36b95b63726054a6e7dd29c092aac2aefa3d70a6cd8683eb3173270220742e3b3e85206c77fb8182cb05752cbec72b87da70458da6ae6899a5d56c0cebc23db14514631c1e2c990d407f01386fb1f1ba8734dadd110975edc21fed03fe60a8a5040584e77fe3cdf06fd2072ecc6d7cfedd07d2f23571d33579e198e8d21f9919ac508f6029e8364212b85d82b4a61c20703409bc0f5a62d44cc29e26cad888ac3d9bf8f2269cdc153baa8207e81ca64712511745dc3b5b2478d32b78fec2c1008e3ed0a88267093168ad5320cd02bf6b87a59fa9f14b5f743953b2e7af307f37e57f951f04af9d0d5faf2c4825488", @generic="ef915ab1f654a9b2567e4982387edd2c935e79d2b3134fd2fa131d5549c25fd0b5673c0dae90d577f5e1fe53377b6a41e0ef9fe860815e8c5df4a50cf941061b20dd06ddeeb70a763ea47d22976621338dc7135f00991e8edab37552a37c1170a3446ad662c3f87867a1b7435756818fa6656c3b7763b635b1eb2d232f16ea7dc10747f4163de087dd9d5d050eefdffbb7e748df788e37e63f04db138b471db4886aa1c3d228da842106195d5b65c51e94a84fe11a924774e842220728c1240a44631d216ca2e8ba7e95ed9cb8a97406fe6e4469508ac8b1f8c100f5ff10d5a00da4383eb08dc4cf54", @typed={0xa8, 0x59, @binary="2c657ad063cea0b0cb6c6b823a384d39c4984eda5bc45fdce8ea713336ad0dd40052b99a2a617eb3bf610be4918c4e1a558b8663be228b0e34dfc8b976758584146b48de215878dd35e6a0d616baf0c9da7cc3229e2495c290484e8cbfa78ee301495380d35365679133cbab1dd87bec97e017fcdcf92ac63fda47e7a727da6b7021d040cb1570cb636d47fa599a133dd57a2b7ae9a6d4f37006e2fe3c848887ff0c"}, @typed={0x9c, 0x2b, @binary="e45491512f6812eb8da70dc1ffefa09964e6494c6a54a62fcb98a702387904d812cc66b8e63ff7b4454527282d9178027d58bb615a01739f092d6b5cc46ba67af13622c5629da828e24086e3f9879ad6dd971042bca3d1b94aa8808d3f663445b9bd8ea8485aaa47fa463a4d39562f4542ca5ab70685eb08837c43e1a74c5c9744ab0bd18ab29946cde1f06adfcf69eed29b15748be9"}]}, @nested={0x68, 0x3, [@generic="70149a390cafdd1a50d26ce42965f7d068ab3a", @generic="be1562a6ea4b144e377b500240da55f205d6529ce7a01010f83e7c524d9faa30e9f7f016800f0239179d0e63e81900f64835ad13c403ded788da4839fb9e56d8b7d7dd4be0ecb20dfe1e1a8a6575b617ba"]}, @typed={0x10, 0x27, @str='/dev/kvm\x00'}, @typed={0x4, 0x1a}, @typed={0x8, 0x51, @ipv4=@remote}, @typed={0x8, 0x2, @uid=r7}, @nested={0x238, 0x8c, [@typed={0x10, 0x21, @str='/dev/kvm\x00'}, @generic="5e4739d314e57e55da51c1dee9a52c52da610c6fc2dba11f303d684175fa7b3a89a5e87c24a96da6861869df9951c16295b2ef7422147a4b3f8fe1e669efa40afb76d4542418ae71657ccdd3887c", @generic="c51341ffb3dc13abbb019dd850aca02f1e", @generic="1085ad83743f8fd4bc4885e48925029293ef1c6654055b49abf5a2858d96a7d9260dee0c82fe4b60d8bbb08c2293785361df18a0ae8a49aaa3b4ee43ca111477627976db6da0dc293b3fcca5adfe8baec836ea0d9143e8ffede2fb989f98fed169c56399f1075c3aab63a8381714c1417f6d18340738b258a189542e92b50e1c5cc4dfd33a24e3513a41b87a4b0c9fbcbb8419d426305b2df64a2ff6c22bad6a50dc613674a81b890ed90934a894a327bb1549ee8253fa57ed7d3e1f411af3afb98fe764576695d3eefdf8934507427d9748", @generic="752e4b40cbb398b7785211ca3c5d8bc572db6e03c581a20cb990f8f6d1f81ae50a0c3abcc25e789f6d5c9caafbd759e6083af40896ee6a8ad5a8f4be19082ac655e6dc31548d30ef5bafb42bdabdfd57bee52bb39ac83d9b0221917c3847de3bde3977f81bce21a1bccc84023ffa68731a6e720f9b8557ee04d3bec9208ed98257ebf17872ba1ca8edd8e0a0cd0d3daa79e4f80fe62177eaec38a90252bd53b071175e74c300b79bff2ec238c8a3c548cc3c912f29639c688e5464f4139cbd1f1b11955f3860d205b08155d375b0f52af152920bb56edb5eb37d76f1f1a3a253d40d968b1f16b285c943d174dbacb63d6dad"]}, @generic="fdb758e44a3ca6e7f517d7a3bed94ee4c07d33f580da5f92c61d5f62dfe197e2fc8c17b8b643e559a344a860e11c135224c9dbe0cd75764cac49dbc3f3b1660f9dbf840f30373ec92b14c2287e356f4320945306f9516265a02194a6ef389d93e94020647dc32f77194ddf3e28d4cfbe953e11ef273a3fee9dc3ac0f66b61cb32c"]}, 0x17bc}}, 0x24000814) [ 796.550393] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 796.557697] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f96fb7256d4 [ 796.565030] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 796.648137] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 796.655903] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 796.672030] *** Control State *** [ 796.695475] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 796.725675] EntryControls=0000d1ff ExitControls=002fefff [ 796.731697] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 796.739079] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 796.746635] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 796.754654] reason=80000021 qualification=0000000000000003 [ 796.766056] IDTVectoring: info=00000000 errcode=00000000 [ 796.776396] TSC Offset = 0xfffffe533046ac75 [ 796.781062] EPT pointer = 0x000000006134b01e [ 796.785516] Virtual processor ID = 0x0001 07:40:03 executing program 3: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)) fcntl$getown(0xffffffffffffffff, 0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000200)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x240040, 0x0) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:40:03 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) r1 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000000)=0x60, 0x800) r2 = syz_open_procfs(r0, &(0x7f00000011c0)='net/netstat\x00') ioctl$TCSBRKP(r2, 0x5425, 0x0) getsockopt(r1, 0x8000, 0x200, &(0x7f00000001c0)=""/4096, &(0x7f0000000080)=0x1000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x4000004) 07:40:03 executing program 5 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:03 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000480)={0x0, @in6={{0xa, 0x4e20, 0x100000001, @dev={0xfe, 0x80, [], 0x1b}, 0x125}}}, &(0x7f0000000180)=0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f00000001c0)={0x5, 0x20e, 0x200, 0xc2, r6}, 0x10) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 798.249290] FAULT_INJECTION: forcing a failure. [ 798.249290] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 798.267983] CPU: 1 PID: 25905 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 798.275173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.285037] Call Trace: [ 798.287670] dump_stack+0x138/0x19c [ 798.291393] should_fail.cold+0x10f/0x159 [ 798.295675] ? __might_sleep+0x93/0xb0 [ 798.299636] __alloc_pages_nodemask+0x1d6/0x7a0 [ 798.304373] ? __alloc_pages_slowpath+0x2930/0x2930 [ 798.309471] ? lock_downgrade+0x6e0/0x6e0 [ 798.313679] alloc_pages_vma+0xc9/0x4c0 [ 798.317703] shmem_alloc_page+0xf6/0x1a0 [ 798.321812] ? shmem_swapin+0x1a0/0x1a0 [ 798.325854] ? cred_has_capability+0x142/0x290 [ 798.330502] ? check_preemption_disabled+0x3c/0x250 [ 798.335612] ? __this_cpu_preempt_check+0x1d/0x30 [ 798.340659] ? percpu_counter_add_batch+0x112/0x160 [ 798.345736] ? __vm_enough_memory+0x26a/0x490 [ 798.350293] shmem_alloc_and_acct_page+0x12a/0x680 [ 798.355378] shmem_getpage_gfp+0x402/0x28a0 [ 798.359793] ? _raw_spin_unlock+0x2d/0x50 [ 798.364182] ? shmem_add_to_page_cache+0x860/0x860 [ 798.369166] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 798.374411] shmem_write_begin+0xfd/0x1b0 [ 798.378658] ? trace_hardirqs_on_caller+0x400/0x590 [ 798.383738] generic_perform_write+0x1f8/0x480 [ 798.388219] *** Guest State *** [ 798.388395] ? page_endio+0x530/0x530 [ 798.391982] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 798.395585] ? current_time+0xb0/0xb0 [ 798.395602] ? generic_file_write_iter+0x9a/0x660 [ 798.395614] __generic_file_write_iter+0x239/0x5b0 [ 798.395638] generic_file_write_iter+0x303/0x660 [ 798.405063] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 798.408677] __vfs_write+0x4a7/0x6b0 [ 798.408694] ? selinux_file_open+0x420/0x420 [ 798.408706] ? kernel_read+0x120/0x120 [ 798.408725] ? check_preemption_disabled+0x3c/0x250 07:40:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:03 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r0, 0x4040ae75, &(0x7f0000000540)={0x0, 0x1, 0x0, 0x100}) recvfrom(r0, &(0x7f0000000700)=""/4096, 0x1000, 0x2000, &(0x7f0000001700)=@un=@abs={0x0, 0x0, 0x4e24}, 0x80) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00', 0x0}) write$P9_RCLUNK(r0, &(0x7f0000000580)={0x7}, 0xfffffffffffffe79) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$inet6_mreq(r0, 0x29, 0x1f, &(0x7f0000000000)={@ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, r4}, 0x14) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000480)={[0x6, 0x6, 0x800, 0x1, 0x9, 0xc7, 0x1, 0xffff, 0xffff, 0x80, 0x72e3, 0x7ff, 0x4, 0x1, 0x7f, 0xf2e], 0x3000, 0x40200}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000680), &(0x7f00000006c0)=0x14) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000005c0)='overlay\x00', 0x2020, &(0x7f0000000600)=ANY=[@ANYBLOB="6e66737f6578706f72743d6f6e2c736d61636b66737472616e736d7574653d2a757365722e2470726f634076626f786e657430707070302c736d61636b66736465663d626465766d643573756d6d643573756d5d2b2c00"]) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$EVIOCGABS0(r0, 0x80184540, &(0x7f0000000300)=""/68) 07:40:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0xfffffffffffffff9, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0xb4) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x3) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:03 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) socket$isdn_base(0x22, 0x3, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 798.413791] CR3 = 0x00000000fffbc000 [ 798.418614] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 798.418635] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 798.418656] ? __sb_start_write+0x153/0x2f0 [ 798.423717] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 798.432721] vfs_write+0x198/0x500 [ 798.432740] SyS_pwrite64+0x115/0x140 [ 798.432750] ? SyS_pread64+0x140/0x140 [ 798.432765] ? do_syscall_64+0x53/0x640 [ 798.432774] ? SyS_pread64+0x140/0x140 [ 798.432784] do_syscall_64+0x1e8/0x640 [ 798.432792] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 798.432811] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 798.432822] RIP: 0033:0x413777 [ 798.432828] RSP: 002b:00007f96fb724a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 798.432839] RAX: ffffffffffffffda RBX: 0000000020000210 RCX: 0000000000413777 [ 798.432844] RDX: 0000000000000048 RSI: 00000000200008c0 RDI: 0000000000000004 [ 798.432849] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 798.432854] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 798.432859] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 798.479486] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 798.557335] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 798.602528] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 07:40:03 executing program 5 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x2000, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="80000000", @ANYRES16=r2, @ANYBLOB="00002cbd7000fbdbdf250b0000003c0005001400020008000300f400000008000300ffff000008000100657468001c000200080001001a000000080002008f554b642623fd2ebbff8f2d5e3b00040000080004001e000000300004002c0007000800040007000000080001001b000000080001001200000008000400030000000800030008000000"], 0x80}, 0x1, 0x0, 0x0, 0x11}, 0x4000) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r3 = accept4(r1, &(0x7f0000000440)=@generic, &(0x7f0000000400)=0x80, 0x80000) getsockname$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000001c0)=0x14) setsockopt$inet6_mreq(r3, 0x29, 0x1f, &(0x7f0000000200)={@rand_addr="3c48f0b9807f85818e1a3e6944ef5b05", r4}, 0x14) [ 798.646574] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 798.678944] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 798.716044] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 798.742890] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 798.764151] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 798.776283] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 798.785379] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 798.794773] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 798.796793] FAULT_INJECTION: forcing a failure. [ 798.796793] name failslab, interval 1, probability 0, space 0, times 0 07:40:04 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x1f, &(0x7f0000000300)=0x4) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)) [ 798.804220] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 798.814754] CPU: 1 PID: 25937 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 798.814763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.814767] Call Trace: [ 798.814802] dump_stack+0x138/0x19c [ 798.814822] should_fail.cold+0x10f/0x159 [ 798.814838] should_failslab+0xdb/0x130 [ 798.814852] kmem_cache_alloc+0x47/0x780 [ 798.814862] ? __alloc_pages_slowpath+0x2930/0x2930 [ 798.814876] ? lock_downgrade+0x6e0/0x6e0 [ 798.814893] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 798.814904] __radix_tree_create+0x337/0x4d0 [ 798.814918] __radix_tree_insert+0xab/0x570 [ 798.814930] ? __radix_tree_create+0x4d0/0x4d0 [ 798.814947] shmem_add_to_page_cache+0x5a4/0x860 [ 798.814958] ? shmem_writepage+0xbb0/0xbb0 [ 798.814965] ? __radix_tree_preload+0x1d2/0x260 [ 798.814981] shmem_getpage_gfp+0x1908/0x28a0 [ 798.814989] ? _raw_spin_unlock+0x2d/0x50 [ 798.815008] ? shmem_add_to_page_cache+0x860/0x860 07:40:04 executing program 3 (fault-call:2 fault-nth:0): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 798.815024] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 798.815036] shmem_write_begin+0xfd/0x1b0 [ 798.815046] ? trace_hardirqs_on_caller+0x400/0x590 [ 798.815058] generic_perform_write+0x1f8/0x480 [ 798.815073] ? page_endio+0x530/0x530 [ 798.815083] ? current_time+0xb0/0xb0 [ 798.815093] ? generic_file_write_iter+0x9a/0x660 [ 798.815108] __generic_file_write_iter+0x239/0x5b0 [ 798.826200] ptrace attach of "/root/syz-executor.3"[25939] was attempted by "/root/syz-executor.3"[25940] [ 798.830282] generic_file_write_iter+0x303/0x660 [ 798.830302] __vfs_write+0x4a7/0x6b0 [ 798.830316] ? selinux_file_open+0x420/0x420 [ 798.830329] ? kernel_read+0x120/0x120 [ 798.830344] ? check_preemption_disabled+0x3c/0x250 [ 798.830358] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 798.830371] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 798.830382] ? __sb_start_write+0x153/0x2f0 [ 798.830392] vfs_write+0x198/0x500 [ 798.830405] SyS_pwrite64+0x115/0x140 [ 798.830414] ? SyS_pread64+0x140/0x140 [ 798.830425] ? do_syscall_64+0x53/0x640 [ 798.830435] ? SyS_pread64+0x140/0x140 [ 798.830445] do_syscall_64+0x1e8/0x640 [ 798.830452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 798.830479] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 798.830488] RIP: 0033:0x413777 [ 798.830493] RSP: 002b:00007f96fb724a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 798.830504] RAX: ffffffffffffffda RBX: 0000000020000210 RCX: 0000000000413777 [ 798.830510] RDX: 0000000000000048 RSI: 00000000200008c0 RDI: 0000000000000004 [ 798.830515] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 798.830521] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 798.830527] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 798.853731] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 798.909307] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 798.919680] Interruptibility = 00000001 ActivityState = 00000000 [ 798.930576] *** Host State *** [ 799.001769] RIP = 0xffffffff81173b7f RSP = 0xffff8880859cf998 [ 799.117713] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 07:40:04 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000040)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 799.159557] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 799.191429] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 799.198700] CR0=0000000080050033 CR3=0000000096305000 CR4=00000000001426f0 [ 799.211523] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 799.225191] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 799.232280] *** Control State *** [ 799.240293] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 07:40:04 executing program 5 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 799.293084] EntryControls=0000d1ff ExitControls=002fefff [ 799.302600] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 799.315870] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 799.323353] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 07:40:04 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) setsockopt$inet6_int(r0, 0x29, 0xd3, &(0x7f0000000340)=0x7, 0x4) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000300)=0x1c) [ 799.338199] reason=80000021 qualification=0000000000000003 [ 799.348076] IDTVectoring: info=00000000 errcode=00000000 [ 799.355299] TSC Offset = 0xfffffe51d8cd6654 [ 799.361561] EPT pointer = 0x000000005165b01e [ 799.366346] Virtual processor ID = 0x0001 [ 799.371856] FAULT_INJECTION: forcing a failure. [ 799.371856] name failslab, interval 1, probability 0, space 0, times 0 07:40:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KDENABIO(r5, 0x4b36) recvfrom$unix(r0, &(0x7f0000000480)=""/135, 0x87, 0x2000, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e23}, 0x6e) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 799.427861] CPU: 0 PID: 25963 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 799.435063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.445987] Call Trace: [ 799.448627] dump_stack+0x138/0x19c [ 799.452392] should_fail.cold+0x10f/0x159 [ 799.456621] should_failslab+0xdb/0x130 [ 799.460659] kmem_cache_alloc+0x2d7/0x780 [ 799.464853] ? vfs_write+0x25f/0x500 [ 799.468623] getname_flags+0xcb/0x580 [ 799.472533] ? check_preemption_disabled+0x3c/0x250 [ 799.477599] getname+0x1a/0x20 [ 799.480818] do_sys_open+0x1e7/0x430 [ 799.484552] ? filp_open+0x70/0x70 [ 799.488139] ? fput+0xd4/0x150 [ 799.491355] ? SyS_pwrite64+0xca/0x140 [ 799.495258] SyS_open+0x2d/0x40 [ 799.498566] ? do_sys_open+0x430/0x430 [ 799.502517] do_syscall_64+0x1e8/0x640 [ 799.506695] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 799.511586] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 799.516821] RIP: 0033:0x413711 [ 799.520096] RSP: 002b:00007f96fb724a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 799.527852] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413711 [ 799.535133] RDX: 00007f96fb724b0a RSI: 0000000000000002 RDI: 00007f96fb724b00 [ 799.542420] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 799.549714] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 799.558123] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 799.670228] net_ratelimit: 16 callbacks suppressed [ 799.670235] protocol 88fb is buggy, dev hsr_slave_0 [ 799.680467] protocol 88fb is buggy, dev hsr_slave_1 [ 799.761688] *** Guest State *** [ 799.765080] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 799.774093] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 799.783215] CR3 = 0x00000000fffbc000 [ 799.786998] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 799.793242] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 799.799267] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 799.799279] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 799.799292] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 799.799303] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 799.799315] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 799.799328] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 799.799342] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 799.799352] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 799.799364] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 799.799372] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 799.799383] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 799.799392] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 799.799400] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 799.799406] Interruptibility = 00000001 ActivityState = 00000000 [ 799.799409] *** Host State *** [ 799.799417] RIP = 0xffffffff81173b7f RSP = 0xffff88805934f998 [ 799.799432] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 799.799440] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 799.799448] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 799.799457] CR0=0000000080050033 CR3=00000000a906e000 CR4=00000000001426e0 [ 799.799480] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 799.799490] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 799.799493] *** Control State *** [ 799.799498] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 799.799502] EntryControls=0000d1ff ExitControls=002fefff [ 799.799511] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 799.799517] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 799.799522] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 799.799527] reason=80000021 qualification=0000000000000003 [ 799.799538] IDTVectoring: info=00000000 errcode=00000000 [ 799.894751] TSC Offset = 0xfffffe51199cb87b [ 799.916889] EPT pointer = 0x0000000092a1001e [ 800.014610] Virtual processor ID = 0x0003 [ 800.150292] protocol 88fb is buggy, dev hsr_slave_0 [ 800.155536] protocol 88fb is buggy, dev hsr_slave_1 [ 800.470171] protocol 88fb is buggy, dev hsr_slave_0 [ 800.475436] protocol 88fb is buggy, dev hsr_slave_1 [ 800.480780] protocol 88fb is buggy, dev hsr_slave_0 [ 800.485889] protocol 88fb is buggy, dev hsr_slave_1 [ 800.950185] protocol 88fb is buggy, dev hsr_slave_0 [ 800.955446] protocol 88fb is buggy, dev hsr_slave_1 07:40:06 executing program 5 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:06 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x1) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000100)={0x1, 0x8}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000240)="173ef0d8ef7629b8f41dff4d1523a8c3d982ddba498d25746bed08d44130bcb95d7dacadd131d0398a454363b7d4d614b3ce6bb18bb7eb9ffe274dc60a082e44372e98194f9485d74f47240e30", 0x4d, 0xfffffffffffffff9) keyctl$get_keyring_id(0x0, r1, 0x9) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000140)="2ffa4f755a8c8643bad04ec241abc9883b515aa6c9749c8f3612ba8ada2712017e4e14972a9c6d462e17e24d2ecf80645cb8c875cfc7c699515b4e393cab34062a7ba0f2ed800b0670caf84ec4ee82541aef2fd0eebbb5ea89229e2cb581332c3f1cbc404e5802c33cc66e782cf4eb8c2e27c38c1fde0ac2023c1efb77b048e64d0c124288aceb62365374ea2b58c1bac259350d03b3f9718306951284a66ca7332aae78dfc5e362e1145e55d3e5af5b492e6e14c92cb5bfecb58e24abbf350cac07a1d0f14e0e8e6784c1585ba9ca1f2cec4327b6b1ae17d636510fe6e08f891f6e6340a942af4f611ed84f000000000000000000") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:06 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000300)=0x8) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x8) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:06 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xfffffffffffffffd, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 801.639825] FAULT_INJECTION: forcing a failure. [ 801.639825] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 801.651781] CPU: 1 PID: 25989 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 801.658967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.658979] Call Trace: [ 801.659026] dump_stack+0x138/0x19c [ 801.659054] should_fail.cold+0x10f/0x159 [ 801.659073] __alloc_pages_nodemask+0x1d6/0x7a0 [ 801.659084] ? fs_reclaim_acquire+0x20/0x20 [ 801.659098] ? __alloc_pages_slowpath+0x2930/0x2930 [ 801.659127] cache_grow_begin+0x80/0x400 [ 801.674835] kmem_cache_alloc+0x6a6/0x780 [ 801.674852] ? vfs_write+0x25f/0x500 [ 801.674869] getname_flags+0xcb/0x580 [ 801.674886] ? check_preemption_disabled+0x3c/0x250 [ 801.674898] getname+0x1a/0x20 [ 801.674907] do_sys_open+0x1e7/0x430 [ 801.674917] ? filp_open+0x70/0x70 [ 801.674924] ? fput+0xd4/0x150 [ 801.674933] ? SyS_pwrite64+0xca/0x140 [ 801.674944] SyS_open+0x2d/0x40 [ 801.674951] ? do_sys_open+0x430/0x430 [ 801.674966] do_syscall_64+0x1e8/0x640 [ 801.674975] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 801.674992] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 801.675003] RIP: 0033:0x413711 [ 801.675009] RSP: 002b:00007f96fb724a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 801.675019] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413711 [ 801.675024] RDX: 00007f96fb724b0a RSI: 0000000000000002 RDI: 00007f96fb724b00 [ 801.675029] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 801.675033] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 801.675038] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:07 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:07 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000300)={0x0, 0x2c, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x79d0c76c, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x2}, @in={0x2, 0x4e21, @remote}]}, &(0x7f0000000340)=0x10) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000480)=@assoc_value={r4, 0x2b9}, &(0x7f00000004c0)=0x8) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:07 executing program 5 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 802.093474] FAULT_INJECTION: forcing a failure. [ 802.093474] name failslab, interval 1, probability 0, space 0, times 0 [ 802.107248] CPU: 0 PID: 26016 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 802.114457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.114468] Call Trace: [ 802.114510] dump_stack+0x138/0x19c [ 802.114533] should_fail.cold+0x10f/0x159 [ 802.114554] should_failslab+0xdb/0x130 [ 802.114574] kmem_cache_alloc+0x2d7/0x780 07:40:07 executing program 2: vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 802.114586] ? save_stack+0xa9/0xd0 [ 802.114602] get_empty_filp+0x8c/0x3b0 [ 802.114613] path_openat+0x8f/0x3f70 [ 802.114633] ? trace_hardirqs_on+0x10/0x10 [ 802.114650] ? check_preemption_disabled+0x3c/0x250 [ 802.114665] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 802.114673] ? find_held_lock+0x35/0x130 [ 802.114682] ? save_trace+0x290/0x290 [ 802.114696] ? __alloc_fd+0x1d4/0x4a0 [ 802.114708] do_filp_open+0x18e/0x250 [ 802.114720] ? may_open_dev+0xe0/0xe0 [ 802.114736] ? lock_downgrade+0x6e0/0x6e0 [ 802.114753] ? _raw_spin_unlock+0x2d/0x50 [ 802.114764] ? __alloc_fd+0x1d4/0x4a0 [ 802.114785] do_sys_open+0x2c5/0x430 [ 802.114799] ? filp_open+0x70/0x70 [ 802.114808] ? fput+0xd4/0x150 [ 802.114818] ? SyS_pwrite64+0xca/0x140 [ 802.114834] SyS_open+0x2d/0x40 [ 802.114851] ? do_sys_open+0x430/0x430 [ 802.150488] do_syscall_64+0x1e8/0x640 [ 802.150499] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 802.150515] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 802.150525] RIP: 0033:0x413711 07:40:07 executing program 5 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 802.150530] RSP: 002b:00007f96fb724a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 802.150540] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413711 [ 802.150546] RDX: 00007f96fb724b0a RSI: 0000000000000002 RDI: 00007f96fb724b00 [ 802.150551] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 802.150556] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 802.150561] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 802.346036] FAULT_INJECTION: forcing a failure. [ 802.346036] name failslab, interval 1, probability 0, space 0, times 0 [ 802.381754] CPU: 0 PID: 26025 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 802.388981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.388992] Call Trace: [ 802.389031] dump_stack+0x138/0x19c [ 802.389057] should_fail.cold+0x10f/0x159 [ 802.389080] should_failslab+0xdb/0x130 [ 802.389105] kmem_cache_alloc+0x2d7/0x780 [ 802.408975] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 802.408996] ? check_preemption_disabled+0x3c/0x250 [ 802.409013] selinux_file_alloc_security+0xb4/0x190 [ 802.409029] security_file_alloc+0x6d/0xa0 [ 802.409046] get_empty_filp+0x130/0x3b0 [ 802.409057] path_openat+0x8f/0x3f70 07:40:07 executing program 4: socket$vsock_stream(0x28, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept$packet(r0, 0x0, &(0x7f0000000000)) accept4$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000180)={0xbf, @local, 0x4e22, 0x0, 'rr\x00', 0x12, 0x1, 0x14}, 0x2c) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 802.409076] ? trace_hardirqs_on+0x10/0x10 [ 802.427805] ? check_preemption_disabled+0x3c/0x250 [ 802.427826] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 802.427839] ? find_held_lock+0x35/0x130 [ 802.427850] ? save_trace+0x290/0x290 [ 802.427863] ? __alloc_fd+0x1d4/0x4a0 [ 802.427880] do_filp_open+0x18e/0x250 [ 802.437422] ? may_open_dev+0xe0/0xe0 [ 802.437444] ? lock_downgrade+0x6e0/0x6e0 [ 802.437461] ? _raw_spin_unlock+0x2d/0x50 [ 802.437472] ? __alloc_fd+0x1d4/0x4a0 [ 802.437498] do_sys_open+0x2c5/0x430 [ 802.450094] ? filp_open+0x70/0x70 [ 802.450106] ? fput+0xd4/0x150 [ 802.450117] ? SyS_pwrite64+0xca/0x140 [ 802.450132] SyS_open+0x2d/0x40 [ 802.450140] ? do_sys_open+0x430/0x430 [ 802.450154] do_syscall_64+0x1e8/0x640 [ 802.450162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 802.450178] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 802.450187] RIP: 0033:0x413711 [ 802.450193] RSP: 002b:00007f96fb724a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 802.450204] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413711 [ 802.450209] RDX: 00007f96fb724b0a RSI: 0000000000000002 RDI: 00007f96fb724b00 [ 802.450214] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 802.450219] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 802.450224] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:07 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) ioctl$KVM_GET_API_VERSION(r0, 0xae00, 0x0) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) connect$bt_sco(r0, &(0x7f00000001c0)={0x1f, {0x10001, 0x7, 0x400, 0xe7f, 0x5, 0x80000000}}, 0x8) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f0000000180)={0x2, 0x0, 0x10000, 0x4}) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:09 executing program 5 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:09 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:09 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000180)={0x3, r0}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400000000400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:09 executing program 3: write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mISDNtimer\x00', 0x204000, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, &(0x7f0000000180)) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:09 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x602201, 0x0) setsockopt$inet6_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000140)="6970d79ee7b57dac919ee30d7dd75cd58073ab9605bfb251cb156f61f96864b7e801676b2c1c2853dde38dd1e512e6502c6474a4b1124d97f5bb00f7fbf6058ebb70a980a0ec3146edfe7ac3e95f4607909fbf61c731b49414b597b1f3ae2cd2659d70fea4dfba970959f9f910cecb6bf7fcac3ef15c8f3d360ad828ae05ba363b076f743b3384f13113954a83293a19d6694caa932abb3c44bfaa5f5c9cb79ec77191f7a07eda68f8abdb9b7ecf893b9bd88139aa778f40d0e565a1b0a1b7329b10aa053955b02a3772", 0xca) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={[], 0x9, 0x2, 0x8, 0x10000, 0xffffffffffffff93, r1}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 804.696816] FAULT_INJECTION: forcing a failure. [ 804.696816] name failslab, interval 1, probability 0, space 0, times 0 [ 804.742838] CPU: 1 PID: 26059 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 804.750021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 804.759395] Call Trace: [ 804.762009] dump_stack+0x138/0x19c [ 804.765691] should_fail.cold+0x10f/0x159 [ 804.769928] should_failslab+0xdb/0x130 [ 804.773981] kmem_cache_alloc_trace+0x2e9/0x790 [ 804.778718] ? __lockdep_init_map+0x10c/0x570 [ 804.783249] ? loop_get_status64+0x120/0x120 [ 804.783264] __kthread_create_on_node+0xe3/0x3e0 07:40:10 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) flistxattr(r3, &(0x7f0000000780)=""/232, 0xe8) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:10 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r1 = dup2(r0, r0) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) fanotify_mark(r1, 0x10, 0x30, r2, &(0x7f0000000180)='./file0\x00') write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000140)={0x7ffffffff000, 0xfffffffffffffed7, 0xfa00, {&(0x7f00000000c0)}}, 0xfffffdb0) [ 804.783275] ? kthread_park+0x140/0x140 [ 804.783288] ? __fget+0x210/0x370 [ 804.783303] ? loop_get_status64+0x120/0x120 [ 804.783314] kthread_create_on_node+0xa8/0xd0 [ 804.783322] ? __kthread_create_on_node+0x3e0/0x3e0 [ 804.783337] ? __lockdep_init_map+0x10c/0x570 [ 804.783352] lo_ioctl+0xcf7/0x1ce0 [ 804.783364] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 804.783378] ? loop_probe+0x160/0x160 [ 804.783391] blkdev_ioctl+0x96b/0x1860 [ 804.783401] ? blkpg_ioctl+0x980/0x980 [ 804.783417] ? __might_sleep+0x93/0xb0 [ 804.783423] ? __fget+0x210/0x370 [ 804.783439] block_ioctl+0xde/0x120 [ 804.814112] ? blkdev_fallocate+0x3b0/0x3b0 [ 804.814128] do_vfs_ioctl+0x7ae/0x1060 [ 804.814143] ? selinux_file_mprotect+0x5d0/0x5d0 [ 804.814156] ? lock_downgrade+0x6e0/0x6e0 [ 804.814168] ? ioctl_preallocate+0x1c0/0x1c0 [ 804.814181] ? __fget+0x237/0x370 [ 804.814197] ? security_file_ioctl+0x89/0xb0 [ 804.814208] SyS_ioctl+0x8f/0xc0 [ 804.814215] ? do_vfs_ioctl+0x1060/0x1060 [ 804.814230] do_syscall_64+0x1e8/0x640 [ 804.814238] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 804.814254] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 804.814263] RIP: 0033:0x459697 [ 804.814269] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 804.814280] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 804.814287] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 804.814292] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 07:40:10 executing program 5 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 804.814298] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 804.814303] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 804.947194] misc userio: Invalid payload size 07:40:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x48, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x81, @mcast1, 0x200}, @in6={0xa, 0x4e22, 0x8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x22}}, 0x7}, @in={0x2, 0x4e21, @remote}]}, &(0x7f0000000480)=0x10) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000004c0)={r4, 0x7}, 0x8) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 805.044041] FAULT_INJECTION: forcing a failure. [ 805.044041] name failslab, interval 1, probability 0, space 0, times 0 [ 805.061001] CPU: 0 PID: 26081 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 805.068215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 805.077611] Call Trace: [ 805.077652] dump_stack+0x138/0x19c [ 805.077675] should_fail.cold+0x10f/0x159 [ 805.077692] should_failslab+0xdb/0x130 07:40:10 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) r5 = creat(&(0x7f00000001c0)='./file0\x00', 0x10) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$VIDIOC_ENUM_DV_TIMINGS(r5, 0xc0945662, &(0x7f0000000480)={0x7fffffff, 0x0, [], {0x0, @reserved}}) bind$isdn(r0, &(0x7f0000000180)={0x22, 0xa8, 0x492, 0x0, 0xc9}, 0x6) [ 805.077706] kmem_cache_alloc+0x2d7/0x780 [ 805.077717] ? trace_hardirqs_on+0x10/0x10 [ 805.077727] ? save_trace+0x290/0x290 [ 805.077741] __kernfs_new_node+0x70/0x420 [ 805.077754] kernfs_new_node+0x80/0xf0 [ 805.077771] kernfs_create_dir_ns+0x41/0x140 [ 805.077784] internal_create_group+0xea/0x7b0 [ 805.077800] sysfs_create_group+0x20/0x30 [ 805.077811] lo_ioctl+0x1176/0x1ce0 [ 805.077830] ? loop_probe+0x160/0x160 [ 805.077844] blkdev_ioctl+0x96b/0x1860 [ 805.077857] ? blkpg_ioctl+0x980/0x980 [ 805.077880] ? __might_sleep+0x93/0xb0 [ 805.077890] ? __fget+0x210/0x370 [ 805.077908] block_ioctl+0xde/0x120 [ 805.077924] ? blkdev_fallocate+0x3b0/0x3b0 [ 805.100881] do_vfs_ioctl+0x7ae/0x1060 [ 805.108940] ? selinux_file_mprotect+0x5d0/0x5d0 [ 805.108978] ? lock_downgrade+0x6e0/0x6e0 [ 805.108996] ? ioctl_preallocate+0x1c0/0x1c0 [ 805.109010] ? __fget+0x237/0x370 [ 805.109027] ? security_file_ioctl+0x89/0xb0 [ 805.109041] SyS_ioctl+0x8f/0xc0 [ 805.186247] ? do_vfs_ioctl+0x1060/0x1060 [ 805.190461] do_syscall_64+0x1e8/0x640 [ 805.194418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 805.199334] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 805.204569] RIP: 0033:0x459697 [ 805.207808] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 805.215556] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 805.222933] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 805.230416] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 805.238054] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 805.245350] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 805.260186] net_ratelimit: 18 callbacks suppressed [ 805.260193] protocol 88fb is buggy, dev hsr_slave_0 [ 805.265520] protocol 88fb is buggy, dev hsr_slave_1 07:40:10 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$RTC_RD_TIME(r0, 0x80247009, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$PPPIOCATTCHAN(r0, 0x40047438, &(0x7f0000000300)=0x1) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 805.737694] misc userio: Invalid payload size [ 805.910227] protocol 88fb is buggy, dev hsr_slave_0 [ 805.915442] protocol 88fb is buggy, dev hsr_slave_1 [ 806.390268] protocol 88fb is buggy, dev hsr_slave_0 [ 806.395517] protocol 88fb is buggy, dev hsr_slave_1 [ 806.710164] protocol 88fb is buggy, dev hsr_slave_0 [ 806.715387] protocol 88fb is buggy, dev hsr_slave_1 [ 806.720659] protocol 88fb is buggy, dev hsr_slave_0 [ 806.725736] protocol 88fb is buggy, dev hsr_slave_1 07:40:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:13 executing program 5 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:13 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000000000)=0x9c93) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:13 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000300)='/dev/userio\x00', 0x1000000000000002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) getpgid(r0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1, 0x0) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0xa) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 807.761722] FAULT_INJECTION: forcing a failure. [ 807.761722] name failslab, interval 1, probability 0, space 0, times 0 [ 807.774811] CPU: 1 PID: 26113 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 807.782209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.791701] Call Trace: [ 807.794534] dump_stack+0x138/0x19c [ 807.798248] should_fail.cold+0x10f/0x159 [ 807.802563] should_failslab+0xdb/0x130 [ 807.806646] kmem_cache_alloc+0x47/0x780 [ 807.810773] ? save_stack_trace+0x16/0x20 [ 807.815322] ? save_stack+0x45/0xd0 [ 807.819105] ? kasan_kmalloc+0xce/0xf0 [ 807.823087] ? kasan_slab_alloc+0xf/0x20 [ 807.827216] ? kmem_cache_alloc+0x12e/0x780 [ 807.831590] ? __kernfs_new_node+0x70/0x420 [ 807.835973] ? kernfs_new_node+0x80/0xf0 [ 807.840122] ? kernfs_create_dir_ns+0x41/0x140 [ 807.844773] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 807.850523] idr_get_free_cmn+0x563/0x8d0 [ 807.850548] idr_alloc_cmn+0x10e/0x210 [ 807.850561] ? __fprop_inc_percpu_max+0x1e0/0x1e0 [ 807.850580] ? __lock_is_held+0xb6/0x140 [ 807.850597] ? check_preemption_disabled+0x3c/0x250 [ 807.850608] idr_alloc_cyclic+0xd0/0x1e2 [ 807.850619] ? ida_simple_remove+0x60/0x60 [ 807.850636] __kernfs_new_node+0xe4/0x420 [ 807.850648] kernfs_new_node+0x80/0xf0 [ 807.850661] kernfs_create_dir_ns+0x41/0x140 [ 807.850673] internal_create_group+0xea/0x7b0 [ 807.850687] sysfs_create_group+0x20/0x30 [ 807.850700] lo_ioctl+0x1176/0x1ce0 [ 807.850712] ? loop_probe+0x160/0x160 [ 807.850725] blkdev_ioctl+0x96b/0x1860 [ 807.850733] ? blkpg_ioctl+0x980/0x980 [ 807.850753] ? __might_sleep+0x93/0xb0 [ 807.850765] ? __fget+0x210/0x370 [ 807.850777] block_ioctl+0xde/0x120 [ 807.850785] ? blkdev_fallocate+0x3b0/0x3b0 [ 807.850797] do_vfs_ioctl+0x7ae/0x1060 [ 807.850815] ? selinux_file_mprotect+0x5d0/0x5d0 [ 807.850824] ? lock_downgrade+0x6e0/0x6e0 [ 807.850833] ? ioctl_preallocate+0x1c0/0x1c0 [ 807.850843] ? __fget+0x237/0x370 [ 807.850862] ? security_file_ioctl+0x89/0xb0 07:40:13 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x6, 0x0, 0x0, 0xbc, 0x105000}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 807.850874] SyS_ioctl+0x8f/0xc0 [ 807.850883] ? do_vfs_ioctl+0x1060/0x1060 [ 807.850902] do_syscall_64+0x1e8/0x640 [ 807.850919] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 807.863946] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 807.863958] RIP: 0033:0x459697 [ 807.863964] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 807.863976] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 807.863982] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 807.863987] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 807.863993] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 807.863999] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:13 executing program 5 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:13 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) openat$cgroup_subtree(r0, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 808.148074] FAULT_INJECTION: forcing a failure. [ 808.148074] name failslab, interval 1, probability 0, space 0, times 0 [ 808.185216] CPU: 0 PID: 26137 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 808.192714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.202105] Call Trace: [ 808.204782] dump_stack+0x138/0x19c [ 808.208448] should_fail.cold+0x10f/0x159 [ 808.212664] should_failslab+0xdb/0x130 [ 808.216701] kmem_cache_alloc+0x2d7/0x780 [ 808.220943] ? wait_for_completion+0x420/0x420 [ 808.220977] __kernfs_new_node+0x70/0x420 [ 808.220990] kernfs_new_node+0x80/0xf0 [ 808.221003] __kernfs_create_file+0x46/0x323 [ 808.221020] sysfs_add_file_mode_ns+0x1e4/0x450 [ 808.229834] internal_create_group+0x232/0x7b0 [ 808.247732] sysfs_create_group+0x20/0x30 [ 808.251940] lo_ioctl+0x1176/0x1ce0 [ 808.255624] ? loop_probe+0x160/0x160 [ 808.255640] blkdev_ioctl+0x96b/0x1860 [ 808.255650] ? blkpg_ioctl+0x980/0x980 [ 808.255668] ? __might_sleep+0x93/0xb0 [ 808.255685] ? __fget+0x210/0x370 [ 808.274938] block_ioctl+0xde/0x120 [ 808.278631] ? blkdev_fallocate+0x3b0/0x3b0 [ 808.283047] do_vfs_ioctl+0x7ae/0x1060 [ 808.287040] ? selinux_file_mprotect+0x5d0/0x5d0 [ 808.291872] ? lock_downgrade+0x6e0/0x6e0 [ 808.296094] ? ioctl_preallocate+0x1c0/0x1c0 [ 808.300535] ? __fget+0x237/0x370 [ 808.304052] ? security_file_ioctl+0x89/0xb0 [ 808.308615] SyS_ioctl+0x8f/0xc0 [ 808.312017] ? do_vfs_ioctl+0x1060/0x1060 [ 808.316191] do_syscall_64+0x1e8/0x640 [ 808.320387] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 808.325277] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 808.330496] RIP: 0033:0x459697 [ 808.333720] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 808.341474] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 07:40:13 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x1, 0x0) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) setsockopt$TIPC_SRC_DROPPABLE(r0, 0x10f, 0x80, &(0x7f0000000180)=0x5, 0x4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$SIOCRSACCEPT(r4, 0x89e3) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 808.348851] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 808.356155] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 808.363438] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 808.370748] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:13 executing program 5 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:13 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 808.574999] *** Guest State *** [ 808.584966] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 808.605748] FAULT_INJECTION: forcing a failure. [ 808.605748] name failslab, interval 1, probability 0, space 0, times 0 [ 808.618692] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 808.628569] CPU: 1 PID: 26151 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 808.635723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.645222] Call Trace: [ 808.645259] dump_stack+0x138/0x19c [ 808.645279] should_fail.cold+0x10f/0x159 [ 808.645298] should_failslab+0xdb/0x130 [ 808.645314] kmem_cache_alloc+0x2d7/0x780 [ 808.645323] ? wait_for_completion+0x420/0x420 [ 808.645343] __kernfs_new_node+0x70/0x420 [ 808.645358] kernfs_new_node+0x80/0xf0 [ 808.645375] __kernfs_create_file+0x46/0x323 [ 808.645390] sysfs_add_file_mode_ns+0x1e4/0x450 [ 808.645406] internal_create_group+0x232/0x7b0 [ 808.645422] sysfs_create_group+0x20/0x30 [ 808.645433] lo_ioctl+0x1176/0x1ce0 [ 808.645449] ? loop_probe+0x160/0x160 [ 808.645463] blkdev_ioctl+0x96b/0x1860 [ 808.645489] ? blkpg_ioctl+0x980/0x980 [ 808.645510] ? __might_sleep+0x93/0xb0 [ 808.645520] ? __fget+0x210/0x370 [ 808.645535] block_ioctl+0xde/0x120 [ 808.645546] ? blkdev_fallocate+0x3b0/0x3b0 [ 808.645559] do_vfs_ioctl+0x7ae/0x1060 [ 808.645598] ? selinux_file_mprotect+0x5d0/0x5d0 [ 808.645624] ? lock_downgrade+0x6e0/0x6e0 [ 808.668839] ? ioctl_preallocate+0x1c0/0x1c0 [ 808.668856] ? __fget+0x237/0x370 [ 808.668877] ? security_file_ioctl+0x89/0xb0 [ 808.668892] SyS_ioctl+0x8f/0xc0 [ 808.677022] ? do_vfs_ioctl+0x1060/0x1060 [ 808.738486] do_syscall_64+0x1e8/0x640 [ 808.738501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 808.738520] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 808.738530] RIP: 0033:0x459697 [ 808.738535] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 808.738553] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 808.762406] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 808.762415] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 808.762420] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 808.762425] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 808.768406] CR3 = 0x00000000fffbc000 [ 808.799343] RSP = 0x0000000000000000 RIP = 0x0000000000000231 [ 808.814380] RFLAGS=0x00000216 DR7 = 0x0000000000000400 [ 808.814395] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 808.814405] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 808.814419] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 808.814431] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 808.814443] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 808.814458] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 808.852996] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 808.853009] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 808.853023] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 808.853033] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 808.853047] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 808.853056] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 808.853070] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 808.869463] Interruptibility = 00000001 ActivityState = 00000000 [ 808.919721] *** Host State *** [ 808.952924] RIP = 0xffffffff81173b7f RSP = 0xffff888056cef998 [ 808.959657] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 808.967459] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 808.992595] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 808.999744] CR0=0000000080050033 CR3=0000000080f5a000 CR4=00000000001426e0 [ 809.007748] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 809.047078] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 809.053435] *** Control State *** [ 809.056987] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 809.063846] EntryControls=0000d1ff ExitControls=002fefff [ 809.069339] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 809.069347] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 809.069353] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 809.069360] reason=80000021 qualification=0000000000000003 [ 809.069365] IDTVectoring: info=00000000 errcode=00000000 [ 809.069370] TSC Offset = 0xfffffe4c62b011b9 [ 809.069378] EPT pointer = 0x0000000098cd401e [ 809.069385] Virtual processor ID = 0x0003 [ 810.550236] net_ratelimit: 14 callbacks suppressed [ 810.550244] protocol 88fb is buggy, dev hsr_slave_0 [ 810.560446] protocol 88fb is buggy, dev hsr_slave_1 07:40:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:16 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0xfffffe8d) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:16 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000480)="0f42", 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) shutdown(r0, 0x1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000040)={r0, &(0x7f00000004c0)="71c002dd0fb2cc00f6fbe2d94e3ac987029e96dbe9096f8652c80067a9d8b8497f938a71a78299a1b0dc62d057f6efaa0bf93808cc2afd6cc961e511067ae6a9feb4639bb16cf88e46c1fe03631b2ff8ce3ac65f32ef744fd609d6ceb8d93c3172bef9c465c2b31209b528e9bcfbf6f420aaa76f1c4707124063c57e9c1028c6f985e9038ae21b847ed47e0492ec7a389a226c330793a8", &(0x7f0000000580)=""/250}, 0x18) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000300)="b9350900000f32b96f0b00000f32f3642e64420f011dc6000000420f215cc744240000480000c74424020a000000c7442406000000000f011c2448b896dbf53e000000000f23d00f21f8351000000a0f23f866ba430066edc74424005d000000c744240200000000ff1c242bdf660f3881a18000c0fe", 0x76}], 0x1, 0x20, &(0x7f0000000480), 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000740)={0x17, 0xae, &(0x7f0000000680)="40a8ccf713f5e3e58c6f025e5a041839d763f73afa38c858847ece65f891e649987df4aa44b02110c0d85c9151ce313b18fb8aced9fa5cb9fc2cf4e63b71f747661bd7fab7befb91476fc6a0e86f910ef7ce818248cbfe0d77ea9df9cd1b9ba638b35db03f0167e70607823e1824b0515e0f82c9d8f3cef8ce5928c17a509164e6f87e49562434996ec96674123e210191a6dac7dd1abc6a1601b9664cc9b84c5ea1e02243f43966b991f1517ac0"}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r5) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:16 executing program 5 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:16 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x10207, 0xfffffffffffffffc, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0x10000, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x200000, 0x0) clock_settime(0xcad6d89c7f1fb631, &(0x7f0000000080)={0x77359400}) fcntl$getflags(r1, 0x40a) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 810.776511] misc userio: Invalid payload size [ 810.812273] FAULT_INJECTION: forcing a failure. [ 810.812273] name failslab, interval 1, probability 0, space 0, times 0 [ 810.866575] misc userio: No port type given on /dev/userio [ 810.872494] protocol 88fb is buggy, dev hsr_slave_0 [ 810.872556] protocol 88fb is buggy, dev hsr_slave_1 [ 810.872683] protocol 88fb is buggy, dev hsr_slave_0 [ 810.872729] protocol 88fb is buggy, dev hsr_slave_1 [ 810.879290] CPU: 0 PID: 26175 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 810.900260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.909650] Call Trace: [ 810.909683] dump_stack+0x138/0x19c [ 810.909701] should_fail.cold+0x10f/0x159 [ 810.909719] should_failslab+0xdb/0x130 [ 810.909732] kmem_cache_alloc+0x2d7/0x780 [ 810.909750] ? wait_for_completion+0x420/0x420 [ 810.920210] __kernfs_new_node+0x70/0x420 [ 810.920227] kernfs_new_node+0x80/0xf0 [ 810.920241] __kernfs_create_file+0x46/0x323 [ 810.920255] sysfs_add_file_mode_ns+0x1e4/0x450 [ 810.920269] internal_create_group+0x232/0x7b0 [ 810.920284] sysfs_create_group+0x20/0x30 [ 810.920295] lo_ioctl+0x1176/0x1ce0 07:40:16 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x18c00, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 810.920309] ? loop_probe+0x160/0x160 [ 810.920321] blkdev_ioctl+0x96b/0x1860 [ 810.920330] ? blkpg_ioctl+0x980/0x980 [ 810.920345] ? __might_sleep+0x93/0xb0 [ 810.920355] ? __fget+0x210/0x370 [ 810.920368] block_ioctl+0xde/0x120 [ 810.920377] ? blkdev_fallocate+0x3b0/0x3b0 [ 810.920388] do_vfs_ioctl+0x7ae/0x1060 [ 810.920407] ? selinux_file_mprotect+0x5d0/0x5d0 [ 810.956051] ? lock_downgrade+0x6e0/0x6e0 [ 810.956072] ? ioctl_preallocate+0x1c0/0x1c0 [ 810.956087] ? __fget+0x237/0x370 [ 810.956108] ? security_file_ioctl+0x89/0xb0 [ 810.956126] SyS_ioctl+0x8f/0xc0 [ 810.964026] ? do_vfs_ioctl+0x1060/0x1060 [ 810.964045] do_syscall_64+0x1e8/0x640 [ 810.964054] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 810.964073] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 810.964085] RIP: 0033:0x459697 [ 810.964090] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 810.964107] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 811.056238] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 811.063521] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 811.070835] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 811.078138] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:16 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r0, r0, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000300)="c40155f25700660f3882b90b01c0fe66ba4200b02aee0f20c035080000000f22c066baf80cb8f4350880ef66bafc0cb8ffdd0000efb9340b0000b800000000ba008000000f30f30f6f89bc000000460f01c3c461f810c664400f35", 0x5b}], 0x1, 0x40, &(0x7f00000004c0), 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x401, 0x5}) 07:40:16 executing program 5 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 811.329519] FAULT_INJECTION: forcing a failure. [ 811.329519] name failslab, interval 1, probability 0, space 0, times 0 [ 811.347449] CPU: 1 PID: 26207 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 811.354663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.364065] Call Trace: [ 811.366713] dump_stack+0x138/0x19c [ 811.370425] should_fail.cold+0x10f/0x159 [ 811.370451] should_failslab+0xdb/0x130 [ 811.370481] kmem_cache_alloc+0x2d7/0x780 [ 811.370499] ? wait_for_completion+0x420/0x420 [ 811.370523] __kernfs_new_node+0x70/0x420 [ 811.370539] kernfs_new_node+0x80/0xf0 [ 811.370551] __kernfs_create_file+0x46/0x323 [ 811.370564] sysfs_add_file_mode_ns+0x1e4/0x450 [ 811.370584] internal_create_group+0x232/0x7b0 [ 811.387789] sysfs_create_group+0x20/0x30 [ 811.387808] lo_ioctl+0x1176/0x1ce0 [ 811.387823] ? loop_probe+0x160/0x160 [ 811.387839] blkdev_ioctl+0x96b/0x1860 [ 811.387849] ? blkpg_ioctl+0x980/0x980 [ 811.387869] ? __might_sleep+0x93/0xb0 [ 811.387879] ? __fget+0x210/0x370 [ 811.387895] block_ioctl+0xde/0x120 [ 811.433567] ? blkdev_fallocate+0x3b0/0x3b0 [ 811.433585] do_vfs_ioctl+0x7ae/0x1060 [ 811.433605] ? selinux_file_mprotect+0x5d0/0x5d0 [ 811.433621] ? lock_downgrade+0x6e0/0x6e0 [ 811.433637] ? ioctl_preallocate+0x1c0/0x1c0 [ 811.441592] ? __fget+0x237/0x370 [ 811.441618] ? security_file_ioctl+0x89/0xb0 [ 811.441631] SyS_ioctl+0x8f/0xc0 [ 811.441644] ? do_vfs_ioctl+0x1060/0x1060 [ 811.441669] do_syscall_64+0x1e8/0x640 [ 811.465779] *** Guest State *** [ 811.467588] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.467613] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 811.467624] RIP: 0033:0x459697 [ 811.467629] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 811.467642] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 07:40:16 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 811.467648] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 811.467654] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 811.467660] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 811.467667] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 811.468037] protocol 88fb is buggy, dev hsr_slave_0 [ 811.476489] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 811.480365] protocol 88fb is buggy, dev hsr_slave_1 [ 811.484207] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 811.539525] CR3 = 0x00000000fffbc000 [ 811.573916] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 811.578219] misc userio: Invalid payload size 07:40:16 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0), 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 811.623963] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 811.631829] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 811.641317] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 811.651167] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 811.660534] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 811.695629] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 811.718420] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 07:40:17 executing program 5 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 811.753459] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 811.776770] GDTR: limit=0x0000ffff, base=0x0000000000000000 07:40:17 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x101000, 0x0) ioctl$KVM_SIGNAL_MSI(r0, 0x4020aea5, &(0x7f0000000040)={0x1d004, 0x0, 0x8, 0x9, 0x7}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(r1, &(0x7f0000000480)="646295a2169ea69d2fd819b18c7f11539dd7a4c35eddc5264cba6aa9962520ae0edde91a35bf64cb0c1d95c68c77b7b0f61b9ea59bfa4697fbc95562896062278b54ead74c67d8248e74e3fe69cc7d3486de00e7a787a77a151b852cf40095f46c36e9b418a47f5c5196a336c99a1b77c234bca19bfe7d236456d8831e508965be35091c4f4661052be93c6597c1a0e5825fa918217b379e9c1aea728b5da4edbfe45a010100007ce5b4e4726dc7509f441467dd8b0f343038000cde9ff8cc5edc2bc7bd79fd3c64000000000000000046f76e5a41bbc4184411ef0d06c94a764764a34869389a4d5f6c1404df00"/253, 0x340) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_TSC_KHZ(r1, 0xaea2, 0xffffffffffffff6b) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) io_setup(0x2, &(0x7f0000000300)=0x0) io_cancel(r6, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x5, 0x700, r0, &(0x7f0000000580)="37493b73aab63d357b4a46a5e30252b46dfc06e712479473b713037afa8e3eceedd6a76eccba7bbb7eca86f0d467395e659c84195f4adc4eb7043b620663f3ab45b65f11bbf52a855405fb0836a98e7db2cb7a797a6fd7ec7635fe669eb58beec44e5048a70f65c55d410c76a24a06beb4434298756f147abfc261e316650e99baa8ee9e41ff5d7cc9963778ccf1cc6d4044738cd9b770308ed4ae4c2447", 0x9e, 0x5, 0x0, 0x0, r0}, &(0x7f0000000640)) [ 811.813622] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 811.825133] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 811.834463] misc userio: No port type given on /dev/userio [ 811.844993] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 811.859444] FAULT_INJECTION: forcing a failure. [ 811.859444] name failslab, interval 1, probability 0, space 0, times 0 [ 811.868206] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 811.879649] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 811.889531] CPU: 0 PID: 26228 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 811.895541] Interruptibility = 00000001 ActivityState = 00000000 [ 811.896746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.896755] Call Trace: [ 811.896794] dump_stack+0x138/0x19c [ 811.896830] should_fail.cold+0x10f/0x159 [ 811.905618] *** Host State *** [ 811.912553] should_failslab+0xdb/0x130 [ 811.912573] kmem_cache_alloc+0x2d7/0x780 [ 811.912589] ? wait_for_completion+0x420/0x420 [ 811.912609] __kernfs_new_node+0x70/0x420 [ 811.912621] kernfs_new_node+0x80/0xf0 [ 811.912632] __kernfs_create_file+0x46/0x323 [ 811.912643] sysfs_add_file_mode_ns+0x1e4/0x450 [ 811.912659] internal_create_group+0x232/0x7b0 [ 811.912673] sysfs_create_group+0x20/0x30 [ 811.912687] lo_ioctl+0x1176/0x1ce0 [ 811.912700] ? loop_probe+0x160/0x160 [ 811.912715] blkdev_ioctl+0x96b/0x1860 [ 811.912724] ? blkpg_ioctl+0x980/0x980 [ 811.912745] ? __might_sleep+0x93/0xb0 [ 811.912755] ? __fget+0x210/0x370 [ 811.912768] block_ioctl+0xde/0x120 [ 811.912777] ? blkdev_fallocate+0x3b0/0x3b0 [ 811.912796] do_vfs_ioctl+0x7ae/0x1060 [ 811.919602] RIP = 0xffffffff81173b7f RSP = 0xffff88805405f998 [ 811.923260] ? selinux_file_mprotect+0x5d0/0x5d0 [ 811.923276] ? lock_downgrade+0x6e0/0x6e0 [ 811.923289] ? ioctl_preallocate+0x1c0/0x1c0 [ 811.923300] ? __fget+0x237/0x370 [ 811.923317] ? security_file_ioctl+0x89/0xb0 [ 811.923328] SyS_ioctl+0x8f/0xc0 [ 811.923336] ? do_vfs_ioctl+0x1060/0x1060 [ 811.923352] do_syscall_64+0x1e8/0x640 [ 811.923362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 811.923378] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 811.923388] RIP: 0033:0x459697 [ 811.923393] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 811.923404] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 811.923410] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 811.923416] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 811.923421] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 811.923426] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 811.950843] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 811.966414] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000034000 [ 812.115893] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 812.122940] CR0=0000000080050033 CR3=00000000a8b80000 CR4=00000000001426f0 [ 812.130193] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 812.130204] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 812.130208] *** Control State *** [ 812.130215] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 812.130220] EntryControls=0000d1ff ExitControls=002fefff [ 812.130230] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 812.166195] protocol 88fb is buggy, dev hsr_slave_0 [ 812.166242] protocol 88fb is buggy, dev hsr_slave_1 [ 812.166468] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 812.184174] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 812.192352] reason=80000021 qualification=0000000000000003 [ 812.206077] IDTVectoring: info=00000000 errcode=00000000 07:40:17 executing program 5 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 812.217845] TSC Offset = 0xfffffe4aee6617a7 [ 812.226626] EPT pointer = 0x0000000058fc801e [ 812.235165] Virtual processor ID = 0x0001 07:40:17 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(r0, &(0x7f0000001440)="0f425cb28338587b1938329f518f32423ec105e1420e95294fcec716f867a82232164a0f0a795dc0025f04e4bba70cfffdac694cd11dbebc7b93e7c6f6b1599d830e65e3b5361164b0db1b08d34ab1fd1ab56e67dcd1fbd7def9526f798807adbc3ac7dae361000000000000000000000000000000dc796fc6b08f0b1716abdec9c61c1675bd0d828a7ccf8931e7dee614576084d8e65d3b62eabc260ccefbd6743e163a3970ad2e84116a2ba95788a0f10614ff76a831bf5577001ef9d27a41c4e35456469e488fa4b03a82b6c603f390e5", 0x61257d0405daf230) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0xafd9, 0xfff, 0xfffffffffffffffc, 0x3, 0x5bd}, &(0x7f0000000300)=0x14) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000480)={r1, 0x401}, &(0x7f00000004c0)=0x8) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/hwrng\x00', 0x40081, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_NMI(r5, 0xae9a) r7 = geteuid() getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000b80)={{{@in6=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000001640)=0xffffffffffffffd2) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000001240)=0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001280)={{{@in6=@dev, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@multicast1}}, &(0x7f0000001380)=0xe8) r11 = getegid() sendmsg$netlink(r0, &(0x7f0000001400)={&(0x7f0000000500)=@kern={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000011c0)=[{&(0x7f0000000780)={0x40, 0x27, 0x1, 0x70bd28, 0x25dfdbfd, "", [@generic="effa3c16ee3b65d1", @typed={0x8, 0x1b, @fd=r6}, @typed={0xc, 0x9, @u64=0x1}, @typed={0x14, 0x88, @ipv6=@mcast1}]}, 0x40}, {&(0x7f00000007c0)={0x190, 0x21, 0x201, 0x70bd25, 0x25dfdbff, "", [@nested={0x150, 0x51, [@generic="76453dc44c19d9186a572ba5765a1a640843e4950cf393c20d1a5478634e8e13c5f11b54527da3135f02dab226b30c7c66cd7474d6336b99661c4e0454c6b7fe58ca", @generic="b61480573dd5a5b9f915fd5cfb380752da5c72eddd90d961045ec959a0020ebe652cb1dc43351a74c3c32d14ef027bfbbc134885fb047966d92b2c93fe9bd0602832953c31182ab8e83d0061f31db38d6fb79b02c4d4165ec0beef46afca61720c4a35277bbac589bfa09a3474c6c33eb75f3e061bd07714fc7ba64d667439a88f818687c61bd8ee9dd8ddc877821ce785b95b10b57e9b31e91e511bdc0e8a2bed611ae1c5942c8078c9bd6a5e19197617a786a26eb2cc811855a13c375b25fe75476a20e83e75feb27a00b46dff037bcb0cca04eca2b03a0ad3976050", @generic="7eadc960dfebd457ec79861d808a5521016b43ec949ed937f45af1d9c589dc66fe497936dc75c047c8479f087d"]}, @generic="2394f37f13c29906feb39c047ab6808d8ccb04843e3eee9c9ab9b09a265b8472bf956382b3f031cdc0a6acb960"]}, 0x190}, {&(0x7f0000000980)={0xc0, 0x35, 0x100, 0x70bd28, 0x25dfdbfb, "", [@generic="eb4ea56664d68bc4828d23d8f7e795a37ac2ded4af10d5d296cce8444932445385d1b24826d9228747d38828dcca666affbea02f621e0fe072ff9b4139acd375d13663f616706bc652870222579b03455be1cafffcd1", @generic="cd0cb1102a861f9681de84a108e7e9ebde7c10a82da26c17adbb2df60791d3082ba8e7e6879cd95e2e90a200", @typed={0x8, 0x7c, @ipv4=@multicast1}, @typed={0xc, 0x36, @binary="6c7ddac5857edf45"}, @typed={0x8, 0x54, @u32=0x6}, @typed={0x10, 0xe, @binary="bee445415073073cff4a"}]}, 0xc0}, {&(0x7f0000000c80)=ANY=[@ANYBLOB="340100002b0000082dbd7000fddbdf250c00930002000000000000001801330016515fbf9f1efd59a6f714583cfe6193c16c21e74ec6dd43c8df7fc76935551e229032975d14477fbdf8f8487286cf644005468cd881d62cae00054e1b456f598904fdfba631d6ff7f4b5b0f42661d4fcea8646e77960a7954d62f5b0c0152639563e6386cd79c8f89bb71b4d6a093d0efc789c525b15156999d848d375153b6b938af28f3dec9931b94e06f9c7fadc5ce6b40f7eaeaa85e304856f1c0e42dea2063b814ac2cd3eaf127708b0c5f896bec856639bc76d3e6386372b896f33b9c2565e7c6ffd58d99917caeac5c693bacf5e36aee51be0685ebb5bf2ce448bd1b80d141ebed5bf444c6b8c30d6e743d4021ebb0b70aad0e8fb6b2ccff2c0b9caf6d58bf8904369d0b3ecb15d2040a3b9fcdc6bca43f60befac1b925ab1aab8ce33400"], 0x134}, {&(0x7f0000001680)=ANY=[@ANYBLOB="cc0400004200090a2abd7000fcdbdf254000120067f3dd4b60898fccd451e0472859630606651d15d119b44b8227445cfa91b939ff4fbd1dfc6f4fe09ab1e930100056002f6465762f6b766d0000000008030200d8fa782fbb24cc61bf7a2f811fa2afe6940d2cb22a75526e37c1e772a2e1112d4d0ac29c3fb044ae72ae63fb8db148673039b948ed8965317f7ca71ec1bcbce6c64ba0de74837c5a2abd0597dd190d91251c48c69858f3e16813cbd059f5dfffd18dee2fc99975b7986beb00a8c59513fa0a781cb597232fa6c4b1897cf5c5a6c8958572787cb3cd590f3bb8b5e9d4d906ac12d17405ed6a1f9420335c2826a1843bbbad7b4e1e4061d1c3f2ea3a39aa0b4811a187a5c02b17b929e8dd2598c60fa04625fbe91bf0a592b230bd7ec39203aae9026732a6e8f982035f0c14292956b3ac16efb07ee1df801742189d9dc4d88435b8d4796270a75f71861ef443f5748e512425e349c0f3906d04a97835094012d11903337e1a49e0bd5ff5770d3ab7b98b878f8fd61159a738c75f98cc9abd4600d643c6e1c51e2004c0c275baa26005c54f6c6ea886e26e381ce43e6201baceade1763e47060deb5ab937dca607f50800780000000000d821f00900c3f8f557ed2e2bcfcf71de5e55190aeec69a004eafe1dd8ca69d221f03f42b6029c34ae7ae9853c32ac5b397bc29c5ac82b3aa869f65611f49841ae54af47fbaeac25b8183bc73aaf5e84839c1fadda1b3b05ddb8412e872e15b36040015008dc5640fae81dd33cb2d9480cc74a44481464e11246d9d2e55f94b79c51f6bb926fa6a25fd528f06c79ad63ab8cd1e09fed7f51dbcde716a524a3c9e3ff0f694754d86ea873a2a7c0a39e4385eb1d71340fa357e14b41c40c98e26cf76a4a71640337e83ed204a216dcd41c169cc50602103c22320eba252a089b71dbb68b04c9f08006e00", @ANYRES32=r7, @ANYBLOB="18227e2dfe6f9a9f88659f7cae27f3820835955c0888b9cce7ba4b896b6db9c10b6bc8a3d7477c96a3804f551d2f5a2801bb2a78df738b4bf0b00a2ebf4d83037b7f6532ac37b3e47ebfab1825d6c2044619cf6eb46d05fed1e42a8366653ad9d04ab8b00767cdaf4e0138b6073aad0c78463175820eb0f5934602799becfdc7ec60f0a9803dfbca5f42adffff19eb36b4feca7601379cf1cbbd7ea6c0f182b36051932ea944fdf007d8cf16000074007c002e2223fe0d99f04c88db2dc7ec10242f9396fcc0e0d13e6c13687f9bfd4f91f280df535fb6acc10fd5837851754410869b617d488abf112982a9a34035934d10e1b109b201b4c406789671cab7f45e08663a45aba052f1eed4482756991ccafd736e48c0100000000000000000000000009a5ca18494545a7212300d10d4d588c06f101b2daf3271e89fdf93cb5a18dbd3f01e66aed65f4e2987d1a47962627951215ba5cc0a5c3b35a56d1f58f2842d46729d2d4d803a4e2e0dfc7375b9aeb4229e0610bc8c952b9c470438fc153da57c1b592bd2d9f595bb88647c15a1f5effb2f5e2732bd666589557450f5fb8311c0a36ffe70fa62ee51928e6564f1cd5d7416fd3491ccc1ebf50c5a965ed8cd8f7a069ceaa48c56588c56190c2cd4b6c0e7caa03430e6af63d1d800bc3880548776e9898982142ef8ae1b1e671ef48d959e65e76f5e0b9f3be4bd33cc080015000000000000000000", @ANYRES32=r8, @ANYBLOB="09de1772e910c1c8fe3ba9c86658adb213db47d9b6694a591ba395f3a3e01d0fadb8ee5c200b9fda9f9a70bddb52989ab6ca917c3c3540c602f848c4bd03c632c945e7baaaac1422f5f1e9876ec516a412b2ffcbc03feef0ee5d4c67a8274360648228698fa052d65670361fc713b7536138cba1404e0ec3e05f611579c0259a8c99d5e17bf2fe72d000267be71bf03b086226e98dee799eb47753743e1811c0162e758e347ef5322af990a3e5aeabcffb6042"], 0x4cc}], 0x5, &(0x7f00000013c0)=[@cred={{0x1c, 0x1, 0x2, {r9, r10, r11}}}], 0x20, 0x20000010}, 0x4000000) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000180)={0x7, 0x4, 0x8, 0xa, 0xfffffffffffffffd, 0x20, 0x3c0a}) ioctl$KVM_RUN(r5, 0xae80, 0x0) keyctl$session_to_parent(0x12) [ 812.274515] FAULT_INJECTION: forcing a failure. [ 812.274515] name failslab, interval 1, probability 0, space 0, times 0 [ 812.287658] CPU: 1 PID: 26241 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 812.294818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.304221] Call Trace: [ 812.304265] dump_stack+0x138/0x19c [ 812.304292] should_fail.cold+0x10f/0x159 [ 812.304314] should_failslab+0xdb/0x130 [ 812.304347] kmem_cache_alloc_trace+0x2e9/0x790 [ 812.319075] ? kernfs_put+0x35e/0x490 [ 812.319088] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 812.319105] ? devm_device_remove_groups+0x50/0x50 [ 812.319121] kobject_uevent_env+0x378/0xc23 [ 812.319131] ? internal_create_group+0x49a/0x7b0 [ 812.319147] kobject_uevent+0x20/0x26 [ 812.350929] lo_ioctl+0x11e7/0x1ce0 [ 812.354699] ? loop_probe+0x160/0x160 [ 812.358551] blkdev_ioctl+0x96b/0x1860 [ 812.362498] ? blkpg_ioctl+0x980/0x980 [ 812.366438] ? __might_sleep+0x93/0xb0 [ 812.370388] ? __fget+0x210/0x370 [ 812.373904] block_ioctl+0xde/0x120 [ 812.377601] ? blkdev_fallocate+0x3b0/0x3b0 [ 812.381985] do_vfs_ioctl+0x7ae/0x1060 [ 812.385921] ? selinux_file_mprotect+0x5d0/0x5d0 [ 812.390814] ? lock_downgrade+0x6e0/0x6e0 [ 812.395046] ? ioctl_preallocate+0x1c0/0x1c0 [ 812.399495] ? __fget+0x237/0x370 [ 812.403055] ? security_file_ioctl+0x89/0xb0 [ 812.407558] SyS_ioctl+0x8f/0xc0 [ 812.411034] ? do_vfs_ioctl+0x1060/0x1060 [ 812.415274] do_syscall_64+0x1e8/0x640 [ 812.419201] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 812.424121] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 812.429398] RIP: 0033:0x459697 [ 812.432620] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 812.440378] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 812.440386] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 812.440391] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 812.440396] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 812.440401] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(r0, &(0x7f00000001c0)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0), 0x331}], 0x2, 0x1) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000180)={0xf000, 0x12000}) ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xffffffffffffff81) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2ced4337]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:19 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) pipe(&(0x7f0000000100)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:19 executing program 5 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:19 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='io.stat\x00', 0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x63, &(0x7f0000000080)={'icmp\x00'}, &(0x7f0000000140)=0x1e) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000180)={0xffffffffffffffbc}, 0xffffffffffffff5d) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e23, @broadcast}}, 0x0, 0x6d4, 0x3, 0x4, 0x1}, &(0x7f0000000040)=0x98) setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000280)={r2, 0xce99, 0x5506, 0x1}, 0x10) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000002c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:40:19 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'vcan0\x00'}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 813.842127] FAULT_INJECTION: forcing a failure. [ 813.842127] name failslab, interval 1, probability 0, space 0, times 0 [ 813.878652] CPU: 0 PID: 26261 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 813.885956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.885964] Call Trace: [ 813.886009] dump_stack+0x138/0x19c [ 813.886034] should_fail.cold+0x10f/0x159 [ 813.905853] should_failslab+0xdb/0x130 [ 813.909890] kmem_cache_alloc_trace+0x2e9/0x790 [ 813.914630] ? kernfs_put+0x35e/0x490 [ 813.918490] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 813.918510] ? devm_device_remove_groups+0x50/0x50 [ 813.918524] kobject_uevent_env+0x378/0xc23 [ 813.918536] ? internal_create_group+0x49a/0x7b0 [ 813.918554] kobject_uevent+0x20/0x26 [ 813.941557] lo_ioctl+0x11e7/0x1ce0 [ 813.945240] ? loop_probe+0x160/0x160 [ 813.949109] blkdev_ioctl+0x96b/0x1860 [ 813.953050] ? blkpg_ioctl+0x980/0x980 [ 813.953070] ? __might_sleep+0x93/0xb0 [ 813.953079] ? __fget+0x210/0x370 [ 813.953092] block_ioctl+0xde/0x120 [ 813.953101] ? blkdev_fallocate+0x3b0/0x3b0 [ 813.953110] do_vfs_ioctl+0x7ae/0x1060 [ 813.953124] ? selinux_file_mprotect+0x5d0/0x5d0 [ 813.953135] ? lock_downgrade+0x6e0/0x6e0 [ 813.953145] ? ioctl_preallocate+0x1c0/0x1c0 [ 813.953155] ? __fget+0x237/0x370 [ 813.953173] ? security_file_ioctl+0x89/0xb0 [ 813.953183] SyS_ioctl+0x8f/0xc0 [ 813.953193] ? do_vfs_ioctl+0x1060/0x1060 [ 813.953208] do_syscall_64+0x1e8/0x640 [ 813.953217] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 813.953240] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 813.976503] RIP: 0033:0x459697 [ 813.985487] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 813.985504] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 813.985509] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 813.985514] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 813.985519] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 813.985524] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) fgetxattr(r1, &(0x7f0000000080)=@known='trusted.overlay.redirect\x00', &(0x7f0000000140)=""/34, 0x22) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:19 executing program 4 (fault-call:10 fault-nth:0): setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1080000}, 0xc, &(0x7f0000000480)={&(0x7f00000002c0)={0x80, r4, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@SEG6_ATTR_DSTLEN={0x8, 0x2, 0x1}, @SEG6_ATTR_DST={0x14, 0x1, @dev={0xfe, 0x80, [], 0xb}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xfffffffffffffff9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x3}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x5}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x6}, @SEG6_ATTR_DST={0x14, 0x1, @mcast1}, @SEG6_ATTR_DST={0x14, 0x1, @loopback}, @SEG6_ATTR_ALGID={0x8, 0x6, 0x9}]}, 0x80}, 0x1, 0x0, 0x0, 0x10}, 0x800) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000780)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000500)={0xffffffffffffffff}, 0x13f, 0x7}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000007c0)={0x15, 0x110, 0xfa00, {r5, 0x3, 0x0, 0x0, 0x0, @in={0x2, 0x4e24, @remote}, @ib={0x1b, 0x7, 0xffffffff, {"68f6cb1333b180697182709180630ac3"}, 0x40e800000000, 0x0, 0x2c3ef73e}}}, 0x118) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000100)='veth0_to_team\x00', 0x10) connect$inet6(r7, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, 0x0, 0x0) sendmmsg(r7, &(0x7f00000002c0), 0x4cc, 0xfff6) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:19 executing program 5 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:19 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x54) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 814.396939] FAULT_INJECTION: forcing a failure. [ 814.396939] name failslab, interval 1, probability 0, space 0, times 0 [ 814.435060] CPU: 0 PID: 26285 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 814.442279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.452173] Call Trace: [ 814.454806] dump_stack+0x138/0x19c [ 814.458489] should_fail.cold+0x10f/0x159 [ 814.462778] should_failslab+0xdb/0x130 [ 814.466805] kmem_cache_alloc_node+0x287/0x780 [ 814.471449] __alloc_skb+0x9c/0x500 [ 814.475108] ? skb_scrub_packet+0x4b0/0x4b0 [ 814.479444] ? netlink_has_listeners+0x20a/0x330 [ 814.484226] kobject_uevent_env+0x781/0xc23 [ 814.488588] ? internal_create_group+0x49a/0x7b0 [ 814.493403] kobject_uevent+0x20/0x26 [ 814.497279] lo_ioctl+0x11e7/0x1ce0 [ 814.500949] ? loop_probe+0x160/0x160 [ 814.504829] blkdev_ioctl+0x96b/0x1860 [ 814.508760] ? blkpg_ioctl+0x980/0x980 [ 814.512722] ? __might_sleep+0x93/0xb0 [ 814.516649] ? __fget+0x210/0x370 [ 814.520150] block_ioctl+0xde/0x120 [ 814.523827] ? blkdev_fallocate+0x3b0/0x3b0 [ 814.528202] do_vfs_ioctl+0x7ae/0x1060 [ 814.532136] ? selinux_file_mprotect+0x5d0/0x5d0 [ 814.537030] ? lock_downgrade+0x6e0/0x6e0 [ 814.541333] ? ioctl_preallocate+0x1c0/0x1c0 [ 814.545833] ? __fget+0x237/0x370 [ 814.549358] ? security_file_ioctl+0x89/0xb0 [ 814.553820] SyS_ioctl+0x8f/0xc0 [ 814.557239] ? do_vfs_ioctl+0x1060/0x1060 [ 814.561445] do_syscall_64+0x1e8/0x640 [ 814.565396] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.570312] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 814.575628] RIP: 0033:0x459697 [ 814.578846] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 814.586591] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 814.594080] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 814.601386] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 814.608822] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 814.616139] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 814.636560] *** Guest State *** [ 814.642057] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 814.652198] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 814.661782] CR3 = 0x00000000fffbc000 [ 814.665995] RSP = 0x0000000000000002 RIP = 0x0000000000000231 [ 814.673958] RFLAGS=0x00000202 DR7 = 0x0000000000000400 [ 814.680623] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 814.687523] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 814.698218] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 814.706858] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 814.716227] ES: sel=0x7665, attr=0x00093, limit=0x0000ffff, base=0x0000000000076650 [ 814.725070] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 814.733775] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 07:40:20 executing program 5 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 814.747262] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 814.764462] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 814.776532] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 814.786658] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 814.796670] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 814.816437] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 814.826393] Interruptibility = 00000001 ActivityState = 00000000 [ 814.835441] *** Host State *** [ 814.839405] FAULT_INJECTION: forcing a failure. [ 814.839405] name failslab, interval 1, probability 0, space 0, times 0 [ 814.851772] RIP = 0xffffffff81173b7f RSP = 0xffff88805405f998 [ 814.851989] CPU: 1 PID: 26303 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 814.858890] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 814.865159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.865168] Call Trace: [ 814.865202] dump_stack+0x138/0x19c [ 814.865221] should_fail.cold+0x10f/0x159 [ 814.865237] should_failslab+0xdb/0x130 [ 814.865253] kmem_cache_alloc_node+0x287/0x780 [ 814.865273] __alloc_skb+0x9c/0x500 [ 814.865282] ? skb_scrub_packet+0x4b0/0x4b0 [ 814.865295] ? netlink_has_listeners+0x20a/0x330 [ 814.865308] kobject_uevent_env+0x781/0xc23 [ 814.865320] ? internal_create_group+0x49a/0x7b0 [ 814.865337] kobject_uevent+0x20/0x26 [ 814.865351] lo_ioctl+0x11e7/0x1ce0 [ 814.865363] ? loop_probe+0x160/0x160 [ 814.865374] blkdev_ioctl+0x96b/0x1860 [ 814.865382] ? blkpg_ioctl+0x980/0x980 [ 814.865400] ? __might_sleep+0x93/0xb0 [ 814.865411] ? __fget+0x210/0x370 [ 814.865423] block_ioctl+0xde/0x120 [ 814.865433] ? blkdev_fallocate+0x3b0/0x3b0 [ 814.865443] do_vfs_ioctl+0x7ae/0x1060 [ 814.865458] ? selinux_file_mprotect+0x5d0/0x5d0 [ 814.865470] ? lock_downgrade+0x6e0/0x6e0 [ 814.865496] ? ioctl_preallocate+0x1c0/0x1c0 [ 814.865509] ? __fget+0x237/0x370 [ 814.865530] ? security_file_ioctl+0x89/0xb0 [ 814.865541] SyS_ioctl+0x8f/0xc0 [ 814.865550] ? do_vfs_ioctl+0x1060/0x1060 [ 814.865566] do_syscall_64+0x1e8/0x640 [ 814.865575] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 814.865595] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 814.865606] RIP: 0033:0x459697 [ 814.865613] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 814.865626] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 814.865632] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 814.865639] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 814.865644] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 814.865650] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 815.065939] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 815.074588] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 815.081078] CR0=0000000080050033 CR3=0000000080daf000 CR4=00000000001426e0 [ 815.088560] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 815.095625] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 815.102438] *** Control State *** [ 815.106547] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 815.116030] EntryControls=0000d1ff ExitControls=002fefff [ 815.124856] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 815.132982] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 815.142450] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 07:40:20 executing program 5 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 815.159723] reason=80000021 qualification=0000000000000003 [ 815.210621] IDTVectoring: info=00000000 errcode=00000000 [ 815.223624] TSC Offset = 0xfffffe493e469ead [ 815.229135] EPT pointer = 0x00000000993d401e [ 815.235625] Virtual processor ID = 0x0001 07:40:20 executing program 2: getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000001c0)={@loopback, @remote, 0x0}, &(0x7f00000002c0)=0xc) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x44000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000480)={0x14, 0x80000001, 0xfff, 0x9, 0x8, 0x1, 0x3, [], r0, r1, 0x1, 0x1}, 0x3c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_NMI(r4, 0xae9a) pwrite64(r3, &(0x7f0000000180)="2c9eb9301fdc370128a76ec6450a586908", 0x11, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 815.260717] FAULT_INJECTION: forcing a failure. [ 815.260717] name failslab, interval 1, probability 0, space 0, times 0 [ 815.276845] CPU: 1 PID: 26312 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 815.284023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.293416] Call Trace: [ 815.293455] dump_stack+0x138/0x19c [ 815.293492] should_fail.cold+0x10f/0x159 [ 815.293514] should_failslab+0xdb/0x130 [ 815.293532] kmem_cache_alloc_node_trace+0x280/0x770 [ 815.293548] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 815.293570] __kmalloc_node_track_caller+0x3d/0x80 [ 815.293586] __kmalloc_reserve.isra.0+0x40/0xe0 [ 815.293604] __alloc_skb+0xcf/0x500 [ 815.293617] ? skb_scrub_packet+0x4b0/0x4b0 [ 815.293630] ? netlink_has_listeners+0x20a/0x330 [ 815.293648] kobject_uevent_env+0x781/0xc23 [ 815.293669] ? internal_create_group+0x49a/0x7b0 [ 815.299991] kobject_uevent+0x20/0x26 [ 815.300010] lo_ioctl+0x11e7/0x1ce0 [ 815.300023] ? loop_probe+0x160/0x160 [ 815.300037] blkdev_ioctl+0x96b/0x1860 [ 815.300045] ? blkpg_ioctl+0x980/0x980 [ 815.300062] ? __might_sleep+0x93/0xb0 [ 815.300073] ? __fget+0x210/0x370 [ 815.300086] block_ioctl+0xde/0x120 [ 815.300094] ? blkdev_fallocate+0x3b0/0x3b0 [ 815.300106] do_vfs_ioctl+0x7ae/0x1060 [ 815.300119] ? selinux_file_mprotect+0x5d0/0x5d0 [ 815.300131] ? lock_downgrade+0x6e0/0x6e0 [ 815.300140] ? ioctl_preallocate+0x1c0/0x1c0 [ 815.300150] ? __fget+0x237/0x370 [ 815.300168] ? security_file_ioctl+0x89/0xb0 07:40:20 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000180)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 815.300180] SyS_ioctl+0x8f/0xc0 [ 815.300188] ? do_vfs_ioctl+0x1060/0x1060 [ 815.300202] do_syscall_64+0x1e8/0x640 [ 815.300210] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.300234] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 815.432124] RIP: 0033:0x459697 [ 815.435402] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 815.444112] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 815.451448] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 815.458755] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 815.466052] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 815.473351] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:20 executing program 5 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 815.590192] net_ratelimit: 16 callbacks suppressed [ 815.590198] protocol 88fb is buggy, dev hsr_slave_0 [ 815.600418] protocol 88fb is buggy, dev hsr_slave_1 07:40:20 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0xfffffffffffffffe, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 815.668089] FAULT_INJECTION: forcing a failure. [ 815.668089] name failslab, interval 1, probability 0, space 0, times 0 [ 815.679715] CPU: 1 PID: 26327 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 815.686862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.686870] Call Trace: [ 815.686903] dump_stack+0x138/0x19c [ 815.686926] should_fail.cold+0x10f/0x159 [ 815.686946] should_failslab+0xdb/0x130 [ 815.686964] kmem_cache_alloc_node+0x287/0x780 [ 815.686984] __alloc_skb+0x9c/0x500 [ 815.687001] ? skb_scrub_packet+0x4b0/0x4b0 [ 815.687017] ? netlink_has_listeners+0x20a/0x330 [ 815.687032] kobject_uevent_env+0x781/0xc23 [ 815.687064] kobject_uevent+0x20/0x26 [ 815.715605] lo_ioctl+0x11e7/0x1ce0 [ 815.740159] ? loop_probe+0x160/0x160 [ 815.744014] blkdev_ioctl+0x96b/0x1860 [ 815.747972] ? blkpg_ioctl+0x980/0x980 [ 815.751915] ? __might_sleep+0x93/0xb0 [ 815.755840] ? __fget+0x210/0x370 [ 815.759349] block_ioctl+0xde/0x120 [ 815.763019] ? blkdev_fallocate+0x3b0/0x3b0 [ 815.767380] do_vfs_ioctl+0x7ae/0x1060 [ 815.771318] ? selinux_file_mprotect+0x5d0/0x5d0 [ 815.776122] ? lock_downgrade+0x6e0/0x6e0 [ 815.780312] ? ioctl_preallocate+0x1c0/0x1c0 [ 815.784767] ? __fget+0x237/0x370 [ 815.788309] ? security_file_ioctl+0x89/0xb0 [ 815.792786] SyS_ioctl+0x8f/0xc0 [ 815.796195] ? do_vfs_ioctl+0x1060/0x1060 [ 815.800402] do_syscall_64+0x1e8/0x640 [ 815.804451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 815.809360] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 815.814619] RIP: 0033:0x459697 [ 815.817955] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 815.825705] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 815.833008] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 815.840304] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 815.847614] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 815.854908] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 816.310243] protocol 88fb is buggy, dev hsr_slave_0 [ 816.315474] protocol 88fb is buggy, dev hsr_slave_1 [ 816.790170] protocol 88fb is buggy, dev hsr_slave_0 [ 816.795352] protocol 88fb is buggy, dev hsr_slave_1 [ 817.110202] protocol 88fb is buggy, dev hsr_slave_0 [ 817.115644] protocol 88fb is buggy, dev hsr_slave_1 [ 817.120969] protocol 88fb is buggy, dev hsr_slave_0 [ 817.126083] protocol 88fb is buggy, dev hsr_slave_1 07:40:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:22 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x400, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000400)={&(0x7f00000003c0)='./file0\x00', 0x0, 0x10}, 0x10) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000180)={0x0, 0x0, 0x20, 0x9fd7, 0x3}, &(0x7f0000000240)=0x18) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000002c0)={r2, @in={{0x2, 0x4e21, @empty}}, 0x4, 0x2, 0x2da8, 0x8, 0x388}, &(0x7f0000000380)=0x98) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:22 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x101, 0x10200) r1 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x80000001, 0x101000) r2 = openat$cgroup_ro(r1, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000500)={0x1, 0x0, [{}]}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_GETVERSION(r4, 0x80087601, &(0x7f00000004c0)) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r5, 0xae80, 0x0) getpeername$unix(r0, &(0x7f00000002c0), &(0x7f0000000780)=0xfffffffffffffddc) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_NMI(r5, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) 07:40:22 executing program 5 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:22 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) getpid() r0 = openat$full(0xffffffffffffff9c, &(0x7f0000001300)='/dev/full\x00', 0x2, 0x0) getsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000001340), &(0x7f0000001380)=0x4) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000001240)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000001280)='md5sum\x00'}, 0x30) r1 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r3 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000011c0)='/selinux/mls\x00', 0x0, 0x0) r4 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000001200)='/selinux/mls\x00', 0x0, 0x0) perf_event_open$cgroup(&(0x7f0000001140)={0x7, 0x70, 0x0, 0x3, 0x10000, 0x800, 0x0, 0x5, 0x8100, 0x4, 0x4, 0x4000000, 0x6, 0x3, 0x4, 0x5, 0x11b, 0x7, 0x0, 0x20, 0x8, 0x7fff, 0x1d, 0x3, 0xfffffffffffffffd, 0xfffffffffffffff7, 0x7, 0x5, 0x9, 0x1, 0x6, 0x5, 0x1f, 0x81, 0x20, 0x4, 0xbb, 0x2, 0x0, 0x8000, 0x0, @perf_bp={&(0x7f0000000080), 0xa}, 0x20000, 0x4, 0x7, 0x6, 0xffffffff, 0x64, 0xfffffffffffff333}, r3, 0xc, r4, 0x9) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r5 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x80000001000, 0x0) ioctl$EVIOCGABS0(r5, 0x80184540, &(0x7f0000000140)=""/4096) ptrace$cont(0x1f, r2, 0x0, 0x0) 07:40:22 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0xa2680, 0x0) sendmmsg$alg(r0, &(0x7f0000001540)=[{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000140)="fe8cc09191dd1d5f57296bbf364eb9cd38cc6a6cce4fc1782e7d390b1208906fcf66388eb41f14610f37345b3885d7a13abecc9d18c9a83ddeb6f4edc80f527f54701c5a9b1b49f58073e1ca5d310268659e89dcd288032922c53071594bb89ae133434c93bc0a4144918373368ed9daf4c2fd8fd3eade2430ed894ffd9c518a57957c941133a7ccffa101aafc315bab28e70e4c13ff78eb105f7741c00fef5ab0b89035", 0xa4}, {&(0x7f0000000200)="b0eb14a0d2809d3ad66cc96953fd384bef435ba7e3cc7abf2ca7accc3c912b04048863b42e709b9dfdba83053558dd79ba1877931bf60f3ec06bbe9f62738a0b40768485e8ea135ec08975acfdd90ce643c8393435fc37a6953c58b7fed112d53c4b0fce3f40535a01572bbb222c88a25e5fa6210129be1ccf08df63cec4c00834b990133e3176e8df1a6c095d25dbaa19c0f64cba4d90f259a9fbc3faf544b962e7afef936d09550a69d14e2a0c49e7bb75a0ab0936645fc6a48e34aa043067ecdd5689f2ddbaebc2dcf1a226896466914c673a129998ce2ccb95fd10b9122c60a51a1644d71380ea08cb7b1a30751536a04c27d6d6e5244d9ffff9e4fe710ccebb88505e4272efbb31d02f24ec01007e617838485b2d2e892f498a069a2cad388197613ea79b61ab289ad1ce9c702b2b4248009f828b25c4aa3e65511a2e39428066887738ea228651fc7c83451a1b26e8383557b8c9837aebeb15540b914469c3fd00f4beedd7e3ed3db65d11a387a3a6f7562fc367a5905dfa59dd60a2e06e921e0079a122b84977cbd312720c8bb11e24ab9d605727dc526ccd860398bd7fac4551cd2d47bba00a6e7726a5fa1d7b4e62bab47830ad54962962df082aa83fe4e060e157f03297920efa02f9c6a8966916629bfb6d29ba28158056469ec575c880c37397703a08eb973216d962500a169a07de532993d55b242617367a6b95a982168508d84d8aeb29dbcc6c029a2e94ebfaa9aafb0cd0ee751dc2e0f743450fe5eb6fd73508234b2dd85ef17851dd260be75edbf826b941a42fe202443c2bcc43f2fdd1de364dabb88b7951931a49a1f7a749872844d33ee2311922c0ca063a880bb5f4f39fef44553e128c568188c46be0cd6e7d1a7f90b979478816a80f075a25c6cb60655f14622fb1bbda5cf8e52539f689e0e22407172e479c7e4c0236a40d96b1bf17b052fe6aa792eadc85b8e07b4e05d3dcf8f9c26d48387b36688b1ca2fa08d232047f524c8e68aa8808e605e2899f74c03b76f6ddbec302fa62277d559312e34d43273272a532f0b7866c153b11038ac9e304ae92285a93c437ba062e75e7a933fda6a94f32601e35e136548b4de9679ff21820d3dffdd4ee77841dddd76395bde9c1919ba727468990ac4af78407a561d3b9493e92711dd9f7f73c4fbe725be32e84bdbe6058187add77f419c8e2f62bd54da59d89ea5d62d5d2f155e9bb76e376a36d061e1b233e2c7f72d167e3237ccf38ce5cd83f398f032026aa8868d0294219618816b8b441ea5707faa851f0240f9e79b44ae0f41cdc5e6e9c72e0ac663420849b7461b8a4343b6bfbc5603439039b67527538d753a082b8d4393cddb7ca35af1f7fecc01fdd5fe14b6562ad638ffed930ac3148191a26e67f84ab58bd38064a094fca4fb41987d31ab6ea39bf9fb0f5b8763ef06f63ccbde26858bf2bd4527bd43822770e139a74bba6a694feca270889575c095d19c29636e33d1bff32001322cda5a66b588ee6b9d9458d4fe6fe42e8e145edbc52106fbd8ff541ad4c6bec6018f4c127f092ff1ba3e806313f52aad4f5dac3ae24608e7922a1308017fe28710a8c848bf7c1cc9b00e4c747d2ebc130e7155e684e116be1a89cec46c8fd112d4d519117b60e088585808f896ae649448b5af4df0d2d4a05cc86883ed0c829f205defa3dbdd406b7239a257fa416519ebe342cbfdfbd4621f0b9ff247d58da7adfccba60180b638642b7565c4783aef7a89694cf263785a816c5c70c77f22e8aeb868d41ff4060dc09658d7cc44f3491a6ce1751eabe9469cb7502e9129d1a9c4b601a762843470ce73c35b72496c0c40db359e0992f3c6fc379d8997e1d7497f102e511431fa51fd657fe567528ddd1e6cfa00892d6e47acbbc92d1771871e71ad2fc7429674c81c119bf25b1fbfe14baabb9f9e2f6c174024d1b03d7e8a2dd351310a5e478ecdc628941229837d2086fde7bfc10159fa4fe95a2b009638668582e9eee159808f0e94dfebfff123ba39e6b2a890ef25ec7f7e064bd0d27a5a99ca3d4d257014712e7c2b25e8b7565b3dc6240d010af2af0729a7d9b23121c6fb9e173583e518eae041435cf5c4cb4b2ba185cbe813eb5ebef13e19976a90cc4af5cd77f272e322ef907ead6abf1a6796adfa36aa06eddd2bdb5cbc29c48eba8f35e724c8c56b95ac900af058479f08fd523b4baf9e1178148c5f400edd3b640b1ced236407a7ba1d171dd6797574d20c8391b0038299f29cb2e15365dbf322d9c3583ba8f65f09a65047c32816dd1e8250a426041e64ab4d9804594782dd0363731b9cc9356b2681b974be62be071fa3a3e712a677bafcf197e897322ab5a9fae154ad48bf7ce78e98ce588af4b4b67ad45ebf0ff855597e62bfb4a2beb7254985f931a1b0d0e01affe12a310b7fc9a846052f832e67a69b41743c95db3e7703f61ed3891dd4a2ad53ae14f87e4420485174ac16aaa33364bf05afecd6e7a02044b3012cc89c33a6c7e9c4b7fbfed971fa33ce4ac7133ffb48245bb9fd4e3ab57651d603ea625016de23470d8eee6aadd1f1d510ad377aa13c9242d5e5ff4cf5c9084ccc65c675a399f213b839bcb5fd6469df96ec5229267987d555ac6e138a7567b1b409906a88e59abd9869151d8fbb4866e7924cebc0f67ee8ecf9b0a1d4840816aa489f332f10f38692b39f1deea901153fccfc575e1f331c9039f7763fc1f50b5490c9b852718d5fe9c007d416f4e1edcaa6f719a347b5d5da12032653aaaba14584b0616b1a650ac4529002cff51587511dc82114ecb02e98cb29531ae940537711ec2ddf3f639dc012fbb564fbb5efd4d318149bf77eaeab30d4c9b3224065f59729b1c8449b05a100911186d2ed53e052a50bb1bd13baa732568893bf37694e6f4841bc266e0d0310488c00d98352d106897989beb7e5882f55ea08c50785ca398817cbe499981791311aee8b84e050b7b48566e1a3897e48f607abcadc5c528a1f31c99526f2846003f4c174bc01b891d6bc35d5a1b4822713a44366e0112c4337e98bdbf6d7308c02bdf40fcfb7a4cbc0a3bf7e50f253de279a2acbdc751ce777196e6be5bc82150c0409d181f89dfe83666b43c4e32bece2e1a76f309ae419b09d79eb1aedfca720858707c0bfbfba300e097f63bc9da1660375eb91eeccbc3449da89ab12dcafeadcf7020be6cb320eedc5c7c695c885ccf696c998fe9f51ca96bd5a4009935fe75fae11d1506e4af0a81487f93dc46825da9780049f04c132cffba2d744c6270c0ece98eeca87b615d393205303d841875c822fad0c70b5a926cd37c3b053cc5f9e4b8d611e306d6cfcc6d194766eff41516fa18ca1a8eceb6b5d40a65b856d127801ef99272365ca0a89edf0d0efd29ab96b234abffc2af1fd9a692caf336091c176453c00be53cdd9161e1ecccd2fc8f8870c5c8c1d7b31643db192193c1084150e949b63617f10ad92f6413b58f0288689718346022e591c4c05f16d4c410a629cffd6182d21057193f8d3f7e7ad48f5199f1e6af84eed6f1f0d0606702ccf44ac86f0c1bbb91392691da64b4cd4261a9eec1d507794ea615f4317b065d059d3eb88a75395866b6dee73201a1ba6864afa59b326e52eac6bc28982cd90646ae5cfbd1765bcdcf247bcabc1601fef7a16f81efc55ec73d3f502f6ce1326d3f6fc48380f81ef88da352e3bd67ee1389602b08be366b56a1f353151d745770010c8345cf56cf45df8ad18610b4d9ddbf5b6273948d7966ba77620f7faf3e1385eab82fe762bc685947bac425ea4ce995aaa867ddb063a367b89cdafa6366dfe4ab7740becad33d1f0a845e13b006232282fdfeae0fded70b0ea32b9f8d5ab5ce4f9fb35834bd7e8ea9ee1fdba73946fe55dd98d01026b550a815d8ac00473ea6b4d04e946b326b8f2aced7fff59d497c6fa0078fc1da922d2820e5eda385058d82fec20e4ab4f0afb55b52426439d58b201432c238b7d4613d558f9511cc13c3c1d42cb0962d1152ca5eb2636106f0667d0d151abd411f126dcd157ceae1ffabc6128f3f5c787fb5199bcd99c9698f3ca9dc5d1269ed3aa2f879f7e3579dec898441491dc51a1a60233cd2a9fabad9ceab85848ec0a3e271de44fefb5c17499eac45f0603d08dbc4f4aa6740bc3357884d0cb3ffaf6d16fac51b37ff2b2712e279627f79c0b73a723425b62161525af5faa6900bd959a2f3d5df8fc3cc07d84aa2a1f69120453a77b4ac8239ae8a84616401d45f57f66c9d674f81e9cfde436215b93158dbf66293e20af7c478d244ce2e2495165642e682d205e7f893b7a58bcc58eabec5d9cc9d065785f9a232888df51a16f66f6c9a817475bb6917284a7bb4ef1194440bc82c7b7ce2ce138ca1a3155ac6135f1b1be744bb2e12ca64d2e4b1467c223579d25839fea77931b7236055b5d36447d5c726cb0ecd489f266f2c7b6167d24bc154f080dfacf9841205503929dd7b8b1705e11c4bd4ff830000882ba656fae98e7207eca90115fc5b0eeb0d2d34b6bf04461a15231749722a73c74dd18cac1da8faba4ca9d89eee3eb1720e8121b5e416592ec64a432a79d25467783f76e7db1e382dc45bf0449da9c733ad1635840a8700b2dac32c3278c2106e1993e9361bbf50b4582b756b36b873ed0a7d97e1bb7f5d1a30bc055a2a58b6ef456fe260ea9362f107311997ffb6d92889cb06f99d9ce4da4032f712535800d72da9724ab3edfb4370935163a35d279f594cc021bafa5b71415329e2165133557363ef3246caaa46b51cba23b014e04184b8d53efdc8a7fb791eeb4aff3644a65e18c41e1938857c811e50318274b19041ad239f8a202392451074bdc598d6c72565d974a89d6ad03fcfaf360573667e9541c1143b08a0e0d40225ebf6fb07d5fd9d6d912f3eba60b6e2bce0b202661ca4aae3f69a584af234448d303cdac835b4589fe6d0ff777c6a99f33de453a0ffecfcce368abe8f1772c3564c5be64874799d77738de64bf45c4103e966cf4b5e7bcd9398a432ba16cf8f2ba093489bec4f8af65898f6f29140e6de67ad854db096d67bbbb98d8737d096f4e59fd7017cc9805c273ed7149987c36ba59dd7b965d80108c941208b6293f17d2041e6bf3c588aa59b171d8d3e7b3818a2b45a1f6279097a45752c4d7d4c9c154eda569fad9a6f779b18c965ad52fe188e7c87c33ac0750e338ab3b9f9f23c87675accf06680534168ab524c9e0f27de874a663beb22ec78398fc485ae8b6de2799bd85817c41263f68e0e61d9de7b7c56a2195b5d8ad101b467f664866e832b5c07222fe17e0b7d2fb7ef48cbd2e03d1242412b015e92d32bfed6e094c83f98773ee5dccba643f7b7c4fdc57cc074d853a86ad256a2ad543678d3006017738b7613da97982f0879b1419eed07bfa82e19df44bba96e713fdb6ef125b8dc8410573901ecc6f00cbd56daf1bb4b93c0db928f660aae92ff0467ae3f8aee5cb3f6e368ae46d3f9c238248992d5e38e085db3d8b5d3cabaf06c611b7538befa819343fa6b4a65d25c6964d9d81e54ae65341405b47e2878a0681438fda4a6df4a106ce77d5ff1e432c0c22086f72a8d439f2ac5816b4ab34074fc6207c38ef2390af4d97ebbaf4e111ebe043a0b3bcb4690928d7b1addd09a5161be3509daf8cac67b8de7c0ba754eef1becec73e5a4bfb4add1b9b2708fa1ab0750da818edb469e02aa1809516738067cc868a71f6377769eeba463720c675733c065dd997ee65fcf4eaf3fcff30f3f837432", 0x1000}, {&(0x7f0000000080)}, {&(0x7f0000001200)="7879f63b4213fe14098b91214b4cd86af4a77970010d5710dae66e9052cfc1f5aada01d8c3be4348146a092e0fea0d3779d7da834c0972924dfa33e63060", 0x3e}, {&(0x7f0000001240)="b30cc2a08d5bdc5643a8a472b9a9f0fb74a22354b14805570d0778a4d9e841c8481ce03b4d1822f2600feeeba34bd3eb063048a8d4c8a7ec4d962b694befae44a0e237f3ecfc02e3abe88b1b0a63e11184bec4d459dc8c19f0453ec70adbbe4ff9e035b8c85794eb51b757d7e0956be82d29b44c4735692a23e35cd9115942025122803084827acfa6e666222c270e7ac12033c3d00a56599c7991b6bacee869e6042b3ee07195414d17328c45f1117643bc28", 0xb3}, {&(0x7f0000001300)="e541223fbc15fa3d02e8aa0ccaa1f5c4a67ad8b9a23a6e315b60a75b7546bf43b60352566301885e1bac20a9d802d53956e6bb7a36cfea4700da87a5a71bba760845d9e6c9a2e73db6a14b2e7c31a13fea664e5b4b59bbd7af364a4b3c", 0x5d}, {&(0x7f0000001380)="9c7b434b674da1d38834b71d1094948cb7f67cc6e3fcb5302143b40e0cedf9a3f214aeaca3afc635da3af6b5c248ad3c77e7763bf3df602e575c8a73dcfa", 0x3e}, {&(0x7f00000013c0)="94b88f779379bd3c96e54f78b441baf70151ae40c05a4ed62a995fb392212d316c09a565bd0cf49a206755a154b55c6e66cec9c3a6ea7d40c0614206b2f046a300c6d173a9c157ec90e60bd37338cd6d5d1c2a6bcac0afa7672495523c5c9e75d04d89e2791dd87e8d90208dc2d6d11b1b4bfd3886db75cae9a96582199010b093eebe5d61", 0x85}], 0x8, &(0x7f0000001500)=[@op={0x18}, @assoc={0x18, 0x117, 0x4, 0x8}], 0x30, 0x80}], 0x1, 0x40) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x3f, r1, 0x400000000003, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 817.492729] FAULT_INJECTION: forcing a failure. [ 817.492729] name failslab, interval 1, probability 0, space 0, times 0 [ 817.529877] CPU: 1 PID: 26348 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 817.537077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.546464] Call Trace: [ 817.549121] dump_stack+0x138/0x19c [ 817.554349] should_fail.cold+0x10f/0x159 [ 817.558558] should_failslab+0xdb/0x130 [ 817.562596] kmem_cache_alloc_node_trace+0x280/0x770 [ 817.567758] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 817.573589] __kmalloc_node_track_caller+0x3d/0x80 [ 817.573607] __kmalloc_reserve.isra.0+0x40/0xe0 [ 817.573622] __alloc_skb+0xcf/0x500 [ 817.583509] ? skb_scrub_packet+0x4b0/0x4b0 07:40:22 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x200000000000002b) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 817.583528] ? netlink_has_listeners+0x20a/0x330 [ 817.583543] kobject_uevent_env+0x781/0xc23 [ 817.583559] kobject_uevent+0x20/0x26 [ 817.583577] lo_ioctl+0x11e7/0x1ce0 [ 817.583589] ? loop_probe+0x160/0x160 [ 817.583601] blkdev_ioctl+0x96b/0x1860 [ 817.583609] ? blkpg_ioctl+0x980/0x980 [ 817.583629] ? __might_sleep+0x93/0xb0 [ 817.583643] ? __fget+0x210/0x370 [ 817.583658] block_ioctl+0xde/0x120 [ 817.583667] ? blkdev_fallocate+0x3b0/0x3b0 [ 817.583678] do_vfs_ioctl+0x7ae/0x1060 [ 817.583699] ? selinux_file_mprotect+0x5d0/0x5d0 [ 817.591722] ? lock_downgrade+0x6e0/0x6e0 [ 817.591742] ? ioctl_preallocate+0x1c0/0x1c0 [ 817.591756] ? __fget+0x237/0x370 [ 817.591776] ? security_file_ioctl+0x89/0xb0 [ 817.591787] SyS_ioctl+0x8f/0xc0 [ 817.591798] ? do_vfs_ioctl+0x1060/0x1060 [ 817.591812] do_syscall_64+0x1e8/0x640 [ 817.591822] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 817.591840] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 817.591850] RIP: 0033:0x459697 07:40:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) [ 817.591856] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 817.591866] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 817.591871] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 817.591876] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 817.591880] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 817.591885] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:23 executing program 5 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 817.880858] FAULT_INJECTION: forcing a failure. [ 817.880858] name failslab, interval 1, probability 0, space 0, times 0 [ 817.898246] CPU: 1 PID: 26380 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 817.905409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.914826] Call Trace: [ 817.917490] dump_stack+0x138/0x19c [ 817.921158] should_fail.cold+0x10f/0x159 [ 817.925453] should_failslab+0xdb/0x130 [ 817.929510] kmem_cache_alloc_node_trace+0x280/0x770 [ 817.935158] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 817.941280] __kmalloc_node_track_caller+0x3d/0x80 [ 817.946273] __kmalloc_reserve.isra.0+0x40/0xe0 [ 817.951011] __alloc_skb+0xcf/0x500 [ 817.954789] ? skb_scrub_packet+0x4b0/0x4b0 [ 817.959158] ? netlink_has_listeners+0x20a/0x330 [ 817.964023] kobject_uevent_env+0x781/0xc23 [ 817.968459] kobject_uevent+0x20/0x26 [ 817.972335] lo_ioctl+0x11e7/0x1ce0 [ 817.976034] ? loop_probe+0x160/0x160 [ 817.979917] blkdev_ioctl+0x96b/0x1860 [ 817.983878] ? blkpg_ioctl+0x980/0x980 [ 817.987823] ? __might_sleep+0x93/0xb0 [ 817.991758] ? __fget+0x210/0x370 [ 817.995387] block_ioctl+0xde/0x120 [ 817.999094] ? blkdev_fallocate+0x3b0/0x3b0 [ 818.003485] do_vfs_ioctl+0x7ae/0x1060 [ 818.007461] ? selinux_file_mprotect+0x5d0/0x5d0 [ 818.012264] ? lock_downgrade+0x6e0/0x6e0 [ 818.016469] ? ioctl_preallocate+0x1c0/0x1c0 [ 818.020952] ? __fget+0x237/0x370 [ 818.024559] ? security_file_ioctl+0x89/0xb0 [ 818.029020] SyS_ioctl+0x8f/0xc0 [ 818.032420] ? do_vfs_ioctl+0x1060/0x1060 [ 818.036595] do_syscall_64+0x1e8/0x640 [ 818.040521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.045405] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 818.050662] RIP: 0033:0x459697 [ 818.054083] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.061852] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 818.069198] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 818.076559] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 818.083861] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 818.091149] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) sendmsg$inet(r0, &(0x7f0000001a80)={&(0x7f0000000180)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f00000019c0)=[{&(0x7f00000002c0)="580009f96e0a1466a242c0d258a8bd1029d5a1cdfd0f5899c748a1b4468c38241065814ec8c5a75dd946bfda13262d1d1d035deb98437620092f83dd135451e67c", 0x41}, {&(0x7f0000000780)="04108902b3f88e5d2e461220b9efc0596e8b9f5ce7592b30562ab68fb1c5da79f4444af767615112c094f076cde217134abb5eacc054d39ea1c9ac59a6b0e07564f0fd1a9b78f7c824fb001fdb79b2b004a46eae7b4cd2ede929335609b43310344ccc5fcbb6acd19b6fa63a152217b46851c54f3ba1f937ea3c533441f4f43bdd8c323aff52b48252b9794d21c74a557c5bcba92f2d140393666503cff4e78778c78bd39cb960ae5abc88ed9f6ccde0fa64387a105f6ff4dca21f5a883aba951991142bf7092cbe82f81c78bdf8645060c3da29b1fd2e1db6211f8f65d64695903259a3a627e00d0f3bff1ef94edb44c1d44ff6895d306f3e4f387a22f9a4225810add3dedd7f9e5995e93f42a87a7bd89c9515a56889b891ae817b95f782cc4db59dfca7639f366b2d6a6c643193c9d1f15be6f4ce28c33f3f7e7953ac667255157fdd67f83b03384ce09b83b27da53e632eb38d890763d4e4f01efada2ec6c8f98c74cce39dbc142041463165b2c3e618da54b94faccd8ca99b1d09a9b73d09e70db2e772c2a485bcbbe4fcbd5408c529028ae16e9e7d16831e7e227d5db4bad5988544df88845456690c68ee7290ebe2c72e4cbcd366e312611884f1ca5b624c215f9c6f252d5408858b37fbc8a744f89a516d6ff3f1ffbe7ac09b8a5be1261328135487fa337195fef3595a5cc321cfe2e6f023a08c695e213bccfd113e549476e82173e0698653b68d0de2ebe6b22d9a5793cd1b546c9ad6423f4ca1e985ed023758653be2614ebeaa5137c57fdba54e64454817e5c3a4517bd1e57f5b8f794f342cb3a93ce96c5c9c7cb097feb5cb36890cebd64e588a325d46fafb81b6c866e1ac1be635aae705aa0ebb339c52685673cef713f3e6cbb0f20b0bdfa707300f41b50b626d617c20690021bd02f86894cd07ba10646e31156194dd33b9f9c2439e03d936c27817a3f9f8d42e6259298413d217cd71ae88ac72c09cffa6ddb74192e5f98e6fd5894d773b9ca533ad289b5c0096a70f69a73cc6802b36a633773299a321f145ab790c9c88e6dfd73df1bd5740688a8e99d799cee740e1d48aada37ea051d2fb48f24bc0a79ade0ca38d0e87479168bd0ba5ad3fc7c8780577c6589260bf8c9e4d8813943ba49c01ad6016b4348783f10380de248097cc55b23548f48c26552621c2c24bc9ac29402fde70d8925c23e88b22e77f9521d2ef0f639f15678c892fe442ca7505c176d41e4bde0b4a35d478e32c629aa290888151ef65fdd66e2e7f21513714239ed4b19862170310decea1ace0f67315669312187845fbc642be49b04fcd99141282721d2775d0270a3c0aa769359ed3269bf65be59e50f76fd4e192efceded7735fe5beb70cfae191c61a1871a75620f2d9ae1abada83cfc33b2dcc258c3984d534fcd036021307429f08c9c9f82e19e59a9aacd6770237c8eddee403e302bd5ad1cdb652dbf03a73b7b50da90ad0b272f54158c4ecabf66dbebcc59130e53a906fbcfe1117c60153b18c5dc748ae1e9685c215d5736b3b2fbbf5870274377edc5bee25941c39182db2bf8542fd8f48dbeb7ed5a5c6924c73c5a93c42aff5618107851daabb32e282e0f5cabb850ac1a6aafbc121833771851836c7a2d6b4d167106426a054aa45ee54f12372cc09faa3f9632be79743b7ba1ab70e087c7223ac6549dd4e0152e79c9117d3e3ac14930f94393a830921ec0e3fe7f1ac14445a07c3ed5eb1596d480a63bbad43e2dae9b71a6716cef9c20643fe289738daa777ddf5d217ae88e23ee027a95ee1872016b88e2dbe13d405ed3e04181f6cc3f0034847f4c331ea4919043a9b679175a49fbc00ae84f8e4c0e9c8e38d3f5a20466c57a5a369f421ec419e7c28640258b0117136a33430abbbe7f3995d066963d095fd6ec3b4d32db4d4c6bd55cc21d05c7860b1e69bc812bc8aeb28fbb1d103a52927e78e0be42c0e23b430d14eea8176bdd9877f4c753c1cf16f202e7ddd4fc0ae5ea8585cd8d5b8bef5761bb6a5c6574c9dbdc29a6f95e0d19b1575b4e6bd96b624e429429cc02a9fdaa3a6d9f5871293f69c75ad7d6368df71cc76599d58b1d509e3b284188f5357c18723135446b6d4e28815ddc3ae30db768a840ce5570679be69b3ca2dd20aa1d4e5ab088dacef0e0bf00d4a5caa4e24fc29d7f82c7a9b33992aab5434e4fb0f2a49ac81550b97179e3ea2d96281e1b8ede6cd8b356f4c17ffa1bf6691f3c652b0e3fbfee6b141394606bf5d4477f1af7ccb484ef13bdd85456d06d93644b3fd87fc6227fe977db62f981b992bd5657dc1a5a258b0238db6492d683877b84d3042a136a4bca1b5171f684053f78f237be171f5637fcfbc062d968591643c3d70a3fb7ef5c68c6e563421bd2dd04311e77aeafe1e2bdd4534a78be257b6a9ae0e845b9bb7b2760671a2a2b9cf082e0c9d6584e0e989ebe9949b7bb91f68af46ebbf669631dea81a578005a4d4084f00d870f74ec6ea09181ee547afb5316ef41e3068aef6d9ee52a97322949b617089c5bb8cf3b38500d09c7454ce5b4caf92ebb614fdbaa4400eabc7d2652e5d56d10a4f113b599599659eda8c9d5432cfc9ec1ba893106e1058043266b78d6054f90951d87a34d98e281e2e191d6ee526b5d1d7252a2ad512529514722c1aad3b31f1029f1ccfeaef9bc5fd235b4c8374ef6ab75d0c33cd54c24ab7f8b2611c38a21613cfe091c5020e0cbcc2d23475e4d1c1f80ad6f8bb30e02d3cd0cab63c1f2431090001e75897226cc4f7d6915b8417d7a5cfb71fef8755a5e68d27ab6a733499377f0c6cbb579f2d5930ad9dfc1751c1ce37d3ca6affa8c21b1ac82f5b85a1b50cede474819f567900d8627caac00ef54f8baef48d4255b6dba8e11e4b12409034a61d95b470a5768d9c64315b8b1064686266e93b9893c638e9024bbfb58e03b72d6e9b135516188f79577dbdb1ae929173258fa04b6e4826ef69610262ab40769fb578687489176de530e45f6af5ceeefce107e1c99d340f3b647a19344bb2faae1d56a57145ebc0bfc760fea94b5b3aaf2071da81063a04a0fdbece642ddc5085e842a21a6cc1eb775f4354e28b52f90fcec743063b55137c2017ac66934d8d4159c73398b6269b43a901faf01dab2d6c27007fd54d5104df910166c001d87c472867427d3d9fd24fc59e64b8a4763a6d24c90e706fbf959984a42d1f923332c39a52992705d559a1ac2c6b99f544b18ae3ab01f0f68b9abe0632c0bba788e04daad9d1d377fd41beff97c8f920c5ebcf5dcf0bbbe24718476b6d5f672976e9484befd4242c2f42f1096bfa06a04e6a4e5f4d432dad961e344e5fcdbe8a1e8adf391099b869548fd5a59bd0f781dca925968f67ba1efc3902809255e930b15be2b06707b1651188dd97b029ac1f02c7f869c296b31c0cbe25ee24b6cfb49a6d7508b60b401fe0c6a2f42f8e98504985e4955752fb1f9e28a304bf984decdc2b7444a7566b25696e30eb063e62386a73b76b2ed9862dca98c75d573d2ce1204a493b12ef1a9b4a75602c1576552ab936887bf5bb05c7f59785b0e2d706ceb7451bffe9cb1c7d2b8168cefa88fee18a3e08bc55837a5542a62457e84c8fcbfe45b2723b42235dba83704f61b6d7924d58976d9a6027785d8b69696a0bfc925744f83b1927abe83b78c5e46784b028f7adbc13b6ef7de7484a0a2065f09cbbad3c4ec2e0ec9aa6ad6f80b1f81fdcb4d9aa39d4c752ef6e45fc70f4f0ad1187b582c6ba4bff0c30ac999e33dc1d654d9913c2ccebff9b779efb8b285665b8afd62f35937c18acccab8616a3acd66462450d9305a8027a8846d03003f7923ad8c7e93a5dfdcbdc138c845888642a8d1cdbd90c7b2571f39f34a5d2ab053a89153319910d11a01e71ee8a5f275c0188881cd06bbb1593f5549feb721ffa7aa3327b3e1fca1e1027c7b36cf7c904c56258c8c713e342f0077290a8a27f7a601c4b6ecb97d0efee39a0f0864f2552d9693bf86a6db3f1119075619a1472b622b8b00f9480feaf179ec64bac5108cd22af72cdc569c14a89966a7ed5fc6a128717e35bbb480facddf55340e9f6368bffe5e06c381ffac4d1e225416c76b271b3c76494275413a69ac9edb003fb08bceacdd67385e095c606e15349f3040b924346db37e25fb2a1102bcaba8f04f6235d060619248e82d6aac543eae0d475716b6083ed2547a39f616cce181c76cbd4ee131681ed80cac5b8ead94d8f05ebdd4e5b3f77bd8a7483d6d70528123c83d4b1598cdc2b8353a4c5bc2a2f137984de2cb523f691d822c755b3d61b41dfa2ad92caecb760d3761d192fc6ef5770b66152b13f843c0cbb3aae1570e0c093a8bddc9887bf2637c6a9761b0338b8e3a7637eba8a8542a67fa20baddbeac2c62ae80c4d71e7971076bab5df935dd05c34dfd3f067b8e9c5538c6706c2ece6a3f6f31068a12164779d92263237f96440df831bcae4261faa5b3ce72e9da9b1bbd869494614bd2b94ee74cd132778196c6514b87d251a6bc1f9bd72ef1dcc0fd86c90436c3d89f3f515a11ef87414c5b06ae6bf18b44368e76f6e715173b36a91cc954d1f392d26f90ef68ecfb1ca89106778e576c99847a8cbc9d1e89672ebc3e108439bf453398a75731f4e7501b43a93e98d6030bb11beff6b509168b046b7265a438efb318997812441defaa64c45d634e76b92d5f2bdd142fa2dbc4a48dfd5e1ef6e8c1991b8312c2d4e4a16b36b98e247f1cba150344866c8e70a8e98e040a9ec07d65af1febb1297604dc65de1c1a48c3ec8af06622e87e27c92ff549961f9422cb82fcbcd084393d9976a8e651d57105cd76db934678bccc723be498a93b8ec56c34f93d29b6dcc5c9037bd2372fa21fa55a93e2a440612935ed3c9223a87c32b4bea842c0b8353dc6df2c87aeaf3a727c7f9d102a1f39672385d0bfc3c69cca085ec6262ab41519692df291d027f5db2b361823aa0a9c07b80b5c692cc5146bbe94e79dd6ed2ab25328977f756254f1ed3d6b2eb2b869fea090506aa5ef0ef937a554a9394aa31937c4885bb2891bac67c20782d36e29010f6161c1719c548fded7f56bc83892cd37a4b4f33bd233c2ee54aa3053c080333775c533640493cd3cdf724a3d80d22f3171e071dbe6c5e0ffd683313c511c66e7c8ea5008f536e79f629837c8048b6a86ce9700bfbb3ab81b0f53b8707b65904ba58fd3623faf0971bfea47fdedda7cf00dba1f1ee117277dc06f51275a71aa74753fee70c7e4792e1edbab5e4fae5a6f12f30fd020d782be334b0d7b9728916c95495bf6dfb5c48492b706e95c825ce6c9d9eea7f5833b0c6a596be9f936fee3f449b01864cc67270dff671ae6dbce7f499222ca685ce6bd6540f729be1c1c8f24161e38799918da7c6cbc88c4a7e13ffceb670911d09a4d6e23cba0205fba446e7da515176b0f4f4a21a8723c4b142db7f268490ff3c1196342721865572c245650f313c00bf30811fd518785b5779342b97e71fcdaa6d8fdfb5240e289e8ba45dd52d7702fb5a4086ffb43807efc014c8d47c3476bf014fe9e754be7a7572f3b5c946edea22379a41ad6cb43505a41b6dc496196aebbc396b32ede5a6c4b15e98bbe29ada1949d2ce04b0250d08676ea535c08b98bd1042e750e83cc77777a646c992f7443a315aaf02b81a4d4b218057b9b3177d5734b60260d7fa618f498cb62831a26caef7ff5977322c6cf00026fd680dfba8461b1bae0a3a77c1001abbbebc5cb46ab119565a811af5eebe2ebbbabc4cd7", 0x1000}, {&(0x7f0000000480)="8678c96cbb23bdb7710acbf2da5dbd8e903945e8fb539c8e846f04ddd1ae28645676ddba30e34031f7a111f3d5d6ba255f0f1296f3327ba44bbd5c65568c1f9207340a009f1845607f3bd5f5d70f6124c2da734ace3fbc1bd4", 0x59}, {&(0x7f0000001780)="bf32c9777bb8b33696c817e5d631e0ee427d74ac81a5a66adeea4defbe43e986692a1808823d46ea74b7697c016ea404e0563eb9b35d0f0afa0899dcd065b57a4ef9e916b205e1cac1eb7b84f613a5c414fa11b33ac663d030f370e3611752c446a2c6ea2695360a6e745206797e8edcad071573325a813eb4a2318f242ea7164315e48bfdf56bedd94614385325e5748b433b2808d664ee355c68f24aecbcbe692d96944e06313a8c7f058783507a294733780985f6e75f35e1f129550ff44a4a0e0e833427f8e57b6a42dcd220718b29972198444ce78b28ecca34cb19ceb879a342917a6e82ad77b5fa6de6ada0e4ffe819c759d2fd974b1e2c442f35", 0xfe}, {&(0x7f00000001c0)="e1b33807ff947550cae40302ae7a6b757027bd", 0x13}, {&(0x7f0000000500)="d7fb480bf264fdb571ed7e8e0be1a9c62cbf50ac9355ce742687295b9a275756bf45cb319da79855c4d28ac3cd9968821e3399933d3aa5932d7c49532a9db2ba", 0x40}, {&(0x7f0000001880)="ac904dca90da3bd3fc609d211b224ba66663992a5d3fae68da612cd402ea3f73186d743d14a74799c44ede644766e578548f28e01041f05c5eb65901a591fae1ae82dd88e5710d48547d0f58bea0b6acd40e38137eb302a45ef04451be4c87d8a085df3c0492a79e682e0ce5cde2c0c42b7edf7d4196b7f9050eddac5924526c6b68da3a2d6d3370b23c474e875f4c280786f2877682222abd98ebfb89779c36e4b528a2f97813c041a040223eb8ba08", 0xb0}, {&(0x7f0000001940)="fa2885c4d07044724de78fc9ec586973068b4b199dd47e34f75070ba3b79039476f08b48a7a4ed1af33fba5f3af4f850b233cab2a6bb62ce3158f6d88b2cb0d87d8e2dd334ae85a80cb2505eefb468", 0x4f}], 0x8, &(0x7f0000001a40)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x18}, 0x800) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:23 executing program 5 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 818.285454] FAULT_INJECTION: forcing a failure. [ 818.285454] name failslab, interval 1, probability 0, space 0, times 0 [ 818.299157] CPU: 1 PID: 26393 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 818.306376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.315786] Call Trace: [ 818.315838] dump_stack+0x138/0x19c [ 818.315863] should_fail.cold+0x10f/0x159 [ 818.315883] should_failslab+0xdb/0x130 [ 818.315901] kmem_cache_alloc_node+0x287/0x780 [ 818.315923] __alloc_skb+0x9c/0x500 [ 818.315936] ? skb_scrub_packet+0x4b0/0x4b0 [ 818.315953] ? netlink_has_listeners+0x20a/0x330 [ 818.315968] kobject_uevent_env+0x781/0xc23 [ 818.315992] kobject_uevent+0x20/0x26 [ 818.316010] lo_ioctl+0x11e7/0x1ce0 [ 818.316026] ? loop_probe+0x160/0x160 [ 818.316044] blkdev_ioctl+0x96b/0x1860 [ 818.316057] ? blkpg_ioctl+0x980/0x980 [ 818.316077] ? __might_sleep+0x93/0xb0 [ 818.316090] ? __fget+0x210/0x370 [ 818.316104] block_ioctl+0xde/0x120 [ 818.316121] ? blkdev_fallocate+0x3b0/0x3b0 [ 818.322513] do_vfs_ioctl+0x7ae/0x1060 [ 818.322535] ? selinux_file_mprotect+0x5d0/0x5d0 [ 818.322550] ? lock_downgrade+0x6e0/0x6e0 [ 818.322561] ? ioctl_preallocate+0x1c0/0x1c0 [ 818.322575] ? __fget+0x237/0x370 [ 818.322593] ? security_file_ioctl+0x89/0xb0 [ 818.322603] SyS_ioctl+0x8f/0xc0 [ 818.322611] ? do_vfs_ioctl+0x1060/0x1060 [ 818.322625] do_syscall_64+0x1e8/0x640 [ 818.322633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 818.322652] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 818.322661] RIP: 0033:0x459697 [ 818.322665] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 818.322676] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 818.322681] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 818.322686] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 07:40:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f00000001c0)={&(0x7f0000001000/0x2000)=nil, &(0x7f0000000000/0x3000)=nil, 0x2000, 0x1}) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$F_GET_FILE_RW_HINT(r4, 0x40d, &(0x7f0000000180)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 818.322692] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 818.322698] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:25 executing program 5 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:25 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0x101f5}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KDSKBMODE(r0, 0x4b45, &(0x7f0000000300)=0x1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_DIRTY_TLB(r3, 0x4010aeaa, &(0x7f00000002c0)={0x0, 0x5}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000180)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000140), 0x8, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000080)="292d868e50c92e48270d6496b4250bc7", 0x10) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000240)={@empty, 0x0}, &(0x7f0000000280)=0x14) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000340)={@hci={0x1f, r2, 0x1}, {&(0x7f00000002c0)=""/60, 0x3c}, &(0x7f0000000300), 0xc}, 0xa0) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 820.566862] FAULT_INJECTION: forcing a failure. [ 820.566862] name failslab, interval 1, probability 0, space 0, times 0 [ 820.596220] CPU: 0 PID: 26410 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 820.603444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.612849] Call Trace: [ 820.612896] dump_stack+0x138/0x19c [ 820.612919] should_fail.cold+0x10f/0x159 [ 820.612940] should_failslab+0xdb/0x130 [ 820.612957] kmem_cache_alloc_node+0x287/0x780 [ 820.612988] __alloc_skb+0x9c/0x500 [ 820.613002] ? skb_scrub_packet+0x4b0/0x4b0 [ 820.613017] ? netlink_has_listeners+0x20a/0x330 [ 820.613032] kobject_uevent_env+0x781/0xc23 [ 820.613053] kobject_uevent+0x20/0x26 [ 820.613069] lo_ioctl+0x11e7/0x1ce0 [ 820.613086] ? loop_probe+0x160/0x160 [ 820.613101] blkdev_ioctl+0x96b/0x1860 [ 820.613117] ? blkpg_ioctl+0x980/0x980 [ 820.623612] ? __might_sleep+0x93/0xb0 [ 820.623626] ? __fget+0x210/0x370 [ 820.623642] block_ioctl+0xde/0x120 [ 820.623655] ? blkdev_fallocate+0x3b0/0x3b0 [ 820.623666] do_vfs_ioctl+0x7ae/0x1060 [ 820.623681] ? selinux_file_mprotect+0x5d0/0x5d0 [ 820.623693] ? lock_downgrade+0x6e0/0x6e0 [ 820.623707] ? ioctl_preallocate+0x1c0/0x1c0 [ 820.632353] ? __fget+0x237/0x370 [ 820.632375] ? security_file_ioctl+0x89/0xb0 [ 820.632390] SyS_ioctl+0x8f/0xc0 [ 820.632403] ? do_vfs_ioctl+0x1060/0x1060 [ 820.632420] do_syscall_64+0x1e8/0x640 [ 820.632430] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 820.632446] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 820.632455] RIP: 0033:0x459697 [ 820.632460] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 820.632471] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 820.632476] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 820.632481] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 07:40:26 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x2, 0x12d, r0}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 820.632486] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 820.632492] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:26 executing program 5 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RREMOVE(r0, &(0x7f0000000180)={0x7, 0x7b, 0x1}, 0x7) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:26 executing program 4: r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @null}, [@bcast, @remote, @default, @null, @remote, @null, @bcast, @bcast]}, &(0x7f0000000000)=0x48) pwrite64(r0, &(0x7f0000000080), 0x0, 0x0) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x2401, 0x0) ioctl$PPPIOCGUNIT(r2, 0x80047456, &(0x7f00000001c0)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 820.960188] net_ratelimit: 14 callbacks suppressed [ 820.960195] protocol 88fb is buggy, dev hsr_slave_0 [ 820.970464] protocol 88fb is buggy, dev hsr_slave_1 [ 820.983011] FAULT_INJECTION: forcing a failure. [ 820.983011] name failslab, interval 1, probability 0, space 0, times 0 [ 820.989683] QAT: Invalid ioctl [ 821.016423] CPU: 0 PID: 26441 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 821.023649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.033060] Call Trace: [ 821.035711] dump_stack+0x138/0x19c [ 821.039393] should_fail.cold+0x10f/0x159 [ 821.043620] should_failslab+0xdb/0x130 [ 821.047747] kmem_cache_alloc_node+0x287/0x780 [ 821.052388] __alloc_skb+0x9c/0x500 [ 821.056083] ? skb_scrub_packet+0x4b0/0x4b0 [ 821.060440] ? netlink_has_listeners+0x20a/0x330 [ 821.065262] kobject_uevent_env+0x781/0xc23 [ 821.069687] kobject_uevent+0x20/0x26 [ 821.073535] lo_ioctl+0x11e7/0x1ce0 [ 821.077246] ? loop_probe+0x160/0x160 [ 821.081108] blkdev_ioctl+0x96b/0x1860 [ 821.085051] ? blkpg_ioctl+0x980/0x980 [ 821.089006] ? __might_sleep+0x93/0xb0 [ 821.092946] ? __fget+0x210/0x370 [ 821.096475] block_ioctl+0xde/0x120 [ 821.100154] ? blkdev_fallocate+0x3b0/0x3b0 [ 821.104538] do_vfs_ioctl+0x7ae/0x1060 [ 821.108502] ? selinux_file_mprotect+0x5d0/0x5d0 [ 821.113350] ? lock_downgrade+0x6e0/0x6e0 [ 821.117547] ? ioctl_preallocate+0x1c0/0x1c0 [ 821.122017] ? __fget+0x237/0x370 [ 821.125519] ? security_file_ioctl+0x89/0xb0 [ 821.130006] SyS_ioctl+0x8f/0xc0 [ 821.133419] ? do_vfs_ioctl+0x1060/0x1060 [ 821.137618] do_syscall_64+0x1e8/0x640 [ 821.141572] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.146646] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 821.151975] RIP: 0033:0x459697 [ 821.155226] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 821.162984] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 821.170386] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 821.177682] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 821.184975] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 821.192283] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:26 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mISDNtimer\x00', 0x2000, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x6}, 0xfffffffffffffde5) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x9, 0x14000) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000240)={0x1ff, 0x41}) [ 821.251360] *** Guest State *** [ 821.254829] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 821.260496] QAT: Invalid ioctl [ 821.270153] protocol 88fb is buggy, dev hsr_slave_0 [ 821.275337] protocol 88fb is buggy, dev hsr_slave_1 [ 821.280652] protocol 88fb is buggy, dev hsr_slave_0 [ 821.285792] protocol 88fb is buggy, dev hsr_slave_1 [ 821.291799] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 07:40:26 executing program 5 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 821.306832] CR3 = 0x00000000fffbc000 [ 821.325504] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 821.341452] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 821.349106] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 821.359782] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 821.372933] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 821.382519] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 821.391021] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 821.399448] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 821.411795] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 821.422115] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 821.427622] misc userio: No port type given on /dev/userio [ 821.436752] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 821.446854] FAULT_INJECTION: forcing a failure. [ 821.446854] name failslab, interval 1, probability 0, space 0, times 0 [ 821.458603] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 821.465493] CPU: 1 PID: 26457 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 821.467826] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 821.473738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.473746] Call Trace: [ 821.473773] dump_stack+0x138/0x19c [ 821.473792] should_fail.cold+0x10f/0x159 [ 821.473809] should_failslab+0xdb/0x130 [ 821.473823] kmem_cache_alloc_node_trace+0x280/0x770 [ 821.473837] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 821.473851] __kmalloc_node_track_caller+0x3d/0x80 [ 821.473864] __kmalloc_reserve.isra.0+0x40/0xe0 [ 821.473875] __alloc_skb+0xcf/0x500 [ 821.473885] ? skb_scrub_packet+0x4b0/0x4b0 [ 821.473896] ? netlink_has_listeners+0x20a/0x330 [ 821.473908] kobject_uevent_env+0x781/0xc23 [ 821.473923] kobject_uevent+0x20/0x26 [ 821.473934] lo_ioctl+0x11e7/0x1ce0 [ 821.473948] ? loop_probe+0x160/0x160 [ 821.473961] blkdev_ioctl+0x96b/0x1860 [ 821.473971] ? blkpg_ioctl+0x980/0x980 [ 821.473987] ? __might_sleep+0x93/0xb0 [ 821.473997] ? __fget+0x210/0x370 [ 821.474012] block_ioctl+0xde/0x120 [ 821.474020] ? blkdev_fallocate+0x3b0/0x3b0 [ 821.474030] do_vfs_ioctl+0x7ae/0x1060 [ 821.474043] ? selinux_file_mprotect+0x5d0/0x5d0 [ 821.474054] ? lock_downgrade+0x6e0/0x6e0 [ 821.474064] ? ioctl_preallocate+0x1c0/0x1c0 [ 821.474075] ? __fget+0x237/0x370 [ 821.474096] ? security_file_ioctl+0x89/0xb0 [ 821.482710] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 821.491508] SyS_ioctl+0x8f/0xc0 [ 821.491523] ? do_vfs_ioctl+0x1060/0x1060 [ 821.491540] do_syscall_64+0x1e8/0x640 [ 821.491550] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 821.491568] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 821.491577] RIP: 0033:0x459697 [ 821.491582] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 821.491594] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 821.491599] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 821.491604] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 821.491610] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 821.491615] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 821.684751] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 821.692658] Interruptibility = 00000001 ActivityState = 00000000 [ 821.699029] *** Host State *** [ 821.702587] RIP = 0xffffffff81173b7f RSP = 0xffff888086067998 [ 821.708721] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 821.715371] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 821.723474] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 821.729545] CR0=0000000080050033 CR3=00000000603f6000 CR4=00000000001426e0 [ 821.736903] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 821.743917] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 821.750928] *** Control State *** [ 821.754909] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 07:40:27 executing program 5 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 821.763943] EntryControls=0000d1ff ExitControls=002fefff [ 821.779369] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 821.805814] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 821.818218] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 821.828127] reason=80000021 qualification=0000000000000003 [ 821.830190] protocol 88fb is buggy, dev hsr_slave_0 [ 821.835365] IDTVectoring: info=00000000 errcode=00000000 [ 821.839817] protocol 88fb is buggy, dev hsr_slave_1 [ 821.851418] TSC Offset = 0xfffffe45b5ccc016 [ 821.860230] EPT pointer = 0x00000000a63d101e [ 821.878999] FAULT_INJECTION: forcing a failure. [ 821.878999] name failslab, interval 1, probability 0, space 0, times 0 [ 821.890198] Virtual processor ID = 0x0001 [ 821.898016] CPU: 1 PID: 26467 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 821.905206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.914711] Call Trace: [ 821.917375] dump_stack+0x138/0x19c [ 821.921084] should_fail.cold+0x10f/0x159 [ 821.925341] should_failslab+0xdb/0x130 [ 821.929514] kmem_cache_alloc_node_trace+0x280/0x770 [ 821.934867] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 821.940377] __kmalloc_node_track_caller+0x3d/0x80 [ 821.945383] __kmalloc_reserve.isra.0+0x40/0xe0 [ 821.950142] __alloc_skb+0xcf/0x500 [ 821.953834] ? skb_scrub_packet+0x4b0/0x4b0 [ 821.958213] ? netlink_has_listeners+0x20a/0x330 [ 821.963038] kobject_uevent_env+0x781/0xc23 [ 821.967419] kobject_uevent+0x20/0x26 [ 821.971267] lo_ioctl+0x11e7/0x1ce0 [ 821.974941] ? loop_probe+0x160/0x160 [ 821.978803] blkdev_ioctl+0x96b/0x1860 [ 821.982806] ? blkpg_ioctl+0x980/0x980 [ 821.986718] ? __might_sleep+0x93/0xb0 [ 821.990661] ? __fget+0x210/0x370 [ 821.994191] block_ioctl+0xde/0x120 [ 821.997866] ? blkdev_fallocate+0x3b0/0x3b0 [ 822.002213] do_vfs_ioctl+0x7ae/0x1060 [ 822.006132] ? selinux_file_mprotect+0x5d0/0x5d0 [ 822.010938] ? lock_downgrade+0x6e0/0x6e0 [ 822.015138] ? ioctl_preallocate+0x1c0/0x1c0 [ 822.019688] ? __fget+0x237/0x370 [ 822.023174] ? security_file_ioctl+0x89/0xb0 [ 822.027651] SyS_ioctl+0x8f/0xc0 [ 822.031055] ? do_vfs_ioctl+0x1060/0x1060 [ 822.035240] do_syscall_64+0x1e8/0x640 [ 822.039178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 822.044054] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 822.049282] RIP: 0033:0x459697 [ 822.052528] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 822.060283] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 822.067571] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 822.074848] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 822.082122] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 822.089426] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 822.172148] misc userio: No port type given on /dev/userio [ 822.550198] protocol 88fb is buggy, dev hsr_slave_0 [ 822.555595] protocol 88fb is buggy, dev hsr_slave_1 07:40:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:28 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x100000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:28 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) memfd_create(&(0x7f0000000100)='/dev/userio\x00', 0x3) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vfio/vfio\x00', 0x40000, 0x0) setsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000240)=0x3, 0x2) 07:40:28 executing program 5 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={0x0, 0xfffffffffffffffb}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000180)={r2, 0x5, 0x20}, &(0x7f00000001c0)=0xc) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1e, r0, 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000200)={0x0, {0x52e0000000000000, 0xbb}}) [ 823.632728] FAULT_INJECTION: forcing a failure. [ 823.632728] name failslab, interval 1, probability 0, space 0, times 0 [ 823.651426] CPU: 1 PID: 26490 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 823.658783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.668175] Call Trace: [ 823.670963] dump_stack+0x138/0x19c [ 823.674668] should_fail.cold+0x10f/0x159 [ 823.679103] should_failslab+0xdb/0x130 [ 823.683139] kmem_cache_alloc_node_trace+0x280/0x770 [ 823.688304] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 823.693826] __kmalloc_node_track_caller+0x3d/0x80 [ 823.699210] __kmalloc_reserve.isra.0+0x40/0xe0 [ 823.703946] __alloc_skb+0xcf/0x500 [ 823.707672] ? skb_scrub_packet+0x4b0/0x4b0 [ 823.712053] ? netlink_has_listeners+0x20a/0x330 [ 823.716890] kobject_uevent_env+0x781/0xc23 [ 823.721267] kobject_uevent+0x20/0x26 [ 823.725142] lo_ioctl+0x11e7/0x1ce0 [ 823.728815] ? loop_probe+0x160/0x160 [ 823.732777] blkdev_ioctl+0x96b/0x1860 [ 823.736705] ? blkpg_ioctl+0x980/0x980 [ 823.740650] ? __might_sleep+0x93/0xb0 [ 823.744577] ? __fget+0x210/0x370 [ 823.748113] block_ioctl+0xde/0x120 [ 823.751822] ? blkdev_fallocate+0x3b0/0x3b0 [ 823.756314] do_vfs_ioctl+0x7ae/0x1060 [ 823.760257] ? selinux_file_mprotect+0x5d0/0x5d0 [ 823.765084] ? lock_downgrade+0x6e0/0x6e0 [ 823.769305] ? ioctl_preallocate+0x1c0/0x1c0 [ 823.773778] ? __fget+0x237/0x370 [ 823.777288] ? security_file_ioctl+0x89/0xb0 [ 823.782177] SyS_ioctl+0x8f/0xc0 [ 823.785722] ? do_vfs_ioctl+0x1060/0x1060 [ 823.789939] do_syscall_64+0x1e8/0x640 [ 823.793920] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 823.798856] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 823.804089] RIP: 0033:0x459697 [ 823.807319] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 823.815064] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 823.822395] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 823.829711] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 823.837218] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 823.844559] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:29 executing program 2: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) prctl$PR_SET_FPEMU(0xa, 0x1) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000180)=0xffffffff00000001, 0x7fffffff, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x9) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) ioctl$VIDIOC_G_FMT(r1, 0xc0d05604, &(0x7f0000000880)={0x0, @win={{0x0, 0x100000000, 0x8, 0x40}, 0x4, 0x18, &(0x7f00000001c0)={{0x26fb, 0xffffffffffffffff, 0x1ff}}, 0x3, &(0x7f0000000780)="94151ae982487231bd0205eca814d14cf36891c35364f06248840ea9035d5d6abeee98279ca30a3573df14bad6ad650a4239c52b11a8eedafc6c99e13250c58f84cf6573a365b751c52596777d67527acfa1630c63cd93e55194ec23241ae5143eed530fd07da069aaf3f46dad37738483ace9a11f560e0aa9727fcbdf036ccc4bf073ac65bda32dd8b7970637d1b593e31f12f170727102e74ef5d3d6546686cf863eb27d9d26e55cdfad2730ca0cec0b906f851f15415fb0492d47fbf8937f6a92906b23e36fdb6c1d685de861acc63887afadc7e029fab539", 0x1}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x8, 0x200) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 07:40:29 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40, 0x0) connect$caif(r1, &(0x7f0000000080)=@dbg={0x25, 0x8, 0x8}, 0x18) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:29 executing program 5 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:29 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = add_key$user(&(0x7f0000000240)='user\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)="d4776a4a46858a2b4ed8a5537d441a4b3700278246ad0233c2f3d8c0df70", 0x1e, 0x0) r1 = request_key(&(0x7f0000000380)='user\x00', &(0x7f00000003c0)={'syz', 0x0}, &(0x7f0000000400)='/dev/cachefiles\x00', 0x0) keyctl$search(0xa, r0, &(0x7f0000000300)='cifs.spnego\x00', &(0x7f0000000340)={'syz', 0x1}, r1) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x10000, 0x8280) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f00000001c0)={[], 0x1, 0x0, 0x5, 0x2, 0x5, r2}) openat$mixer(0xffffffffffffff9c, &(0x7f0000000440)='/dev/mixer\x00', 0x40000, 0x0) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x20000, 0x0) setsockopt$packet_buf(r4, 0x107, 0x6, &(0x7f0000000140)="c49d64069341c533af6a459ce366d60dd38a9e47b75cdd7ea362df4f16cd197669c7e67ba035ab1013e66131794d1910ceb21ef1acb4c58ca822cd2c8910a68c23a8248bac0ca0949186e39dc5a9097756b059848fa59712d23ad43166bf0607956aff8c5ef0272e5a7eb7ad6e13627cd9d15870d2cabe1649c305", 0x7b) ptrace$cont(0x1f, r2, 0xfffffffffffffffa, 0x7) [ 824.066971] FAULT_INJECTION: forcing a failure. [ 824.066971] name failslab, interval 1, probability 0, space 0, times 0 [ 824.088542] CPU: 1 PID: 26509 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 824.095733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.105129] Call Trace: [ 824.107789] dump_stack+0x138/0x19c [ 824.111508] should_fail.cold+0x10f/0x159 [ 824.115726] should_failslab+0xdb/0x130 [ 824.119778] kmem_cache_alloc_node_trace+0x280/0x770 [ 824.124938] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 824.130624] __kmalloc_node_track_caller+0x3d/0x80 [ 824.135629] __kmalloc_reserve.isra.0+0x40/0xe0 [ 824.140382] __alloc_skb+0xcf/0x500 [ 824.144108] ? skb_scrub_packet+0x4b0/0x4b0 [ 824.148528] ? netlink_has_listeners+0x20a/0x330 [ 824.153442] kobject_uevent_env+0x781/0xc23 [ 824.157883] kobject_uevent+0x20/0x26 [ 824.161854] lo_ioctl+0x11e7/0x1ce0 [ 824.165562] ? loop_probe+0x160/0x160 [ 824.169446] blkdev_ioctl+0x96b/0x1860 [ 824.173478] ? blkpg_ioctl+0x980/0x980 [ 824.177426] ? __might_sleep+0x93/0xb0 [ 824.181370] block_ioctl+0xde/0x120 [ 824.185053] ? blkdev_fallocate+0x3b0/0x3b0 [ 824.189470] do_vfs_ioctl+0x7ae/0x1060 [ 824.193677] ? selinux_file_mprotect+0x5d0/0x5d0 [ 824.198523] ? lock_downgrade+0x6e0/0x6e0 [ 824.202793] ? ioctl_preallocate+0x1c0/0x1c0 [ 824.207335] ? __fget+0x237/0x370 [ 824.210868] ? security_file_ioctl+0x89/0xb0 [ 824.215338] SyS_ioctl+0x8f/0xc0 [ 824.218738] ? do_vfs_ioctl+0x1060/0x1060 [ 824.222967] do_syscall_64+0x1e8/0x640 [ 824.226962] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.231943] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 824.237161] RIP: 0033:0x459697 [ 824.240387] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 824.249672] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 824.256989] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 07:40:29 executing program 4: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x80002, 0x0) setsockopt$inet6_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000140)=@gcm_128={{0x303}, "b8172dd11186cd7c", "5348e5126e061a7dc81c9015deca20f7", "c86b2bd3", "7c1aee0ce0069411"}, 0xb) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r1 = fcntl$getown(r0, 0x9) ptrace$cont(0x1f, r1, 0x8000, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) [ 824.264292] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 824.271598] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 824.278902] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$RTC_RD_TIME(r4, 0x80247009, &(0x7f0000000180)) 07:40:29 executing program 5 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 824.518773] FAULT_INJECTION: forcing a failure. [ 824.518773] name failslab, interval 1, probability 0, space 0, times 0 [ 824.530967] CPU: 0 PID: 26536 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 824.538132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 824.547653] Call Trace: [ 824.550449] dump_stack+0x138/0x19c [ 824.554158] should_fail.cold+0x10f/0x159 [ 824.556782] *** Guest State *** [ 824.558411] should_failslab+0xdb/0x130 [ 824.558436] kmem_cache_alloc_node_trace+0x280/0x770 [ 824.558459] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 824.558483] __kmalloc_node_track_caller+0x3d/0x80 [ 824.562091] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 824.565838] __kmalloc_reserve.isra.0+0x40/0xe0 [ 824.565853] __alloc_skb+0xcf/0x500 [ 824.565865] ? skb_scrub_packet+0x4b0/0x4b0 [ 824.565877] ? netlink_has_listeners+0x20a/0x330 [ 824.565893] kobject_uevent_env+0x781/0xc23 [ 824.565909] kobject_uevent+0x20/0x26 [ 824.576567] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 824.576891] lo_ioctl+0x11e7/0x1ce0 [ 824.582227] CR3 = 0x00000000fffbc000 [ 824.590834] ? loop_probe+0x160/0x160 [ 824.590851] blkdev_ioctl+0x96b/0x1860 [ 824.590860] ? blkpg_ioctl+0x980/0x980 [ 824.590878] ? __might_sleep+0x93/0xb0 [ 824.590889] ? __fget+0x210/0x370 [ 824.590901] block_ioctl+0xde/0x120 [ 824.590910] ? blkdev_fallocate+0x3b0/0x3b0 [ 824.590921] do_vfs_ioctl+0x7ae/0x1060 [ 824.590935] ? selinux_file_mprotect+0x5d0/0x5d0 [ 824.590945] ? lock_downgrade+0x6e0/0x6e0 [ 824.590956] ? ioctl_preallocate+0x1c0/0x1c0 [ 824.590966] ? __fget+0x237/0x370 [ 824.590997] ? security_file_ioctl+0x89/0xb0 [ 824.591009] SyS_ioctl+0x8f/0xc0 [ 824.591023] ? do_vfs_ioctl+0x1060/0x1060 [ 824.601180] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 824.604094] do_syscall_64+0x1e8/0x640 [ 824.604111] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 824.604129] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 824.604140] RIP: 0033:0x459697 [ 824.604145] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 824.609189] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 824.613401] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 824.613411] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 824.613416] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 824.613420] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 824.613426] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 824.744650] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 824.773273] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 824.773292] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 824.773303] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 824.773314] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 824.773326] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 824.773341] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 824.773350] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 824.773364] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 824.796309] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 824.796328] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 824.796338] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 824.796347] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 824.796354] Interruptibility = 00000001 ActivityState = 00000000 [ 824.796357] *** Host State *** [ 824.796365] RIP = 0xffffffff81173b7f RSP = 0xffff88805ee8f998 [ 824.796380] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 824.796388] FSBase=00007f9ee4611700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 824.796395] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 824.796404] CR0=0000000080050033 CR3=00000000a0f48000 CR4=00000000001426e0 [ 824.796415] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018f0 [ 824.796424] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 824.796427] *** Control State *** [ 824.796432] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 824.796436] EntryControls=0000d1ff ExitControls=002fefff [ 824.796447] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 824.796453] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 824.796459] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 824.796465] reason=80000021 qualification=0000000000000003 [ 824.796469] IDTVectoring: info=00000000 errcode=00000000 [ 824.796474] TSC Offset = 0xfffffe43d7eb8fd3 [ 824.796491] EPT pointer = 0x00000000a58d601e [ 824.796500] Virtual processor ID = 0x0001 [ 825.990192] net_ratelimit: 16 callbacks suppressed [ 825.990200] protocol 88fb is buggy, dev hsr_slave_0 [ 826.000407] protocol 88fb is buggy, dev hsr_slave_1 07:40:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:31 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000180)={0x1, 0x5}, 0xfffffffffffffe82) r1 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x7ff, 0x6000) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000002c0)=""/65, &(0x7f00000001c0)=0x41) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:31 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0xfffffffffffffe89) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000480)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x16}}}, 0x9, 0x7, 0x100000000000, 0x3, 0x2}, &(0x7f0000000880)=0x98) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000300)={r3, 0x2}, &(0x7f0000000940)=0xfffffccf) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000002c0)={r4, 0x1000}, 0x8) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000780)={@in6={{0xa, 0x4e21, 0x8000, @rand_addr="3784bdb47e111373950a53f8c24151fb", 0x8}}, 0x0, 0x1ff, 0x0, "d6b9e71f30de144e639b819d7cc623374a35d0c657b99e364a4f581013eeb0d053542ef0688f570fd3a1db317186142f73f61ef5292e19586e335a98284cc25cfc93b0000f60ca6ba4fae26e38b6e3cc"}, 0xd8) ioctl$KVM_NMI(r5, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) 07:40:31 executing program 5 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:31 executing program 1: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000002c0), &(0x7f0000000300)=0xb) ioctl$ASHMEM_GET_NAME(r0, 0x81007702, &(0x7f00000001c0)=""/108) gettid() prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000240), &(0x7f0000000280)=0x14) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) pipe(&(0x7f0000000000)={0xffffffffffffffff}) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000140)={0x43}, 0x10) ioctl$SCSI_IOCTL_GET_IDLUN(r2, 0x5382, &(0x7f0000000080)) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 826.651270] FAULT_INJECTION: forcing a failure. [ 826.651270] name failslab, interval 1, probability 0, space 0, times 0 [ 826.665747] CPU: 0 PID: 26551 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 826.673210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.673220] Call Trace: [ 826.673258] dump_stack+0x138/0x19c [ 826.673286] should_fail.cold+0x10f/0x159 [ 826.673311] should_failslab+0xdb/0x130 [ 826.673352] kmem_cache_alloc_node_trace+0x280/0x770 [ 826.696154] misc userio: No port type given on /dev/userio [ 826.697349] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 826.697372] __kmalloc_node_track_caller+0x3d/0x80 [ 826.697391] __kmalloc_reserve.isra.0+0x40/0xe0 [ 826.697409] __alloc_skb+0xcf/0x500 [ 826.708222] ? skb_scrub_packet+0x4b0/0x4b0 [ 826.731386] ? netlink_has_listeners+0x20a/0x330 [ 826.736199] kobject_uevent_env+0x781/0xc23 [ 826.740627] kobject_uevent+0x20/0x26 [ 826.744567] lo_ioctl+0x11e7/0x1ce0 [ 826.748351] ? loop_probe+0x160/0x160 [ 826.752217] blkdev_ioctl+0x96b/0x1860 [ 826.756232] ? blkpg_ioctl+0x980/0x980 [ 826.760190] ? __might_sleep+0x93/0xb0 [ 826.764179] ? __fget+0x210/0x370 [ 826.767689] block_ioctl+0xde/0x120 [ 826.771468] ? blkdev_fallocate+0x3b0/0x3b0 [ 826.775862] do_vfs_ioctl+0x7ae/0x1060 [ 826.779810] ? selinux_file_mprotect+0x5d0/0x5d0 [ 826.784714] ? lock_downgrade+0x6e0/0x6e0 [ 826.789013] ? ioctl_preallocate+0x1c0/0x1c0 [ 826.793497] ? __fget+0x237/0x370 [ 826.797018] ? security_file_ioctl+0x89/0xb0 [ 826.801504] SyS_ioctl+0x8f/0xc0 [ 826.804957] ? do_vfs_ioctl+0x1060/0x1060 [ 826.809179] do_syscall_64+0x1e8/0x640 [ 826.813096] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 826.818013] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 826.823254] RIP: 0033:0x459697 [ 826.826478] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 826.834223] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 826.841636] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 826.848929] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 826.856244] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 826.863550] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 826.871335] protocol 88fb is buggy, dev hsr_slave_0 [ 826.876818] protocol 88fb is buggy, dev hsr_slave_1 07:40:32 executing program 5 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 827.024661] FAULT_INJECTION: forcing a failure. [ 827.024661] name failslab, interval 1, probability 0, space 0, times 0 [ 827.045207] CPU: 0 PID: 26570 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 827.052471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.061859] Call Trace: [ 827.064477] dump_stack+0x138/0x19c [ 827.068137] should_fail.cold+0x10f/0x159 [ 827.072322] should_failslab+0xdb/0x130 [ 827.076353] kmem_cache_alloc_node_trace+0x280/0x770 [ 827.081491] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 827.086959] __kmalloc_node_track_caller+0x3d/0x80 [ 827.091940] __kmalloc_reserve.isra.0+0x40/0xe0 [ 827.096652] __alloc_skb+0xcf/0x500 [ 827.100313] ? skb_scrub_packet+0x4b0/0x4b0 [ 827.104669] ? netlink_has_listeners+0x20a/0x330 [ 827.109476] kobject_uevent_env+0x781/0xc23 [ 827.113874] kobject_uevent+0x20/0x26 [ 827.117723] lo_ioctl+0x11e7/0x1ce0 [ 827.121581] ? loop_probe+0x160/0x160 [ 827.125414] blkdev_ioctl+0x96b/0x1860 [ 827.129440] ? blkpg_ioctl+0x980/0x980 [ 827.133375] ? __might_sleep+0x93/0xb0 [ 827.137300] ? __fget+0x210/0x370 [ 827.140796] block_ioctl+0xde/0x120 [ 827.144477] ? blkdev_fallocate+0x3b0/0x3b0 [ 827.148857] do_vfs_ioctl+0x7ae/0x1060 [ 827.152799] ? selinux_file_mprotect+0x5d0/0x5d0 [ 827.157602] ? lock_downgrade+0x6e0/0x6e0 [ 827.161806] ? ioctl_preallocate+0x1c0/0x1c0 [ 827.166369] ? __fget+0x237/0x370 [ 827.169868] ? security_file_ioctl+0x89/0xb0 [ 827.174325] SyS_ioctl+0x8f/0xc0 [ 827.177713] ? do_vfs_ioctl+0x1060/0x1060 [ 827.181877] do_syscall_64+0x1e8/0x640 [ 827.185755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.190733] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 827.195964] RIP: 0033:0x459697 [ 827.199266] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 827.206998] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 [ 827.214297] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 07:40:32 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000780)) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) read(r0, &(0x7f0000000180)=""/116, 0x74) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x1020}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x30, r5, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x20040001}, 0x800) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 827.221608] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 827.228913] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 827.236210] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 827.244085] protocol 88fb is buggy, dev hsr_slave_0 [ 827.249268] protocol 88fb is buggy, dev hsr_slave_1 07:40:32 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1, 0x410001) ioctl$RNDGETENTCNT(r1, 0x80045200, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:32 executing program 5 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 827.438195] FAULT_INJECTION: forcing a failure. [ 827.438195] name failslab, interval 1, probability 0, space 0, times 0 [ 827.453647] CPU: 0 PID: 26582 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 827.460846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.470506] Call Trace: [ 827.470543] dump_stack+0x138/0x19c [ 827.470566] should_fail.cold+0x10f/0x159 [ 827.470581] should_failslab+0xdb/0x130 [ 827.470600] kmem_cache_alloc+0x2d7/0x780 [ 827.470615] ? selinux_file_mprotect+0x5d0/0x5d0 [ 827.470631] ? lock_downgrade+0x6e0/0x6e0 [ 827.470646] ? ioctl_preallocate+0x1c0/0x1c0 [ 827.470660] getname_flags+0xcb/0x580 [ 827.470674] SyS_mkdir+0x7e/0x200 [ 827.470689] ? SyS_mkdirat+0x210/0x210 [ 827.477033] ? do_syscall_64+0x53/0x640 [ 827.477052] ? SyS_mkdirat+0x210/0x210 [ 827.477062] do_syscall_64+0x1e8/0x640 [ 827.477073] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 827.477094] entry_SYSCALL_64_after_hwframe+0x42/0xb7 07:40:32 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r2 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/create\x00', 0x2, 0x0) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000340)=0x60) r6 = socket$inet_smc(0x2b, 0x1, 0x0) r7 = openat$md(0xffffffffffffff9c, &(0x7f0000000380)='/dev/md0\x00', 0x41, 0x0) r8 = socket$can_bcm(0x1d, 0x2, 0x2) r9 = perf_event_open$cgroup(&(0x7f0000000400)={0x69fe71f259bb11ff, 0x70, 0x6, 0x7, 0xfffffffffffffe01, 0x9, 0x0, 0x5, 0x10000, 0x1, 0x10f34aed, 0x7fff, 0x400, 0x100000000, 0x5, 0x3, 0x0, 0x4, 0x9, 0xb7, 0x1, 0x8, 0x2, 0x100000001, 0x7f, 0x7, 0x0, 0x7, 0xffff, 0x0, 0xbb8, 0x9, 0xfffffffffffffc01, 0x4, 0xa1d5, 0x0, 0x6, 0x0, 0x0, 0x171, 0x1, @perf_bp={&(0x7f00000003c0), 0x4}, 0x1008, 0x6, 0x4, 0x4, 0x81, 0x100000000, 0xfffffffffffffffb}, 0xffffffffffffffff, 0xd, 0xffffffffffffffff, 0x1) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r11 = accept4$vsock_stream(0xffffffffffffffff, &(0x7f0000000480)={0x28, 0x0, 0xffffffff, @host}, 0x10, 0x80000) getresuid(&(0x7f00000004c0)=0x0, &(0x7f0000000500), &(0x7f0000000540)) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000640)='./file0\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000700)='./file0\x00', &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, 0x0, 0x0, 0x0}) r17 = getgid() r18 = syz_open_dev$dspn(&(0x7f0000000c80)='/dev/dsp#\x00', 0x389, 0x80) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000cc0)={0x0, 0x80000, 0xffffffffffffffff}) r20 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000d00)='io.stat\x00', 0x0, 0x0) r21 = bpf$MAP_CREATE(0x0, &(0x7f0000000d40)={0x8, 0x6c9, 0xfffffffffffff001, 0x80000000, 0x40, 0xffffffffffffffff, 0x1, [], 0x0, 0xffffffffffffffff, 0x3, 0x4}, 0x3c) r22 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000d80), &(0x7f0000000e00)=0x60) r23 = accept$packet(0xffffffffffffffff, &(0x7f0000000e40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000e80)=0x14) r24 = syz_open_dev$dspn(&(0x7f0000000ec0)='/dev/dsp#\x00', 0x2, 0x440200) r25 = syz_open_pts(0xffffffffffffffff, 0x400000) r26 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000f00)='/dev/vhost-vsock\x00', 0x2, 0x0) r27 = perf_event_open$cgroup(&(0x7f0000000f80)={0x5, 0x70, 0x40, 0x6282, 0x0, 0x1f, 0x0, 0xffffffffffffffc1, 0x1, 0x8, 0x2, 0xcf, 0x1f, 0x7, 0x2, 0x1ff, 0x5c1, 0x80000001, 0x1, 0x6f, 0x80000001, 0x8, 0x8b7e, 0x40, 0x800, 0x4, 0xbf1, 0x1, 0x40, 0x81, 0x2, 0x401, 0x6, 0x7, 0x7fff, 0x13, 0x4, 0x1, 0x0, 0x400, 0x5, @perf_bp={&(0x7f0000000f40), 0x2}, 0x900, 0x1ff, 0x0, 0x2, 0x1, 0x10000, 0x9}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x1) r28 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000001000)='/dev/video35\x00', 0x2, 0x0) r29 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000001040)='/dev/rfkill\x00', 0xfffffffffffffffe, 0x0) r30 = syz_open_dev$mouse(&(0x7f0000001080)='/dev/input/mouse#\x00', 0x3, 0x2000) r31 = syz_open_procfs$namespace(r0, &(0x7f00000010c0)='ns/pid_for_children\x00') r32 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001100)='/dev/mISDNtimer\x00', 0x200100, 0x0) r33 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r34 = geteuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001140)={0x0, 0x0, 0x0}, &(0x7f0000001180)=0xc) fstat(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r37 = getgid() r38 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r39 = accept4$inet(0xffffffffffffffff, &(0x7f0000001240), &(0x7f0000001280)=0x10, 0x80000) r40 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f00000012c0), 0x800) r41 = openat$tun(0xffffffffffffff9c, &(0x7f0000001300)='/dev/net/tun\x00', 0x4080, 0x0) r42 = syz_open_dev$dmmidi(&(0x7f0000001340)='/dev/dmmidi#\x00', 0x6305, 0x80) r43 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001680)='/dev/ptmx\x00', 0x200000, 0x0) r44 = getuid() stat(&(0x7f00000016c0)='./file0\x00', &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r46 = openat$vnet(0xffffffffffffff9c, &(0x7f0000001800)='/dev/vhost-net\x00', 0x2, 0x0) r47 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000001840)=0xffffffffffffffff, 0x4) r48 = timerfd_create(0x0, 0x80000) r49 = open$dir(&(0x7f0000001880)='./file0\x00', 0x8000, 0xa0) r50 = openat$full(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/full\x00', 0x80000, 0x0) fstat(0xffffffffffffffff, &(0x7f0000001b40)={0x0, 0x0, 0x0, 0x0, 0x0}) r52 = getegid() lstat(&(0x7f0000001bc0)='./file0\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001c80)={0x0, 0x0, 0x0}, &(0x7f0000001cc0)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001d00)={0x0, 0x0}, &(0x7f0000001d40)=0xc) stat(&(0x7f0000001d80)='./file0\x00', &(0x7f0000001dc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001e40)={0x0, 0x0}, &(0x7f0000001e80)=0xc) getgroups(0x1, &(0x7f0000001ec0)=[0xffffffffffffffff]) r59 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000001f00)='/selinux/checkreqprot\x00', 0x80182, 0x0) r60 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001f40)='/dev/snapshot\x00', 0x4000, 0x0) r61 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000001f80)='/dev/cachefiles\x00', 0x0, 0x0) r62 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000001fc0)={0x1, 0x20, 0x1, 0xffffffffffffffff}) fstat(0xffffffffffffffff, &(0x7f0000002000)={0x0, 0x0, 0x0, 0x0, 0x0}) fstat(0xffffffffffffffff, &(0x7f0000002080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r66 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000002100)='cgroup.subtree_control\x00', 0x2, 0x0) r67 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002240)={&(0x7f0000002140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x68, 0x68, 0xa, [@const={0xd}, @enum={0x2, 0x7, 0x0, 0x6, 0x4, [{0xf, 0x5}, {0xc, 0xbfae}, {0xf, 0x4}, {0x3, 0x7}, {0x1, 0x1}, {0x2, 0x8}, {0x2, 0xc9}]}, @fwd={0x8}, @fwd={0x2}]}, {0x0, [0x2e, 0x0, 0x71, 0x5f, 0x2e, 0x0, 0x0, 0x6f]}}, &(0x7f0000002200)=""/12, 0x8a, 0xc}, 0x20) r68 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000002280)='/dev/qat_adf_ctl\x00', 0x40, 0x0) r69 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000022c0)='/dev/video2\x00', 0x2, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002300)={{{@in6=@mcast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@remote}}, &(0x7f0000002400)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002440)={0x0, 0x0, 0x0}, &(0x7f0000002480)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000024c0)={{{@in=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@broadcast}}, &(0x7f00000025c0)=0xe8) r73 = getegid() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000002600)={{{@in=@empty, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}}}, &(0x7f0000002700)=0xe8) r75 = getegid() r76 = socket$tipc(0x1e, 0x7, 0x0) r77 = syz_open_dev$ndb(&(0x7f0000002c80)='/dev/nbd#\x00', 0x0, 0x1) r78 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002cc0)='/dev/fuse\x00', 0x2, 0x0) r79 = syz_open_dev$radio(&(0x7f0000002d00)='/dev/radio#\x00', 0x1, 0x2) r80 = syz_open_dev$sndpcmp(&(0x7f0000002d40)='/dev/snd/pcmC#D#p\x00', 0xce4, 0x80000) r81 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000002d80)='/selinux/relabel\x00', 0x2, 0x0) r82 = socket$inet6_dccp(0xa, 0x6, 0x0) r83 = syz_open_dev$sndseq(&(0x7f0000002dc0)='/dev/snd/seq\x00', 0x0, 0x200) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002e00)={0x0, 0x0}, &(0x7f0000002e40)=0xc) fstat(0xffffffffffffffff, &(0x7f0000002e80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r86 = geteuid() r87 = getgid() sendmmsg$unix(r1, &(0x7f0000002f80)=[{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000080)=[{&(0x7f00000001c0)="748febf8e1f071b9848fbcdf374a26013b3c5a95cff59fa76f99f69f2d88f0ba664e8d0117527e9587a97d6322d1d44fcaf51ef7c7ae940daec0ed29523b81efae5b668ae8b1871b43ed2d716bec0ebab7a5970de7b698a00bf95b28f5bdfdce44b959e136d4c1390ee54518a0afbc5dea0d640576404704a29cc5e4eae0ed5ed67556fd64dc2b4fd9d04e2b6f2816ddaa19", 0x92}], 0x1, &(0x7f00000007c0)=[@rights={{0x34, 0x1, 0x1, [r2, r3, r4, r5, r6, r7, r8, r9, r10]}}, @rights={{0x14, 0x1, 0x1, [r11]}}, @cred={{0x1c, 0x1, 0x2, {r0, r12, r13}}}, @cred={{0x1c, 0x1, 0x2, {r0, r14, r15}}}], 0x90, 0x4000000}, {&(0x7f0000000880)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000a00)=[{&(0x7f0000000900)="1d7f9c2ad2002a32ca9a202a6ddeca7ca9643d0a0fe8560937d292c338dc3d1eda2ede83c4c82c5d4a4a87161f79bd88d2432fe97bdf645065f16cb6896753243b9474fdd197400808b735d76eeababafa35da82a2495440d5e42c89402b010bdddca28d1c5c68e8f1fae5caaf6d654eb1fdbe0caf96f81cc45c0bc456ed62f10f8a38fd6027f036a4fdd72c881e34bbb6251cb1fe5b75b70a23", 0x9a}, {&(0x7f00000009c0)="a2da5d01e1b41ae7812abab9db11f0588ee152d831412e983948529e9cd7da1982d8", 0x22}], 0x2, 0x0, 0x0, 0x20008001}, {&(0x7f0000000a40)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000bc0)=[{&(0x7f0000000ac0)="624b4c803f87d426550e810e096cdf28a63d8a17d181e9d7d8e21969adb94f9ac349740fc54bdd5bc60af4a8261cdad3009cc8e7d6dc10366da9b5d54bd73656e771d600e1e86830bd14f5c0988c4d9dc308a76d7b6661836f19552609f76ade0f7699526773412e0bd19d5a9674617342f59acc7cf648410e26061cdd9dfff4621cbfb5b118765e", 0x88}, {&(0x7f0000000b80)="4cb3a6193f48ed6703d1781df6676aeba9c34294c499d2", 0x17}], 0x2, &(0x7f0000001380)=[@cred={{0x1c, 0x1, 0x2, {r0, r16, r17}}}, @rights={{0x14, 0x1, 0x1, [r18]}}, @rights={{0x30, 0x1, 0x1, [r19, r20, r21, r22, r23, r24, r25, r26]}}, @rights={{0x2c, 0x1, 0x1, [r27, r28, r29, r30, r31, r32, r33]}}, @cred={{0x1c, 0x1, 0x2, {r0, r34, r35}}}, @cred={{0x1c, 0x1, 0x2, {r0, r36, r37}}}, @rights={{0x24, 0x1, 0x1, [r38, r39, r40, r41, r42]}}], 0x100, 0x20000000}, {&(0x7f0000001480)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001640)=[{&(0x7f0000001500)="91e11895d62bce50f8e95341a13d111e497c5626325ac62c3fff49825b8e9c2c6d1a5a7ca082cb991d7f8bd06f51eb27a6ba2cdef12796cd35f4958be1876f3453f5283b98b8bbbf22a39f5011832c381c", 0x51}, {&(0x7f0000001580)="b3f57f9f416bff6a6828494862ba07e30cff57908202ed9138b17ba10a3f677cac170f4a2667251bdf890e30bb4619736bfc3b1fc6221081bbc33d3b748afc2bf14293acef8fa35c79f06aa0f18b2f9c923deb55bce53e20e815be4f4f4d1f2ba59025194b2344d292245baf86e021c0fd707430df1990d9f9b0697c1f4052328073c7d7fa7d376cf8aca839e9", 0x8d}], 0x2, &(0x7f0000001900)=[@rights={{0x14, 0x1, 0x1, [r43]}}, @cred={{0x1c, 0x1, 0x2, {r0, r44, r45}}}, @rights={{0x24, 0x1, 0x1, [r46, r47, r48, r49, r50]}}], 0x60, 0x40}, {&(0x7f0000001980)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000001b00)=[{&(0x7f0000001a00)="3eb275cb5d7788e4d69bd027f89ca4eea53b8092e2472e5e1a5da5adeefee83462a138bf93f04f04e9061105d894cbc661fcf596880ec62d92b5472dd82e9abd9559d1cd259fe16b1b83229222239b0f6280ef9a247e80bab79e455a9e5ec47cde49a783ccc86f506b1e1664b382b72c7853c6b5cc58e46c673a7c33a8ac4a145918f682740ad9501d13e852900e8a1668724039b48c6e655bea543f39a5e2a4999ba3c8b26f902248a1d431f58a5f12ee043225055b2ae136529a06a3105ffd2a3f88061da6f2", 0xc7}], 0x1, &(0x7f0000002740)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r51, @ANYRES32=r52, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r53, @ANYRES32=r54, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r55, @ANYRES32=r56, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r57, @ANYRES32=r58, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r59, @ANYRES32=r60, @ANYRES32=r61, @ANYRES32=r62, @ANYRES32=r63, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r64, @ANYRES32=r65, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r66, @ANYRES32=r67, @ANYRES32=r68, @ANYRES32=r69, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r70, @ANYRES32=r71, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r72, @ANYRES32=r73, @ANYBLOB="000000001c000000000000000101000002000000", @ANYRES32=r0, @ANYRES32=r74, @ANYRES32=r75, @ANYBLOB='\x00\x00\x00\x00'], 0x148, 0x50}, {&(0x7f00000028c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000002c00)=[{&(0x7f0000002940)="3db36d5e677b85028f72fdab56c5c2860fcd4c8ea8", 0x15}, {&(0x7f0000002980)="e470bcb4579332396eb03c9dc0cbc3d67dfbacfd724b38632984bae8ac4a167bb5babfc503cc66d92a12aa3315cb6c441de17284aaee98f6d127ea80e4339024e16680c126ddbf32ce35361b091a524f113c37ee94e322a7e4c10ccd1c226c446f92f3ad", 0x64}, {&(0x7f0000002a00)="bbebfd841c8dde5380a1c8fe09e3fa0ef373ff308aca6fb667c1db07ef2d4f0342874a4420a95ff79a26673040b5a3805a632feb2d5f77a56a7f3968b2857b0e2f2b629e291c5eaf9aa84235c2dbe977f5c7087f920bf1e9b03f12511b21b97890ae667f5b1599c64bcb585c8c59131528254353be19ffd55092979dcc2f3b7d579867e06c561667f54014a6b777245d43bbff56046d6b1fdc0c3c5d2df9325808cadce0ddb4d1d18b39f11cd3a2319586669393f3aac68cf34343c338ba2988937878c062af69c99f0612e1bb65be6bbb820b9bdc11938f16d278cd1930cc4be38c3357ab01944aa8fc2956d9772ca4c324579ce9e75d224322be906f", 0xfd}, {&(0x7f0000002b00)="99d7b605e4a35e239995cf3ad4c09d406a837a79b3e50949c562032a4bcda8d6ab7de2f55ee9c84bc1bda1cb92145a7a2819a5281feaf2538ddf91be2ba088196573bca5333302ac5f96aef78e000f4dc7dc266faa79dc0812140ccbf5d3f4a1b33ab1a785b72f1d3454d7ca22219adf6dfc7cafbfe708b0e10faae3", 0x7c}, {&(0x7f0000002b80)="0e1b1816726367c550f73ad92c43e7febde46b8c5ee865ce22877c58e55ec27c190fa04af65c3cb52f572465ec30645913c3e3d96f5469ce9116dcd42c5a9fd73971082e770d", 0x46}], 0x5, &(0x7f0000002f00)=ANY=[@ANYBLOB="30000000000000000100000001000000", @ANYRES32=r76, @ANYRES32=r77, @ANYRES32=r78, @ANYRES32=r79, @ANYRES32=r80, @ANYRES32=r81, @ANYRES32=r82, @ANYRES32=r83, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r0, @ANYRES32=r84, @ANYRES32=r85, @ANYBLOB="0000000000010000000200"/20, @ANYRES32=r0, @ANYRES32=r86, @ANYRES32=r87, @ANYBLOB='\x00\x00\x00\x00'], 0x70, 0x10}], 0x6, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 827.477104] RIP: 0033:0x458c47 [ 827.477109] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 827.477120] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 827.477132] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 827.510249] protocol 88fb is buggy, dev hsr_slave_0 [ 827.514118] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 827.514128] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 07:40:32 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x0, 0x2) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x7fff) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:32 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x5) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IMGETDEVINFO(r0, 0x80044944, &(0x7f0000000180)={0x6}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 827.514133] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 827.539449] protocol 88fb is buggy, dev hsr_slave_1 [ 827.555247] protocol 88fb is buggy, dev hsr_slave_0 [ 827.600327] protocol 88fb is buggy, dev hsr_slave_1 [ 827.817434] *** Guest State *** [ 827.821036] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 827.835736] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 827.844951] CR3 = 0x00000000fffbc000 [ 827.849284] RSP = 0x0000000000000000 RIP = 0x0000000000000342 [ 827.862231] RFLAGS=0x00000246 DR7 = 0x0000000000000400 [ 827.868491] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 827.877245] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 827.887817] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 827.899598] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 827.917440] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 827.925819] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 827.934180] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 827.942692] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 827.951348] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 827.959495] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 827.968029] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 827.976375] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 827.983070] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 827.990789] Interruptibility = 00000001 ActivityState = 00000000 [ 827.997277] *** Host State *** [ 828.000777] RIP = 0xffffffff81173b7f RSP = 0xffff88805043f998 [ 828.006888] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 828.013647] FSBase=00007f9ee4611700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 828.021977] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 828.028023] CR0=0000000080050033 CR3=0000000094d4a000 CR4=00000000001426f0 [ 828.035513] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018f0 [ 828.042427] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 828.048634] *** Control State *** [ 828.052359] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 828.059212] EntryControls=0000d1ff ExitControls=002fefff [ 828.064903] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 828.073044] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 828.079937] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 828.087224] reason=80000021 qualification=0000000000000003 [ 828.093852] IDTVectoring: info=00000000 errcode=00000000 [ 828.099914] TSC Offset = 0xfffffe4215a33f80 [ 828.104448] EPT pointer = 0x000000008147601e [ 828.109076] Virtual processor ID = 0x0001 07:40:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:34 executing program 5 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:34 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x80) ioctl$TIOCCONS(r1, 0x541d) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:35 executing program 2: r0 = syz_open_dev$swradio(&(0x7f0000000440)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000240)={0x0, 0x9, 0x1, {0xb, @sdr={0x0, 0x101}}}) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000480)={0x0, 0x401, 0x2, {0xb, @vbi}}) 07:40:35 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001ac0)=@nat={'nat\x00', 0x19, 0x4, 0x17e0, [0x200002c0, 0x0, 0x0, 0x200002f0, 0x20000714], 0x0, &(0x7f0000000180), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{0x9, 0x8, 0x88b7, 'vxcan1\x00', 'rose0\x00', 'vlan0\x00', 'bcsh0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf}, [0xff, 0xff, 0x0, 0xff, 0xff], @remote, [0xff, 0x0, 0xff, 0x0, 0xff, 0xff], 0x9e, 0x14e, 0x186, [@m802_3={'802_3\x00', 0x8, {{0xbc, 0x2, 0x5, 0x4}}}], [@common=@NFLOG={'NFLOG\x00', 0x50, {{0x3, 0x3, 0x9, 0x1, 0x0, "6770061d9eab3a0e36ec6c741f4dbf342cf5c19195e12ce1d102f18fd6399cacb11c69cb9248ff712f29f6bf2123e2c8dd55460954a66b4bc4a99504588c60c8"}}}, @snat={'snat\x00', 0x10, {{@random="c6025f26b74a", 0xfffffffffffffffc}}}], @common=@mark={'mark\x00', 0x10, {{0xfffffff0}}}}, {0x9, 0x48, 0x88bf, 'veth0_to_bond\x00', 'syzkaller1\x00', 'ifb0\x00', 'lapb0\x00', @empty, [0xff, 0xff, 0xff, 0x0, 0x0, 0xff], @empty, [0xff, 0xff], 0xce, 0x236, 0x26e, [@arp={'arp\x00', 0x38, {{0x305, 0x200, 0xb, @dev={0xac, 0x14, 0x14, 0x13}, 0xffffffff, @rand_addr=0xffffffffdba2b8ce, 0xffffffff, @random="e3012a225ffe", [0xff, 0xff, 0xff, 0x0, 0xff, 0xff], @random="bb747a1411bf", [0xff, 0x0, 0xff, 0x0, 0xff], 0x10, 0x40}}}], [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x0, 'system_u:object_r:restorecond_exec_t:s0\x00'}}}, @arpreply={'arpreply\x00', 0x10, {{@broadcast, 0xffffffffffffffff}}}], @snat={'snat\x00', 0x10, {{@random="1404f8c8be4c", 0xffffffffffffffff}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x2, [{0x9, 0x60, 0x80ff, 'lapb0\x00', 'nlmon0\x00', 'rose0\x00', 'ip6_vti0\x00', @remote, [0xff, 0x0, 0xff, 0x0, 0xff], @broadcast, [0x0, 0xff, 0x0, 0xff], 0x11c6, 0x11c6, 0x11fe, [@among={'among\x00', 0x850, {{@zero, @offset, 0x1, {[0x4, 0x1, 0xf057, 0x4, 0x401, 0x8, 0x8, 0x7, 0x8000, 0x1f, 0xbd04, 0x1, 0x9, 0x800, 0x2e924778, 0xad9, 0x6, 0x1ff, 0x80, 0x5, 0x5, 0xb1, 0x7, 0x0, 0xfffffffffffffffe, 0x1, 0xf8, 0xffffffff80000000, 0x3, 0x1, 0x8001, 0x8001, 0x779, 0x2, 0x3, 0xea, 0x1, 0x2, 0x0, 0x2ba9, 0x6, 0x7, 0x4, 0x4, 0x8, 0x6, 0x2000, 0x5, 0xdf, 0x80000000, 0x8, 0x1ff, 0x100000001, 0xffff, 0x5, 0x100000001, 0x8001, 0x7a, 0x7ff, 0x1f, 0x6, 0xffffffff, 0x9, 0x10002, 0x0, 0x1, 0x200, 0x0, 0x5, 0x80, 0x6, 0x4f84a799, 0x0, 0x101, 0x9, 0x5, 0x7, 0x5, 0xc00000000000000, 0x1, 0x7, 0xffffffffffff7fff, 0x100000001, 0x3, 0x6, 0x0, 0x1, 0x7fff, 0x8000, 0xfffffffffffffff9, 0x6, 0x0, 0x20, 0xde3, 0x5, 0x0, 0x80000001, 0x0, 0x1, 0x100, 0x80000000, 0x400, 0x100000000, 0x6, 0x81, 0x8, 0x9, 0x3, 0x80, 0x9, 0xbce, 0x1f, 0x101, 0x4, 0xd27, 0x6, 0xfffffffffffffffe, 0x3f, 0xfffffffffffffffc, 0xb638, 0x6, 0x2, 0x7, 0x10000, 0x3e, 0x80000000, 0x80000000, 0x8, 0x2, 0x4, 0x6, 0x6a, 0x3, 0x20, 0x3, 0x6a2c3220, 0x4ddff5aa, 0xffff, 0xda0c, 0x5, 0x9, 0x81, 0x1ff, 0x3, 0x0, 0x100, 0x1, 0x90000, 0x7, 0x10000, 0x200000000000, 0x7, 0x8, 0x1, 0xffff, 0x10001, 0x4, 0x0, 0x1f, 0x4e, 0x22, 0x5, 0x1, 0x20, 0x2, 0x1c41, 0x4, 0x80000000, 0x7, 0x7, 0x7, 0xc7, 0x8d4, 0x3841, 0x2, 0x5, 0x4136, 0x1, 0x7b6, 0xa7, 0x0, 0x8001, 0x1000, 0x2, 0x8, 0x400, 0x7fff, 0x9988, 0x6, 0x5, 0x2e4, 0x8, 0x18000000000, 0x7fffffff, 0x400, 0x6, 0x8000, 0x0, 0x5, 0x7f6b915e, 0x7, 0x0, 0x0, 0x200, 0x1, 0x4, 0x7ff, 0xfff, 0x6, 0x8001, 0x1ff, 0x1000, 0x40, 0x8, 0x3, 0x0, 0x200, 0x5, 0x2, 0x9, 0x63, 0x100, 0x4, 0x3f, 0xfff, 0xfffffffffffffffd, 0xcd9, 0xfffffffffffffffd, 0x3fe2, 0x1, 0x6, 0x0, 0x0, 0x1, 0x7, 0x9, 0x4, 0x5, 0x0, 0x4, 0xda, 0x4, 0x428af9de, 0x10001, 0x0, 0x1, 0x4, 0x2, 0xca, 0x189, 0x2, 0xffff, 0xffff, 0x80, 0x1, 0x4152, 0x7fffffff], 0x2, [{[0x7fffffff, 0x9], @dev={0xac, 0x14, 0x14, 0xf}}, {[0x607, 0x1000], @initdev={0xac, 0x1e, 0x1, 0x0}}]}, {[0x6, 0x48f88900, 0xd5, 0x3, 0xff, 0x2, 0x2, 0x3ff, 0x7, 0x4, 0x1, 0x7, 0x7fff, 0x100000000, 0xfff, 0xffffffff, 0x3ff, 0xfff, 0x5, 0xfffffffffffffff9, 0x20, 0xffce, 0x4, 0x40, 0x1e, 0xffffffff, 0x6, 0x508b2bd4, 0x5d3, 0x2, 0x1, 0x9, 0x0, 0x3, 0x9, 0x7ff, 0x0, 0xc0000, 0x7, 0x80000000, 0x0, 0x10001, 0x8, 0x7fffffff, 0x8, 0x5, 0x6bb, 0x1000, 0x0, 0x6, 0xfffffffffffffffe, 0x8, 0x705c, 0x6, 0x9, 0x4f29, 0x7, 0x37, 0xfff, 0x1, 0x16ae0, 0x1f, 0x7fffffff, 0x2, 0x900, 0x6, 0x5, 0x1, 0x32d4a31000000000, 0x4, 0x6, 0x8, 0x6, 0x4, 0x4, 0x40, 0x6, 0x100000001, 0x813a, 0x4, 0x0, 0xfff, 0x4d2, 0x8, 0x9, 0x7f, 0x60000000000, 0x4, 0x56b2, 0x1, 0x1, 0x40, 0x6, 0x100000001, 0x0, 0x7, 0x42, 0x2, 0x4, 0x4, 0x1143, 0xf90, 0x20, 0x80000001, 0x0, 0x1, 0x4, 0x3, 0x4e9e, 0x800, 0x5, 0x1, 0x4, 0x3f, 0x101, 0x8, 0x5, 0x2, 0xfffffffffffff001, 0x100000000, 0xffffffffffffffff, 0x728a, 0x7, 0x0, 0x10000, 0x2, 0x3, 0x7, 0xfffffffffffffffa, 0x1, 0x5, 0xfffffffffffffffc, 0x1c0000000000, 0xc3, 0xffff, 0xffffffffffffff00, 0x1ff, 0xffff, 0xfffffffffffffff8, 0x1, 0x6, 0x8, 0x7ff, 0x1, 0x7f, 0x28, 0x8, 0x8a0, 0x8, 0x29, 0xfffffffffffffffa, 0x61, 0x71b, 0x7, 0xfffffffffffffffa, 0x3ff, 0x3, 0x5, 0x7ff, 0x1, 0x7, 0x2, 0xff, 0x1, 0x9, 0x6, 0x7ff, 0x7, 0x0, 0xa6a, 0x401, 0x6, 0xbc6, 0x5, 0x9, 0x7f, 0x0, 0xfffffffffffffffb, 0x2, 0x7, 0x2, 0x3, 0x4, 0x1, 0xffffffff935e4da4, 0x401, 0x9, 0x6, 0x5, 0x1ff, 0x0, 0xffffffff, 0x1000, 0xffffffffffffffff, 0x6, 0x7fffffff, 0x7c, 0x8000, 0x7, 0x3e, 0x8, 0x3, 0x101, 0x1c67, 0x8, 0x1000, 0x5, 0x8, 0x7, 0x9d, 0x592, 0x1, 0xff, 0x7, 0x8, 0x8000, 0x6, 0x40, 0x5, 0xffffffffffff7617, 0x578, 0xffff, 0x3, 0x4, 0x81, 0x3ff, 0x8, 0x7, 0x1f, 0x80000000, 0x0, 0x6000000, 0x6, 0x7, 0x1, 0x6, 0x6, 0x3ff, 0x78f0, 0xee, 0x8, 0x7, 0x7, 0xfffffffffffffff8, 0x5, 0x6, 0x4, 0x7, 0x400, 0x2, 0x8, 0xff, 0x340, 0x4, 0x2, 0x200, 0x7f], 0x2, [{[0x7ff, 0x8], @dev={0xac, 0x14, 0x14, 0x13}}, {[0x0, 0x5], @local}]}}}}, @among={'among\x00', 0x8b8, {{@zero, @zero, 0x3, {[0x181, 0x1, 0xb6, 0x4, 0x10000, 0x0, 0x5, 0x1, 0x3, 0x4, 0x1, 0x3, 0x4, 0x7, 0xfb9b, 0x0, 0x100000001, 0x5, 0x0, 0x8, 0x2, 0xffffffff, 0xfffffffffffffffc, 0xffffffffffff0000, 0x4, 0x100000001, 0x5, 0x3c, 0x7, 0x2, 0x2, 0x8, 0x9, 0x1f, 0x5, 0x2b21000, 0x1, 0x0, 0x80, 0x7, 0x400, 0xeeb, 0x8001, 0x87, 0x200, 0x6, 0x1, 0x3, 0xffff, 0x5, 0xdac, 0x7f, 0x1, 0x9, 0x2, 0x9, 0x9, 0x80000000, 0x100000000, 0xa8, 0x25d2e79e, 0xfffffffffffffffa, 0x20, 0xc3, 0x101, 0x5, 0x882, 0x7ff, 0xfffffffffffffffa, 0x9, 0x9, 0x5, 0x8c, 0x8, 0x10001, 0x2, 0x3, 0x9, 0x9, 0x100000001, 0x2, 0xff, 0x8, 0x2, 0x0, 0x8, 0x2, 0x3, 0x5, 0x1, 0x76e, 0xffffffff, 0x7ff, 0xaa09, 0x3, 0x3, 0x3, 0x9, 0x3, 0x8, 0x325d, 0x1, 0x5, 0x1, 0x800, 0x255, 0x0, 0x7, 0xffffffff, 0x7, 0x2, 0x8001, 0x0, 0x0, 0x6, 0xb1, 0x6, 0x0, 0x10001, 0x667965ba, 0x1, 0xb, 0x80, 0x1, 0x9, 0x1f, 0x2, 0x80000001, 0x80000000, 0x200, 0x0, 0x6, 0x6, 0x4, 0x8001, 0x0, 0x0, 0x8, 0x1b1, 0x7fffffff, 0x800, 0x1, 0x78e, 0x3, 0x9, 0x4, 0x4, 0xc3, 0x3, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff, 0xfffffffffffffffc, 0x7, 0x6c9, 0x6136, 0x7, 0x101, 0x8, 0xfffffffffffffff7, 0x101, 0x0, 0x9, 0xf8a5, 0x8000, 0x1, 0xe9d, 0x1, 0x80000000000, 0x7, 0xfffffffffffffffa, 0x1, 0x9, 0x0, 0x0, 0x1, 0x80000001, 0xf3e, 0x4e1, 0xa8e, 0x3, 0x5, 0x5, 0x92d, 0xceb3, 0x4, 0xfffffffffffff801, 0x8, 0x81, 0xdf6, 0x3, 0x3, 0x0, 0x0, 0x80, 0x9, 0x10000, 0x5, 0x3800000000000, 0x9, 0x1000, 0x70926614, 0xc804, 0x10000, 0x0, 0x7fff, 0x3, 0x1, 0x3, 0x80000001, 0xe00000000000, 0xfffffffffffffff8, 0x80000000, 0x878, 0xb, 0x8, 0x4, 0x9, 0x26, 0x5, 0x7, 0x5, 0xb13, 0x5, 0x80, 0x1e, 0x94, 0x8, 0x9, 0x8, 0x95d, 0x8, 0x3ff, 0x2, 0x8, 0x0, 0x80, 0x6, 0x400, 0x4bd, 0x3fb800000, 0x8000, 0x7fffffff, 0x6, 0x81, 0x7ff, 0x7c, 0x511, 0x3, 0xdec, 0xd766, 0x3f, 0xe1, 0xfff, 0x8, 0x200, 0x8000], 0x7, [{[0x3, 0x1], @loopback}, {[0x3, 0x100000000], @multicast2}, {[0x1000, 0x2d9], @multicast2}, {[0x40, 0x8], @dev={0xac, 0x14, 0x14, 0x1e}}, {[0x8, 0x4aa2], @local}, {[0x40, 0x80000000], @dev={0xac, 0x14, 0x14, 0x10}}, {[0x9, 0x8], @rand_addr=0x9}]}, {[0x4, 0x8, 0x7, 0x1, 0x7fff, 0xabb, 0x7, 0x2, 0x6, 0x6, 0xff, 0x3ff, 0x7, 0x4, 0x5c, 0x7fff, 0x100000001, 0x61, 0x3, 0x1, 0x0, 0x8, 0xc9f, 0x9, 0x3, 0x401, 0x3, 0x1, 0x8, 0x5, 0x5, 0xc643, 0x80000001, 0xffff, 0x80000000, 0x100000001, 0xfffffffffffffffc, 0xed49, 0x4, 0x8, 0x3, 0xfff, 0x40, 0x4, 0x6, 0x6, 0x2, 0x4, 0x4, 0x2, 0x5, 0x100000000, 0x1f, 0x81, 0x1, 0xf61, 0x3, 0x1, 0x5, 0x4, 0x7fffffff, 0x4, 0xec26, 0x1, 0x3, 0xfffffffffffffc01, 0x9, 0x3, 0x10000, 0x3, 0x9, 0x8c, 0x4, 0x4, 0x0, 0x29d845, 0x1000, 0x8, 0xb34, 0x401, 0x7, 0x400, 0xff, 0x8, 0x800000000000000, 0x32a, 0x3f, 0x9, 0x101, 0xffffffff, 0x80, 0x7f, 0x0, 0x80000000, 0x10000, 0x9, 0x400, 0x7fff, 0xc448, 0x401, 0x80, 0x2, 0xfffffffffffffffe, 0x80000001, 0x7, 0x4, 0x638e, 0xb2d8, 0x6, 0x35c6, 0x20, 0x8, 0x80000000, 0x6, 0x5, 0x4, 0x0, 0x6, 0xcc, 0x4, 0x84, 0x9, 0xb16, 0x3ff, 0x81, 0xffffffff, 0x1, 0x5, 0x2, 0x7fffffff, 0x7fff, 0x5, 0x25, 0x1, 0x3f, 0x4, 0x9, 0x7fffffff, 0x7, 0x21, 0xff, 0x9, 0x2, 0x8, 0x37, 0x5, 0x3, 0x10001, 0x565e, 0x71, 0x10000000, 0x6b7, 0x20, 0x28, 0x7, 0x81, 0x100000000, 0x8, 0x4f, 0x728d, 0x3f, 0xfff, 0x2, 0x7, 0x4, 0x6, 0x5, 0x2d4, 0x8, 0x7, 0x1, 0x3, 0x80, 0x98ca, 0x7f, 0x140000, 0x9, 0x521, 0x7, 0x0, 0xb69, 0x8, 0x100000001, 0xc9, 0x321, 0x101, 0x1, 0xf9f, 0x0, 0x7ff, 0x7fffffff, 0x5, 0x62, 0x1000, 0x5, 0x0, 0x9, 0x0, 0x6, 0x5, 0x1, 0x25, 0x7, 0x9, 0x4, 0x3f, 0x3, 0x5800, 0x3ff, 0x1, 0x3, 0x3, 0x2f5f, 0xff, 0x5, 0x2, 0x1, 0x8e0, 0x89c, 0xfffffffffffffffd, 0x6, 0x200, 0xfffffffffffff800, 0x7fffffff, 0x4, 0x8000, 0x101, 0x8ec6, 0x8, 0x9, 0x2, 0x101, 0x6, 0x2, 0x3664, 0xf64, 0x100000000, 0x38, 0x9, 0x6, 0x4, 0x699, 0x101, 0x6, 0x3, 0x9, 0x8, 0x6, 0x18b2, 0x2, 0x7f, 0xfffffffffffffff9, 0x10000, 0x6, 0x3, 0xfffffffffffffff8, 0x3], 0x6, [{[0x2a8682e60, 0x2], @multicast1}, {[0x6105], @multicast1}, {[0x80, 0x100000001], @loopback}, {[0x4, 0x10001], @local}, {[0x80], @multicast1}, {[0xffffffffffffffff, 0x10001], @multicast2}]}}}}], [], @arpreply={'arpreply\x00', 0x10, {{@link_local, 0xfffffffffffffffc}}}}, {0x19, 0x1, 0x9b9f, 'bond_slave_0\x00', 'veth1_to_hsr\x00', 'lo\x00', 'hsr0\x00', @random="89ddd9b7f374", [0x0, 0xff, 0x0, 0xff], @local, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], 0xe6, 0xe6, 0x15e, [@ip6={'ip6\x00', 0x50, {{@mcast1, @loopback, [0xffffff00, 0xffffffff, 0x0, 0xffffffff], [0xff000000, 0x0, 0x0, 0xffffff00], 0x88, 0x3d, 0x14, 0x4, 0x4e21, 0x4e21, 0x4e24, 0x4e23}}}], [], @common=@nflog={'nflog\x00', 0x50, {{0x54e, 0xff, 0x40, 0x0, 0x0, "d7b905a782dbf2789ba2d09e6e1516d5c5a98d09c84f73b4595017ad7eab59d26b825b91a6464f9f7785c32d4a279bb25f49fbbc858bf3dc9ce4b5955a92fa50"}}}}]}]}, 0x1858) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) lseek(r0, 0x0, 0x7) 07:40:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={r2, 0xfffffffffffffffb}, &(0x7f00000001c0)=0x8) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 829.742345] FAULT_INJECTION: forcing a failure. [ 829.742345] name failslab, interval 1, probability 0, space 0, times 0 [ 829.768056] CPU: 0 PID: 26616 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 829.775352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.784754] Call Trace: [ 829.787409] dump_stack+0x138/0x19c 07:40:35 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000200)={0x3f, 0x40000000000006, 0x8000}, 0xfffffffffffffce5) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.stat\x00', 0x0, 0x0) mq_getsetattr(r1, &(0x7f0000000140)={0x7fffffff, 0xc20, 0x1000, 0x5, 0xfffffffffffffff8, 0x401, 0x8, 0x8}, &(0x7f0000000180)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 829.791129] should_fail.cold+0x10f/0x159 [ 829.795351] should_failslab+0xdb/0x130 [ 829.799409] kmem_cache_alloc_node_trace+0x280/0x770 [ 829.799434] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 829.799452] __kmalloc_node_track_caller+0x3d/0x80 [ 829.799476] __kmalloc_reserve.isra.0+0x40/0xe0 [ 829.810156] __alloc_skb+0xcf/0x500 [ 829.810170] ? skb_scrub_packet+0x4b0/0x4b0 [ 829.810183] ? netlink_has_listeners+0x20a/0x330 [ 829.810200] kobject_uevent_env+0x781/0xc23 [ 829.810218] kobject_uevent+0x20/0x26 [ 829.810231] lo_ioctl+0x11e7/0x1ce0 [ 829.810245] ? loop_probe+0x160/0x160 [ 829.810258] blkdev_ioctl+0x96b/0x1860 [ 829.810265] ? blkpg_ioctl+0x980/0x980 [ 829.810283] ? __might_sleep+0x93/0xb0 [ 829.810295] ? __fget+0x210/0x370 [ 829.810311] block_ioctl+0xde/0x120 [ 829.820016] ? blkdev_fallocate+0x3b0/0x3b0 [ 829.820033] do_vfs_ioctl+0x7ae/0x1060 [ 829.820048] ? selinux_file_mprotect+0x5d0/0x5d0 [ 829.820061] ? lock_downgrade+0x6e0/0x6e0 [ 829.820071] ? ioctl_preallocate+0x1c0/0x1c0 [ 829.820083] ? __fget+0x237/0x370 [ 829.820100] ? security_file_ioctl+0x89/0xb0 [ 829.820111] SyS_ioctl+0x8f/0xc0 [ 829.820120] ? do_vfs_ioctl+0x1060/0x1060 [ 829.820139] do_syscall_64+0x1e8/0x640 [ 829.909758] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 829.914671] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 829.919905] RIP: 0033:0x459697 [ 829.923129] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 829.930957] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459697 07:40:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x5c831, 0xffffffffffffffff, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x0) [ 829.938253] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 829.945634] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 829.952968] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 829.963075] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:35 executing program 5 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 830.228430] FAULT_INJECTION: forcing a failure. [ 830.228430] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 830.241598] CPU: 1 PID: 26653 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 830.248816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.258590] Call Trace: [ 830.261247] dump_stack+0x138/0x19c [ 830.264988] should_fail.cold+0x10f/0x159 [ 830.269444] __alloc_pages_nodemask+0x1d6/0x7a0 [ 830.274377] ? fs_reclaim_acquire+0x20/0x20 [ 830.278784] ? __alloc_pages_slowpath+0x2930/0x2930 [ 830.284149] cache_grow_begin+0x80/0x400 [ 830.288316] kmem_cache_alloc+0x6a6/0x780 [ 830.292526] ? selinux_file_mprotect+0x5d0/0x5d0 [ 830.297420] ? lock_downgrade+0x6e0/0x6e0 [ 830.301637] getname_flags+0xcb/0x580 [ 830.305503] SyS_mkdir+0x7e/0x200 [ 830.309013] ? SyS_mkdirat+0x210/0x210 [ 830.312985] ? do_syscall_64+0x53/0x640 [ 830.317049] ? SyS_mkdirat+0x210/0x210 [ 830.320989] do_syscall_64+0x1e8/0x640 [ 830.324933] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 830.329848] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 830.335108] RIP: 0033:0x458c47 [ 830.338465] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 830.346230] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 830.354081] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 830.361399] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 830.368891] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 830.376196] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:35 executing program 5 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 830.651160] FAULT_INJECTION: forcing a failure. [ 830.651160] name failslab, interval 1, probability 0, space 0, times 0 [ 830.689583] CPU: 0 PID: 26661 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 830.696767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.706158] Call Trace: [ 830.708797] dump_stack+0x138/0x19c [ 830.712472] should_fail.cold+0x10f/0x159 [ 830.716677] should_failslab+0xdb/0x130 [ 830.720699] kmem_cache_alloc+0x2d7/0x780 [ 830.724888] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 830.730416] ? ext4_sync_fs+0x800/0x800 [ 830.734463] ext4_alloc_inode+0x1d/0x610 [ 830.738572] alloc_inode+0x64/0x180 [ 830.742361] new_inode_pseudo+0x19/0xf0 [ 830.746388] new_inode+0x1f/0x40 [ 830.749798] __ext4_new_inode+0x32c/0x4860 [ 830.754101] ? avc_has_perm+0x2df/0x4b0 [ 830.758130] ? ext4_free_inode+0x1210/0x1210 [ 830.762593] ? dquot_get_next_dqblk+0x160/0x160 [ 830.767351] ext4_mkdir+0x331/0xc20 [ 830.771038] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 830.775762] ? security_inode_mkdir+0xd0/0x110 [ 830.780403] vfs_mkdir+0x3ca/0x610 [ 830.784193] SyS_mkdir+0x1b7/0x200 [ 830.787784] ? SyS_mkdirat+0x210/0x210 [ 830.791709] ? do_syscall_64+0x53/0x640 [ 830.795730] ? SyS_mkdirat+0x210/0x210 [ 830.799684] do_syscall_64+0x1e8/0x640 [ 830.803614] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 830.808713] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 830.814016] RIP: 0033:0x458c47 [ 830.817259] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 830.825035] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 830.832363] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 830.839676] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 830.847005] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 830.854312] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:36 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000cc0)='/dev/userio\x00', 0xfffffffffffffff8, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000100)={0x1, 0x5}, 0xfffffffffffffe31) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r1 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x8082) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="6d616e676c6500000000000000000000000000000000000000000000000000001f00000006000000780600000000000060030000680400003801000038010000a8050000a8050000a8050000a8050000a805000006000000", @ANYPTR=&(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'/96], @ANYBLOB="ff020000000000000000000000000001ff010000000000000000000000000001000000ffff0000ff000000ffffffffff00000000ffffff00ffffffffffffff0062637366300000000000000000000000726f7365300000000000000000000000000000000000000000ff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003f0003044c000000000000000000000000000000f00038010000000000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000004000000000000004800444e50540000000000000000000000000000000000000000000000000000fe8000000000000000000000000000aaffffffff0000000000000000000000000a1a04000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f800380100000000000000000000000000000000000000000000000030007265616c6d000000000000000000000000000000000000000000000000000600000006000000000000000000000040005450524f58590000000000000000000000000000000000000000000000010457000005000000ffffffff00000000000000e3000000004e2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c800f0000000000000000000000000000000000000000000000000002800434845434b53554d0000000000000000cfc6a66f00000000000000000000000000000100000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000aaffffff00ff000000ff000000ffffffff00000000000000ffffffffffffffff000000000000000000000000000000000069705f76746930000000000000000000000000000000000000ff0000000000000000000000000000000000000000000000000000000000ff000000000000000000000000000000003e00020663000000000000000000000000000000c8000801000000000000000000000000000000000000000000000000400052415445455354000000000000000000000000000000000000000000000073797a310000000000000000000000000101000000000000ff0300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180140010000000000000000000000000000000000000000000000002800727066696c7465720000000000000000000000000000000000000000000002000000000000002800697076366865616465720000000000000000000000000000000000000000e0100100000000002800484c0000000000000000000000000000000000000000000000000000000080060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x6d8) accept4$inet6(r1, 0x0, &(0x7f0000000c40), 0x80000) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {&(0x7f0000000d00)={0xffffffffffffffff}, 0x400000000, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x4, 0x9, {"7de2a70dd4669dc442acebab5291cb94"}, 0xffffffff00000001, 0x10000, 0x34b5}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0), r2}}, 0x18) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000001c0)={0x3f, 0x9}) r3 = getuid() getgroups(0x9, &(0x7f0000000c80)=[0xee00, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xee01, 0xee01, 0xffffffffffffffff]) fchownat(r1, &(0x7f0000000280)='./file0\x00', r3, r4, 0x100) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000a80)={0x2, {0xffffffff, 0x1, 0x10001, 0x8, 0x8, 0x9}}) ioctl$RTC_WIE_ON(r1, 0x700f) r5 = getpid() ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000e00)=0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000ac0)={{{@in6=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@empty}}, &(0x7f0000000bc0)=0xe8) setsockopt$packet_drop_memb(r1, 0x107, 0x2, &(0x7f0000000c00)={r7, 0x1, 0x6}, 0x10) kcmp$KCMP_EPOLL_TFD(r5, r6, 0x7, r1, &(0x7f0000000a40)={r1, r0, 0xffffffff00000001}) 07:40:36 executing program 5 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 831.030202] net_ratelimit: 12 callbacks suppressed [ 831.030208] protocol 88fb is buggy, dev hsr_slave_0 [ 831.031006] FAULT_INJECTION: forcing a failure. [ 831.031006] name failslab, interval 1, probability 0, space 0, times 0 [ 831.035358] protocol 88fb is buggy, dev hsr_slave_1 [ 831.063813] CPU: 1 PID: 26669 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 831.071059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 831.080647] Call Trace: [ 831.083294] dump_stack+0x138/0x19c [ 831.087012] should_fail.cold+0x10f/0x159 [ 831.091242] should_failslab+0xdb/0x130 [ 831.095293] kmem_cache_alloc+0x2d7/0x780 [ 831.099506] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 831.105033] ? ext4_sync_fs+0x800/0x800 [ 831.109062] ext4_alloc_inode+0x1d/0x610 [ 831.113183] alloc_inode+0x64/0x180 [ 831.116862] new_inode_pseudo+0x19/0xf0 [ 831.121081] new_inode+0x1f/0x40 [ 831.124522] __ext4_new_inode+0x32c/0x4860 [ 831.128801] ? avc_has_perm+0x2df/0x4b0 [ 831.132830] ? ext4_free_inode+0x1210/0x1210 [ 831.137311] ? dquot_get_next_dqblk+0x160/0x160 [ 831.142028] ext4_mkdir+0x331/0xc20 [ 831.145696] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 831.150406] ? security_inode_mkdir+0xd0/0x110 [ 831.155042] vfs_mkdir+0x3ca/0x610 [ 831.158717] SyS_mkdir+0x1b7/0x200 [ 831.162338] ? SyS_mkdirat+0x210/0x210 [ 831.166311] ? do_syscall_64+0x53/0x640 [ 831.170321] ? SyS_mkdirat+0x210/0x210 [ 831.174260] do_syscall_64+0x1e8/0x640 [ 831.178269] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 831.183142] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 831.188389] RIP: 0033:0x458c47 [ 831.191617] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 831.199451] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 831.206794] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 831.214181] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 831.221500] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 831.228792] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 831.350212] protocol 88fb is buggy, dev hsr_slave_0 [ 831.355500] protocol 88fb is buggy, dev hsr_slave_1 [ 831.670227] protocol 88fb is buggy, dev hsr_slave_0 [ 831.675384] protocol 88fb is buggy, dev hsr_slave_1 [ 831.750187] protocol 88fb is buggy, dev hsr_slave_0 [ 831.755409] protocol 88fb is buggy, dev hsr_slave_1 [ 832.230166] protocol 88fb is buggy, dev hsr_slave_0 [ 832.235401] protocol 88fb is buggy, dev hsr_slave_1 07:40:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:38 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$FIONREAD(r0, 0x541b, 0x0) 07:40:38 executing program 5 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:38 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/userio\x00', 0x40000000002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000100)={0x1, 0x4}, 0x4792e4a45fa6f492) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x100000000000) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() setpgid(r0, r0) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 832.817332] FAULT_INJECTION: forcing a failure. [ 832.817332] name failslab, interval 1, probability 0, space 0, times 0 [ 832.872860] CPU: 1 PID: 26683 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 832.880050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.880056] Call Trace: [ 832.880088] dump_stack+0x138/0x19c [ 832.880112] should_fail.cold+0x10f/0x159 [ 832.880134] should_failslab+0xdb/0x130 [ 832.880150] kmem_cache_alloc+0x2d7/0x780 [ 832.880161] ? __debug_object_init+0x171/0x8e0 [ 832.880172] ? ext4_alloc_inode+0x1d/0x610 [ 832.880194] selinux_inode_alloc_security+0xb6/0x2a0 [ 832.880213] security_inode_alloc+0x94/0xd0 [ 832.880234] inode_init_always+0x552/0xaf0 [ 832.880250] alloc_inode+0x81/0x180 [ 832.880267] new_inode_pseudo+0x19/0xf0 [ 832.880280] new_inode+0x1f/0x40 [ 832.880292] __ext4_new_inode+0x32c/0x4860 [ 832.880315] ? avc_has_perm+0x2df/0x4b0 [ 832.880330] ? ext4_free_inode+0x1210/0x1210 [ 832.880348] ? dquot_get_next_dqblk+0x160/0x160 [ 832.880365] ext4_mkdir+0x331/0xc20 [ 832.892429] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 832.892447] ? security_inode_mkdir+0xd0/0x110 [ 832.892469] vfs_mkdir+0x3ca/0x610 [ 832.897721] misc userio: No port type given on /dev/userio [ 832.900329] SyS_mkdir+0x1b7/0x200 [ 832.900343] ? SyS_mkdirat+0x210/0x210 [ 832.900358] ? do_syscall_64+0x53/0x640 [ 832.900369] ? SyS_mkdirat+0x210/0x210 [ 832.900380] do_syscall_64+0x1e8/0x640 [ 832.900388] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 832.900406] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 832.900416] RIP: 0033:0x458c47 07:40:38 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) lsetxattr$security_ima(0x0, 0x0, 0x0, 0x0, 0x0) write$evdev(r0, &(0x7f000004d000)=[{{}, 0x0, 0x1}], 0xfffffe82) 07:40:38 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x36c) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) prctl$PR_SET_UNALIGN(0x6, 0x2) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x10800, 0x0) vmsplice(r1, &(0x7f0000000080)=[{&(0x7f0000000140)="1edff44d1bf759e0ea3510fbfd0ce2f976180abf220e6920df74edb9a084492bdb2a13636edc22e9577d17da1e1597b0a0fa38a88f5c7f63235a87bdf78b5c07b42c632d217939dbeb2c5e1d9a1e694eb33e142707d292bead055ee357c68e64f7a8c9253b402f5480dcefdb52eb4df60cdf60874b716c8268066b8b2275ec142e", 0x81}, {&(0x7f0000000200)="d4866cc67e28318cc10cbd0a0eb7b42f574f277dd695a7efb5e9ecad92c0a594306b5aba453498a2a8c949e63fd8211c8d9e112a0752f167cc7cd0187627bf55565cd0140436a345a39fa85c97addbfbfc9879d75967ac8b1efdc32fd99e22328d9dce97084717617669fadef6a6e5204563a7b1064c90", 0x77}], 0x2, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 832.900421] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 832.900432] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 832.900437] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 832.900442] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 832.900448] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 832.900453] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:38 executing program 5 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 833.187189] FAULT_INJECTION: forcing a failure. [ 833.187189] name failslab, interval 1, probability 0, space 0, times 0 [ 833.225429] CPU: 0 PID: 26711 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 833.233028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.242534] Call Trace: [ 833.245205] dump_stack+0x138/0x19c [ 833.248893] should_fail.cold+0x10f/0x159 [ 833.253186] should_failslab+0xdb/0x130 [ 833.257212] kmem_cache_alloc+0x2d7/0x780 [ 833.261410] ? __debug_object_init+0x171/0x8e0 [ 833.266049] ? ext4_alloc_inode+0x1d/0x610 [ 833.270693] selinux_inode_alloc_security+0xb6/0x2a0 [ 833.275867] security_inode_alloc+0x94/0xd0 [ 833.280242] inode_init_always+0x552/0xaf0 [ 833.284562] alloc_inode+0x81/0x180 [ 833.288238] new_inode_pseudo+0x19/0xf0 [ 833.292273] new_inode+0x1f/0x40 [ 833.295684] __ext4_new_inode+0x32c/0x4860 [ 833.299985] ? avc_has_perm+0x2df/0x4b0 [ 833.304036] ? ext4_free_inode+0x1210/0x1210 [ 833.308516] ? dquot_get_next_dqblk+0x160/0x160 [ 833.313256] ext4_mkdir+0x331/0xc20 [ 833.316939] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 833.321698] ? security_inode_mkdir+0xd0/0x110 [ 833.326339] vfs_mkdir+0x3ca/0x610 [ 833.330060] SyS_mkdir+0x1b7/0x200 [ 833.333698] ? SyS_mkdirat+0x210/0x210 [ 833.337633] ? do_syscall_64+0x53/0x640 [ 833.341777] ? SyS_mkdirat+0x210/0x210 [ 833.345721] do_syscall_64+0x1e8/0x640 [ 833.349644] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 833.354503] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 833.359699] RIP: 0033:0x458c47 [ 833.363081] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 833.370847] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 833.378138] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 07:40:38 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat(0xffffffffffffffff, &(0x7f0000000500)='./file0\x00', 0x0, 0x88) ioctl$KVM_SMI(r0, 0xaeb7) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) r2 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0xffffffff, 0x90000) ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f00000002c0)={0x6, 0x3, @start={0x4, 0x1}}) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) pipe(&(0x7f00000004c0)) get_robust_list(r1, &(0x7f0000000200)=&(0x7f00000001c0)={&(0x7f0000000080)={&(0x7f0000000000)}, 0x0, &(0x7f0000000180)={&(0x7f0000000140)}}, &(0x7f0000000240)=0x18) get_robust_list(r1, &(0x7f0000000440)=&(0x7f0000000400)={&(0x7f0000000380)={&(0x7f0000000340)}, 0x0, &(0x7f00000003c0)}, &(0x7f0000000480)=0x18) [ 833.385434] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 833.392733] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 833.400038] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:38 executing program 5 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 833.571784] FAULT_INJECTION: forcing a failure. [ 833.571784] name failslab, interval 1, probability 0, space 0, times 0 [ 833.584252] CPU: 0 PID: 26725 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 833.591396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 833.600776] Call Trace: [ 833.603445] dump_stack+0x138/0x19c [ 833.607299] should_fail.cold+0x10f/0x159 [ 833.611498] should_failslab+0xdb/0x130 [ 833.615517] __kmalloc+0x71/0x7a0 [ 833.619024] ? mls_compute_context_len+0x3f6/0x5e0 [ 833.624009] ? context_struct_to_string+0x33a/0x630 [ 833.629077] context_struct_to_string+0x33a/0x630 [ 833.633978] ? dump_masked_av_helper+0x90/0x90 [ 833.638658] security_sid_to_context_core+0x18a/0x200 [ 833.643910] security_sid_to_context_force+0x2b/0x40 [ 833.649063] selinux_inode_init_security+0x493/0x700 [ 833.654222] ? selinux_inode_create+0x30/0x30 [ 833.658765] ? kfree+0x20a/0x270 [ 833.662196] security_inode_init_security+0x18d/0x360 [ 833.667461] ? ext4_init_acl+0x1f0/0x1f0 [ 833.671669] ? security_kernel_post_read_file+0xd0/0xd0 [ 833.677071] ? posix_acl_create+0xf5/0x3a0 [ 833.681361] ? ext4_set_acl+0x400/0x400 [ 833.685401] ? lock_downgrade+0x6e0/0x6e0 [ 833.689607] ext4_init_security+0x34/0x40 [ 833.693808] __ext4_new_inode+0x3385/0x4860 [ 833.698185] ? ext4_free_inode+0x1210/0x1210 [ 833.702640] ? dquot_get_next_dqblk+0x160/0x160 [ 833.707353] ext4_mkdir+0x331/0xc20 [ 833.711042] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 833.715770] ? security_inode_mkdir+0xd0/0x110 [ 833.720418] vfs_mkdir+0x3ca/0x610 [ 833.724004] SyS_mkdir+0x1b7/0x200 [ 833.727589] ? SyS_mkdirat+0x210/0x210 [ 833.731611] ? do_syscall_64+0x53/0x640 [ 833.735713] ? SyS_mkdirat+0x210/0x210 [ 833.739666] do_syscall_64+0x1e8/0x640 [ 833.743627] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 833.748520] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 833.753759] RIP: 0033:0x458c47 [ 833.757005] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 833.764749] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 07:40:39 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x1, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@multicast1, @in6}}, {{@in=@broadcast}, 0x0, @in=@broadcast}}, &(0x7f0000000180)=0xe8) [ 833.772136] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 833.779553] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 833.786853] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 833.794146] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:41 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040)={0x1}, 0x68) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:41 executing program 5 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:41 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x6082, 0x0) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2c) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:41 executing program 4: getrandom(&(0x7f0000000140)=""/199, 0xc7, 0x2) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) r0 = getpid() ptrace$getsig(0x4202, r0, 0x400, &(0x7f0000000240)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r2, 0xc0145401, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0xe3, 0x3, 0x2}) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 835.966439] FAULT_INJECTION: forcing a failure. [ 835.966439] name failslab, interval 1, probability 0, space 0, times 0 [ 836.058315] CPU: 1 PID: 26751 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 836.065764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.075223] Call Trace: [ 836.078304] dump_stack+0x138/0x19c [ 836.082116] should_fail.cold+0x10f/0x159 [ 836.086367] should_failslab+0xdb/0x130 [ 836.090392] __kmalloc+0x2f0/0x7a0 [ 836.093996] ? ext4_find_extent+0x709/0x960 [ 836.098373] ext4_find_extent+0x709/0x960 [ 836.102584] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 836.108132] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 836.112677] ? save_trace+0x290/0x290 [ 836.116576] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 836.121765] ? __lock_is_held+0xb6/0x140 [ 836.125901] ? lock_acquire+0x16f/0x430 [ 836.129935] ? ext4_map_blocks+0x354/0x16e0 [ 836.134355] ext4_map_blocks+0xc8a/0x16e0 [ 836.138579] ? __lock_is_held+0xb6/0x140 [ 836.142703] ? check_preemption_disabled+0x3c/0x250 [ 836.147805] ? ext4_issue_zeroout+0x160/0x160 [ 836.152350] ? __brelse+0x50/0x60 [ 836.155863] ext4_getblk+0xac/0x450 [ 836.159553] ? ext4_iomap_begin+0x8a0/0x8a0 [ 836.163933] ? ext4_free_inode+0x1210/0x1210 [ 836.168389] ext4_bread+0x6e/0x1a0 [ 836.172026] ? ext4_getblk+0x450/0x450 [ 836.175965] ext4_append+0x14b/0x360 [ 836.179755] ext4_mkdir+0x531/0xc20 [ 836.183510] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 836.188238] ? security_inode_mkdir+0xd0/0x110 [ 836.192879] vfs_mkdir+0x3ca/0x610 [ 836.196473] SyS_mkdir+0x1b7/0x200 [ 836.200103] ? SyS_mkdirat+0x210/0x210 [ 836.204047] ? do_syscall_64+0x53/0x640 [ 836.208076] ? SyS_mkdirat+0x210/0x210 [ 836.212120] do_syscall_64+0x1e8/0x640 [ 836.216062] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 836.220975] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 836.226215] RIP: 0033:0x458c47 [ 836.229451] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 836.237206] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 836.244566] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 836.251872] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 836.259224] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 836.266522] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:41 executing program 2: perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c748) 07:40:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:41 executing program 5 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 836.400746] net_ratelimit: 18 callbacks suppressed [ 836.400787] protocol 88fb is buggy, dev hsr_slave_0 [ 836.413826] protocol 88fb is buggy, dev hsr_slave_1 [ 836.468967] FAULT_INJECTION: forcing a failure. [ 836.468967] name failslab, interval 1, probability 0, space 0, times 0 [ 836.485548] CPU: 0 PID: 26781 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 836.492750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.502264] Call Trace: [ 836.504885] dump_stack+0x138/0x19c [ 836.508557] should_fail.cold+0x10f/0x159 [ 836.512748] should_failslab+0xdb/0x130 [ 836.516804] __kmalloc+0x2f0/0x7a0 [ 836.520393] ? check_preemption_disabled+0x3c/0x250 [ 836.525455] ? ext4_find_extent+0x709/0x960 [ 836.530009] ext4_find_extent+0x709/0x960 [ 836.530031] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 836.530045] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 836.530059] ? save_trace+0x290/0x290 [ 836.530075] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 836.530084] ? __lock_is_held+0xb6/0x140 [ 836.530100] ? lock_acquire+0x16f/0x430 [ 836.530109] ? ext4_map_blocks+0x77b/0x16e0 [ 836.530126] ext4_map_blocks+0x7d3/0x16e0 [ 836.530142] ? ext4_issue_zeroout+0x160/0x160 [ 836.548259] ? __brelse+0x50/0x60 [ 836.548281] ext4_getblk+0xac/0x450 [ 836.548295] ? ext4_iomap_begin+0x8a0/0x8a0 [ 836.574531] ? ext4_free_inode+0x1210/0x1210 [ 836.581861] ext4_bread+0x6e/0x1a0 [ 836.581877] ? ext4_getblk+0x450/0x450 [ 836.581893] ext4_append+0x14b/0x360 [ 836.581907] ext4_mkdir+0x531/0xc20 [ 836.581924] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 836.581941] ? security_inode_mkdir+0xd0/0x110 [ 836.581958] vfs_mkdir+0x3ca/0x610 07:40:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 836.581971] SyS_mkdir+0x1b7/0x200 [ 836.581980] ? SyS_mkdirat+0x210/0x210 [ 836.582004] ? do_syscall_64+0x53/0x640 [ 836.582018] ? SyS_mkdirat+0x210/0x210 [ 836.598296] do_syscall_64+0x1e8/0x640 [ 836.598311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 836.598329] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 836.598339] RIP: 0033:0x458c47 [ 836.598345] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 836.598357] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 836.598363] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 836.598368] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 836.598373] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 836.598378] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:42 executing program 5 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:42 executing program 2: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="d3d2b93c38f19c0400cd8034"], 0xc}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRESHEX, @ANYRESHEX, @ANYRES32, @ANYRESHEX, @ANYBLOB="e6c55c669eb82eec510100019b3d7280437a7462010000000000000029a741efca44f937d0492482ba837296d961244e", @ANYRESHEX], 0x0, 0x7c}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:40:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:42 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x84a97bec5fa61a91, 0x0) write$P9_RWALK(r0, &(0x7f0000000180)={0x3d, 0x6f, 0x1, {0x4, [{0x88, 0x0, 0x3}, {0x4, 0x0, 0x2}, {0x2, 0x4, 0x8}, {0x5, 0x1, 0x5}]}}, 0x3d) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000001c0)={0x1, 0x6}, 0x2) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000240)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 836.857540] ptrace attach of "/root/syz-executor.2"[26797] was attempted by "/root/syz-executor.2"[26799] [ 836.858592] FAULT_INJECTION: forcing a failure. [ 836.858592] name failslab, interval 1, probability 0, space 0, times 0 [ 836.904766] CPU: 0 PID: 26796 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 836.911959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 836.921393] Call Trace: [ 836.924041] dump_stack+0x138/0x19c [ 836.927735] should_fail.cold+0x10f/0x159 [ 836.931955] should_failslab+0xdb/0x130 [ 836.936005] __kmalloc+0x2f0/0x7a0 [ 836.939609] ? check_preemption_disabled+0x3c/0x250 [ 836.944659] ? ext4_find_extent+0x709/0x960 [ 836.949027] ext4_find_extent+0x709/0x960 [ 836.953234] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 836.958705] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 836.963215] ? save_trace+0x290/0x290 [ 836.967043] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 836.972085] ? __lock_is_held+0xb6/0x140 [ 836.976368] ? lock_acquire+0x16f/0x430 [ 836.980380] ? ext4_map_blocks+0x77b/0x16e0 [ 836.984811] ext4_map_blocks+0x7d3/0x16e0 [ 836.989023] ? ext4_issue_zeroout+0x160/0x160 [ 836.993538] ? __brelse+0x50/0x60 [ 836.997117] ext4_getblk+0xac/0x450 [ 837.000768] ? ext4_iomap_begin+0x8a0/0x8a0 [ 837.005145] ? ext4_free_inode+0x1210/0x1210 [ 837.009575] ext4_bread+0x6e/0x1a0 [ 837.013257] ? ext4_getblk+0x450/0x450 [ 837.017214] ext4_append+0x14b/0x360 [ 837.021017] ext4_mkdir+0x531/0xc20 [ 837.024675] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 837.029396] ? security_inode_mkdir+0xd0/0x110 [ 837.034009] vfs_mkdir+0x3ca/0x610 [ 837.038113] SyS_mkdir+0x1b7/0x200 [ 837.041676] ? SyS_mkdirat+0x210/0x210 [ 837.045574] ? do_syscall_64+0x53/0x640 [ 837.049585] ? SyS_mkdirat+0x210/0x210 [ 837.053533] do_syscall_64+0x1e8/0x640 [ 837.058047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 837.062909] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 837.068195] RIP: 0033:0x458c47 [ 837.071389] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 837.079388] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 837.086769] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 837.094258] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 837.101536] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 837.109183] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 837.270218] protocol 88fb is buggy, dev hsr_slave_0 [ 837.275636] protocol 88fb is buggy, dev hsr_slave_1 [ 837.590222] protocol 88fb is buggy, dev hsr_slave_0 [ 837.595484] protocol 88fb is buggy, dev hsr_slave_1 [ 837.910186] protocol 88fb is buggy, dev hsr_slave_0 [ 837.915518] protocol 88fb is buggy, dev hsr_slave_1 [ 837.990176] protocol 88fb is buggy, dev hsr_slave_0 [ 837.995440] protocol 88fb is buggy, dev hsr_slave_1 07:40:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) sendmsg$unix(r1, &(0x7f0000001440)={&(0x7f0000000040)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f00000013c0)=[{&(0x7f0000000140)="547e9461033487e2de60e5653c4a394dc0c65f21e747c6380ce31b4dc57da99800fbed6f48c55d936ced626db7a9aa27015899223166a6cb09c14fc1c620deda5e12dc864d3e0ba628edfea2", 0x4c}, {&(0x7f00000001c0)="7dd008ba13888da53d5b76e0579b1fef18848b1d0c8ff86ee2d8b83a85fc1ee59097ee2854f488747a57e66663d5b9ed489cf5c54c2701ab8d4b349d2e29531c6d106fb9bf152810b67cb01b04a91b766d59e9973248590118fdf54a238b2d63c25b54fa1c7878a8aa03a898805a57da8114021e1dc8c0c240dd6b8664217b5521b3e5f6e05ef119900eab58d0ae", 0x8e}, {&(0x7f0000000280)="98ee6889dc1c51a29be39f85b226c62459ff1d9ad55bfa76aafaad6656ed962f5059e0b2eb3d065f1b634355501ef95e9969e8e9696afdc33fdf9122cff6fa725664f05c68f84dcf025ffcc4e9dc9cef129bfb98b36757da8cfef66b4d974bfad7ffceb6807921a3c53dcfe5598700807494048b79778df5f8156c0b454ae5dc28b0350ad86feb48984dec86d69ac03773d1a6b1fd19bff687397b490fbcca9cd404c32094f0c772232e2f46814dd5f97231fb6158075925e22cbe252cc01751b4ec2bda0735581acc139d938c9d0baf4e08da1ad0dda9d7d96519ea7b8ba3c428da776775a8d2568a8b078684f98e4d2dd1186e35674d997c1c77d86d7b74dac380338a5f908c970174c96b1166b3ced4c2e3bfcc673e693f78e69a4337896810028b5ed45dec3e5e299e78daf5e776c1fdfdec579115d2c5d28b6f81444b5003b09890daed141267e98295e76e67c9bbf49da611a58718bcc968478ec9a8ca427b2f9f350c3595fa3556354e686da30eceaa814bc43818939fd10cd34ed455ff08f608bf005a6b55de7ba8567e98a6a387d21c529fa7f82cb49ab1038032c0326040ee765bad2ce3e9a733f3b9e3cbf46e27f5863bbbd13372eff5665f28340b4eb849a063ae8112e1cf9f9aba3de8596e00b468ad72b490ad6b39b37bb68f3a6c156a123fbf829013eb1508611b3ab3512e6cefe9232a3cf1efdc4072422a42f31e406fe0f599cd194aa02c8ae9844a7d3f49b2704709481c79738688d30cb86cf42c19cd803c5e8a9b72c8a7fae5bd0b1e04d77d08efe6f6a9f8d0b477fc78df1ac5ac1ad1f23d4c36acead765fe36f991f682f47e23bdbfb93161ddbb00b7237e79c3624823fb5c4e1a6d54ed01c9601505fa3082e090a79bac23e597befdee8196be5123537cd7f5222bcdac6dbfe8f15f72bdc3994be6004b9e50f0ee0b93e43a149f6eaa582978848da070455c2df8f455cd353a2ada55f5ca3fb4bacac325a76ea8df810f0358497d67e09cc810d931c02e58a6977eec14ea7f9665998e79d82354f60b027d3442d374b22a61e01d1383d13546bc0c5dfad2d3fef03f7772c35cb75b46586c38702a156cb45c3e547647c805d8c68b3e766144db9d717557477e0b8b141de6b00611913721159286c509c2a559a1787417fd6c6c23bf347294aca9d4937bee7d2ef15e02a4cd914e4f2df9b44d0fb525a4285fb1297e6a84f1860f8c8098872acb9715ab8fc29be34ae101cb879be1f69251f7bdfd0354beea62e66fe0092e2076a20b5b59bbfadad927d424e92607467666771db01e5779cc4d87d02b83ce7ce8b9051aabe3a83af5e09cb82b73c070074d366ab3c18bcd2e008b632f6f8010a45d38e2c3897545706ba6c17221e0102c9851bde0a4be1999321a9aae841327429282263aed6baacc77cb4c22c09c2f38c20635e58aa2ce946f31fd1930633f51b4b69ef35f666cf9fe18888fb948619fd0524977031487f5daf54a18b9952bd9319e2c340c7129c0f4f1bf1cc1881f6382c721718d2bfc9905c845366d8c8e7d7819a72074eda0617dcfd311856acabda134884497ebd1bd30229381675a56512e11e4fca6beb33661cd18d49c11fbb1536a2163fbb7c7fc18613d2a113754be3a4bdc7a08225996676ad655d6b326f02a1907d439d6bf87f3f8c762365cb4314dcb7653aaaf4efbc0cbab8deb3dffddc57505d1cf6122fd5828bfb387c2dbde5b3a373413d690c75f826bf4d70b2c3489f5f6dfb10a0b03c28ffa3d4a16033cf945be7cc9961e8c56f6b4e595855ec593837032ced2a6bf6be675a54b3921bcd8334c911283962462a56b28f385590990697169b6840ddba1dd9a98931192de07b1ee1288dc464823329ce297a6a91558c804c5c385494d14eafcc299f5caf2d735f18251ab3f806a3a0f0142ca8760507609e697e6b1fd18d9152c7dbddaf5d30de8e483ec61198636fb590da6d1b79509af5572fe053142ede135ba4d180c438a8c37f6827dd0bfbebadfa2854e512aa66e9bae7ab6053f3cfe514354e2184e2cbdd5658725ec81a746d6185b00dc90fff4f4bd2ea0d50a4c4b4315150896f27105c86db2ac03ff23af5b957e542cd519373b89d2c1f3aece637523f881ce3fe54fb2da8ce333d8e6792045908c69b417f6dcd442626b13262137b4116e18cbad2f54da08c8875b2412e965bc406ef343e60d1cdfb297afc6d5dba8042ab641732cfbdefbf579826350bb78a33d2b30c59293d0a1757862bee121f5bee83c987f02f2316d52c118610cbd5ec92d8df90d1a7c251f40aeb268543f65811b3b17ef69684c04dfb016a169ce75df5dab471d85ebf90be23c0fd14eb4ee397f0256c13ebbc69bbef9230209a3bddab09ad465fb1a63f31b829905f4286b3103c66ad2c6e3894fdc34d4134d83bb0e11834cd77155c13745560f1429ad306eac2fed74fc9bb3716502a32321e85510c75c0114d4017f34afc4643d4dc093e93d8f78b193405ee268295e84243a284ae8ace847b988889a13d72c9f49af7df9c1da352a6ba08c223e2337beb40c74b4ef348dd07ffeb5fd0520af1bd799ab409a9ca82a77f9e4ada7121a1bbbace6d538b3ac3853de05eaffb8087ca19ad17be03771ee415b29ef2dcc6f17a476a653837cbf09b2d1c4d72cbea88e0658f67f8506c0459e2d00bb44a3531d9048c5bf8baca4885820ed5adf818eb039fce007bd655c362f0ec83f53056facb3e55a984fd8ca5b87014110e9d2e41fc4a39988cd88cfc6e74dc5a27386bda80636f2f291543d74b85ec93a4cf40dea3fcb419603e49035bcf5412350cc8c0a6d3753012642399cc96e99b8a2a7f08559dc356d1c0be68d4cca83fd056f821f1cf046e13b6835e74d41bb15e8a8655cd5688e0a6237d9a51c1f0fae87947f7275610a7ed552da2a1e29cf2df849708202c9227d4be2a59299ecb1610005445e776d17006d70b5e06600cca5a055e07d91dea567a47798fbea2d6ae91ed79e819de62b5ee5944e67cb169e8c5b41f3904f5887156b4e2aef5d8dd98c5e88e2ba776c1436ee7949a652bb0cb253f46929f9394cef76cd1fd183371ce3d361e4de6bb2a01d33ee2aefc900af3eb8b6c350cda9a343d4e757cd4db86f93d20134f1dd236cc615c696e9420d6d065025ee11e76cb80e2ea843a7dc0462a9ea639676b9b4aa9e414b021620b500235f609ddabe5b70d2037d047858900957b2c5a9f92817b6e607f070e2a7afbd9e7f9e74774787214aa8a63afccbd6919749bcbbb3df9176a08eaf0f4afadd56540497a8a820a6d0b7aec3c7d6c5d29a342f9b6c916b57d9ead94cf77a93182161266542911f0a57548fe6214820c4e334ceffda05b8ba288d138cbe528373c87ec14a77e8311ae0ed381abeb9085739dcb09200a89dc40c7749f91faaee128adfad0ea4b95322adaed296a3c1a03668b4c56d1025d6df0e85a3220672af89221c9bdbde86793d2e8055a4dd6c4af3efdd0b27cd68c674fc27c094f0099e12909c517a903a49d3a3f2cdd50b341643c9b1a9a4437f5aad2b44bbd3319bc7ca5e422a7813cf7399bc68039e813124e9f45329ce0c51c019f3c0abced88b7a99a1f32a96e56e9dc19f836fd7b657306d5131253d467bae3a7ab39ee61af25b9511de8b57a7fb7e20277a851ee4cb403c00a72191a116df74a7f6f9e76091445e8a3ddc1f20c56ea1c4f6f5c0da4344161526d1a9845e8266ec92bdc5ce6f8adcd9cbdd335baf6d46c58bc5ec32db7193214f1341bdec493b99b53f1344dde3d885312620150271c0415759ee8bb8979f738ae4f16d1c276b231a1f887709c16cdb0909a5eaa1037b46b2fc3c1ef1a0197340f43a5d7b6ca49b1315a30ca882e97f4a1ffeb81cc04e896876ea834d96779fef25333407a65e0a916b167c5ef023f51ca613cd3cb8a69ca112daa4b4d2e3ad31a40f577f8113b7ef562e8e4b31d327ac09ed1ed9fa645cc8a7029b2544e92d73f45e88c2910a88b44905c1f9659d74a257134e2ee86748a85ce18df7f7be3efc4121ce61b029be69c68734058040605f08be6b60715047ab74fe5fb8214eb63d03851948dc2487cce765a381f302b595c44520cbe6a4b09438f7c199461b73238898e73a41e4e6533bd4372db8c8e825e6bce9de9219f3477906e90aaf7d0cb4cc92b2805a4baa1ba450681fd1b8019aef26838c277ec0b20140d098cea5a1aa08e4aba25b2c08593fbb8ea2646897348b6b228e964c92d42ed35d1500bcc530dc20a756e0cdc5d2629695716021574cfdcaed882a530ddc270fd71c9558d8ba89b638a31bc72b3fc4184d533ef4ff490d8295d1bdaf940d94339ad83e21b132d4d755e54ef78c1c5c980c3938d4857eee8598d29634fc558a553ad83c2e4f1d469b93a8db14ab037b8e7c54c15600697554f141fb6c91c20848b858ef74938a2d14102c7a6510f2794c89d952c241e0d3e8f4b70a7ca7f6a39dbdd3ef4434dad20bc1ce0560574e7a52e91c2e57faff7a2f93665a695f6b7220a07769b97009b788d2c9523a10ed2fd9972e693abae8d4ed5820221f429fdb7e94ad36e7ded243748505f313107d78cfb05b74a8707edd649418e920b8ce467196ff3585b8ab7648576cca3002d1e773b140ed85edec50f223191622251ec1ed4f2c11d4ac3c3e6ae614f44d6e2c659f1999897062e26074573c1e627a287be209ee6db135f4836bfe027658c3a9b0a0dc1dc2be6bd1318cf41633d7600207e0e6a3b1d7c4abb2238c3f30a0c5686c07b42afb324af53114d84c4f78b5bede1f424f386f88a478cdd47355b35be8f19693ea2c16219d774cee0b91d62db8f51572cdc37f36363e5cab85c19331f1fc6597227163e78bee213aa9354e09b430084ae0da6c543b204990438f19d225f3a72620b7ca1978c822e8441a99e684eb8e91b97d1f77bd6eee363545a9ec29047f0087b0ec7da318633f6baaa4a849753969f677e7cbf917c49ed5fdd074f3a37d9e4fc81eab9e675f26ea86bd777bd8d17d60bef93aba7e03737d65c13ec96f290d20e4136e9b63c1f70d93b5006f6d3537e73f2b1a6bc60c16b36927bcb9e30a846e5705e6c05fa5f9944e082df17c0eb6ddd988ee48f1d9e2d5e3f8aac2999c5246c50923c175a0abb7933d7ded7743234983d3edd3ab6ab8f4137bb87ad62c73814438b895270d9e9122e9c0ef1c8b6fd20bde49f575cd313c031df38a51024faaa249fe24bbd72e41b9bde8bb47363dd350c0812d2782ca16bde1518442ad5d0b36dbd6c990128a8cb021dcdb6dab0015954b54468cd94f62a92b8c60d17568e47cbf004ba662a540b1eda090c7c152efcce4c74fafd93244cc01f2239c5e56974d71e64629ab2af93e5c3ce61443f50808382762263929792596aba65470ffe69a79e20fa7d723959da7601a4803d74408c3e5b10fe8c7eb21a433783f1d91ab90afa9f8cf5a2400d421f6022b7a0abaf30fb05c09b712c4c451da14642d4fa363c7743f3b14f2f9f809176bb0e8c9631b7145612c5bb4a005016ae28c91ddadbae5b64e4803a7d7568da3345ce01ae0327a2c3b01250f14eae6927090f9a9319177b07b826ae364146320fb6b37a6008166f4b14748165ee27f2655c2fb6039069ab6b242ffce1a8e739f30a485fc957bbe804e966585df3f0c09cd7201962d2cb7e9cc937be4e039d7e3817543432b64b2f53ea752e766d4e3de9cf55ee3c353b370b671ea826792d5b6232be63f3104a2ac078fbaefba1311822f8d3a63acd221", 0x1000}, {&(0x7f0000001280)="0f7d44120b1b9735e6297d06113650fdde0d683e89d06599488b88308567fd154f54718fc9eda8b2a81308935ca9c1bd6e2f22d048159980c9c9d2d89fae17bc30a198823ccdb2e6e28e0d9d9e82f342ae9257ba36d38695bd08ad76890ca823246948550571d718c4781cd8d5517c5a5fb710ff1247873ee14e72e5193a8be1fbb95e1d17", 0x85}, {&(0x7f0000001340)="46d782ba80c0a154643fc75dbf25b997bd7e6b09a5286951f3ffaa9c5f6d9e98e645e30df36e621dfaf3e29546ed765d180641ce3354a75c35f6a8c8fffc2559e2d3a10b76ad5e99c4b8e7fd2d623483c4ede67562d7b116d594a124bc9e26d332323484d4e198383c004049e45af8d088f2760cda6b3d191a469fdbefecef", 0x7f}], 0x5, 0x0, 0x0, 0x20048000}, 0x4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:44 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') ptrace$cont(0x18, r0, 0x0, 0xe8b) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:44 executing program 2: r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)=""/247, 0xffffff50}], 0x1000000000000005, &(0x7f0000000180)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x0, 0x8012, r1, 0x0) write$FUSE_NOTIFY_DELETE(0xffffffffffffffff, 0x0, 0x0) sysfs$1(0x1, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x8) 07:40:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 07:40:44 executing program 5 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:44 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x9}, 0x2) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x20000, 0x0) accept4$bt_l2cap(r1, &(0x7f0000000100), &(0x7f0000000140)=0xe, 0x80000) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000240)={0x1, 0xaed}, 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000000280)='/dev/fuse\x00', 0x2, 0x0) 07:40:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000280)='/dev/hwrng\x00', 0x80, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000300)={{{@in6=@ipv4={[], [], @loopback}, @in=@initdev}}, {{@in=@empty}, 0x0, @in6=@initdev}}, &(0x7f0000000400)=0xe8) tkill(r0, 0x30) ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f00000002c0)={0x2, 0x7772a992, [{0x6fc10be4}, {0x2, 0x0, 0x1}]}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000700)={0x8, [0x3f, 0x7, 0x4, 0x1000, 0x29f1c0f1, 0x8, 0x200, 0xb01c]}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000440)={{{@in=@loopback, @in6}}, {{@in=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000000540)=0xe8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000140)={{{@in6=@mcast2, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000000)=0xe8) r3 = getuid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f0000000240)=0xc) setresuid(r2, r3, r5) ptrace$cont(0x1f, r0, 0x0, 0x0) get_robust_list(r4, &(0x7f0000000680)=&(0x7f0000000640)={&(0x7f0000000580), 0x0, &(0x7f0000000600)={&(0x7f00000005c0)}}, &(0x7f00000006c0)=0x18) 07:40:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) [ 839.013822] FAULT_INJECTION: forcing a failure. [ 839.013822] name failslab, interval 1, probability 0, space 0, times 0 [ 839.097680] CPU: 1 PID: 26823 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 839.104879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.114267] Call Trace: [ 839.116927] dump_stack+0x138/0x19c [ 839.120627] should_fail.cold+0x10f/0x159 [ 839.124840] should_failslab+0xdb/0x130 [ 839.128867] kmem_cache_alloc+0x2d7/0x780 [ 839.133077] ? rcu_read_lock_sched_held+0x110/0x130 [ 839.138139] ? __mark_inode_dirty+0x2b7/0x1040 [ 839.142774] ext4_mb_new_blocks+0x509/0x3990 [ 839.147323] ? ext4_find_extent+0x709/0x960 [ 839.151894] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 839.156574] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 839.161663] ? __lock_is_held+0xb6/0x140 [ 839.165791] ? lock_acquire+0x16f/0x430 [ 839.169848] ext4_map_blocks+0x7d3/0x16e0 [ 839.174142] ? ext4_issue_zeroout+0x160/0x160 [ 839.178680] ? __brelse+0x50/0x60 [ 839.182193] ext4_getblk+0xac/0x450 [ 839.185894] ? ext4_iomap_begin+0x8a0/0x8a0 [ 839.190239] ? ext4_free_inode+0x1210/0x1210 [ 839.194677] ext4_bread+0x6e/0x1a0 07:40:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 07:40:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 839.198283] ? ext4_getblk+0x450/0x450 [ 839.202220] ext4_append+0x14b/0x360 [ 839.205981] ext4_mkdir+0x531/0xc20 [ 839.209665] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 839.214422] ? security_inode_mkdir+0xd0/0x110 [ 839.219046] vfs_mkdir+0x3ca/0x610 [ 839.222645] SyS_mkdir+0x1b7/0x200 [ 839.226236] ? SyS_mkdirat+0x210/0x210 [ 839.230202] ? do_syscall_64+0x53/0x640 [ 839.234244] ? SyS_mkdirat+0x210/0x210 [ 839.238451] do_syscall_64+0x1e8/0x640 [ 839.242422] ? trace_hardirqs_off_thunk+0x1a/0x1c 07:40:44 executing program 2: syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") socket$inet6(0xa, 0x0, 0xffff) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000001c0), 0x8) unshare(0x600) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'bond_slave_0\x00'}) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000200)={'bond_slave_0\x00', {0x2, 0x100000, @initdev={0xac, 0x1e, 0x1, 0x0}}}) [ 839.247323] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 839.252561] RIP: 0033:0x458c47 [ 839.255891] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 839.263646] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 839.270955] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 839.278296] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 839.285965] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 07:40:44 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x100, 0x0) sendto$packet(r1, &(0x7f00000002c0)="f6", 0x1, 0x4000800, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r2 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/user\x00', 0x2, 0x0) ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000140)={0x4a, 0x5, 0x6, 0x9, 0x6, [{0x5, 0x2d3, 0x27, 0x0, 0x0, 0x1000}, {0x2, 0x8, 0x7}, {0xf280, 0x20, 0x1, 0x0, 0x0, 0x8}, {0xe000, 0x100000001, 0x8001, 0x0, 0x0, 0x2000}, {0xff, 0x1, 0x81, 0x0, 0x0, 0x80}, {0x400, 0x9, 0x2, 0x0, 0x0, 0x2002}]}) 07:40:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 839.293266] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:44 executing program 5 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 839.424889] FAULT_INJECTION: forcing a failure. [ 839.424889] name failslab, interval 1, probability 0, space 0, times 0 [ 839.468489] CPU: 0 PID: 26866 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 839.475710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 839.485100] Call Trace: [ 839.487770] dump_stack+0x138/0x19c [ 839.491806] should_fail.cold+0x10f/0x159 [ 839.496021] ? __lock_is_held+0xb6/0x140 [ 839.500139] ? mempool_free+0x1d0/0x1d0 [ 839.504230] should_failslab+0xdb/0x130 [ 839.508272] kmem_cache_alloc+0x47/0x780 [ 839.512385] ? mempool_free+0x1d0/0x1d0 [ 839.516421] mempool_alloc_slab+0x47/0x60 [ 839.520653] mempool_alloc+0x138/0x300 [ 839.524598] ? remove_element.isra.0+0x1b0/0x1b0 [ 839.529424] ? save_trace+0x290/0x290 [ 839.533282] ? save_trace+0x290/0x290 [ 839.537152] ? save_trace+0x290/0x290 [ 839.541009] bio_alloc_bioset+0x368/0x680 [ 839.545181] ? mark_buffer_dirty_inode+0x2e0/0x3e0 [ 839.550348] ? bvec_alloc+0x2e0/0x2e0 [ 839.555401] submit_bh_wbc+0xf6/0x720 [ 839.559246] __sync_dirty_buffer+0xcf/0x260 [ 839.563615] sync_dirty_buffer+0x1b/0x20 [ 839.567738] __ext4_handle_dirty_metadata+0x16e/0x470 [ 839.572974] ext4_getblk+0x29f/0x450 [ 839.576736] ? ext4_iomap_begin+0x8a0/0x8a0 [ 839.581109] ? ext4_free_inode+0x1210/0x1210 [ 839.585550] ext4_bread+0x6e/0x1a0 [ 839.589127] ? ext4_getblk+0x450/0x450 [ 839.593052] ext4_append+0x14b/0x360 [ 839.596793] ext4_mkdir+0x531/0xc20 [ 839.600473] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 839.605303] ? security_inode_mkdir+0xd0/0x110 [ 839.609988] vfs_mkdir+0x3ca/0x610 [ 839.613597] SyS_mkdir+0x1b7/0x200 [ 839.617176] ? SyS_mkdirat+0x210/0x210 [ 839.621099] ? do_syscall_64+0x53/0x640 [ 839.625112] ? SyS_mkdirat+0x210/0x210 [ 839.629056] do_syscall_64+0x1e8/0x640 [ 839.633087] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 839.637966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 839.643202] RIP: 0033:0x458c47 [ 839.646443] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 839.654625] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 839.662019] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 07:40:44 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 839.669307] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 839.676632] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 839.683920] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:45 executing program 2: r0 = socket(0x15, 0x80005, 0x0) sendmsg$inet6(r0, &(0x7f0000000180)={&(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x1c, 0x0}, 0x4000000) 07:40:45 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x408083, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r1 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x3, 0x4000) ioctl$TCSETX(r1, 0x5433, &(0x7f00000002c0)={0x0, 0x9, [0x8, 0x80000000, 0x5, 0x6, 0xe5], 0x8}) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r2 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2) ioctl$sock_inet_SIOCGARP(r2, 0x8954, &(0x7f0000000300)={{0x2, 0x4e24, @loopback}, {0x306, @broadcast}, 0x18, {0x2, 0x4e21, @multicast2}, 'syz_tun\x00'}) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000000180)) [ 841.430391] net_ratelimit: 12 callbacks suppressed [ 841.435555] protocol 88fb is buggy, dev hsr_slave_0 [ 841.440924] protocol 88fb is buggy, dev hsr_slave_1 [ 841.750221] protocol 88fb is buggy, dev hsr_slave_0 [ 841.755451] protocol 88fb is buggy, dev hsr_slave_1 07:40:47 executing program 0: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:47 executing program 5 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:47 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) r0 = socket$inet6(0xa, 0x3, 0xa5e) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x4, 0x6, 0x8000, 0x7, 0xa1, 0x7, 0x2, 0x0, 0x0}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000180)={r1, 0xfd, "8507bc70db595e0c349f77015a1023fbf14dec25bd5a38e25243396b876928b05a2b44980d55d6ee41cd52b7a7c339c079f5e01be976a8cfd6661d474c9b6efb8d27e7b6b36b5944feb3fb003042729c50a169ff6bc966f40223dbee63da4f3625f27c1e89cdce5ade270ff6ae3cd0b8db565b8d14f21149c806dde2871a92ccc2cd50cb3d94954789b0ac1665985f2ac0c309f3232609889e4cc5b951cc6036ee15d5bee347e8c32e9d854ef9a736b47a47e55c5779346a3a74261dc73779db515640ce8f4d98251ec45f9bb0f284fb896e472ea243eae6bbf5bb5428bc0b68cd8da848efa08ca804cd7cdcc5e871b1aac590510c4c84b02e6fac75ef"}, &(0x7f00000002c0)=0x105) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r2 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000000)=0xffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x38) ptrace$cont(0x18, r3, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r3, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000300)={0x9, 0x4, 0xffffffffffff1117, 0x401, 0x3, 0x7fffffff, 0x1, 0x6a, 0x8, 0x9, 0x4}, 0xb) 07:40:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$cont(0x18, r0, 0x2, 0x10001) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1, 0x2000) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000140)='fou\x00') sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="99000000", @ANYRES16=r2, @ANYBLOB="000428bd7000fedbdf2501000000080002000a0000000800030000000000040005000800020002000000140007000000000000000000000000000000000108000600e00000010800040000000000"], 0x54}, 0x1, 0x0, 0x0, 0x20040000}, 0x40000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:47 executing program 2: syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) syz_open_procfs(0x0, &(0x7f0000000640)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\xe3\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\x00\x87\xac\xad\x80\xa3P\x8c\xea\x17f%;\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80\x1d\x95WM\x9a\xc6\x95\x98\xed\xe9\xca\x9e\xe6\xcb\x8e\xef\xf659-\xef\xb5\xc9\xf2\"\x15\xb39T\x81\x19\xcc\xcd\xb5\r\x10G\x16(~\x15\xd1\xde\x9e\xb1s\xa0\x864hb\xaa\xa3\x18V\x17xE\xbd\xc2QD\xa5P\x0f\x8e\x1f\x888\xb6\xee\xc6N\xd2\x136\xeb\xa4\x1d\xaap\xc6\x9e\xdc\x007h\f\x96g\"_\xb1\x1b\xdb\x86\xc6\xc9\xb1\xcc\xa1\x9f\xd8h\xcc\x12\xf1k\xe8\x86:D\xd2\xd1\x02I\xfe\x96t\xe5C\x86)\xf0M\xc4\xa35\xcc\x9b\x9e\xbb5\x18[\x958D\\~3\xcaO\x97M\xaf\x930\xfd\x13\xa3\xde\xce0\x1d5I\xba\xc5;T\xdc\xaf\xc8\xa6\n\x92\x0e6>\x19*') r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/4\x00') fstat(r0, 0x0) 07:40:47 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/userio\x00', 0x10000, 0x0) r1 = syz_open_dev$mice(&(0x7f00000014c0)='/dev/input/mice\x00', 0x0, 0x8001) ioctl$TIOCMBIS(r1, 0x5416, &(0x7f0000001500)=0x9) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) preadv(r0, &(0x7f0000000100)=[{&(0x7f0000000240)=""/189, 0xbd}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/251, 0xfb}], 0x3, 0x0) r2 = syz_open_dev$dmmidi(&(0x7f0000001400)='/dev/dmmidi#\x00', 0xffffffffffffff6b, 0x200100) ioctl$ION_IOC_HEAP_QUERY(r2, 0xc0184908, &(0x7f0000001480)={0x34, 0x0, &(0x7f0000001440)}) [ 842.070787] protocol 88fb is buggy, dev hsr_slave_0 [ 842.076023] protocol 88fb is buggy, dev hsr_slave_1 [ 842.129944] ptrace attach of "/root/syz-executor.0"[26908] was attempted by "/root/syz-executor.0"[26911] [ 842.150205] protocol 88fb is buggy, dev hsr_slave_0 [ 842.155416] protocol 88fb is buggy, dev hsr_slave_1 [ 842.174452] FAULT_INJECTION: forcing a failure. 07:40:47 executing program 2: 07:40:47 executing program 0: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 842.174452] name failslab, interval 1, probability 0, space 0, times 0 [ 842.203115] CPU: 0 PID: 26920 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 842.210409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.219791] Call Trace: [ 842.222416] dump_stack+0x138/0x19c [ 842.226127] should_fail.cold+0x10f/0x159 [ 842.230349] should_failslab+0xdb/0x130 [ 842.234361] kmem_cache_alloc+0x2d7/0x780 [ 842.238549] ? add_to_page_cache_lru+0x159/0x310 [ 842.243447] ? add_to_page_cache_locked+0x40/0x40 [ 842.248347] alloc_buffer_head+0x24/0xe0 [ 842.248366] alloc_page_buffers+0xb7/0x200 [ 842.256745] __getblk_gfp+0x342/0x710 [ 842.260592] ? __brelse+0x50/0x60 [ 842.264100] ext4_getblk+0x14f/0x450 [ 842.267869] ? ext4_iomap_begin+0x8a0/0x8a0 [ 842.272347] ? ext4_free_inode+0x1210/0x1210 [ 842.276893] ext4_bread+0x6e/0x1a0 [ 842.280508] ? ext4_getblk+0x450/0x450 [ 842.284442] ext4_append+0x14b/0x360 [ 842.288182] ext4_mkdir+0x531/0xc20 [ 842.291832] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 842.296531] ? security_inode_mkdir+0xd0/0x110 [ 842.301165] vfs_mkdir+0x3ca/0x610 [ 842.304756] SyS_mkdir+0x1b7/0x200 [ 842.308321] ? SyS_mkdirat+0x210/0x210 [ 842.312229] ? do_syscall_64+0x53/0x640 [ 842.316223] ? SyS_mkdirat+0x210/0x210 [ 842.320138] do_syscall_64+0x1e8/0x640 [ 842.324066] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 842.329170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 842.334374] RIP: 0033:0x458c47 [ 842.337604] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 842.345599] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 842.352876] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 842.360169] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 842.367441] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 842.374717] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:47 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) tee(r0, r0, 0x0, 0x1) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:47 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$P9_RLCREATE(r0, 0x0, 0x0) [ 842.477721] ptrace attach of "/root/syz-executor.0"[26936] was attempted by "/root/syz-executor.0"[26938] 07:40:47 executing program 0: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 842.610811] ptrace attach of "/root/syz-executor.0"[26947] was attempted by "/root/syz-executor.0"[26950] [ 842.630203] protocol 88fb is buggy, dev hsr_slave_0 [ 842.635467] protocol 88fb is buggy, dev hsr_slave_1 07:40:48 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={r2, 0xfffffffffffffffb}, &(0x7f00000001c0)=0x8) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:48 executing program 5 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 842.882113] FAULT_INJECTION: forcing a failure. [ 842.882113] name failslab, interval 1, probability 0, space 0, times 0 [ 842.893813] CPU: 0 PID: 26965 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 842.900930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.910321] Call Trace: [ 842.912933] dump_stack+0x138/0x19c [ 842.916600] should_fail.cold+0x10f/0x159 [ 842.920891] should_failslab+0xdb/0x130 [ 842.924943] kmem_cache_alloc+0x47/0x780 [ 842.929029] ? lock_downgrade+0x6e0/0x6e0 [ 842.933218] __sigqueue_alloc+0x1da/0x400 [ 842.937414] __send_signal+0x1a2/0x1280 [ 842.941409] ? lock_acquire+0x16f/0x430 [ 842.945419] send_signal+0x49/0xc0 [ 842.948981] force_sig_info+0x243/0x350 [ 842.952985] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 842.958565] ? is_prefetch.isra.0+0x350/0x350 [ 842.963083] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 842.968745] __bad_area_nosemaphore+0x1dc/0x2a0 [ 842.973438] bad_area+0x69/0x80 [ 842.976743] __do_page_fault+0x86f/0xb80 [ 842.980849] ? vmalloc_fault+0xe30/0xe30 [ 842.984964] ? page_fault+0x2f/0x50 [ 842.988683] do_page_fault+0x71/0x511 [ 842.992550] ? page_fault+0x2f/0x50 [ 842.996202] page_fault+0x45/0x50 [ 842.999670] RIP: 0033:0x45342f [ 843.002864] RSP: 002b:00007f96fb724a88 EFLAGS: 00010283 [ 843.008238] RAX: 00007f96fb724b40 RBX: 0000000020000228 RCX: 0000000000000000 [ 843.015526] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f96fb724b40 [ 843.022822] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 843.030099] R10: 0000000000000075 R11: 00000000004e4dc0 R12: 0000000000000004 [ 843.037388] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:50 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x20, 0x7) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$EVIOCRMFF(r1, 0x40044581, &(0x7f0000000080)=0x5) ioctl$VIDIOC_SUBDEV_S_CROP(r1, 0xc038563c, &(0x7f0000000140)={0x0, 0x0, {0x101, 0x7f, 0xc98, 0x6}}) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5) 07:40:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:50 executing program 5 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:50 executing program 3: r0 = syz_open_dev$mice(&(0x7f00000002c0)='/dev/input/mice\x00', 0x0, 0x84040) getsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000300), &(0x7f0000000340)=0x8) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x0, 0x0) fsetxattr$trusted_overlay_origin(r1, &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f0000000240)='y\x00', 0x2, 0x3) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000003c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f00000004c0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x200080}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, r3, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000005}, 0x800) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r2, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x18) 07:40:50 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 845.206128] FAULT_INJECTION: forcing a failure. [ 845.206128] name failslab, interval 1, probability 0, space 0, times 0 [ 845.248845] CPU: 0 PID: 26986 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 845.256054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 845.265464] Call Trace: [ 845.268121] dump_stack+0x138/0x19c [ 845.271831] should_fail.cold+0x10f/0x159 [ 845.276043] ? __lock_is_held+0xb6/0x140 [ 845.280147] ? mempool_free+0x1d0/0x1d0 [ 845.284169] should_failslab+0xdb/0x130 [ 845.288202] kmem_cache_alloc+0x47/0x780 [ 845.292327] ? mempool_free+0x1d0/0x1d0 07:40:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 845.296352] mempool_alloc_slab+0x47/0x60 [ 845.300543] mempool_alloc+0x138/0x300 [ 845.304479] ? remove_element.isra.0+0x1b0/0x1b0 [ 845.309266] ? save_trace+0x290/0x290 [ 845.313088] ? save_trace+0x290/0x290 [ 845.316914] ? save_trace+0x290/0x290 [ 845.320759] bio_alloc_bioset+0x368/0x680 [ 845.324944] ? mark_buffer_dirty_inode+0x2e0/0x3e0 [ 845.329905] ? bvec_alloc+0x2e0/0x2e0 [ 845.333741] submit_bh_wbc+0xf6/0x720 [ 845.337590] __sync_dirty_buffer+0xcf/0x260 [ 845.341956] sync_dirty_buffer+0x1b/0x20 [ 845.346050] __ext4_handle_dirty_metadata+0x16e/0x470 [ 845.351283] ext4_getblk+0x29f/0x450 [ 845.355055] ? ext4_iomap_begin+0x8a0/0x8a0 [ 845.359425] ? ext4_free_inode+0x1210/0x1210 [ 845.363922] ext4_bread+0x6e/0x1a0 [ 845.367534] ? ext4_getblk+0x450/0x450 [ 845.371468] ext4_append+0x14b/0x360 [ 845.375217] ext4_mkdir+0x531/0xc20 [ 845.378885] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 845.383584] ? security_inode_mkdir+0xd0/0x110 [ 845.388186] vfs_mkdir+0x3ca/0x610 [ 845.391765] SyS_mkdir+0x1b7/0x200 [ 845.395344] ? SyS_mkdirat+0x210/0x210 [ 845.399255] ? do_syscall_64+0x53/0x640 [ 845.403248] ? SyS_mkdirat+0x210/0x210 [ 845.407165] do_syscall_64+0x1e8/0x640 [ 845.411172] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 845.416062] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 845.421285] RIP: 0033:0x458c47 [ 845.424493] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 845.432224] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 845.439504] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 845.446800] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 845.454078] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 845.461371] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:50 executing program 5 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 845.674000] FAULT_INJECTION: forcing a failure. [ 845.674000] name failslab, interval 1, probability 0, space 0, times 0 [ 845.685287] CPU: 1 PID: 27019 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 845.692598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 845.701990] Call Trace: [ 845.704623] dump_stack+0x138/0x19c [ 845.708316] should_fail.cold+0x10f/0x159 [ 845.712542] should_failslab+0xdb/0x130 [ 845.716587] kmem_cache_alloc+0x47/0x780 [ 845.720719] ? lock_downgrade+0x6e0/0x6e0 [ 845.724918] __sigqueue_alloc+0x1da/0x400 [ 845.729100] __send_signal+0x1a2/0x1280 [ 845.733105] ? lock_acquire+0x16f/0x430 [ 845.737134] send_signal+0x49/0xc0 [ 845.740705] force_sig_info+0x243/0x350 [ 845.744718] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 845.750287] ? is_prefetch.isra.0+0x350/0x350 [ 845.754795] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 845.760451] __bad_area_nosemaphore+0x1dc/0x2a0 [ 845.765139] bad_area+0x69/0x80 [ 845.768432] __do_page_fault+0x86f/0xb80 07:40:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x4}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={r2, 0xfffffffffffffffb}, &(0x7f00000001c0)=0x8) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 845.772498] ? vmalloc_fault+0xe30/0xe30 [ 845.776568] ? page_fault+0x2f/0x50 [ 845.780228] do_page_fault+0x71/0x511 [ 845.784091] ? page_fault+0x2f/0x50 [ 845.787768] page_fault+0x45/0x50 [ 845.791255] RIP: 0033:0x45342f [ 845.794479] RSP: 002b:00007f96fb724a88 EFLAGS: 00010283 [ 845.799943] RAX: 00007f96fb724b40 RBX: 0000000020000228 RCX: 0000000000000000 [ 845.807331] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f96fb724b40 [ 845.814634] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 07:40:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 845.814641] R10: 0000000000000075 R11: 00000000004e4dc0 R12: 0000000000000004 [ 845.814647] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 846.790165] net_ratelimit: 18 callbacks suppressed [ 846.790172] protocol 88fb is buggy, dev hsr_slave_0 [ 846.800410] protocol 88fb is buggy, dev hsr_slave_1 [ 847.670242] protocol 88fb is buggy, dev hsr_slave_0 [ 847.675511] protocol 88fb is buggy, dev hsr_slave_1 [ 847.990181] protocol 88fb is buggy, dev hsr_slave_0 [ 847.995417] protocol 88fb is buggy, dev hsr_slave_1 07:40:53 executing program 1: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x80000, 0x0) sendmsg$nl_crypto(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=@del={0x108, 0x11, 0x302, 0x70bd2b, 0x25dfdbfb, {{'morus1280\x00'}, [], [], 0x2000, 0x400}, [{0x8, 0x1, 0x3}, {0x8, 0x1, 0xffffffffffff65e8}, {0x8, 0x1, 0x8}, {0x8, 0x1, 0x8001}, {0x8, 0x1, 0x68}]}, 0x108}}, 0x10) gettid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000340)=0x0) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000600)=r3) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) r4 = semget$private(0x0, 0x2, 0x0) syz_open_procfs$namespace(r1, &(0x7f0000000640)='ns/pid\x00') getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000480)=0xe8) getresgid(&(0x7f00000004c0), &(0x7f0000000500), &(0x7f0000000540)=0x0) r7 = getegid() semctl$IPC_SET(r4, 0x0, 0x1, &(0x7f0000000580)={{0xba, r5, r6, 0xee01, r7, 0x102, 0x8}, 0x800, 0x6, 0x89}) 07:40:53 executing program 5 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:53 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x1816c0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/mixer\x00', 0x0, 0x0) setsockopt$inet6_tcp_buf(r1, 0x6, 0x1f, &(0x7f0000000300)="bea293628eca8aae467f10ea4e7caefaaa5712135424149ba13fa51f36a53ac053aa0bd15bbd0e6fb99b4f079eb78d142a56112ab340b2bcd7c619568d1db028d105fc33e95ef1a5", 0x48) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r2 = socket$kcm(0x29, 0x7, 0x0) r3 = syz_open_dev$dspn(&(0x7f0000000180)='/dev/dsp#\x00', 0x0, 0x101040) setsockopt$IP_VS_SO_SET_EDIT(r3, 0x0, 0x483, &(0x7f0000000240)={0x7f, @dev={0xac, 0x14, 0x14, 0x22}, 0x4e21, 0x1, 'wlc\x00', 0x4, 0x200, 0x24}, 0x2c) ioctl$RTC_EPOCH_READ(r2, 0x8008700d, &(0x7f0000000440)) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:53 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @dev}, &(0x7f0000000240)=0x10, 0x80000) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x2000) mq_notify(r2, &(0x7f00000001c0)={0x0, 0x2c, 0x2, @thr={&(0x7f0000000140)="87cc5da3adb4164ead0ebd7657a60d5e5b6a04dadfefff67417f951a6afa832f6d6b095676ba5e2e0cbc92eb98df52b94c7e0e279b11ae3bc85d186707a7114263f6b825987ad29937363b697fb4ef66ca481ba60701386af7abab54ab9dc31ccb3963eb978d85d9e2d915106fda522eb7988734e14e47", &(0x7f0000000080)="d17e8468ea079f1053ccbea52454"}}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:53 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000280)=ANY=[@ANYRES32=0x0, @ANYBLOB="8d000000f24016fbb7477921ac84701e1bca986aa6ff83d817881720dc66e13c6ef40269f0d459265005b5ea10bdc9e710df00f1827ad41ef534291855292c82e58c080de93ce2d1422ff4ce83ac600f6de80f0deeda91dd20ef4aa043c0d0f2d2477105394657a66229cce1870530eaec7c2067217f0375351b0000000000000000000000175cb82f1ed734fec43870306cb5a7259b24c8525a4ead716d71281014a3ba26dab43016d4332ecc1cbda57d4d5508648d1b3dc89b22fcaeaed152bff80838c17399450b9b1da67f5c2c0baebbf778db243044a65a154544c8b8900aa0b67146bfb3493bfc7b0a0a1f3ec13110e60a185ad4ee10bf6e623187bbe9723a89e407209d230e06e02b21115070c853a9c2bade63"], &(0x7f0000000000)=0x95) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000080)={r1, 0xffff}, 0x8) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xf, r2, 0x9, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) [ 848.279022] FAULT_INJECTION: forcing a failure. [ 848.279022] name failslab, interval 1, probability 0, space 0, times 0 [ 848.304552] ptrace attach of "/root/syz-executor.1"[27051] was attempted by "/root/syz-executor.1"[27058] [ 848.310190] protocol 88fb is buggy, dev hsr_slave_0 [ 848.319625] protocol 88fb is buggy, dev hsr_slave_1 07:40:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 848.374100] CPU: 1 PID: 27044 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 848.381306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.381316] Call Trace: [ 848.381350] dump_stack+0x138/0x19c [ 848.381375] should_fail.cold+0x10f/0x159 [ 848.381391] ? __lock_is_held+0xb6/0x140 [ 848.381407] ? mempool_free+0x1d0/0x1d0 [ 848.381423] should_failslab+0xdb/0x130 [ 848.381441] kmem_cache_alloc+0x47/0x780 [ 848.381459] ? mempool_free+0x1d0/0x1d0 [ 848.381469] mempool_alloc_slab+0x47/0x60 [ 848.381480] mempool_alloc+0x138/0x300 [ 848.381495] ? remove_element.isra.0+0x1b0/0x1b0 [ 848.381523] ? __unlock_page_memcg+0x53/0x100 [ 848.381534] ? save_trace+0x290/0x290 [ 848.381558] bio_alloc_bioset+0x368/0x680 [ 848.381576] ? bvec_alloc+0x2e0/0x2e0 [ 848.381598] submit_bh_wbc+0xf6/0x720 [ 848.405590] __sync_dirty_buffer+0xcf/0x260 [ 848.405604] sync_dirty_buffer+0x1b/0x20 [ 848.405618] __ext4_handle_dirty_metadata+0x16e/0x470 [ 848.405639] ext4_handle_dirty_dirent_node+0x35b/0x480 07:40:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 848.405654] ? ext4_rename_dir_prepare+0x3f0/0x3f0 [ 848.405667] ? lock_downgrade+0x6e0/0x6e0 [ 848.405682] add_dirent_to_buf+0x375/0x5c0 [ 848.405696] ? ext4_insert_dentry+0x440/0x440 [ 848.405708] ext4_add_entry+0x53c/0xa00 [ 848.405721] ? make_indexed_dir+0x1250/0x1250 [ 848.405734] ? ext4_init_dot_dotdot+0x360/0x4c0 [ 848.405746] ext4_mkdir+0x628/0xc20 [ 848.405760] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 848.405774] ? security_inode_mkdir+0xd0/0x110 [ 848.405789] vfs_mkdir+0x3ca/0x610 [ 848.405804] SyS_mkdir+0x1b7/0x200 [ 848.443152] ? SyS_mkdirat+0x210/0x210 [ 848.443170] ? do_syscall_64+0x53/0x640 [ 848.443178] ? SyS_mkdirat+0x210/0x210 [ 848.443189] do_syscall_64+0x1e8/0x640 [ 848.443197] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 848.443215] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 848.443225] RIP: 0033:0x458c47 [ 848.443231] RSP: 002b:00007f96fb724a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 848.443244] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458c47 [ 848.443251] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 848.443256] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 848.443262] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 848.443269] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 848.443618] protocol 88fb is buggy, dev hsr_slave_0 [ 848.570624] protocol 88fb is buggy, dev hsr_slave_1 07:40:54 executing program 2: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000180)={0x1, 0x5}, 0xfffffffffffffe82) r1 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x7ff, 0x6000) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000002c0)=""/65, &(0x7f00000001c0)=0x41) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:40:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x1001000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = accept(0xffffffffffffffff, &(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000240)=0x80) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') openat$selinux_create(0xffffffffffffff9c, &(0x7f00000004c0)='/selinux/create\x00', 0x2, 0x0) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1400440}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r3, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [""]}, 0x1c}}, 0x4004) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f00000003c0), &(0x7f0000000640)=0xfffffffffffffe0d) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000005c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f0000000700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000600)={&(0x7f0000000680)={0x68, r4, 0x100, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x54, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x80000001}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'netdevsim0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}]}, 0x68}}, 0x40011) tkill(r0, 0x38) r5 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000140)={{0x3, @rose}, [@netrom, @default, @bcast, @netrom, @rose, @null, @bcast]}, &(0x7f0000000580)=0x48, 0x80000) openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000400)='/selinux/create\x00', 0x2, 0x0) r6 = fcntl$getown(r5, 0x9) ptrace$cont(0x16, r0, 0x2000000000, 0x100) sched_getattr(r6, &(0x7f0000000080)={0x30}, 0x30, 0x0) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000740)=""/143, 0x8f) setsockopt$IP_VS_SO_SET_EDITDEST(r2, 0x0, 0x489, &(0x7f0000000440)={{0x2, @multicast2, 0x4e22, 0x3, 'ovf\x00', 0x6, 0x73a3, 0x6c}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x10003, 0x9, 0x4, 0x2}}, 0x44) ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000540)={0x0, 0x1, 0x4, [], &(0x7f0000000500)=0x6}) fcntl$setpipe(r5, 0x407, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000800)={[], 0x0, 0x0, 0x0, 0x0, 0x8}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:54 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = syz_open_dev$swradio(&(0x7f00000000c0)='/dev/swradio#\x00', 0x0, 0x2) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f0000000380)={0xffffffffffffffff, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)={0x1c, r2, 0x200, 0x70bd2a, 0x25dfdbfd, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x8000) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000300)='/proc/capi/capi20ncci\x00', 0x100000000001, 0x0) ioctl$VT_GETMODE(r3, 0x5601, &(0x7f0000000100)) dup(r0) r4 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x400000, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r4, &(0x7f0000000140)={0x7ffffffff000, 0xfffffffffffffc89, 0xfa00, {&(0x7f0000000240)}}, 0x606) 07:40:54 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) capset(&(0x7f0000000080)={0x20080522, r0}, &(0x7f0000000140)={0x8, 0x1000, 0x81, 0x5, 0x2, 0x8}) ptrace$cont(0x18, r0, 0x9, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:54 executing program 5 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 848.902729] FAULT_INJECTION: forcing a failure. [ 848.902729] name failslab, interval 1, probability 0, space 0, times 0 [ 848.914025] CPU: 0 PID: 27093 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 848.921161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.930555] Call Trace: [ 848.933196] dump_stack+0x138/0x19c [ 848.936889] should_fail.cold+0x10f/0x159 [ 848.941100] should_failslab+0xdb/0x130 [ 848.945142] kmem_cache_alloc+0x47/0x780 07:40:54 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) prctl$PR_SVE_GET_VL(0x33, 0x143ef) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) set_tid_address(&(0x7f0000000000)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 848.949254] ? lock_downgrade+0x6e0/0x6e0 [ 848.953452] __sigqueue_alloc+0x1da/0x400 [ 848.957651] __send_signal+0x1a2/0x1280 [ 848.961678] ? lock_acquire+0x16f/0x430 [ 848.965711] send_signal+0x49/0xc0 [ 848.969310] force_sig_info+0x243/0x350 [ 848.973607] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 848.979194] ? is_prefetch.isra.0+0x350/0x350 [ 848.983763] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 848.989442] __bad_area_nosemaphore+0x1dc/0x2a0 [ 848.994254] bad_area+0x69/0x80 [ 848.997598] __do_page_fault+0x86f/0xb80 [ 849.001718] ? vmalloc_fault+0xe30/0xe30 [ 849.005830] ? page_fault+0x2f/0x50 [ 849.009521] do_page_fault+0x71/0x511 [ 849.013343] ? page_fault+0x2f/0x50 [ 849.016997] page_fault+0x45/0x50 [ 849.020486] RIP: 0033:0x45342f [ 849.023700] RSP: 002b:00007f96fb724a88 EFLAGS: 00010283 [ 849.029094] RAX: 00007f96fb724b40 RBX: 0000000020000228 RCX: 0000000000000000 [ 849.036385] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f96fb724b40 [ 849.043690] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 07:40:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000140)={[], 0x800000, 0x20, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) move_pages(r0, 0x1, &(0x7f0000000000)=[&(0x7f0000ffb000/0x3000)=nil], 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x4) ptrace$cont(0x40007, r0, 0x40000003ff, 0x0) [ 849.051080] R10: 0000000000000075 R11: 00000000004e4dc0 R12: 0000000000000004 [ 849.058381] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:54 executing program 5 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 849.138969] misc userio: No port type given on /dev/userio 07:40:54 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x4000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000140)={0x8, 0x80000000, 0x8000, 0x2, 0x2, 0x8, 0x3ff800, 0x2, 0x0}, &(0x7f0000000180)=0x20) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000001c0)={r2, 0xe9, "89d61d05c32186a35b98c621fdd39e78d87db03fbee85c952cae378706e8bfdc10246748cca80ffb6523db8903ab3cabe5eac60ba7bb9db0374dcabf8c9b4838a2df2391f3e2bb6834bbcb142d69f74088703b3f49d2fd8fa6a561f50b4c98ba96987cdd461657f6c7b2785116024d11544b972fd1136e8dbab6cce80e2f4741983171782dcbd77147f3ccb254d31c1f8f44257d0873c6db6732650cd8a2d7e101f5e8d1e932986ea6329d8a3328dc5d41bff523aa4bb153befab67968092bc63bbd6a43a639e3929606e148049ce4307a9195bb5d29131a2df965a9970adf186fee0fb61dba985245"}, &(0x7f00000002c0)=0xf1) rt_sigsuspend(&(0x7f0000000040)={0xa65}, 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/dlm_plock\x00', 0x20481, 0x0) ioctl$LOOP_GET_STATUS64(r4, 0x4c05, &(0x7f0000000400)) syz_init_net_socket$llc(0x1a, 0x2, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xf, r0, 0x0, &(0x7f00000005c0)="fe6ffd899d276d6e574313038db5365981755117d33c6c19eb6507574a4dbb948da5c6dfaf95e61b46cfd38a1a300fb90175228cfa6ed2d44b6f8908af3c8e106bf5d5900200e497847071d280dc7b4fc69e8b9b1338778198f6904a3b1959fe94c41181f2605e2e3655d024de32bb6d54abe782ca717f3ea731fa8b31490c786918d19f930609234e2ff9db07ad56aa38a678d1c8c54cb3f883f0f93995b40bee43a8") ptrace$cont(0x1f, r0, 0x0, 0x0) r5 = syz_open_dev$admmidi(&(0x7f0000000300)='/dev/admmidi#\x00', 0x1, 0x8000) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000340)={r3, 0x400, 0x30}, &(0x7f0000000380)=0xc) setpriority(0x3, r0, 0x3) 07:40:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x1f, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x20) ioctl$sock_netrom_SIOCDELRT(r1, 0x890c, &(0x7f0000000140)={0x1, @null, @rose={'rose', 0x0}, 0x9, 'syz0\x00', @default, 0xfff, 0x8, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) [ 849.235130] FAULT_INJECTION: forcing a failure. [ 849.235130] name failslab, interval 1, probability 0, space 0, times 0 [ 849.319388] CPU: 0 PID: 27125 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 849.326600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.335996] Call Trace: [ 849.338635] dump_stack+0x138/0x19c [ 849.342296] should_fail.cold+0x10f/0x159 [ 849.346487] should_failslab+0xdb/0x130 [ 849.350535] kmem_cache_alloc_trace+0x2e9/0x790 [ 849.355243] ? kasan_check_write+0x14/0x20 [ 849.359531] ? _copy_from_user+0x99/0x110 [ 849.363734] copy_mount_options+0x5c/0x2f0 [ 849.368054] SyS_mount+0x87/0x120 [ 849.371575] ? copy_mnt_ns+0x8c0/0x8c0 [ 849.375530] do_syscall_64+0x1e8/0x640 [ 849.379488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 849.384380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 849.389618] RIP: 0033:0x45c27a [ 849.392871] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 849.400604] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 849.407890] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 849.415180] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 849.422475] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 849.429785] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:55 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) 07:40:55 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) fcntl$getown(0xffffffffffffffff, 0x9) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000001140)) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000001180)) getpid() getpgrp(0xffffffffffffffff) r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xf, r1, 0x5, &(0x7f0000000140)="f6111d3720a70e7f3dda6e3665c1b4aefbb513e93b21e10630ae24c22d112fceaf238095a3a860b6587c2c46fea73c7dc8395047c4c2efb8f1abe7a0cf1d8c21a9aba86e87ed791612e1c33ada7ff6e51dbe8ab9b35ffd0dcd216f8b0619d0c2f79c066720d1266419cc6330bf9105c44d0ddd2293ebaf1b61c77fcf62b4e0266e43e6e44e98136998dfff8c37a8645df5e6cd3345aaefae64cd02912ee50b5267e031113685db36aa1bab8b1198c745f783c983bf595128d9c9693263e696ab91f42fe153fc2ccd99e14c990163cf1241d23e0c852f8f593266838f3f76fc0f8b27d9474f2ce499621432585466ef3996d848527617772f2451a47d25a4cdfea363a691a4a9bbd62788e384cd2e9488a8b578de3ea2b2cee90d0975f859f5f05e5a2e6bde1b955d84b163d4da58c3e8aad57a46ed2e813c86ef138ad0c545cb2bc33b904ea24fcfff6c531a3b2f6295d9444e1f9c8d5a8cbf06e86a1dd39e620f7c238e95f66e268f35b6ba99d7f455cab4c2fe88184046fb321cd2e536717f3883ad37c97f344b089c73c1d280b34f24f7e00e52bdef577c9b6cb4c3902ad9af0dba09a05e9555b5bb18504dc373b0184790c7f752ccab093435dc9bca9a3d68847d375694a5c0b2e279a5c073528c8021f730c6ea809d3e6b612815512a6e9edce5778407c886ea7ca19ce83d0ac1210d1a39a67d623a6986f36513c1bb9b2018a3bad2b4bea92aaf82ee8a9e0de5d043f6ad9ac7f8eacf029091da77673b007a7e3d2af19a35bfe2479f29034839982b18c5951a549675b00c641a7be3bc188e5c8307ff983a8ebe8f73c5aab7952a88ab62bc66cacf0a8e0960c3a15f58a6f77c6ec6ab0d97672e3c4e2bd182991722655eb076fc9fd5b3f8e4cbc8a5a3784b4a65a7e9cf98c328791a7921b43ab888ca72f9b83726f6ef3d43de5fa15cfacc6668fbccd302383fd64734ba75479839c66d699e6c637624461e691d856b4d1fafb1981db7e5786d65f56ea18fe74a45a6112205b0078831b1dc5aa09ac0cf670646c8d953187d3df898d17aaf20556b0f2a2174b52c54ec0ed082f49072a2531e50bf82b40d55151204fedb07b31ee99c621423dc987393e1e6d420499fdaff2449a9c79491cb1b9c92f5aa8aa80d3f86046dba4bcc9c427187162613d361727268f279b3b6aba70861cb0ab4799561e0d29a7f2fbc8b333cb51792a95af8d1194f0c773cf158ee12d68f572a080e1fd5ba10797af6a571a335a721c1e0f4468e447946d381503888d23c8eb15078f391379428255688d7b34adfbfeddffdf3181915498837924a0a787240f57ba149ec02f55558930921a9f31bd21c84c4bbc85c63d8c4fb992ddee0f65d724f1f0f1e37cad964b218943f4a2bdf20c76bf87d70905751b8a3fcf3845c0df0beb7b0755903b830cfb4eaf2bc28fb535e2d0f74b089b7ca6be86c3c5b93f5a5a8b9331a16a38c2dbd418bf1aecf98186f379c21f2f7b9e48e7aed39a15927accac1d12feb342965d3fd2c44b2e320192884f2b70b0b364035493ddf5ac520e735e17bac19e555b41d3d9f0d1c2387a6d592381cb3875928596c0e21c6532478799def7eb41704620cf4e97fed4ef6922b828c5c00ababaf3ad8ed10cc39ef5b5a0c0c0c235fcddd48315d9ca34d204acaded57699362d63b415174a78f596551767a956d57fdf1992c69baace1ad2999c731db7b2ae02edc0c1466fd5c59d6b34a7291978d260779aaf9111aaa89c01ea9b6a75c5219a7228db91aeb96cdf1ad94f356b7729c87e48a8e03fd2e3fe6aeb8b1d187025d6bb690f8a3126769e43ec98f47cde4ef61a41902f8ba6791860f2c868e4b3345a71a62aa6805f4f5e7f63b5dead44f8a7c06cc02cc99342f4e77c31c817f8c58742e211f5c5162c93406e93941dd87fc0639422580d614f5593898800cc6b9b9962093250a30bf82a3ac4bf2e9a30d664f29ced4df4f6e69dc45279c239277bab962d28917b7597d89fa06b0990cabaf6784b7c4a7426f24cc3bdcd7f75fe9d128488f03abe67ae029adf2bbfa8111865eaeee751cc620b9ef14ee881f9624dbcd17280d9723a2545daa7bb48d7c82c28f89231647b17f6877e5f7b356e93bea6e1c8d238634e385aed7ade2da109ee46f0faff8edc8e795abf17cc684f80c0b1001192b359b212d8790b3477200dc67e6ac48ab87e4cf8932207a76050dfb613f1b36e6f0f8103eb688002e6a0af8c990d893a6af1ac3f7025ea5c324f3e9c4a606468b4b026a032b39e2da7211bb0f657f6cc03b1ed1280f26d7e0845a7904a2b4b015eb4a156f4fe4dbca21670f8c957a49524fe73a310997260e02192eabaf36c8926ef4e1d93678524a8ad6d51e17e935a6c435f95b001249222149b00fb2bc1895ca53a47da81a43979985a535130c128fd57e1ef54d72c1748722f6a41bf56fd0918208784188f3d67351067afc8c65b00c6c031b8705c3318488373db62d17f4231b40752e28a6c8759cd619bee13256fdbb16e8324cc4f54c6d83751fb05114a07d125cf7127c0233ece60da43c6ad3d817484ac74ec28ec2ace10b33f2b0af98e44ea64c7ca31c1d9223f2eada1457f19b81e04d604ea77abc249fec1e81be9245e8c59497520c7a978061a920845a88693240a1d3ebc451747f26b5f6681fe2a288c556c8a62fae7939dab8bbc7a8c052db9b7e7c6b6a1554bca696f824a16844ed123744e510e241939ab27b49952b932420410994d3ca173f594c39089208370f2d51f95b8b0fb945c638f4e1997bdf48fdb6309a406e534f4b65b6211cc094f0b2919975bb27949945cddaca4f1fffebd4bd69251778fb1bbfdddf158d6755e99d058dc65c4e20379ec26df1bf4692401ca0faf09e186f6e0e524df4ee3d689b40862508cf865df3d2140e257deac1370161d5aa8ba858b8b324cc39f1f78a7b95e532f3500b456f708467190861185cb68c342009f5498c921f780d9a8cd51120b7fb4318c81990839f9c077f8789eb84c7116de70486a29062b25bb9e5a996c9d1552b6dc52dec65c30e91f004a22bbaf5c13ebb2da9da78f5ff92b8a0e08192137e9ac5650e2e4d7f3aaed3cc3c4bff70ed081a04cc163990f906849785964f5a33d406f5751694c8a90933b0e95f0e5439d9efe578bde88ae91adcd3814e88e2820acbb76ddfd4b5af087103fad60a59c79777c44630487c966d2943f1d9225d0fb3bffe4e1923a90385d9b360b0f9af4ebfe7a5fe3fea5adaf3bc02eb1fe836f4829a13cd94710a74cdda5c5c6de8b347a98fe28d021fd783deb6fff339788a55bc2decaec3b54f8a7c365e0a95f2abb87477e8328325ad9c5b3c23b18d7aef330ca596db534b8351cefb45a3cd436d7ce09f864b8eb033f0b0a7fc99d6d2a7332391c3fa9446cccd9633d12df45e08a3e3ee1ab629205883ae3ad44348683798dd5c4d51acc5530a47944422d0def252161581899e1a5c00f94119a4f1e086c2f982a1852dbf6a25439eedc9c648234608358b649bdc8b30c8ebe639aea5c70a5988592f5376944291eb2fbf1cbd054dec1020641466dcea4060b5f10d1d4f4ed879c967e0f2c3b62b98cc68121a3bf1e37dc72da7556ca1a58e10c29e02e2fad9cfa0ebb468ef3c746f9b5be8c628d144e0ed6308fa273b918e6f5d1f0f7228f2d1148bc2cfea91c2feb6ebc7e6e1bf7d2519086ea1945507e39c47979b806214b2a81fd145839f5ba1de73ce3e65efc11504f4d9b58978400c63e0e44378763c66fd8a2da2ce697e9b79239b48a851cecbfa8cadb91306cf8dbe4cc3d9910bf3ff237a26bd87619c1f432109d4ac5792d295c9e3bc3d50a4d479655388ca457aee2f221d3da6638070caf539c8f1f4a9fe1954159071b5ef39387493a7ad4ea3cd5377ca6edb1d20cd9e01e4947705b587223398496636fb32cba141303b9013511e5ea193a18bbe1c9cf1e08dfa4758dd45df9181ebca3ab32e62b77c5e1008d8e2ddb27ffe65e556676fc0e24cccdabf386ed43f51fa0957e0d9d4cb5823acfc4ebd37ce992fac9589355768c719a0c72754c43f5657cb06e0801e24f6956f7b73222c07b52a3ecb544d3136da4059bab0d80a2c20875b6e8cfe6c0522f879e4d2a975e42a5742ac68c1d9a79b21f62ee3ff99f526ad206e8ea2ac25ae547fab7abe41fd439f4d2d88444f6f920583dc21b69fc459e2adbfc0d09be907a90d39adf905671e0c5bfa8836a8c105bad4f129bde2512e571b7d0aa1d7e0fc25867de8ad9ae26e07f9b0672cc2ac4b813cbe738c9812e289480510e67a1c3d4451f2d8cef8fb53adcb4f65ac80439251a594eabc690d949adcd7c19ed26740f3da0a52639f0ba73f59288cf4aadab25645843d8eba3da0c751cb80061597eca64523de9bd57881f3d529070d96ea093443cd60532414a8e9905286864296b79f937a2f084787f581f0877f02aa5a26da0326991a7798b95ab84f8de2502431b40ffaa66540e96894f6e6ba65c494d667d95747eb939d1fbbe5b1f977c14bd09e031abab6bf8486f99be75a56898dd52b8988a3d95fd6424b72e9652fefcfd1a6c82bfbf2fc2363a5847c339f0f01c8d8ce023e87be9eef5e18bfdb6c7a21374221d28b4750a0caacf28490a5fa7032bae170fa9656adf92d95a80d3b0663b84f706038aa4a2f847e989b361abb2673d016f7ccbc8b365bf88234a4b9255a891d3fd4c6f7ea1f71150ba7ccfb57d46bfaf1e35e780400b19678919d109c48295623a8fc07ed855ad184efdd74aa8c9d922d676776e53bbf7d26a0da484dd27a2c95621c01e6d59057063d5477044cee007cd949c09a335230352eea267ef86a2fa2f6045b8a760eaea12faf5ed4ace10c6348697aa492d371fce7c09f211cb8736428148faa3cccbc516ee740e0885571552a7f7ef615ec42007c67688b70134496fcbadfe105008116d7269656ca102b517903f62f2cbabf14117a9f9421fa42bda0aba46bd8f621fa7171b51415533d7105c2154c774deb1b71273cdba8d4a2666c3f3c839a3d364b1dfc4c9a98693c2ba216d86e9412223e696bd203c2cf8109c4f0c2239942a7e30a7b5d8a3b056e0e6982a95918768c821649a4dc53f9e268da80f95a7208ab56efce6fbce7d966149735942ad01ea2d6a5c65790d7c0ff94f636606238e98abc9c4d6a8bd0342fc1701e851f8b606d2ec7cc26ee5540b81acf4cd8cc4172bb58c2138501315eafa3e084be893b3d507a3135b4e6b143263041d43ef33686b8aaf3f567793a510c40c48b489453266d1ee7f539e79827f8fb8432c706eb97dcd97f8f01c2a25a266b30173278aa6fb8c094b986ca887e102607ee44ef97b1a1a5ce773f347a99d39a058c4f417b94dbe3f3f942f0e4a356582bbc81a9c370d9c265d7b0bab0c46e3b1a459f12d5e5b01fb04ddc1c7c4f216827a5130bd24996ae61f87ad3dc9b8d83384caf6102f75b57ce66f57eb18d273099a0e34a13b5691122cc44251f0eeb636370e797539fae53541ac4c3753749c65d417fb3af4ea73e0cb0817e14a7e7f751b2b196ce316bcf615572b514ed64048878089480a07c14fbc323fb4a50329b694740e97dd7eb4cf5d2bfdd3a977258aff87243e40cc24047a5d0418453609d97c8b97aa2b3bd59754c3339f356e66e6cd6722e34ba3c9a635f0986c5a894c23544ccfa692bdcfbb3a5fe0a2cc20d2c6f8ba1a8775900d87ff38e23ab94e1588f7292d7c309be99766da84bfcfdfdfbbe85368c0e37e64acb44d9db5666088") ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:40:55 executing program 5 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:55 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x0, 0xc8000) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000080)=0x2, &(0x7f0000000140)=0x2) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) gettid() ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:40:55 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/checkreqprot\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x6be33dd82a1be02b}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r2, 0x100, 0x70bd28, 0x25dfdbfd, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz1\x00'}}, ["", "", "", "", ""]}, 0x2c}}, 0x4) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x104) setxattr$security_smack_transmute(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000480)='TRUE', 0x4, 0x1) write$P9_RATTACH(r3, &(0x7f0000000180)={0x14, 0x69, 0x2, {0x90, 0x4, 0x6}}, 0x14) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 849.953788] FAULT_INJECTION: forcing a failure. [ 849.953788] name failslab, interval 1, probability 0, space 0, times 0 [ 849.977446] CPU: 1 PID: 27161 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 849.984669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.994070] Call Trace: [ 849.996738] dump_stack+0x138/0x19c [ 850.000550] should_fail.cold+0x10f/0x159 [ 850.004769] should_failslab+0xdb/0x130 [ 850.008799] kmem_cache_alloc_trace+0x2e9/0x790 [ 850.013519] ? kasan_check_write+0x14/0x20 [ 850.013540] ? _copy_from_user+0x99/0x110 [ 850.022095] copy_mount_options+0x5c/0x2f0 [ 850.022114] SyS_mount+0x87/0x120 [ 850.022124] ? copy_mnt_ns+0x8c0/0x8c0 [ 850.022139] do_syscall_64+0x1e8/0x640 [ 850.022149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 850.022168] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 850.022178] RIP: 0033:0x45c27a 07:40:55 executing program 5 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 850.022183] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 850.022193] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 850.022200] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 850.022206] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 850.022211] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 850.022216] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 850.164710] FAULT_INJECTION: forcing a failure. [ 850.164710] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 850.176641] CPU: 1 PID: 27175 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 850.176651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 850.176656] Call Trace: [ 850.176688] dump_stack+0x138/0x19c [ 850.176712] should_fail.cold+0x10f/0x159 [ 850.193280] __alloc_pages_nodemask+0x1d6/0x7a0 [ 850.193298] ? fs_reclaim_acquire+0x20/0x20 [ 850.193312] ? __alloc_pages_slowpath+0x2930/0x2930 [ 850.193337] cache_grow_begin+0x80/0x400 [ 850.193348] kmem_cache_alloc+0x6a6/0x780 [ 850.193359] ? kmem_cache_alloc_trace+0x57a/0x790 [ 850.193375] getname_flags+0xcb/0x580 [ 850.193386] user_path_at_empty+0x2f/0x50 [ 850.193402] do_mount+0x12b/0x27d0 [ 850.193417] ? copy_mount_options+0x5c/0x2f0 [ 850.247217] ? rcu_read_lock_sched_held+0x110/0x130 [ 850.252256] ? copy_mount_string+0x40/0x40 [ 850.256522] ? copy_mount_options+0x1fe/0x2f0 [ 850.261036] SyS_mount+0xab/0x120 [ 850.264511] ? copy_mnt_ns+0x8c0/0x8c0 [ 850.268434] do_syscall_64+0x1e8/0x640 [ 850.272357] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 850.277225] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 850.282454] RIP: 0033:0x45c27a [ 850.285662] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 850.293403] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 850.300677] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 850.307966] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 850.315256] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 850.322543] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 851.830337] net_ratelimit: 12 callbacks suppressed [ 851.830345] protocol 88fb is buggy, dev hsr_slave_0 [ 851.840545] protocol 88fb is buggy, dev hsr_slave_1 07:40:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:57 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) 07:40:57 executing program 5 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:57 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 852.037216] FAULT_INJECTION: forcing a failure. [ 852.037216] name failslab, interval 1, probability 0, space 0, times 0 [ 852.078598] CPU: 1 PID: 27187 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 852.085782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.095179] Call Trace: [ 852.095219] dump_stack+0x138/0x19c [ 852.095242] should_fail.cold+0x10f/0x159 [ 852.095263] should_failslab+0xdb/0x130 [ 852.095279] kmem_cache_alloc+0x2d7/0x780 [ 852.095289] ? cache_grow_end.part.0+0x92/0x160 [ 852.095304] getname_flags+0xcb/0x580 [ 852.095319] ? lock_downgrade+0x6e0/0x6e0 [ 852.095335] user_path_at_empty+0x2f/0x50 [ 852.095352] do_mount+0x12b/0x27d0 [ 852.095364] ? copy_mount_options+0x5c/0x2f0 [ 852.095377] ? rcu_read_lock_sched_held+0x110/0x130 [ 852.095392] ? copy_mount_string+0x40/0x40 [ 852.095406] ? copy_mount_options+0x1fe/0x2f0 [ 852.095419] SyS_mount+0xab/0x120 [ 852.095436] ? copy_mnt_ns+0x8c0/0x8c0 [ 852.109877] do_syscall_64+0x1e8/0x640 [ 852.109892] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 852.109910] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 852.109921] RIP: 0033:0x45c27a [ 852.109927] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 852.109939] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 852.109945] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 852.109951] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 852.109962] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 852.150254] protocol 88fb is buggy, dev hsr_slave_0 [ 852.152720] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:40:57 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) mmap$binder(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x0) [ 852.160321] protocol 88fb is buggy, dev hsr_slave_1 07:40:57 executing program 5 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 852.375066] FAULT_INJECTION: forcing a failure. [ 852.375066] name failslab, interval 1, probability 0, space 0, times 0 [ 852.388604] CPU: 0 PID: 27203 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 852.395806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.405218] Call Trace: [ 852.405267] dump_stack+0x138/0x19c [ 852.405291] should_fail.cold+0x10f/0x159 [ 852.405313] should_failslab+0xdb/0x130 [ 852.405330] __kmalloc_track_caller+0x2ec/0x790 07:40:57 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) [ 852.405344] ? unwind_get_return_address+0x61/0xa0 [ 852.405363] ? __save_stack_trace+0x7b/0xd0 [ 852.415889] ? btrfs_parse_early_options+0xa3/0x310 [ 852.415908] kstrdup+0x3a/0x70 [ 852.415922] btrfs_parse_early_options+0xa3/0x310 [ 852.415937] ? btrfs_freeze+0xc0/0xc0 [ 852.415948] ? find_next_bit+0x28/0x30 [ 852.415960] ? pcpu_alloc+0xcf0/0x1050 [ 852.415975] ? find_held_lock+0x35/0x130 [ 852.415988] ? pcpu_alloc+0xcf0/0x1050 [ 852.467310] btrfs_mount+0x11d/0x2b14 [ 852.471180] ? lock_downgrade+0x6e0/0x6e0 [ 852.475387] ? find_held_lock+0x35/0x130 [ 852.479496] ? pcpu_alloc+0x3af/0x1050 [ 852.483427] ? _find_next_bit+0xee/0x120 [ 852.487532] ? check_preemption_disabled+0x3c/0x250 [ 852.492620] ? btrfs_remount+0x11f0/0x11f0 [ 852.497039] ? rcu_read_lock_sched_held+0x110/0x130 [ 852.502115] ? __lockdep_init_map+0x10c/0x570 [ 852.506738] ? __lockdep_init_map+0x10c/0x570 [ 852.511308] mount_fs+0x97/0x2a1 [ 852.514747] vfs_kern_mount.part.0+0x5e/0x3d0 [ 852.519284] do_mount+0x417/0x27d0 [ 852.522868] ? copy_mount_options+0x5c/0x2f0 [ 852.527326] ? rcu_read_lock_sched_held+0x110/0x130 [ 852.532382] ? copy_mount_string+0x40/0x40 [ 852.536649] ? copy_mount_options+0x1fe/0x2f0 [ 852.541172] SyS_mount+0xab/0x120 [ 852.544647] ? copy_mnt_ns+0x8c0/0x8c0 [ 852.548571] do_syscall_64+0x1e8/0x640 [ 852.552481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 852.557380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 852.562606] RIP: 0033:0x45c27a [ 852.565807] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 852.573558] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 852.580846] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 852.588129] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 852.595411] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 852.602692] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 852.620246] protocol 88fb is buggy, dev hsr_slave_0 [ 852.625503] protocol 88fb is buggy, dev hsr_slave_1 [ 852.720167] protocol 88fb is buggy, dev hsr_slave_0 [ 852.725414] protocol 88fb is buggy, dev hsr_slave_1 07:40:58 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:40:58 executing program 5 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:40:58 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$update(0x2, r1, &(0x7f0000000140)="fa0b56d3ca152fbdd25b013c5d18d00a9dec4443d95a1bcf823e65ae96624763abedfadba82fbcd8721d1110b0d22926e90af77f52cc91d1c52a1c2f2292ecb0b559fa7a690ac198e4413425286d36806af36a81283e866c3f82af2542d7059a6dfd8036e2318668ce1e5fd9ea1e8f4669a3d5ec78dc3640f1e011e7d14749f1f48a72f58dc75fda11e14dce5d7c3320e34da4f76d1d5333cce75c96e7ba4a28edde6d2acf94eb287072999b27b46ce40053c71f34f518cc38eb19e3f62eee0d54b91058", 0xc4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:40:58 executing program 1: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x12080, 0x0) getpeername$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x4018, r1, 0x82c9, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x8, 0x9, 0x12d, r1}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 07:40:58 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000180)=0x4) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) accept4$bt_l2cap(r1, &(0x7f0000000340), &(0x7f0000000380)=0xe, 0x800) r2 = syz_open_dev$amidi(&(0x7f0000000240)='/dev/amidi#\x00', 0xf2, 0x100) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f00000002c0)={0x2, [0x0, 0x0]}) [ 853.006219] FAULT_INJECTION: forcing a failure. [ 853.006219] name failslab, interval 1, probability 0, space 0, times 0 [ 853.030215] protocol 88fb is buggy, dev hsr_slave_0 [ 853.035472] protocol 88fb is buggy, dev hsr_slave_1 [ 853.036704] CPU: 0 PID: 27219 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 853.047954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.057350] Call Trace: [ 853.059992] dump_stack+0x138/0x19c [ 853.063688] should_fail.cold+0x10f/0x159 [ 853.067889] should_failslab+0xdb/0x130 [ 853.071922] __kmalloc_track_caller+0x2ec/0x790 [ 853.076621] ? kstrdup_const+0x48/0x60 [ 853.080554] kstrdup+0x3a/0x70 [ 853.080568] kstrdup_const+0x48/0x60 [ 853.080580] alloc_vfsmnt+0xe5/0x7d0 [ 853.080593] vfs_kern_mount.part.0+0x2a/0x3d0 [ 853.080606] do_mount+0x417/0x27d0 [ 853.080616] ? retint_kernel+0x2d/0x2d [ 853.080629] ? copy_mount_string+0x40/0x40 [ 853.080639] ? copy_mount_options+0x1a0/0x2f0 [ 853.080650] ? copy_mount_options+0x1fe/0x2f0 [ 853.080662] SyS_mount+0xab/0x120 [ 853.080670] ? copy_mnt_ns+0x8c0/0x8c0 [ 853.080684] do_syscall_64+0x1e8/0x640 [ 853.080693] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 853.080706] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 853.080716] RIP: 0033:0x45c27a [ 853.080722] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 853.080733] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 853.080738] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 853.080743] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 853.080749] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 853.080760] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:00 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20000, 0x0) ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f0000000080)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f0000000140)={'bpq0\x00', {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x27}}}) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:00 executing program 5 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:00 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/snapshot\x00', 0x8000, 0x0) ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000300)=0x4) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='smaps_rollup\x00') getsockopt$inet_mreq(r2, 0x0, 0x27, &(0x7f0000000180)={@rand_addr, @empty}, &(0x7f00000007c0)=0x8) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000780)={0x90, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="11634840020000000000000000000000000000000000000001000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000800)=ANY=[@ANYBLOB="962a66660001feb0c44df8e221f034b9d00105b0a0d2", @ANYRES32=r2, @ANYBLOB="000000000000000000000000852a62770a00000001000000000000000000000000000000852a747001000000", @ANYPTR=&(0x7f0000000340)=ANY=[@ANYBLOB='\x00'/195], @ANYBLOB="c30000000000000001000000000000003c00000000000000"], @ANYPTR=&(0x7f00000004c0)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"], @ANYBLOB="001000000000000000634040010000000000000000000000000000000000000011000000000000000000000058000000000000001800000000000000", @ANYPTR=&(0x7f0000000580)=ANY=[@ANYBLOB="852a68770b00000002000000000000000000000000000000852a646600000000", @ANYRES32=r1, @ANYBLOB="000000000000000000000000852a747000000000", @ANYPTR=&(0x7f0000000500)=ANY=[@ANYBLOB='\x00'/124], @ANYBLOB='|\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x008\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000600)=ANY=[@ANYBLOB="000000000000000018000000000000003000000000000000"]], 0x76, 0x0, &(0x7f0000000700)="07c328711a5eb5f40396f495158da9cbc3dbf47c74c6d652be83a5d2796d72365a40e6349784d75c054974f7bae746392c705d80e9f5d7f29b23100f97134c8cf702bd7e41c5ede7d53f4c7d0c0b6a214a9e311367a94e95c2efcf0a7cbf578618cc57b6258096774a92238bccf7f59971ad13875247"}) [ 855.090572] FAULT_INJECTION: forcing a failure. [ 855.090572] name failslab, interval 1, probability 0, space 0, times 0 07:41:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 855.142702] CPU: 0 PID: 27247 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 855.149913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 855.159299] Call Trace: [ 855.161948] dump_stack+0x138/0x19c [ 855.165624] should_fail.cold+0x10f/0x159 [ 855.169811] should_failslab+0xdb/0x130 [ 855.173840] __kmalloc+0x2f0/0x7a0 [ 855.177424] ? find_held_lock+0x35/0x130 [ 855.181523] ? pcpu_alloc+0xcf0/0x1050 [ 855.185466] ? btrfs_mount+0x19a/0x2b14 [ 855.189498] btrfs_mount+0x19a/0x2b14 [ 855.193339] ? lock_downgrade+0x6e0/0x6e0 [ 855.197507] ? find_held_lock+0x35/0x130 [ 855.201602] ? pcpu_alloc+0x3af/0x1050 [ 855.205534] ? btrfs_remount+0x11f0/0x11f0 [ 855.209806] ? rcu_read_lock_sched_held+0x110/0x130 [ 855.214865] ? __lockdep_init_map+0x10c/0x570 [ 855.219384] ? __lockdep_init_map+0x10c/0x570 [ 855.223931] mount_fs+0x97/0x2a1 [ 855.227366] vfs_kern_mount.part.0+0x5e/0x3d0 [ 855.231930] do_mount+0x417/0x27d0 [ 855.235520] ? copy_mount_options+0x5c/0x2f0 [ 855.239950] ? rcu_read_lock_sched_held+0x110/0x130 [ 855.245071] ? copy_mount_string+0x40/0x40 [ 855.249345] ? copy_mount_options+0x1fe/0x2f0 [ 855.253871] SyS_mount+0xab/0x120 [ 855.257341] ? copy_mnt_ns+0x8c0/0x8c0 [ 855.261264] do_syscall_64+0x1e8/0x640 [ 855.265178] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 855.270071] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 855.275288] RIP: 0033:0x45c27a [ 855.278489] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 855.286220] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a 07:41:00 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$pokeuser(0x6, r0, 0x80000001, 0xfffffffffffff801) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000000000)) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 855.293583] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 855.300872] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 855.308266] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 855.315571] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:00 executing program 5 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:00 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 855.519739] FAULT_INJECTION: forcing a failure. [ 855.519739] name failslab, interval 1, probability 0, space 0, times 0 [ 855.543416] CPU: 1 PID: 27275 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 855.552144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 855.561560] Call Trace: [ 855.561610] dump_stack+0x138/0x19c [ 855.561633] should_fail.cold+0x10f/0x159 [ 855.561651] should_failslab+0xdb/0x130 [ 855.561664] __kmalloc_track_caller+0x2ec/0x790 [ 855.561680] ? kstrdup_const+0x48/0x60 [ 855.561692] kstrdup+0x3a/0x70 [ 855.561704] kstrdup_const+0x48/0x60 [ 855.561719] alloc_vfsmnt+0xe5/0x7d0 [ 855.561732] vfs_kern_mount.part.0+0x2a/0x3d0 [ 855.561745] ? find_held_lock+0x35/0x130 [ 855.561759] vfs_kern_mount+0x40/0x60 [ 855.561779] btrfs_mount+0x3ce/0x2b14 [ 855.561790] ? lock_downgrade+0x6e0/0x6e0 [ 855.561800] ? find_held_lock+0x35/0x130 [ 855.561811] ? pcpu_alloc+0x3af/0x1050 [ 855.561833] ? btrfs_remount+0x11f0/0x11f0 [ 855.568143] ? rcu_read_lock_sched_held+0x110/0x130 [ 855.568168] ? __lockdep_init_map+0x10c/0x570 [ 855.568179] ? __lockdep_init_map+0x10c/0x570 [ 855.568194] mount_fs+0x97/0x2a1 [ 855.568211] vfs_kern_mount.part.0+0x5e/0x3d0 [ 855.568222] do_mount+0x417/0x27d0 [ 855.568237] ? copy_mount_string+0x40/0x40 [ 855.568245] ? copy_mount_options+0x18f/0x2f0 [ 855.568256] ? __sanitizer_cov_trace_pc+0x45/0x60 [ 855.568267] ? copy_mount_options+0x1fe/0x2f0 [ 855.568280] SyS_mount+0xab/0x120 [ 855.568288] ? copy_mnt_ns+0x8c0/0x8c0 [ 855.568304] do_syscall_64+0x1e8/0x640 [ 855.568312] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 855.568328] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 855.568337] RIP: 0033:0x45c27a [ 855.568348] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 855.704524] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 855.711817] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 07:41:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 855.719114] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 855.726419] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 855.733698] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:01 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) prctl$PR_SET_PTRACER(0x59616d61, r0) keyctl$setperm(0x5, r1, 0x1010000) 07:41:01 executing program 5 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 856.024373] FAULT_INJECTION: forcing a failure. [ 856.024373] name failslab, interval 1, probability 0, space 0, times 0 [ 856.042914] CPU: 1 PID: 27297 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 856.050096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.059485] Call Trace: [ 856.062117] dump_stack+0x138/0x19c [ 856.065803] should_fail.cold+0x10f/0x159 [ 856.065829] should_failslab+0xdb/0x130 [ 856.065846] __kmalloc_track_caller+0x2ec/0x790 [ 856.065871] ? kstrdup_const+0x48/0x60 [ 856.082648] kstrdup+0x3a/0x70 [ 856.085891] kstrdup_const+0x48/0x60 [ 856.089655] alloc_vfsmnt+0xe5/0x7d0 [ 856.093439] vfs_kern_mount.part.0+0x2a/0x3d0 [ 856.097951] ? find_held_lock+0x35/0x130 [ 856.102043] vfs_kern_mount+0x40/0x60 [ 856.105889] btrfs_mount+0x3ce/0x2b14 [ 856.109729] ? lock_downgrade+0x6e0/0x6e0 [ 856.113914] ? find_held_lock+0x35/0x130 [ 856.118009] ? pcpu_alloc+0x3af/0x1050 [ 856.121944] ? btrfs_remount+0x11f0/0x11f0 [ 856.126216] ? rcu_read_lock_sched_held+0x110/0x130 [ 856.132059] ? __lockdep_init_map+0x10c/0x570 [ 856.136615] ? __lockdep_init_map+0x10c/0x570 [ 856.141158] mount_fs+0x97/0x2a1 [ 856.144560] vfs_kern_mount.part.0+0x5e/0x3d0 [ 856.149080] do_mount+0x417/0x27d0 [ 856.152641] ? retint_kernel+0x2d/0x2d [ 856.156585] ? copy_mount_string+0x40/0x40 [ 856.160861] ? copy_mount_options+0x1a0/0x2f0 [ 856.165371] ? copy_mount_options+0x1fe/0x2f0 [ 856.169901] SyS_mount+0xab/0x120 [ 856.173403] ? copy_mnt_ns+0x8c0/0x8c0 [ 856.177340] do_syscall_64+0x1e8/0x640 [ 856.181268] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 856.186135] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 856.191346] RIP: 0033:0x45c27a [ 856.194544] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 856.202266] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 856.209552] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 856.216874] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 07:41:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:01 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x6, 0x20080) ioctl$UI_ABS_SETUP(r1, 0x401c5504, &(0x7f0000000180)={0x6, {0x4, 0x8001, 0x2251ac8b, 0x81, 0x6, 0x3}}) [ 856.224156] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 856.231435] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:01 executing program 5 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:01 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 856.422844] FAULT_INJECTION: forcing a failure. [ 856.422844] name failslab, interval 1, probability 0, space 0, times 0 [ 856.435601] CPU: 1 PID: 27314 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 856.442852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.452252] Call Trace: [ 856.454905] dump_stack+0x138/0x19c [ 856.458599] should_fail.cold+0x10f/0x159 [ 856.462795] should_failslab+0xdb/0x130 [ 856.466806] __kmalloc+0x2f0/0x7a0 [ 856.470382] ? match_token+0x22b/0x480 [ 856.474322] ? match_strdup+0x5f/0xa0 [ 856.478314] match_strdup+0x5f/0xa0 [ 856.481980] btrfs_parse_early_options+0x241/0x310 [ 856.486930] ? btrfs_freeze+0xc0/0xc0 [ 856.490758] ? find_next_bit+0x28/0x30 [ 856.494673] ? pcpu_alloc+0xcf0/0x1050 [ 856.498592] ? pcpu_alloc+0xcf0/0x1050 [ 856.502543] btrfs_mount+0x11d/0x2b14 [ 856.506395] ? lock_downgrade+0x6e0/0x6e0 [ 856.510593] ? find_held_lock+0x35/0x130 [ 856.514703] ? pcpu_alloc+0x3af/0x1050 [ 856.518616] ? _find_next_bit+0xee/0x120 [ 856.522704] ? check_preemption_disabled+0x3c/0x250 [ 856.527764] ? btrfs_remount+0x11f0/0x11f0 [ 856.532046] ? rcu_read_lock_sched_held+0x110/0x130 [ 856.537088] ? __lockdep_init_map+0x10c/0x570 [ 856.541620] ? __lockdep_init_map+0x10c/0x570 [ 856.546156] mount_fs+0x97/0x2a1 [ 856.549587] vfs_kern_mount.part.0+0x5e/0x3d0 [ 856.554109] ? find_held_lock+0x35/0x130 [ 856.558207] vfs_kern_mount+0x40/0x60 [ 856.562051] btrfs_mount+0x3ce/0x2b14 [ 856.565880] ? lock_downgrade+0x6e0/0x6e0 [ 856.570061] ? find_held_lock+0x35/0x130 [ 856.574180] ? pcpu_alloc+0x3af/0x1050 [ 856.578106] ? btrfs_remount+0x11f0/0x11f0 [ 856.582379] ? rcu_read_lock_sched_held+0x110/0x130 [ 856.587470] ? __lockdep_init_map+0x10c/0x570 [ 856.592041] ? __lockdep_init_map+0x10c/0x570 [ 856.596568] mount_fs+0x97/0x2a1 [ 856.599975] vfs_kern_mount.part.0+0x5e/0x3d0 [ 856.604515] do_mount+0x417/0x27d0 [ 856.608078] ? copy_mount_options+0x5c/0x2f0 [ 856.612522] ? rcu_read_lock_sched_held+0x110/0x130 [ 856.617574] ? copy_mount_string+0x40/0x40 [ 856.621856] ? copy_mount_options+0x1fe/0x2f0 [ 856.626382] SyS_mount+0xab/0x120 [ 856.629858] ? copy_mnt_ns+0x8c0/0x8c0 [ 856.633799] do_syscall_64+0x1e8/0x640 [ 856.637748] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 856.642658] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 856.647885] RIP: 0033:0x45c27a [ 856.651078] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 856.658809] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 856.666085] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 856.673386] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 856.680676] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 856.687956] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 856.870209] net_ratelimit: 16 callbacks suppressed [ 856.870216] protocol 88fb is buggy, dev hsr_slave_0 [ 856.880442] protocol 88fb is buggy, dev hsr_slave_1 [ 857.190194] protocol 88fb is buggy, dev hsr_slave_0 [ 857.195435] protocol 88fb is buggy, dev hsr_slave_1 [ 858.070330] protocol 88fb is buggy, dev hsr_slave_0 [ 858.075576] protocol 88fb is buggy, dev hsr_slave_1 07:41:03 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0xfffffffffffffffd) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) getpeername$llc(r1, &(0x7f0000000080), &(0x7f0000000140)=0x10) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:03 executing program 5 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:03 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:03 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x84800, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x0, 0x0) r2 = semget$private(0x0, 0x0, 0x2) semctl$GETPID(r2, 0x0, 0xb, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000180)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0x10) ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f00000002c0)={0x0, {0x2, 0x4e24, @remote}, {0x2, 0x4e24, @empty}, {0x2, 0x4e24, @local}, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f00000000c0)='team0\x00', 0x80, 0x10001}) r4 = dup2(r3, r3) getsockopt$inet_sctp_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f0000000100)={0x0, 0x222, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], 0x1}}, 0x44800) write$UHID_GET_REPORT_REPLY(r4, &(0x7f0000000240)={0xa, 0x8, 0xc, 0x1000}, 0xa) sendto$inet(r3, 0x0, 0x0, 0x40, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000200)={'lo\x00'}) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) sendto$inet(r3, &(0x7f0000000000), 0xfffffdef, 0xc0, 0x0, 0x142800) ioctl$KVM_SET_NESTED_STATE(0xffffffffffffffff, 0x4080aebf, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8) semget$private(0x0, 0x3, 0x204) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x1) ioctl$UI_DEV_DESTROY(r1, 0x5502) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x0, 0x0) [ 858.400208] protocol 88fb is buggy, dev hsr_slave_0 [ 858.405748] protocol 88fb is buggy, dev hsr_slave_1 [ 858.432201] FAULT_INJECTION: forcing a failure. [ 858.432201] name failslab, interval 1, probability 0, space 0, times 0 [ 858.450677] CPU: 0 PID: 27331 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 858.457876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.467269] Call Trace: [ 858.469930] dump_stack+0x138/0x19c [ 858.473643] should_fail.cold+0x10f/0x159 [ 858.477882] should_failslab+0xdb/0x130 [ 858.481952] kmem_cache_alloc+0x2d7/0x780 [ 858.486189] ? check_preemption_disabled+0x3c/0x250 [ 858.491310] alloc_vfsmnt+0x28/0x7d0 [ 858.495108] vfs_kern_mount.part.0+0x2a/0x3d0 [ 858.499647] ? find_held_lock+0x35/0x130 [ 858.503761] vfs_kern_mount+0x40/0x60 [ 858.503785] btrfs_mount+0x3ce/0x2b14 [ 858.503799] ? lock_downgrade+0x6e0/0x6e0 [ 858.503807] ? find_held_lock+0x35/0x130 [ 858.503816] ? pcpu_alloc+0x3af/0x1050 [ 858.503831] ? btrfs_remount+0x11f0/0x11f0 [ 858.503850] ? rcu_read_lock_sched_held+0x110/0x130 [ 858.503869] ? __lockdep_init_map+0x10c/0x570 [ 858.503881] ? __lockdep_init_map+0x10c/0x570 [ 858.503897] mount_fs+0x97/0x2a1 [ 858.503911] vfs_kern_mount.part.0+0x5e/0x3d0 [ 858.503923] do_mount+0x417/0x27d0 [ 858.503934] ? retint_kernel+0x2d/0x2d [ 858.503947] ? copy_mount_string+0x40/0x40 [ 858.503959] ? copy_mount_options+0x162/0x2f0 [ 858.503969] ? copy_mount_options+0x1fe/0x2f0 [ 858.503982] SyS_mount+0xab/0x120 [ 858.503990] ? copy_mnt_ns+0x8c0/0x8c0 [ 858.504006] do_syscall_64+0x1e8/0x640 [ 858.504026] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 858.587252] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 858.592481] RIP: 0033:0x45c27a [ 858.595703] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 858.595717] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 858.595723] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 858.595728] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 858.595732] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 858.595737] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 858.870207] protocol 88fb is buggy, dev hsr_slave_0 [ 858.875352] protocol 88fb is buggy, dev hsr_slave_1 07:41:04 executing program 1: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000080)=0xc) r0 = fcntl$getown(0xffffffffffffffff, 0x9) r1 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) r3 = socket$nl_crypto(0x10, 0x3, 0x15) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x8) ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer2\x00', 0x101000, 0x0) ioctl$VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000001c0)={0x1, 0xf, 0x3}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ioctl$sock_inet_SIOCSIFBRDADDR(r3, 0x891a, &(0x7f0000000200)={'bpq0\x00', {0x2, 0x4e23, @empty}}) ptrace$cont(0x1f, r2, 0x0, 0x0) ptrace$poke(0x4, r0, &(0x7f0000000140), 0x8) 07:41:04 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)="95b0e000fecd1a001000000000") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:04 executing program 5 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:04 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000480)='/dev/userio\x00', 0x100000000000002, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x400, 0x0) ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000340)=""/245) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000140)={0x1, 0x100000000}, 0x2) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x0, 0x0) getpeername(r2, &(0x7f00000002c0)=@nl=@unspec, &(0x7f00000001c0)=0x80) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x8000, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'irlan0\x00', 0x1000}) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) 07:41:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:04 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x200000, 0x0) mmap$perf(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x8, 0x10, r0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x6000) [ 859.098303] audit: type=1400 audit(1563954064.386:83): avc: denied { ioctl } for pid=27370 comm="syz-executor.1" path="socket:[134903]" dev="sockfs" ino=134903 ioctlcmd=0x891a scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 859.131964] FAULT_INJECTION: forcing a failure. [ 859.131964] name failslab, interval 1, probability 0, space 0, times 0 [ 859.186545] CPU: 1 PID: 27365 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 859.193740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 859.203128] Call Trace: [ 859.205759] dump_stack+0x138/0x19c [ 859.209452] should_fail.cold+0x10f/0x159 [ 859.213643] should_failslab+0xdb/0x130 [ 859.217640] __kmalloc+0x2f0/0x7a0 [ 859.221210] ? match_token+0x22b/0x480 [ 859.225142] ? match_strdup+0x5f/0xa0 [ 859.228959] match_strdup+0x5f/0xa0 [ 859.232592] btrfs_parse_early_options+0x241/0x310 [ 859.237569] ? btrfs_freeze+0xc0/0xc0 [ 859.241418] ? find_next_bit+0x28/0x30 [ 859.245349] ? pcpu_alloc+0xcf0/0x1050 [ 859.249280] ? pcpu_alloc+0xcf0/0x1050 [ 859.253209] btrfs_mount+0x11d/0x2b14 [ 859.257229] ? lock_downgrade+0x6e0/0x6e0 [ 859.261402] ? find_held_lock+0x35/0x130 [ 859.265474] ? pcpu_alloc+0x3af/0x1050 [ 859.269424] ? _find_next_bit+0xee/0x120 [ 859.273546] ? check_preemption_disabled+0x3c/0x250 [ 859.278612] ? btrfs_remount+0x11f0/0x11f0 07:41:04 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x10000, 0x180) write$USERIO_CMD_SEND_INTERRUPT(r1, &(0x7f0000000080)={0x2, 0x10001}, 0x2) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x7, &(0x7f0000000180)="0bcc205955d2b1b88c075aff1ad99c794230524ad67f3f10a3c5c037de43aa") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:04 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x400, 0x0) ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000140)) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)="3c5c621741bffe19ed1e9c94d087598653fe813cb1488f0a5c180a048f957c6a22fec2e4411a776682aff70291eb") ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612) ptrace$cont(0x1f, r0, 0xfffffffffffffffe, 0x0) 07:41:04 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) wait4(r0, &(0x7f0000000000), 0x81000000, &(0x7f0000000140)) sched_setaffinity(r0, 0x8, &(0x7f0000000080)=0x3f) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 859.282898] ? rcu_read_lock_sched_held+0x110/0x130 [ 859.287984] ? __lockdep_init_map+0x10c/0x570 [ 859.292536] ? __lockdep_init_map+0x10c/0x570 [ 859.297062] mount_fs+0x97/0x2a1 [ 859.300479] vfs_kern_mount.part.0+0x5e/0x3d0 [ 859.305021] ? find_held_lock+0x35/0x130 [ 859.309130] vfs_kern_mount+0x40/0x60 [ 859.312985] btrfs_mount+0x3ce/0x2b14 [ 859.316843] ? lock_downgrade+0x6e0/0x6e0 [ 859.321035] ? find_held_lock+0x35/0x130 [ 859.325149] ? pcpu_alloc+0x3af/0x1050 [ 859.329100] ? btrfs_remount+0x11f0/0x11f0 [ 859.333391] ? rcu_read_lock_sched_held+0x110/0x130 [ 859.338471] ? __lockdep_init_map+0x10c/0x570 [ 859.343025] ? __lockdep_init_map+0x10c/0x570 [ 859.347579] mount_fs+0x97/0x2a1 [ 859.351008] vfs_kern_mount.part.0+0x5e/0x3d0 [ 859.355565] do_mount+0x417/0x27d0 [ 859.359164] ? copy_mount_options+0x5c/0x2f0 [ 859.363618] ? rcu_read_lock_sched_held+0x110/0x130 [ 859.368700] ? copy_mount_string+0x40/0x40 [ 859.372987] ? copy_mount_options+0x1fe/0x2f0 [ 859.377537] SyS_mount+0xab/0x120 [ 859.381033] ? copy_mnt_ns+0x8c0/0x8c0 [ 859.384970] do_syscall_64+0x1e8/0x640 [ 859.388900] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 859.393788] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 859.399011] RIP: 0033:0x45c27a [ 859.402216] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 859.409938] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 859.417243] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 859.424556] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 07:41:04 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:04 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40000) write$UHID_CREATE2(r1, &(0x7f0000000140)={0xb, 'syz1\x00', 'syz0\x00', 'syz0\x00', 0xce, 0x49, 0x3, 0x9, 0x7, 0x5, "37c345aa8538fedfc20b4d2aef63f3ebb7deb3e02ae9a4d85d1de2be0b6a1fd46a2cc6f1e778e9748d22b90e4f73c1a52708b709a312c43e7347f1d8acca792d1cdf96711fb1a37437c9d764a5b31b53dad56a61ac4fcaea8250acc94d99249156cdcf2cbf62696f5812695d121505af733d136bcf83259a7b3d5f4c64d1f4739d7d3ead7d927b743183a8d1ca085d4de105fdf4f41177c7ba5547f5cfd6328e856f7e0cce9b3cfac8d34609d8f3a13fd1393618dcc1609eba10af2e912bd2d4b2337ae0fe23123721e294ea48d0"}, 0x1e6) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 859.431838] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 859.439126] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) gettid() ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:07 executing program 5 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:07 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x200) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:07 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/cache_stats\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000002c0)={0x0, 0x7}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000340)={r2, 0x7ff}, 0x8) r3 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x3, 0x2) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f0000000180)={0x6, 0x1, 0x9, 0x45}) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x18) 07:41:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:07 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000000), 0xfffffdf8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1000000000034) syz_init_net_socket$ax25(0x3, 0x4, 0xcc) gettid() ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) get_robust_list(r0, &(0x7f0000000200)=&(0x7f00000001c0)={&(0x7f0000000080)={&(0x7f0000000040)}, 0x0, &(0x7f0000000180)={&(0x7f0000000140)}}, &(0x7f0000000240)=0x18) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000280)='/dev/vcs#\x00', 0x800, 0x4001) ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f00000002c0)={0x1, 0x3}) [ 862.127715] FAULT_INJECTION: forcing a failure. [ 862.127715] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 862.147426] misc userio: Invalid payload size [ 862.162698] CPU: 1 PID: 27424 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 862.169920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 862.179322] Call Trace: [ 862.181975] dump_stack+0x138/0x19c [ 862.185676] should_fail.cold+0x10f/0x159 [ 862.189881] ? __might_sleep+0x93/0xb0 [ 862.193819] __alloc_pages_nodemask+0x1d6/0x7a0 [ 862.193838] ? trace_hardirqs_on+0xd/0x10 [ 862.193851] ? __alloc_pages_slowpath+0x2930/0x2930 [ 862.193865] ? btrfs_parse_early_options+0x1a2/0x310 [ 862.193885] alloc_pages_current+0xec/0x1e0 [ 862.193899] __get_free_pages+0xf/0x40 [ 862.193907] get_zeroed_page+0x11/0x20 07:41:07 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) tkill(r1, 0x12) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 862.193916] parse_security_options+0x1f/0xa0 [ 862.193927] btrfs_mount+0x2bb/0x2b14 [ 862.193937] ? lock_downgrade+0x6e0/0x6e0 [ 862.193944] ? find_held_lock+0x35/0x130 [ 862.193954] ? pcpu_alloc+0x3af/0x1050 [ 862.193969] ? btrfs_remount+0x11f0/0x11f0 [ 862.193985] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.194006] ? __lockdep_init_map+0x10c/0x570 [ 862.202929] mount_fs+0x97/0x2a1 [ 862.202953] vfs_kern_mount.part.0+0x5e/0x3d0 [ 862.202967] ? find_held_lock+0x35/0x130 [ 862.202978] vfs_kern_mount+0x40/0x60 [ 862.202995] btrfs_mount+0x3ce/0x2b14 [ 862.203005] ? lock_downgrade+0x6e0/0x6e0 [ 862.203012] ? find_held_lock+0x35/0x130 [ 862.203022] ? pcpu_alloc+0x3af/0x1050 [ 862.203037] ? btrfs_remount+0x11f0/0x11f0 [ 862.203054] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.203073] ? __lockdep_init_map+0x10c/0x570 [ 862.230246] net_ratelimit: 14 callbacks suppressed [ 862.230253] protocol 88fb is buggy, dev hsr_slave_0 [ 862.233792] ? __lockdep_init_map+0x10c/0x570 [ 862.238102] protocol 88fb is buggy, dev hsr_slave_1 07:41:07 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x4600, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001d00)={{{@in6=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000001e00)=0xe8) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000001e40)={r2, 0x1, 0x6, @remote}, 0x10) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x9273, 0x0, 0x6, 0x0, 0x6f1dfc8b}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r3 = syz_open_procfs(r0, &(0x7f0000000000)='net/sctp\x00') chdir(&(0x7f00000002c0)='./file0\x00') ioctl$IMCTRLREQ(r3, 0x80044945, &(0x7f0000000080)={0x6005, 0xa9, 0x7, 0x80000001}) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r3, 0x800442d2, &(0x7f0000000280)={0x9, &(0x7f0000000140)=[{0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @broadcast}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @link_local}, {0x0, 0x0, 0x0, @dev}, {0x0, 0x0, 0x0, @broadcast}, {0x0, 0x0, 0x0, @remote}, {0x0, 0x0, 0x0, @dev}]}) 07:41:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x2) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 862.242291] mount_fs+0x97/0x2a1 [ 862.242313] vfs_kern_mount.part.0+0x5e/0x3d0 [ 862.242325] do_mount+0x417/0x27d0 [ 862.242334] ? copy_mount_options+0x5c/0x2f0 [ 862.242347] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.242365] ? copy_mount_string+0x40/0x40 [ 862.351031] ? copy_mount_options+0x1fe/0x2f0 [ 862.355594] SyS_mount+0xab/0x120 [ 862.359103] ? copy_mnt_ns+0x8c0/0x8c0 [ 862.363053] do_syscall_64+0x1e8/0x640 [ 862.366997] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 862.371898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 07:41:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:07 executing program 5 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 862.377128] RIP: 0033:0x45c27a [ 862.380354] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 862.388115] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 862.388125] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 862.388130] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 862.388135] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 862.388140] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:07 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 862.550702] protocol 88fb is buggy, dev hsr_slave_0 [ 862.550719] FAULT_INJECTION: forcing a failure. [ 862.550719] name failslab, interval 1, probability 0, space 0, times 0 [ 862.550738] CPU: 1 PID: 27460 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 862.556022] protocol 88fb is buggy, dev hsr_slave_1 [ 862.567079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 862.567088] Call Trace: [ 862.567127] dump_stack+0x138/0x19c [ 862.567148] should_fail.cold+0x10f/0x159 [ 862.567165] should_failslab+0xdb/0x130 [ 862.567178] kmem_cache_alloc_trace+0x2e9/0x790 [ 862.567201] selinux_parse_opts_str+0x42c/0xa30 [ 862.567217] ? selinux_socket_sock_rcv_skb+0x570/0x570 [ 862.567232] ? free_pages+0x46/0x50 [ 862.567253] ? selinux_sb_copy_data+0x21e/0x390 [ 862.626267] security_sb_parse_opts_str+0x75/0xb0 [ 862.631251] parse_security_options+0x4e/0xa0 [ 862.635801] btrfs_mount+0x2bb/0x2b14 [ 862.639655] ? lock_downgrade+0x6e0/0x6e0 [ 862.643869] ? find_held_lock+0x35/0x130 [ 862.647990] ? pcpu_alloc+0x3af/0x1050 [ 862.651947] ? btrfs_remount+0x11f0/0x11f0 [ 862.656238] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.661322] ? __lockdep_init_map+0x10c/0x570 [ 862.665870] mount_fs+0x97/0x2a1 [ 862.669391] vfs_kern_mount.part.0+0x5e/0x3d0 [ 862.669408] ? find_held_lock+0x35/0x130 [ 862.669421] vfs_kern_mount+0x40/0x60 [ 862.669439] btrfs_mount+0x3ce/0x2b14 [ 862.669450] ? lock_downgrade+0x6e0/0x6e0 [ 862.669458] ? find_held_lock+0x35/0x130 [ 862.669469] ? pcpu_alloc+0x3af/0x1050 [ 862.669485] ? btrfs_remount+0x11f0/0x11f0 [ 862.669506] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.681964] ? __lockdep_init_map+0x10c/0x570 [ 862.681977] ? __lockdep_init_map+0x10c/0x570 [ 862.681993] mount_fs+0x97/0x2a1 [ 862.682013] vfs_kern_mount.part.0+0x5e/0x3d0 [ 862.682027] do_mount+0x417/0x27d0 [ 862.682039] ? copy_mount_options+0x5c/0x2f0 [ 862.682051] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.682063] ? copy_mount_string+0x40/0x40 [ 862.682076] ? copy_mount_options+0x1fe/0x2f0 [ 862.682088] SyS_mount+0xab/0x120 07:41:08 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) tkill(r0, 0x9) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:08 executing program 5 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 862.682095] ? copy_mnt_ns+0x8c0/0x8c0 [ 862.682110] do_syscall_64+0x1e8/0x640 [ 862.682118] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 862.682140] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 862.707445] RIP: 0033:0x45c27a [ 862.707453] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 862.707464] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 862.707476] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 862.716465] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 862.716471] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 862.716477] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:08 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 862.885178] FAULT_INJECTION: forcing a failure. [ 862.885178] name failslab, interval 1, probability 0, space 0, times 0 [ 862.905902] CPU: 0 PID: 27476 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 862.913132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 862.913143] Call Trace: [ 862.913178] dump_stack+0x138/0x19c [ 862.913204] should_fail.cold+0x10f/0x159 [ 862.913224] should_failslab+0xdb/0x130 [ 862.913250] kmem_cache_alloc_trace+0x2e9/0x790 [ 862.937214] selinux_parse_opts_str+0x42c/0xa30 [ 862.937236] ? selinux_socket_sock_rcv_skb+0x570/0x570 [ 862.937253] ? free_pages+0x46/0x50 [ 862.937265] ? selinux_sb_copy_data+0x21e/0x390 [ 862.937281] security_sb_parse_opts_str+0x75/0xb0 [ 862.937301] parse_security_options+0x4e/0xa0 [ 862.969767] btrfs_mount+0x2bb/0x2b14 [ 862.973648] ? lock_downgrade+0x6e0/0x6e0 [ 862.977863] ? find_held_lock+0x35/0x130 [ 862.981985] ? pcpu_alloc+0x3af/0x1050 [ 862.985960] ? btrfs_remount+0x11f0/0x11f0 [ 862.990279] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.995364] ? __lockdep_init_map+0x10c/0x570 [ 862.999905] mount_fs+0x97/0x2a1 [ 863.003306] vfs_kern_mount.part.0+0x5e/0x3d0 [ 863.007855] ? find_held_lock+0x35/0x130 [ 863.011960] vfs_kern_mount+0x40/0x60 [ 863.015814] btrfs_mount+0x3ce/0x2b14 [ 863.019660] ? lock_downgrade+0x6e0/0x6e0 [ 863.021333] misc userio: Invalid payload size [ 863.023857] ? find_held_lock+0x35/0x130 [ 863.023875] ? pcpu_alloc+0x3af/0x1050 [ 863.023895] ? btrfs_remount+0x11f0/0x11f0 [ 863.023915] ? rcu_read_lock_sched_held+0x110/0x130 [ 863.023936] ? __lockdep_init_map+0x10c/0x570 [ 863.023946] ? __lockdep_init_map+0x10c/0x570 [ 863.023971] mount_fs+0x97/0x2a1 [ 863.058171] vfs_kern_mount.part.0+0x5e/0x3d0 [ 863.062854] do_mount+0x417/0x27d0 [ 863.066458] ? copy_mount_options+0x5c/0x2f0 [ 863.070912] ? rcu_read_lock_sched_held+0x110/0x130 [ 863.075996] ? copy_mount_string+0x40/0x40 [ 863.080308] ? copy_mount_options+0x1fe/0x2f0 [ 863.084862] SyS_mount+0xab/0x120 [ 863.088369] ? copy_mnt_ns+0x8c0/0x8c0 [ 863.092325] do_syscall_64+0x1e8/0x640 [ 863.096262] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 863.101170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 863.106416] RIP: 0033:0x45c27a [ 863.109642] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 863.117395] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 863.124710] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 07:41:08 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x101000, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000180)=0x1, 0x4) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f00000001c0)={0x1, 0x80}, 0xfffffffffffffffc) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000240)={0xffffffffffffffff}, 0x2, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000300)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @in6={0xa, 0x4e24, 0x9d39, @remote, 0x2}}}, 0x90) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 863.132021] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 863.139409] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 863.146716] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 863.160386] protocol 88fb is buggy, dev hsr_slave_0 [ 863.165635] protocol 88fb is buggy, dev hsr_slave_1 [ 863.171144] protocol 88fb is buggy, dev hsr_slave_0 [ 863.176342] protocol 88fb is buggy, dev hsr_slave_1 [ 863.346539] misc userio: No port type given on /dev/userio [ 863.590168] protocol 88fb is buggy, dev hsr_slave_0 [ 863.595432] protocol 88fb is buggy, dev hsr_slave_1 07:41:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:10 executing program 5 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:10 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:10 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x400, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x0) ioctl$VIDIOC_DQEVENT(r1, 0x80885659, &(0x7f00000002c0)={0x0, @motion_det}) [ 865.156269] FAULT_INJECTION: forcing a failure. [ 865.156269] name failslab, interval 1, probability 0, space 0, times 0 [ 865.201272] CPU: 1 PID: 27500 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 865.208469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 865.217869] Call Trace: [ 865.220528] dump_stack+0x138/0x19c [ 865.224216] should_fail.cold+0x10f/0x159 [ 865.228421] should_failslab+0xdb/0x130 [ 865.232462] kmem_cache_alloc+0x2d7/0x780 [ 865.236670] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 865.241835] ? btrfs_scan_one_device+0x89/0x400 [ 865.246600] ? trace_hardirqs_on_caller+0x400/0x590 [ 865.251680] getname_kernel+0x53/0x350 [ 865.255631] kern_path+0x20/0x40 [ 865.259062] lookup_bdev.part.0+0x63/0x160 [ 865.259097] ? blkdev_open+0x260/0x260 [ 865.259114] ? free_hot_cold_page+0x763/0xca0 [ 865.259125] blkdev_get_by_path+0x76/0xf0 [ 865.259141] btrfs_scan_one_device+0x97/0x400 [ 865.259155] ? device_list_add+0x8d0/0x8d0 [ 865.271916] ? __free_pages+0x54/0x90 [ 865.271932] ? free_pages+0x46/0x50 [ 865.271951] btrfs_mount+0x2e3/0x2b14 [ 865.271969] ? lock_downgrade+0x6e0/0x6e0 [ 865.271978] ? find_held_lock+0x35/0x130 [ 865.271990] ? pcpu_alloc+0x3af/0x1050 [ 865.272004] ? btrfs_remount+0x11f0/0x11f0 [ 865.272021] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.272040] ? __lockdep_init_map+0x10c/0x570 [ 865.272058] mount_fs+0x97/0x2a1 [ 865.272075] vfs_kern_mount.part.0+0x5e/0x3d0 [ 865.272084] ? find_held_lock+0x35/0x130 [ 865.272101] vfs_kern_mount+0x40/0x60 [ 865.338112] btrfs_mount+0x3ce/0x2b14 [ 865.342136] ? lock_downgrade+0x6e0/0x6e0 [ 865.346321] ? find_held_lock+0x35/0x130 [ 865.350409] ? pcpu_alloc+0x3af/0x1050 [ 865.354360] ? btrfs_remount+0x11f0/0x11f0 [ 865.358625] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.363672] ? __lockdep_init_map+0x10c/0x570 [ 865.368219] ? __lockdep_init_map+0x10c/0x570 [ 865.372769] mount_fs+0x97/0x2a1 [ 865.376178] vfs_kern_mount.part.0+0x5e/0x3d0 [ 865.380710] do_mount+0x417/0x27d0 [ 865.384273] ? copy_mount_options+0x5c/0x2f0 [ 865.388708] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.393752] ? copy_mount_string+0x40/0x40 [ 865.398020] ? copy_mount_options+0x1fe/0x2f0 [ 865.402594] SyS_mount+0xab/0x120 [ 865.406137] ? copy_mnt_ns+0x8c0/0x8c0 [ 865.410084] do_syscall_64+0x1e8/0x640 [ 865.414009] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 865.418883] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 865.424101] RIP: 0033:0x45c27a [ 865.427304] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 865.435031] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 865.442323] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 07:41:10 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0xda, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa2488470000000000000000000000008783caaf38c98f3abaddc20d5b0ceb75a0b98fa5094d095ef49fd6036b40ebd5f864876f9dad694e97b240aa4151724622585a2a74426117a1a3145316dfbea167d28e03d3cd40e9ed6d48c785998006c5414ca9ab9e9e424f6fcc85e81e3fdf8a32b9070000005bf8608cddc47e2aaacd487dfaaf684b3ac6071e9c0623fb07e13f585732eda510a31dbd50482775b6a399370adaa7c308d7043f26d83d0621825ed0f9025ee2ac29155dc94ee9fa90f56509ba0fa9d2f95495cab0db25779a380f59bdeb54f3cdc8ebae53a6150c1ea6187cee48e5b46b6e554b4ca56fdab98cd6ff71d9b9f86a09881c1baa0aebfe2c6e8e311856a225c9922806dcfb25a5adf9e1054063f59a046fd0b9877824b2dadcb6be7de538ca05b16cacda327a5fc5bd538e1fd4013ebfcb4bbdc8865cc3affbf564d8b0808922df6fa404507938cb7af631da00b7b91a260ca0f4bfd747a8ba87388087805b6f739eb3c55e7923d731448b86238d5a0d3eedae6032e6b61aed91d6127ea108ccb2e38b003c1a2b162f3e0878c967d9930f1da8542832a5834161f4372835a7643ee3dbd9f353e4c2a9c3b19e98b94a9887cb2c1d4eb32864acc3fafad9196ccced6bc085c0c94f8c48c757bf40bdf5907a452abcdbee09e84cf1ceb1"], &(0x7f0000000000)={0x0, 0x2, [0x632, 0x53d, 0x253, 0x1d6]}) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x80, 0x0) recvfrom$rose(r1, &(0x7f0000000140)=""/58, 0x3a, 0x0, &(0x7f0000000180)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:10 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 865.450645] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 865.458896] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 865.466182] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:10 executing program 5 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:10 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_dev$adsp(&(0x7f0000000340)='/dev/adsp#\x00', 0x4, 0x20000) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/zero\x00', 0x0, 0x0) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000400)={0x6004, &(0x7f0000000380), 0x1, r1, 0x3}) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000240)={{{@in, @in6=@loopback}}, {{@in6=@empty}, 0x0, @in6=@empty}}, &(0x7f0000000080)=0xe8) ptrace$setregs(0xd, r2, 0x4, &(0x7f0000000140)="9bbe2a3f2aae7b95d4309dd07d6f4e23ee85d364a60b83de9eba4a9ab6b7168f71aea80d62fdfd72c8ad36f51e4dbe0325c2eb398012b9586758f66de2c8c0ddd484f9031379e8bb4570c7af80c88429331ef9b1c20e7f4a479763b7bb7644a3ce59a568374d3a3ef764e1c4bad9530c2d09530679ebaa9c423e261e117d61d0fb557fa3b33b65a4715a1b3ae4fa2b4103dd6a6c16e71b00cb90ebe32b2181979a182c45b0e189d220a3f8bb12c9787fb884151001b318648368d61aca985ca0809c0fa8f1562101126e9091c4f44d23944a02ea307df51c59dbf0927a0fc0597fd406ea9785746af8f41b496743fcc7") ptrace$cont(0x18, r2, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) [ 865.713725] FAULT_INJECTION: forcing a failure. [ 865.713725] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 865.725795] CPU: 1 PID: 27526 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 865.732939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 865.732949] Call Trace: [ 865.732984] dump_stack+0x138/0x19c [ 865.733008] should_fail.cold+0x10f/0x159 [ 865.733028] __alloc_pages_nodemask+0x1d6/0x7a0 [ 865.733044] ? __alloc_pages_slowpath+0x2930/0x2930 [ 865.733070] cache_grow_begin+0x80/0x400 [ 865.733090] kmem_cache_alloc+0x6a6/0x780 [ 865.733104] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 865.733124] getname_kernel+0x53/0x350 [ 865.748819] kern_path+0x20/0x40 [ 865.748836] lookup_bdev.part.0+0x63/0x160 [ 865.748845] ? blkdev_open+0x260/0x260 [ 865.748859] ? free_hot_cold_page+0x763/0xca0 [ 865.748872] blkdev_get_by_path+0x76/0xf0 [ 865.748889] btrfs_scan_one_device+0x97/0x400 [ 865.748902] ? device_list_add+0x8d0/0x8d0 [ 865.748911] ? __free_pages+0x54/0x90 07:41:11 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x2) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/checkreqprot\x00', 0x40000, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r1, 0x110, 0x2, &(0x7f00000001c0)='\x00', 0x1) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:11 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 865.748921] ? free_pages+0x46/0x50 [ 865.748944] btrfs_mount+0x2e3/0x2b14 [ 865.757843] ? lock_downgrade+0x6e0/0x6e0 [ 865.757853] ? find_held_lock+0x35/0x130 [ 865.757863] ? pcpu_alloc+0x3af/0x1050 [ 865.757887] ? btrfs_remount+0x11f0/0x11f0 [ 865.757906] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.757926] ? __lockdep_init_map+0x10c/0x570 [ 865.757943] mount_fs+0x97/0x2a1 [ 865.849891] vfs_kern_mount.part.0+0x5e/0x3d0 [ 865.854433] ? find_held_lock+0x35/0x130 [ 865.858548] vfs_kern_mount+0x40/0x60 [ 865.862398] btrfs_mount+0x3ce/0x2b14 [ 865.866262] ? lock_downgrade+0x6e0/0x6e0 [ 865.870461] ? find_held_lock+0x35/0x130 [ 865.874577] ? pcpu_alloc+0x3af/0x1050 [ 865.878509] ? btrfs_remount+0x11f0/0x11f0 [ 865.882791] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.887954] ? __lockdep_init_map+0x10c/0x570 [ 865.892493] ? __lockdep_init_map+0x10c/0x570 [ 865.892512] mount_fs+0x97/0x2a1 [ 865.892540] vfs_kern_mount.part.0+0x5e/0x3d0 [ 865.892552] do_mount+0x417/0x27d0 [ 865.892561] ? copy_mount_options+0x5c/0x2f0 [ 865.892574] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.892589] ? copy_mount_string+0x40/0x40 [ 865.922357] ? copy_mount_options+0x1fe/0x2f0 [ 865.927087] SyS_mount+0xab/0x120 [ 865.930590] ? copy_mnt_ns+0x8c0/0x8c0 [ 865.934548] do_syscall_64+0x1e8/0x640 [ 865.938487] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 865.943391] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 865.948646] RIP: 0033:0x45c27a [ 865.948655] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 07:41:11 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x2000, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x4005, 0x8000}) keyctl$join(0x1, &(0x7f0000000140)={'syz', 0x0}) [ 865.948666] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 865.948671] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 865.948675] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 865.948680] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 865.948686] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:11 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 867.270174] net_ratelimit: 14 callbacks suppressed [ 867.270179] protocol 88fb is buggy, dev hsr_slave_0 [ 867.280360] protocol 88fb is buggy, dev hsr_slave_1 [ 867.285561] protocol 88fb is buggy, dev hsr_slave_0 [ 867.290768] protocol 88fb is buggy, dev hsr_slave_1 [ 867.750192] protocol 88fb is buggy, dev hsr_slave_0 [ 867.755487] protocol 88fb is buggy, dev hsr_slave_1 07:41:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) ptrace$cont(0x1f, r0, 0x800, 0x2) 07:41:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:13 executing program 5 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:13 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x4200, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000180)={0x7ffffffff000, 0xfffffd6b, 0xfa00, {&(0x7f00000002c0)}}, 0xfffffe1c) 07:41:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 868.192277] FAULT_INJECTION: forcing a failure. [ 868.192277] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 868.232193] CPU: 0 PID: 27567 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 868.239367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 868.248755] Call Trace: [ 868.251388] dump_stack+0x138/0x19c [ 868.255069] should_fail.cold+0x10f/0x159 [ 868.259249] ? __might_sleep+0x93/0xb0 [ 868.263166] __alloc_pages_nodemask+0x1d6/0x7a0 [ 868.263182] ? __alloc_pages_slowpath+0x2930/0x2930 [ 868.263195] ? lock_downgrade+0x6e0/0x6e0 [ 868.263218] alloc_pages_current+0xec/0x1e0 [ 868.263232] __page_cache_alloc+0x248/0x3e0 [ 868.263243] do_read_cache_page+0x625/0xfc0 [ 868.263253] ? blkdev_writepages+0xd0/0xd0 [ 868.263269] ? find_get_pages_contig+0xaa0/0xaa0 [ 868.263277] ? blkdev_get+0xb0/0x8e0 [ 868.263289] ? dput.part.0+0x170/0x750 [ 868.263300] ? bd_may_claim+0xd0/0xd0 [ 868.263311] ? path_put+0x50/0x70 [ 868.263319] ? lookup_bdev.part.0+0xe1/0x160 [ 868.263331] read_cache_page_gfp+0x6e/0x90 [ 868.263345] btrfs_read_disk_super+0xdd/0x440 [ 868.263359] btrfs_scan_one_device+0xc6/0x400 [ 868.263372] ? device_list_add+0x8d0/0x8d0 [ 868.263382] ? __free_pages+0x54/0x90 07:41:13 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 868.263397] ? free_pages+0x46/0x50 [ 868.276699] misc userio: Invalid payload size [ 868.277336] btrfs_mount+0x2e3/0x2b14 [ 868.277356] ? lock_downgrade+0x6e0/0x6e0 [ 868.277373] ? find_held_lock+0x35/0x130 [ 868.360416] ? pcpu_alloc+0x3af/0x1050 [ 868.364353] ? btrfs_remount+0x11f0/0x11f0 [ 868.368629] ? rcu_read_lock_sched_held+0x110/0x130 [ 868.373686] ? __lockdep_init_map+0x10c/0x570 [ 868.378228] mount_fs+0x97/0x2a1 [ 868.381640] vfs_kern_mount.part.0+0x5e/0x3d0 [ 868.386192] ? find_held_lock+0x35/0x130 07:41:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 868.390314] vfs_kern_mount+0x40/0x60 [ 868.394179] btrfs_mount+0x3ce/0x2b14 [ 868.398041] ? lock_downgrade+0x6e0/0x6e0 [ 868.402238] ? find_held_lock+0x35/0x130 [ 868.406362] ? pcpu_alloc+0x3af/0x1050 [ 868.410309] ? btrfs_remount+0x11f0/0x11f0 [ 868.414602] ? rcu_read_lock_sched_held+0x110/0x130 [ 868.419683] ? __lockdep_init_map+0x10c/0x570 [ 868.424257] ? __lockdep_init_map+0x10c/0x570 [ 868.428934] mount_fs+0x97/0x2a1 [ 868.432372] vfs_kern_mount.part.0+0x5e/0x3d0 [ 868.436930] do_mount+0x417/0x27d0 [ 868.440537] ? copy_mount_options+0x5c/0x2f0 [ 868.445489] ? rcu_read_lock_sched_held+0x110/0x130 [ 868.450563] ? copy_mount_string+0x40/0x40 [ 868.454859] ? copy_mount_options+0x1fe/0x2f0 [ 868.459430] SyS_mount+0xab/0x120 [ 868.462933] ? copy_mnt_ns+0x8c0/0x8c0 [ 868.466876] do_syscall_64+0x1e8/0x640 [ 868.470840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 868.475735] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 868.480963] RIP: 0033:0x45c27a [ 868.484212] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 868.491969] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 868.499278] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 868.506564] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 868.513843] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 868.521128] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 868.528913] protocol 88fb is buggy, dev hsr_slave_0 [ 868.534332] protocol 88fb is buggy, dev hsr_slave_1 07:41:13 executing program 5 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 868.696098] FAULT_INJECTION: forcing a failure. [ 868.696098] name failslab, interval 1, probability 0, space 0, times 0 [ 868.708512] CPU: 0 PID: 27588 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 868.715700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 868.725203] Call Trace: [ 868.727874] dump_stack+0x138/0x19c [ 868.731598] should_fail.cold+0x10f/0x159 [ 868.735823] should_failslab+0xdb/0x130 [ 868.739909] kmem_cache_alloc_trace+0x2e9/0x790 [ 868.739925] ? __kmalloc_node+0x51/0x80 [ 868.739948] btrfs_mount+0x1001/0x2b14 [ 868.739967] ? lock_downgrade+0x6e0/0x6e0 [ 868.739976] ? find_held_lock+0x35/0x130 [ 868.739986] ? pcpu_alloc+0x3af/0x1050 [ 868.740001] ? btrfs_remount+0x11f0/0x11f0 [ 868.740040] ? rcu_read_lock_sched_held+0x110/0x130 [ 868.760947] ? __lockdep_init_map+0x10c/0x570 [ 868.760971] mount_fs+0x97/0x2a1 [ 868.760991] vfs_kern_mount.part.0+0x5e/0x3d0 [ 868.761000] ? find_held_lock+0x35/0x130 [ 868.761012] vfs_kern_mount+0x40/0x60 [ 868.761041] btrfs_mount+0x3ce/0x2b14 [ 868.761051] ? lock_downgrade+0x6e0/0x6e0 [ 868.761058] ? find_held_lock+0x35/0x130 [ 868.761068] ? pcpu_alloc+0x3af/0x1050 [ 868.761084] ? btrfs_remount+0x11f0/0x11f0 [ 868.761099] ? rcu_read_lock_sched_held+0x110/0x130 [ 868.761119] ? __lockdep_init_map+0x10c/0x570 [ 868.761130] ? __lockdep_init_map+0x10c/0x570 [ 868.761144] mount_fs+0x97/0x2a1 [ 868.761158] vfs_kern_mount.part.0+0x5e/0x3d0 [ 868.761170] do_mount+0x417/0x27d0 [ 868.761185] ? copy_mount_string+0x40/0x40 [ 868.761193] ? copy_mount_options+0x151/0x2f0 [ 868.761209] ? __sanitizer_cov_trace_pc+0x41/0x60 [ 868.854112] ? copy_mount_options+0x1fe/0x2f0 [ 868.858668] SyS_mount+0xab/0x120 [ 868.862184] ? copy_mnt_ns+0x8c0/0x8c0 [ 868.866129] do_syscall_64+0x1e8/0x640 [ 868.870083] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 868.874985] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 868.880230] RIP: 0033:0x45c27a [ 868.883449] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 07:41:14 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) r1 = accept4(0xffffffffffffffff, &(0x7f0000000140)=@in={0x2, 0x0, @broadcast}, &(0x7f0000000000)=0x80, 0x80000) bind$bt_sco(r1, &(0x7f0000000080)={0x1f, {0x1, 0xa, 0x800, 0x100000000, 0x4, 0x3}}, 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) syz_open_dev$midi(&(0x7f00000001c0)='/dev/midi#\x00', 0x1, 0xc0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:14 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 868.891201] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 868.898509] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 868.905838] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 868.913147] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 868.920462] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 868.928133] protocol 88fb is buggy, dev hsr_slave_0 [ 868.933591] protocol 88fb is buggy, dev hsr_slave_1 07:41:14 executing program 3: r0 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x2, 0x2) ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000240)) r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r1, &(0x7f0000000300)={0x1, 0x200}, 0xffffffffffffffb6) readv(r1, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) 07:41:14 executing program 5 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 869.201586] FAULT_INJECTION: forcing a failure. [ 869.201586] name failslab, interval 1, probability 0, space 0, times 0 [ 869.202258] misc userio: No port type given on /dev/userio [ 869.223180] CPU: 1 PID: 27610 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 869.230393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 869.239889] Call Trace: [ 869.242568] dump_stack+0x138/0x19c [ 869.246247] should_fail.cold+0x10f/0x159 [ 869.250443] ? __lock_is_held+0xb6/0x140 [ 869.254564] ? mempool_free+0x1d0/0x1d0 [ 869.258623] should_failslab+0xdb/0x130 [ 869.262644] kmem_cache_alloc+0x47/0x780 [ 869.266758] ? mempool_free+0x1d0/0x1d0 [ 869.270797] mempool_alloc_slab+0x47/0x60 [ 869.274989] mempool_alloc+0x138/0x300 [ 869.278959] ? remove_element.isra.0+0x1b0/0x1b0 [ 869.283780] ? find_held_lock+0x35/0x130 [ 869.287885] ? create_empty_buffers+0x2d3/0x480 [ 869.292612] ? save_trace+0x290/0x290 [ 869.296467] bio_alloc_bioset+0x368/0x680 [ 869.300664] ? bvec_alloc+0x2e0/0x2e0 [ 869.304494] submit_bh_wbc+0xf6/0x720 [ 869.308347] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 869.314017] block_read_full_page+0x7a2/0x960 [ 869.318579] ? set_init_blocksize+0x220/0x220 [ 869.323124] ? __bread_gfp+0x290/0x290 [ 869.327145] ? add_to_page_cache_lru+0x159/0x310 [ 869.331978] ? add_to_page_cache_locked+0x40/0x40 [ 869.336867] blkdev_readpage+0x1d/0x30 [ 869.340782] do_read_cache_page+0x671/0xfc0 [ 869.345153] ? blkdev_writepages+0xd0/0xd0 [ 869.349435] ? find_get_pages_contig+0xaa0/0xaa0 [ 869.354255] ? blkdev_get+0xb0/0x8e0 [ 869.358032] ? dput.part.0+0x170/0x750 [ 869.361977] ? bd_may_claim+0xd0/0xd0 [ 869.365820] ? path_put+0x50/0x70 [ 869.369298] ? lookup_bdev.part.0+0xe1/0x160 [ 869.373728] read_cache_page_gfp+0x6e/0x90 [ 869.377985] btrfs_read_disk_super+0xdd/0x440 [ 869.382501] btrfs_scan_one_device+0xc6/0x400 [ 869.387053] ? device_list_add+0x8d0/0x8d0 [ 869.391342] ? __free_pages+0x54/0x90 [ 869.395191] ? free_pages+0x46/0x50 [ 869.398860] btrfs_mount+0x2e3/0x2b14 [ 869.402703] ? lock_downgrade+0x6e0/0x6e0 [ 869.406910] ? find_held_lock+0x35/0x130 [ 869.411097] ? pcpu_alloc+0x3af/0x1050 [ 869.415034] ? btrfs_remount+0x11f0/0x11f0 [ 869.419316] ? rcu_read_lock_sched_held+0x110/0x130 [ 869.424365] ? __lockdep_init_map+0x10c/0x570 [ 869.428887] mount_fs+0x97/0x2a1 [ 869.432318] vfs_kern_mount.part.0+0x5e/0x3d0 [ 869.436877] ? find_held_lock+0x35/0x130 [ 869.440989] vfs_kern_mount+0x40/0x60 [ 869.446271] btrfs_mount+0x3ce/0x2b14 [ 869.450124] ? lock_downgrade+0x6e0/0x6e0 [ 869.454318] ? find_held_lock+0x35/0x130 [ 869.458557] ? pcpu_alloc+0x3af/0x1050 [ 869.462505] ? btrfs_remount+0x11f0/0x11f0 [ 869.466789] ? rcu_read_lock_sched_held+0x110/0x130 [ 869.471867] ? __lockdep_init_map+0x10c/0x570 [ 869.476429] ? __lockdep_init_map+0x10c/0x570 [ 869.480975] mount_fs+0x97/0x2a1 [ 869.484382] vfs_kern_mount.part.0+0x5e/0x3d0 [ 869.488923] do_mount+0x417/0x27d0 [ 869.492556] ? copy_mount_options+0x5c/0x2f0 [ 869.497022] ? rcu_read_lock_sched_held+0x110/0x130 [ 869.502087] ? copy_mount_string+0x40/0x40 [ 869.506354] ? copy_mount_options+0x1fe/0x2f0 [ 869.510870] SyS_mount+0xab/0x120 [ 869.514347] ? copy_mnt_ns+0x8c0/0x8c0 [ 869.518268] do_syscall_64+0x1e8/0x640 [ 869.522192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 869.527093] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 869.532323] RIP: 0033:0x45c27a [ 869.535565] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 869.543298] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 869.552078] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 869.559375] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 869.566679] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 869.574053] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 869.980333] misc userio: No port type given on /dev/userio 07:41:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000000080)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:16 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x30) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) move_pages(r0, 0x1, &(0x7f0000000080)=[&(0x7f0000ffb000/0x3000)=nil], &(0x7f0000000140)=[0x401], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:16 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:16 executing program 5 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:16 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000580)='/selinux/enforce\x00', 0x10000, 0x0) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000180)=0x0) sendmsg$nl_generic(r1, &(0x7f0000000480)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8081000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x1a8, 0x2a, 0x300, 0x70bd27, 0x25dfdbff, {0x9}, [@nested={0x70, 0x40, [@typed={0x18, 0x70, @str='/selinux/enforce\x00'}, @generic="adb3126cf23df4b4efa0c8a1c9d013af35e5ac0c332969cb47db45947358e470ef960b5445aa0db2ebcdeaa86eb649edcc71fc82418c38a4ad425893319fd052cb971f81b02bf2cbc8a5c21928f2106e7744ac25"]}, @generic="e001e4b68698dc8956d5d5dac1629bd7baf28b80ed4aee6fafc218ce960189258a857c163d8d66c7", @typed={0x8, 0x51, @u32=0xfffffffffffffffe}, @typed={0x4, 0x2c}, @typed={0x8, 0x7f, @pid=r2}, @generic="265b904463bb65047aee09c410bb503d3baf32d48e471f384fdc5744fe7305b5255c3f8004bbb6ffc1d5aee29424039cf057e446300f7e2bef01e3f52dc670c664fa00c5a5293a6e57814eaf24f2f40974bfde64ade306f0293f0eefdbb9ee271776e377bd73418662eab657c176a86a5a23f05f34445a5b1eedc271f7dc1e75ac85ef86bcbf06bd2e9bbb65e4ad1b6752a2e94cec56839863c7595a32a6bfe127f2e0f994aefa45867e1d2a72e7bac17c3bfb4f2601eb8bda3e5a4c5804f0425ead51979e3252055d741ef3963369dbb0982e128df89a2e20759c715ba6aa3b8749240e8de9c6"]}, 0x1a8}, 0x1, 0x0, 0x0, 0x10}, 0x80) getsockopt$IP_VS_SO_GET_DAEMON(r1, 0x0, 0x487, &(0x7f00000005c0), &(0x7f0000000600)=0x30) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 871.191160] FAULT_INJECTION: forcing a failure. [ 871.191160] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 871.249693] CPU: 1 PID: 27623 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 871.256901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.256910] Call Trace: [ 871.256957] dump_stack+0x138/0x19c [ 871.256982] should_fail.cold+0x10f/0x159 [ 871.257000] ? __might_sleep+0x93/0xb0 [ 871.257024] __alloc_pages_nodemask+0x1d6/0x7a0 [ 871.285463] ? __alloc_pages_slowpath+0x2930/0x2930 [ 871.290555] ? lock_downgrade+0x6e0/0x6e0 [ 871.294756] alloc_pages_current+0xec/0x1e0 [ 871.294773] __page_cache_alloc+0x248/0x3e0 [ 871.294785] do_read_cache_page+0x625/0xfc0 [ 871.294794] ? blkdev_writepages+0xd0/0xd0 [ 871.294808] ? find_get_pages_contig+0xaa0/0xaa0 [ 871.294818] ? blkdev_get+0xb0/0x8e0 [ 871.294830] ? dput.part.0+0x170/0x750 [ 871.294842] ? bd_may_claim+0xd0/0xd0 [ 871.294853] ? path_put+0x50/0x70 [ 871.294862] ? lookup_bdev.part.0+0xe1/0x160 [ 871.294873] read_cache_page_gfp+0x6e/0x90 [ 871.294889] btrfs_read_disk_super+0xdd/0x440 [ 871.294904] btrfs_scan_one_device+0xc6/0x400 07:41:16 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x9, 0x101400) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x2800, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$VIDIOC_OVERLAY(r2, 0x4004560e, &(0x7f00000001c0)=0xfffffffffffffffd) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 871.316973] ? device_list_add+0x8d0/0x8d0 [ 871.316988] ? __free_pages+0x54/0x90 [ 871.316999] ? free_pages+0x46/0x50 [ 871.317019] btrfs_mount+0x2e3/0x2b14 [ 871.324733] ? lock_downgrade+0x6e0/0x6e0 [ 871.324744] ? find_held_lock+0x35/0x130 [ 871.324754] ? pcpu_alloc+0x3af/0x1050 [ 871.324779] ? btrfs_remount+0x11f0/0x11f0 [ 871.324797] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.324815] ? __lockdep_init_map+0x10c/0x570 [ 871.391340] mount_fs+0x97/0x2a1 [ 871.394764] vfs_kern_mount.part.0+0x5e/0x3d0 [ 871.399409] ? find_held_lock+0x35/0x130 [ 871.406313] vfs_kern_mount+0x40/0x60 [ 871.410177] btrfs_mount+0x3ce/0x2b14 [ 871.414043] ? lock_downgrade+0x6e0/0x6e0 [ 871.418252] ? find_held_lock+0x35/0x130 [ 871.422362] ? pcpu_alloc+0x3af/0x1050 [ 871.426303] ? btrfs_remount+0x11f0/0x11f0 [ 871.430608] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.435695] ? __lockdep_init_map+0x10c/0x570 [ 871.440234] ? __lockdep_init_map+0x10c/0x570 [ 871.445980] mount_fs+0x97/0x2a1 [ 871.449383] vfs_kern_mount.part.0+0x5e/0x3d0 [ 871.453923] do_mount+0x417/0x27d0 [ 871.457508] ? copy_mount_options+0x5c/0x2f0 [ 871.461961] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.467006] ? copy_mount_string+0x40/0x40 [ 871.471298] ? copy_mount_options+0x1fe/0x2f0 [ 871.475851] SyS_mount+0xab/0x120 [ 871.479327] ? copy_mnt_ns+0x8c0/0x8c0 [ 871.483238] do_syscall_64+0x1e8/0x640 [ 871.487167] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 871.492084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 871.497323] RIP: 0033:0x45c27a [ 871.500519] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 871.508262] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 871.515579] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 871.522932] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 871.530233] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 871.537557] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:16 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:16 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x26) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:16 executing program 5 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:17 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x200000, 0x0) ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000080)={0x6, 0x4}) 07:41:17 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 871.786368] FAULT_INJECTION: forcing a failure. [ 871.786368] name failslab, interval 1, probability 0, space 0, times 0 [ 871.841993] CPU: 1 PID: 27668 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 871.849187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.858588] Call Trace: [ 871.858627] dump_stack+0x138/0x19c [ 871.858648] should_fail.cold+0x10f/0x159 [ 871.858666] should_failslab+0xdb/0x130 [ 871.858683] kmem_cache_alloc+0x2d7/0x780 [ 871.858695] ? delete_node+0x1fb/0x690 [ 871.858709] ? save_trace+0x290/0x290 [ 871.858728] alloc_buffer_head+0x24/0xe0 [ 871.858745] alloc_page_buffers+0xb7/0x200 [ 871.858764] create_empty_buffers+0x39/0x480 [ 871.858782] ? __lock_is_held+0xb6/0x140 [ 871.881324] ? check_preemption_disabled+0x3c/0x250 [ 871.881350] create_page_buffers+0x153/0x1c0 [ 871.881365] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 871.881377] block_read_full_page+0xcd/0x960 [ 871.881389] ? set_init_blocksize+0x220/0x220 [ 871.881400] ? __lru_cache_add+0x18a/0x250 [ 871.881412] ? __bread_gfp+0x290/0x290 [ 871.881426] ? add_to_page_cache_lru+0x159/0x310 [ 871.881436] ? add_to_page_cache_locked+0x40/0x40 [ 871.881447] blkdev_readpage+0x1d/0x30 [ 871.881455] do_read_cache_page+0x671/0xfc0 [ 871.881462] ? blkdev_writepages+0xd0/0xd0 [ 871.881475] ? find_get_pages_contig+0xaa0/0xaa0 [ 871.881484] ? blkdev_get+0xb0/0x8e0 [ 871.881497] ? dput.part.0+0x170/0x750 [ 871.881508] ? bd_may_claim+0xd0/0xd0 [ 871.881519] ? path_put+0x50/0x70 [ 871.881541] ? lookup_bdev.part.0+0xe1/0x160 [ 871.881554] read_cache_page_gfp+0x6e/0x90 [ 871.881569] btrfs_read_disk_super+0xdd/0x440 [ 871.881583] btrfs_scan_one_device+0xc6/0x400 [ 871.881594] ? device_list_add+0x8d0/0x8d0 [ 871.881604] ? __free_pages+0x54/0x90 [ 871.881613] ? free_pages+0x46/0x50 [ 871.881631] btrfs_mount+0x2e3/0x2b14 [ 871.881657] ? lock_downgrade+0x6e0/0x6e0 [ 871.917308] ? find_held_lock+0x35/0x130 [ 871.917326] ? pcpu_alloc+0x3af/0x1050 [ 871.917348] ? btrfs_remount+0x11f0/0x11f0 [ 871.917367] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.917383] ? __lockdep_init_map+0x10c/0x570 [ 871.917401] mount_fs+0x97/0x2a1 [ 871.917421] vfs_kern_mount.part.0+0x5e/0x3d0 [ 871.917429] ? find_held_lock+0x35/0x130 [ 871.917441] vfs_kern_mount+0x40/0x60 [ 871.917453] btrfs_mount+0x3ce/0x2b14 [ 871.917461] ? lock_downgrade+0x6e0/0x6e0 [ 871.917469] ? find_held_lock+0x35/0x130 [ 871.917476] ? pcpu_alloc+0x3af/0x1050 [ 871.917491] ? btrfs_remount+0x11f0/0x11f0 [ 871.917508] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.926508] ? __lockdep_init_map+0x10c/0x570 [ 871.926531] ? __lockdep_init_map+0x10c/0x570 [ 871.926549] mount_fs+0x97/0x2a1 [ 871.926566] vfs_kern_mount.part.0+0x5e/0x3d0 [ 871.926578] do_mount+0x417/0x27d0 [ 871.926586] ? copy_mount_options+0x5c/0x2f0 [ 871.926597] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.926610] ? copy_mount_string+0x40/0x40 [ 871.926623] ? copy_mount_options+0x1fe/0x2f0 [ 871.926634] SyS_mount+0xab/0x120 [ 871.926644] ? copy_mnt_ns+0x8c0/0x8c0 [ 871.926660] do_syscall_64+0x1e8/0x640 [ 871.926670] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 871.926686] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 871.926696] RIP: 0033:0x45c27a [ 871.926701] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 871.926718] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 872.088968] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 872.088976] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 872.088982] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 872.088987] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 872.630210] net_ratelimit: 16 callbacks suppressed [ 872.630217] protocol 88fb is buggy, dev hsr_slave_0 [ 872.640443] protocol 88fb is buggy, dev hsr_slave_1 [ 873.040198] protocol 88fb is buggy, dev hsr_slave_0 [ 873.045448] protocol 88fb is buggy, dev hsr_slave_1 [ 873.670172] protocol 88fb is buggy, dev hsr_slave_0 [ 873.675398] protocol 88fb is buggy, dev hsr_slave_1 [ 873.680652] protocol 88fb is buggy, dev hsr_slave_0 [ 873.685810] protocol 88fb is buggy, dev hsr_slave_1 07:41:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)={0x0, 0x19, "888437f99c01ef33909a9714234262c47913ab2d50467e54a7"}, &(0x7f0000000140)=0x21) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000180)={r2, 0xef, 0x8}, 0x8) 07:41:19 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0xc0100, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r1, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="6800000068062cb67484168afc9dda02000000215a26814b71db2d517563a335220e3acfd20b48f1972827f0360d42b1c5d21a721a38eea3153663d911a07bf736912a31e00c96825d016a6ef463c6c42f1ef3dfb528ee", @ANYRES16=r2, @ANYBLOB="080729bd7000fddbdf25010000000000000008410000004c00180000000773797a3000"/98], 0x68}, 0x1, 0x0, 0x0, 0x4000800}, 0x4) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f00000002c0)={@empty, 0x62, r3}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:19 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r1 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x100, 0x40000) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000180)=0x1, 0x4) 07:41:19 executing program 5 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 874.150191] protocol 88fb is buggy, dev hsr_slave_0 [ 874.155412] protocol 88fb is buggy, dev hsr_slave_1 [ 874.272544] FAULT_INJECTION: forcing a failure. [ 874.272544] name failslab, interval 1, probability 0, space 0, times 0 [ 874.296522] CPU: 1 PID: 27696 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 874.303745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.313157] Call Trace: [ 874.313203] dump_stack+0x138/0x19c [ 874.313228] should_fail.cold+0x10f/0x159 [ 874.313251] should_failslab+0xdb/0x130 [ 874.313268] kmem_cache_alloc_trace+0x2e9/0x790 [ 874.313285] ? __kmalloc_node+0x51/0x80 [ 874.313308] btrfs_mount+0x1001/0x2b14 [ 874.313321] ? lock_downgrade+0x6e0/0x6e0 [ 874.313336] ? find_held_lock+0x35/0x130 [ 874.313348] ? pcpu_alloc+0x3af/0x1050 [ 874.313369] ? btrfs_remount+0x11f0/0x11f0 [ 874.323883] ? rcu_read_lock_sched_held+0x110/0x130 [ 874.323909] ? __lockdep_init_map+0x10c/0x570 [ 874.323931] mount_fs+0x97/0x2a1 [ 874.323953] vfs_kern_mount.part.0+0x5e/0x3d0 [ 874.323962] ? find_held_lock+0x35/0x130 [ 874.323972] vfs_kern_mount+0x40/0x60 [ 874.323991] btrfs_mount+0x3ce/0x2b14 [ 874.323999] ? lock_downgrade+0x6e0/0x6e0 [ 874.324008] ? find_held_lock+0x35/0x130 [ 874.324018] ? pcpu_alloc+0x3af/0x1050 [ 874.324035] ? btrfs_remount+0x11f0/0x11f0 [ 874.324049] ? rcu_read_lock_sched_held+0x110/0x130 [ 874.324066] ? __lockdep_init_map+0x10c/0x570 [ 874.324076] ? __lockdep_init_map+0x10c/0x570 [ 874.324096] mount_fs+0x97/0x2a1 07:41:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 874.420321] vfs_kern_mount.part.0+0x5e/0x3d0 [ 874.420336] do_mount+0x417/0x27d0 [ 874.420346] ? copy_mount_options+0x5c/0x2f0 [ 874.420361] ? rcu_read_lock_sched_held+0x110/0x130 [ 874.420374] ? copy_mount_string+0x40/0x40 [ 874.420388] ? copy_mount_options+0x1fe/0x2f0 [ 874.420403] SyS_mount+0xab/0x120 [ 874.420412] ? copy_mnt_ns+0x8c0/0x8c0 [ 874.420429] do_syscall_64+0x1e8/0x640 [ 874.420439] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 874.420456] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 874.420468] RIP: 0033:0x45c27a [ 874.420474] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 874.420488] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 874.420494] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 874.420501] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 874.420507] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 874.420513] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:19 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = fcntl$getown(0xffffffffffffffff, 0x9) migrate_pages(r0, 0x37f, &(0x7f0000000000)=0x7, &(0x7f0000000140)=0x81) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0xc00, 0x0) setsockopt$TIPC_MCAST_REPLICAST(r2, 0x10f, 0x86) openat$md(0xffffffffffffff9c, &(0x7f0000000100)='/dev/md0\x00', 0x428002, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x85, 0x4002) 07:41:19 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:19 executing program 5 (fault-call:0 fault-nth:80): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 874.740313] FAULT_INJECTION: forcing a failure. [ 874.740313] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 874.752224] CPU: 0 PID: 27723 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 874.759365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 874.768767] Call Trace: [ 874.771442] dump_stack+0x138/0x19c [ 874.775155] should_fail.cold+0x10f/0x159 [ 874.779381] __alloc_pages_nodemask+0x1d6/0x7a0 [ 874.784116] ? __alloc_pages_slowpath+0x2930/0x2930 [ 874.789204] cache_grow_begin+0x80/0x400 [ 874.793336] kmem_cache_alloc+0x6a6/0x780 [ 874.797553] ? save_stack_trace+0x16/0x20 [ 874.801747] ? save_stack+0x45/0xd0 [ 874.805407] ? kmem_cache_alloc_trace+0x152/0x790 [ 874.810294] getname_kernel+0x53/0x350 [ 874.814240] kern_path+0x20/0x40 [ 874.817659] lookup_bdev.part.0+0x63/0x160 [ 874.821934] ? blkdev_open+0x260/0x260 [ 874.825851] ? btrfs_open_devices+0x27/0xb0 [ 874.830208] blkdev_get_by_path+0x76/0xf0 [ 874.834399] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 874.838934] __btrfs_open_devices+0x194/0xab0 [ 874.843480] ? check_preemption_disabled+0x3c/0x250 [ 874.848540] ? find_device+0x100/0x100 [ 874.852475] ? btrfs_mount+0x1069/0x2b14 [ 874.856581] ? rcu_read_lock_sched_held+0x110/0x130 [ 874.861634] btrfs_open_devices+0xa4/0xb0 [ 874.865840] btrfs_mount+0x11b4/0x2b14 [ 874.869779] ? lock_downgrade+0x6e0/0x6e0 [ 874.873969] ? find_held_lock+0x35/0x130 [ 874.878062] ? pcpu_alloc+0x3af/0x1050 [ 874.882016] ? btrfs_remount+0x11f0/0x11f0 [ 874.886323] ? rcu_read_lock_sched_held+0x110/0x130 [ 874.891368] ? __lockdep_init_map+0x10c/0x570 [ 874.895892] mount_fs+0x97/0x2a1 [ 874.899307] vfs_kern_mount.part.0+0x5e/0x3d0 [ 874.903836] ? find_held_lock+0x35/0x130 [ 874.907925] vfs_kern_mount+0x40/0x60 [ 874.911752] btrfs_mount+0x3ce/0x2b14 [ 874.915605] ? lock_downgrade+0x6e0/0x6e0 [ 874.919792] ? find_held_lock+0x35/0x130 [ 874.923881] ? pcpu_alloc+0x3af/0x1050 [ 874.927797] ? btrfs_remount+0x11f0/0x11f0 [ 874.932093] ? retint_kernel+0x2d/0x2d [ 874.936077] ? check_preemption_disabled+0x3c/0x250 [ 874.941147] ? retint_kernel+0x2d/0x2d [ 874.945100] mount_fs+0x97/0x2a1 [ 874.948514] vfs_kern_mount.part.0+0x5e/0x3d0 [ 874.953064] do_mount+0x417/0x27d0 [ 874.956656] ? copy_mount_options+0x5c/0x2f0 [ 874.961110] ? rcu_read_lock_sched_held+0x110/0x130 [ 874.966187] ? copy_mount_string+0x40/0x40 [ 874.970507] ? copy_mount_options+0x1fe/0x2f0 [ 874.975045] SyS_mount+0xab/0x120 [ 874.978542] ? copy_mnt_ns+0x8c0/0x8c0 [ 874.982482] do_syscall_64+0x1e8/0x640 [ 874.986446] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 874.991349] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 874.996568] RIP: 0033:0x45c27a [ 874.999791] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 875.007522] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 875.014845] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 875.022134] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 875.029435] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 875.036765] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:20 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:20 executing program 5 (fault-call:0 fault-nth:81): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 875.272732] FAULT_INJECTION: forcing a failure. [ 875.272732] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 875.284629] CPU: 0 PID: 27742 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 875.291807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 875.301173] Call Trace: [ 875.303803] dump_stack+0x138/0x19c [ 875.307457] should_fail.cold+0x10f/0x159 [ 875.311636] __alloc_pages_nodemask+0x1d6/0x7a0 [ 875.316330] ? __alloc_pages_slowpath+0x2930/0x2930 [ 875.321383] cache_grow_begin+0x80/0x400 [ 875.325482] kmem_cache_alloc+0x6a6/0x780 [ 875.329662] ? out_of_line_wait_on_bit+0xba/0xd0 [ 875.334442] ? __wait_on_bit+0x130/0x130 [ 875.338705] getname_kernel+0x53/0x350 [ 875.342633] kern_path+0x20/0x40 [ 875.346048] lookup_bdev.part.0+0x63/0x160 [ 875.350333] ? blkdev_open+0x260/0x260 [ 875.354273] ? btrfs_read_dev_super+0x77/0xb0 [ 875.358815] blkdev_get_by_path+0x76/0xf0 [ 875.362994] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 875.367535] __btrfs_open_devices+0x194/0xab0 [ 875.372086] ? find_device+0x100/0x100 [ 875.375994] ? btrfs_mount+0x1069/0x2b14 [ 875.380105] ? rcu_read_lock_sched_held+0x110/0x130 [ 875.385165] btrfs_open_devices+0xa4/0xb0 [ 875.389353] btrfs_mount+0x11b4/0x2b14 [ 875.393274] ? _raw_spin_unlock_irq+0x5e/0x90 [ 875.397801] ? finish_task_switch+0x178/0x650 [ 875.402358] ? btrfs_remount+0x11f0/0x11f0 [ 875.406620] ? trace_hardirqs_on_caller+0x400/0x590 [ 875.411666] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 875.416454] ? retint_kernel+0x2d/0x2d [ 875.420407] mount_fs+0x97/0x2a1 [ 875.423806] vfs_kern_mount.part.0+0x5e/0x3d0 [ 875.428327] ? find_held_lock+0x35/0x130 [ 875.432451] vfs_kern_mount+0x40/0x60 [ 875.436294] btrfs_mount+0x3ce/0x2b14 [ 875.440141] ? lock_downgrade+0x6e0/0x6e0 [ 875.444317] ? find_held_lock+0x35/0x130 [ 875.449514] ? pcpu_alloc+0x3af/0x1050 [ 875.453460] ? btrfs_remount+0x11f0/0x11f0 [ 875.457729] ? rcu_read_lock_sched_held+0x110/0x130 [ 875.462794] ? __lockdep_init_map+0x10c/0x570 [ 875.467313] ? __lockdep_init_map+0x10c/0x570 [ 875.471866] mount_fs+0x97/0x2a1 [ 875.475265] vfs_kern_mount.part.0+0x5e/0x3d0 [ 875.479823] do_mount+0x417/0x27d0 [ 875.483389] ? copy_mount_options+0x5c/0x2f0 [ 875.487831] ? rcu_read_lock_sched_held+0x110/0x130 [ 875.492870] ? copy_mount_string+0x40/0x40 [ 875.497133] ? copy_mount_options+0x1fe/0x2f0 [ 875.501664] SyS_mount+0xab/0x120 [ 875.505141] ? copy_mnt_ns+0x8c0/0x8c0 [ 875.509100] do_syscall_64+0x1e8/0x640 [ 875.513015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 875.517901] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 875.523111] RIP: 0033:0x45c27a [ 875.526311] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 875.534045] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 875.541327] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 875.548605] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 875.557074] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 875.564363] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:22 executing program 1: r0 = socket$inet6(0xa, 0x8004808000080003, 0x5) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@bridge_setlink={0x28, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0x8, 0x1a, [{0x2}]}]}, 0x288}}, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x38) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r3, 0x0, 0x0) 07:41:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:22 executing program 5 (fault-call:0 fault-nth:82): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:22 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) getitimer(0x1, &(0x7f0000000100)) r1 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x200000000431, 0x341c00) write$P9_RCLUNK(r1, &(0x7f0000000240)={0x7, 0x79, 0x1}, 0x7) accept4$llc(r1, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000380)=0x10, 0x80000) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000480)=0xffe) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f00000003c0)={0x0}, &(0x7f0000000400)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000440)={r2, 0x5}, 0x8) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f00000002c0)) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) pipe(&(0x7f0000000300)) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) [ 877.316676] FAULT_INJECTION: forcing a failure. [ 877.316676] name failslab, interval 1, probability 0, space 0, times 0 [ 877.328869] CPU: 1 PID: 27755 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 877.336036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 877.345602] Call Trace: [ 877.348279] dump_stack+0x138/0x19c [ 877.351992] should_fail.cold+0x10f/0x159 [ 877.356220] should_failslab+0xdb/0x130 [ 877.360271] kmem_cache_alloc_trace+0x2e9/0x790 07:41:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000480)) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 877.365055] btrfs_mount+0x1069/0x2b14 [ 877.368997] ? lock_downgrade+0x6e0/0x6e0 [ 877.369008] ? find_held_lock+0x35/0x130 [ 877.369020] ? pcpu_alloc+0x3af/0x1050 [ 877.369044] ? btrfs_remount+0x11f0/0x11f0 [ 877.369063] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.377399] ? __lockdep_init_map+0x10c/0x570 [ 877.377420] mount_fs+0x97/0x2a1 [ 877.377440] vfs_kern_mount.part.0+0x5e/0x3d0 [ 877.403076] ? find_held_lock+0x35/0x130 [ 877.407226] vfs_kern_mount+0x40/0x60 [ 877.411097] btrfs_mount+0x3ce/0x2b14 [ 877.414979] ? lock_downgrade+0x6e0/0x6e0 [ 877.419185] ? find_held_lock+0x35/0x130 [ 877.423293] ? pcpu_alloc+0x3af/0x1050 [ 877.427249] ? btrfs_remount+0x11f0/0x11f0 [ 877.431540] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.436624] ? __lockdep_init_map+0x10c/0x570 [ 877.441187] ? __lockdep_init_map+0x10c/0x570 [ 877.445747] mount_fs+0x97/0x2a1 [ 877.449172] vfs_kern_mount.part.0+0x5e/0x3d0 [ 877.453726] do_mount+0x417/0x27d0 [ 877.457321] ? copy_mount_options+0x5c/0x2f0 [ 877.461784] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.466864] ? copy_mount_string+0x40/0x40 [ 877.471172] ? copy_mount_options+0x1fe/0x2f0 [ 877.475773] SyS_mount+0xab/0x120 [ 877.475791] ? copy_mnt_ns+0x8c0/0x8c0 [ 877.475808] do_syscall_64+0x1e8/0x640 [ 877.475827] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 877.483267] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 877.483281] RIP: 0033:0x45c27a [ 877.483286] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 877.483297] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 877.483302] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 877.483307] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 877.483312] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 877.483317] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:22 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x3, 0x0, 0x9, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:23 executing program 5 (fault-call:0 fault-nth:83): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:23 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x0, 0x0) bind$bt_sco(r1, &(0x7f0000000000)={0x1f, {0x9, 0x9, 0x0, 0x9, 0x698, 0x4}}, 0x8) getsockname$tipc(r1, &(0x7f0000000080), &(0x7f0000000140)=0x10) rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 877.817618] FAULT_INJECTION: forcing a failure. [ 877.817618] name failslab, interval 1, probability 0, space 0, times 0 [ 877.830154] net_ratelimit: 14 callbacks suppressed [ 877.830161] protocol 88fb is buggy, dev hsr_slave_0 [ 877.836390] CPU: 0 PID: 27782 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 877.840380] protocol 88fb is buggy, dev hsr_slave_1 [ 877.847347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 877.852670] protocol 88fb is buggy, dev hsr_slave_0 [ 877.861802] Call Trace: [ 877.861846] dump_stack+0x138/0x19c [ 877.861865] should_fail.cold+0x10f/0x159 [ 877.861881] should_failslab+0xdb/0x130 [ 877.861895] kmem_cache_alloc+0x2d7/0x780 [ 877.861915] ? add_to_page_cache_lru+0x159/0x310 [ 877.867088] protocol 88fb is buggy, dev hsr_slave_1 [ 877.869601] ? add_to_page_cache_locked+0x40/0x40 [ 877.869618] alloc_buffer_head+0x24/0xe0 [ 877.869631] alloc_page_buffers+0xb7/0x200 [ 877.869645] __getblk_gfp+0x342/0x710 [ 877.885618] ? lru_add_drain_all+0x18/0x20 [ 877.916745] __bread_gfp+0x2e/0x290 [ 877.916766] btrfs_read_dev_one_super+0x9f/0x270 [ 877.916779] btrfs_read_dev_super+0x5d/0xb0 [ 877.916790] ? btrfs_read_dev_one_super+0x270/0x270 [ 877.916807] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 877.916823] __btrfs_open_devices+0x194/0xab0 [ 877.943726] ? check_preemption_disabled+0x3c/0x250 [ 877.948798] ? find_device+0x100/0x100 [ 877.952728] ? btrfs_mount+0x1069/0x2b14 [ 877.956844] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.956866] btrfs_open_devices+0xa4/0xb0 [ 877.956884] btrfs_mount+0x11b4/0x2b14 [ 877.956897] ? lock_downgrade+0x6e0/0x6e0 [ 877.956905] ? find_held_lock+0x35/0x130 [ 877.956920] ? pcpu_alloc+0x3af/0x1050 [ 877.970121] ? btrfs_remount+0x11f0/0x11f0 [ 877.970146] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.970173] ? __lockdep_init_map+0x10c/0x570 [ 877.970191] mount_fs+0x97/0x2a1 [ 877.970208] vfs_kern_mount.part.0+0x5e/0x3d0 [ 877.970216] ? find_held_lock+0x35/0x130 [ 877.970227] vfs_kern_mount+0x40/0x60 [ 877.970239] btrfs_mount+0x3ce/0x2b14 [ 877.970247] ? lock_downgrade+0x6e0/0x6e0 [ 877.970255] ? find_held_lock+0x35/0x130 [ 877.970265] ? pcpu_alloc+0x3af/0x1050 [ 877.970282] ? btrfs_remount+0x11f0/0x11f0 [ 877.970297] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.970318] ? __lockdep_init_map+0x10c/0x570 [ 877.970327] ? __lockdep_init_map+0x10c/0x570 [ 877.970340] mount_fs+0x97/0x2a1 [ 877.970353] vfs_kern_mount.part.0+0x5e/0x3d0 [ 877.970369] do_mount+0x417/0x27d0 [ 877.978674] ? copy_mount_options+0x5c/0x2f0 [ 877.996474] ? rcu_read_lock_sched_held+0x110/0x130 07:41:23 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x400, 0x2000) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000140)={{0x2, 0x4e24, @loopback}, {0x307, @dev={[], 0x10}}, 0x10, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'ip6gretap0\x00'}) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x8) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 877.996495] ? copy_mount_string+0x40/0x40 [ 877.996512] ? copy_mount_options+0x1fe/0x2f0 [ 877.996525] SyS_mount+0xab/0x120 [ 877.996537] ? copy_mnt_ns+0x8c0/0x8c0 [ 877.996559] do_syscall_64+0x1e8/0x640 [ 878.008596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 878.008622] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 878.008632] RIP: 0033:0x45c27a [ 878.008638] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 878.008649] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a 07:41:23 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 878.008655] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 878.008667] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 878.020513] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 878.020522] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 878.310228] protocol 88fb is buggy, dev hsr_slave_0 [ 878.315413] protocol 88fb is buggy, dev hsr_slave_1 [ 878.870220] protocol 88fb is buggy, dev hsr_slave_0 [ 878.875415] protocol 88fb is buggy, dev hsr_slave_1 [ 879.272402] protocol 88fb is buggy, dev hsr_slave_0 [ 879.277619] protocol 88fb is buggy, dev hsr_slave_1 07:41:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) gettid() ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:25 executing program 5 (fault-call:0 fault-nth:84): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:25 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) fcntl$getown(0xffffffffffffffff, 0x9) gettid() getpgrp(0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0xc) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000002c0)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0xc) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000400)) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000440)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000480)={0x0}, &(0x7f00000004c0)=0xc) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200)='/dev/audio\x00', 0x80001, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fsetxattr$security_smack_transmute(r3, &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x1) ptrace$cont(0x1f, r1, 0x0, 0x0) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/checkreqprot\x00', 0x200, 0x0) mkdirat(r4, &(0x7f00000005c0)='./file0\x00', 0x24) 07:41:25 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_NMI(r3, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 07:41:25 executing program 3: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/userio\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000001c0)={0x1, 0x6}, 0x2) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000000)=""/187, 0xbb}], 0x1) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x20, 0x40) 07:41:25 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7, 0x480200) setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000140)=@gcm_256={{0x307}, "ff568ea9e7076d27", "21da5f3b51bcd1652f0a15cbb9ada8694e265ff59a599919b8b29d8d32ecc4bc", "22917410", "74a289d3e792437b"}, 0x38) ioctl$SIOCGSTAMP(r1, 0x8906, &(0x7f0000000080)) [ 880.346935] FAULT_INJECTION: forcing a failure. [ 880.346935] name failslab, interval 1, probability 0, space 0, times 0 [ 880.362438] CPU: 1 PID: 27818 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 880.369662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.379079] Call Trace: [ 880.379124] dump_stack+0x138/0x19c [ 880.379151] should_fail.cold+0x10f/0x159 [ 880.379173] should_failslab+0xdb/0x130 [ 880.379193] kmem_cache_alloc+0x2d7/0x780 [ 880.379207] ? add_to_page_cache_lru+0x159/0x310 [ 880.379221] ? add_to_page_cache_locked+0x40/0x40 [ 880.379242] alloc_buffer_head+0x24/0xe0 [ 880.379255] alloc_page_buffers+0xb7/0x200 [ 880.379274] __getblk_gfp+0x342/0x710 [ 880.379286] ? lru_add_drain_all+0x18/0x20 [ 880.379309] __bread_gfp+0x2e/0x290 [ 880.415976] btrfs_read_dev_one_super+0x9f/0x270 [ 880.432522] btrfs_read_dev_super+0x5d/0xb0 [ 880.436918] ? btrfs_read_dev_one_super+0x270/0x270 [ 880.442003] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 880.446575] __btrfs_open_devices+0x194/0xab0 [ 880.451131] ? check_preemption_disabled+0x3c/0x250 [ 880.456211] ? find_device+0x100/0x100 [ 880.460170] ? btrfs_mount+0x1069/0x2b14 [ 880.464306] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.469394] btrfs_open_devices+0xa4/0xb0 [ 880.473617] btrfs_mount+0x11b4/0x2b14 [ 880.477597] ? lock_downgrade+0x6e0/0x6e0 [ 880.477609] ? find_held_lock+0x35/0x130 [ 880.477619] ? pcpu_alloc+0x3af/0x1050 [ 880.477643] ? btrfs_remount+0x11f0/0x11f0 [ 880.477663] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.477687] ? __lockdep_init_map+0x10c/0x570 [ 880.489904] mount_fs+0x97/0x2a1 [ 880.489928] vfs_kern_mount.part.0+0x5e/0x3d0 [ 880.489942] ? find_held_lock+0x35/0x130 [ 880.489955] vfs_kern_mount+0x40/0x60 [ 880.489976] btrfs_mount+0x3ce/0x2b14 [ 880.489992] ? lock_downgrade+0x6e0/0x6e0 [ 880.527729] ? find_held_lock+0x35/0x130 [ 880.531852] ? pcpu_alloc+0x3af/0x1050 [ 880.535916] ? btrfs_remount+0x11f0/0x11f0 [ 880.540307] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.545405] ? __lockdep_init_map+0x10c/0x570 [ 880.549964] ? __lockdep_init_map+0x10c/0x570 [ 880.554752] mount_fs+0x97/0x2a1 [ 880.558261] vfs_kern_mount.part.0+0x5e/0x3d0 [ 880.562825] do_mount+0x417/0x27d0 [ 880.566428] ? retint_kernel+0x2d/0x2d [ 880.570379] ? copy_mount_string+0x40/0x40 [ 880.574677] ? copy_mount_options+0x180/0x2f0 [ 880.579252] ? copy_mount_options+0x1fe/0x2f0 [ 880.583798] SyS_mount+0xab/0x120 [ 880.583812] ? copy_mnt_ns+0x8c0/0x8c0 [ 880.583827] do_syscall_64+0x1e8/0x640 [ 880.583835] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 880.583852] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 880.583861] RIP: 0033:0x45c27a [ 880.583866] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 880.583877] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 880.583883] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 880.583888] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 880.583893] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 880.583899] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:26 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) gettid() r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xbc30, 0x10100) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000080)) 07:41:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 07:41:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x12d}) ptrace$setregs(0x13, r0, 0x0, &(0x7f0000000280)="6cae19c4fc8eea3bc5d3c53c4213c774a2181e783826c61e43be36e319211b3a533de002912b98d8bd439323c1786cfc7671e17ade242ee10200000000ffd21187505309a69e39a71273e108918605f4e4469e3296ae96828969d565d7a37ccc7b9be510c853afc2d094ebb13d206134669d821a8f042c63c9956af78eb5ca962413169f268d2c875a7da6b355136898108e672e500bd46aff4b62000000df244831aca45d20b28ea2a197cb675bfa2ce2e2c4e8e7192f9bc2cf19d76a1f7cffb92042d8093acd499f1056ad18d0950c3a59323d17990e59fde167cae24f057cd9038b13deaa6431d7eee2c20589531cf6ef24ac6f43e253fdb5a54a18fecfe31f6afeb1b6d9e16468cecc4189b78f75b4cc608fd76e0addd60a3b58ee48f93a2c30fa164ae8189072960ac633c13a37c2da4491b2c6e344d5b8cea4eebf10c6402c914cd72af639d15ffc30369218b483ee9bfc83b05798d09a813ea058f1f937a18c89368d3cc552b1344027deebb9c8c60c9e372f206a74402bd40994119c9c749684fa05") ptrace$cont(0x1f, r0, 0x0, 0x0) 07:41:26 executing program 5 (fault-call:0 fault-nth:85): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:26 executing program 4: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/policy\x00', 0x0, 0x0) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000180)=r0, 0x4) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) socket$inet_sctp(0x2, 0x1, 0x84) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x24000, 0x0) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x17) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x7, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x6, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1e, r1, 0x66, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x40, 0x0) ioctl$SG_GET_COMMAND_Q(r3, 0x2270, &(0x7f00000001c0)) [ 880.907357] FAULT_INJECTION: forcing a failure. [ 880.907357] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 880.919282] CPU: 1 PID: 27859 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 880.919294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.919299] Call Trace: [ 880.919332] dump_stack+0x138/0x19c [ 880.919357] should_fail.cold+0x10f/0x159 [ 880.919380] __alloc_pages_nodemask+0x1d6/0x7a0 [ 880.919395] ? __alloc_pages_slowpath+0x2930/0x2930 [ 880.919421] cache_grow_begin+0x80/0x400 [ 880.919434] kmem_cache_alloc+0x6a6/0x780 [ 880.919452] ? out_of_line_wait_on_bit+0xba/0xd0 [ 880.919466] ? __wait_on_bit+0x130/0x130 [ 880.919482] getname_kernel+0x53/0x350 [ 880.919494] kern_path+0x20/0x40 [ 880.919510] lookup_bdev.part.0+0x63/0x160 [ 880.919522] ? blkdev_open+0x260/0x260 [ 880.919553] ? btrfs_read_dev_super+0x77/0xb0 [ 880.919571] blkdev_get_by_path+0x76/0xf0 [ 880.919589] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 880.919606] __btrfs_open_devices+0x194/0xab0 [ 880.919631] ? find_device+0x100/0x100 [ 880.919645] ? btrfs_mount+0x1069/0x2b14 [ 880.919658] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.919677] btrfs_open_devices+0xa4/0xb0 [ 880.919696] btrfs_mount+0x11b4/0x2b14 [ 880.919712] ? lock_downgrade+0x6e0/0x6e0 [ 880.936407] ? find_held_lock+0x35/0x130 [ 880.936426] ? pcpu_alloc+0x3af/0x1050 [ 880.936449] ? btrfs_remount+0x11f0/0x11f0 [ 880.936465] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.936482] ? __lockdep_init_map+0x10c/0x570 [ 880.936499] mount_fs+0x97/0x2a1 07:41:26 executing program 4: setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000000c0)=@gcm_128={{}, "4a99038f91e594a5", "e6620b264683731224ec4ca2f5ec7bee", "32b990a9", "6b5a61f75ead6a73"}, 0x28) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) gettid() clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = semget(0x2, 0x7, 0x40) semctl$IPC_RMID(r0, 0x0, 0x0) r1 = gettid() rt_sigsuspend(&(0x7f0000000040), 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x6, 0x0, 0x12d}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 880.936517] vfs_kern_mount.part.0+0x5e/0x3d0 [ 880.936526] ? find_held_lock+0x35/0x130 [ 880.936551] vfs_kern_mount+0x40/0x60 [ 880.936566] btrfs_mount+0x3ce/0x2b14 [ 880.956842] ? lock_downgrade+0x6e0/0x6e0 [ 880.956853] ? find_held_lock+0x35/0x130 [ 880.956864] ? pcpu_alloc+0x3af/0x1050 [ 880.956897] ? btrfs_remount+0x11f0/0x11f0 [ 880.981399] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.981426] ? __lockdep_init_map+0x10c/0x570 [ 880.981437] ? __lockdep_init_map+0x10c/0x570 [ 880.981452] mount_fs+0x97/0x2a1 [ 880.981472] vfs_kern_mount.part.0+0x5e/0x3d0 [ 880.981485] do_mount+0x417/0x27d0 [ 880.981493] ? copy_mount_options+0x5c/0x2f0 [ 880.981502] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.981514] ? copy_mount_string+0x40/0x40 [ 880.981528] ? copy_mount_options+0x1fe/0x2f0 [ 880.981557] SyS_mount+0xab/0x120 [ 880.981566] ? copy_mnt_ns+0x8c0/0x8c0 [ 880.981581] do_syscall_64+0x1e8/0x640 [ 880.981596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 881.104659] entry_SYSCALL_64_after_hwframe+0x42/0xb7 07:41:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 881.112606] RIP: 0033:0x45c27a [ 881.112615] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 881.112626] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 881.112631] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 881.112636] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 881.112641] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 881.112646] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 07:41:26 executing program 5 (fault-call:0 fault-nth:86): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01102000000000000000000000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 07:41:26 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="e9fb21bf671116", 0x7}, {&(0x7f00000004c0)}], 0x2, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f00000004c0)={0x2, 0x4e21, @remote}, 0x10) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) ioctl$KVM_SET_FPU(0xffffffffffffffff, 0x41a0ae8d, &(0x7f0000000580)={[], 0x3, 0x0, 0x0, 0x0, 0xbc}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000001c0)={0x5, 0xffffffffffffbe92}) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 881.386213] FAULT_INJECTION: forcing a failure. [ 881.386213] name failslab, interval 1, probability 0, space 0, times 0 [ 881.415875] CPU: 1 PID: 27881 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 881.423067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.432467] Call Trace: [ 881.435113] dump_stack+0x138/0x19c [ 881.438809] should_fail.cold+0x10f/0x159 [ 881.444063] should_failslab+0xdb/0x130 [ 881.448100] kmem_cache_alloc_trace+0x2e9/0x790 [ 881.452835] btrfs_alloc_device+0xa4/0x6a0 [ 881.457125] ? __kmalloc+0x376/0x7a0 [ 881.460873] ? btrfs_find_device_by_devspec+0xf0/0xf0 [ 881.466157] ? __btrfs_close_devices+0x323/0xa90 [ 881.470992] __btrfs_close_devices+0x2c6/0xa90 [ 881.475629] ? btrfs_alloc_device+0x6a0/0x6a0 [ 881.480173] btrfs_close_devices+0x29/0x140 [ 881.484564] btrfs_mount+0x1fc5/0x2b14 [ 881.488511] ? lock_downgrade+0x6e0/0x6e0 [ 881.492883] ? find_held_lock+0x35/0x130 [ 881.496997] ? pcpu_alloc+0x3af/0x1050 [ 881.500927] ? btrfs_remount+0x11f0/0x11f0 [ 881.505317] ? rcu_read_lock_sched_held+0x110/0x130 [ 881.510412] ? __lockdep_init_map+0x10c/0x570 [ 881.514966] mount_fs+0x97/0x2a1 [ 881.518412] vfs_kern_mount.part.0+0x5e/0x3d0 [ 881.522969] ? find_held_lock+0x35/0x130 [ 881.527100] vfs_kern_mount+0x40/0x60 [ 881.530948] btrfs_mount+0x3ce/0x2b14 [ 881.534785] ? lock_downgrade+0x6e0/0x6e0 [ 881.538967] ? find_held_lock+0x35/0x130 [ 881.543082] ? pcpu_alloc+0x3af/0x1050 [ 881.547448] ? btrfs_remount+0x11f0/0x11f0 [ 881.551723] ? rcu_read_lock_sched_held+0x110/0x130 [ 881.556784] ? __lockdep_init_map+0x10c/0x570 [ 881.561301] ? __lockdep_init_map+0x10c/0x570 [ 881.565819] mount_fs+0x97/0x2a1 [ 881.569235] vfs_kern_mount.part.0+0x5e/0x3d0 [ 881.573883] do_mount+0x417/0x27d0 [ 881.577457] ? copy_mount_options+0x5c/0x2f0 [ 881.581895] ? rcu_read_lock_sched_held+0x110/0x130 [ 881.586980] ? copy_mount_string+0x40/0x40 [ 881.591240] ? copy_mount_options+0x1fe/0x2f0 [ 881.595789] SyS_mount+0xab/0x120 [ 881.599272] ? copy_mnt_ns+0x8c0/0x8c0 [ 881.603213] do_syscall_64+0x1e8/0x640 [ 881.607161] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 881.612084] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 881.617310] RIP: 0033:0x45c27a [ 881.620525] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 881.628308] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 881.635607] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 881.643073] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 881.650352] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 881.657641] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 881.666436] ------------[ cut here ]------------ [ 881.671249] kernel BUG at fs/btrfs/volumes.c:890! [ 881.676915] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 881.682324] Modules linked in: [ 881.685551] CPU: 1 PID: 27881 Comm: syz-executor.5 Not tainted 4.14.134 #29 [ 881.692648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 881.702020] task: ffff88808a54e500 task.stack: ffff8880473a8000 [ 881.708147] RIP: 0010:__btrfs_close_devices+0x7d8/0xa90 [ 881.713554] RSP: 0018:ffff8880473af700 EFLAGS: 00010246 [ 881.718933] RAX: 0000000000040000 RBX: ffff8880810a6d80 RCX: ffffc90005e35000 [ 881.726205] RDX: 0000000000040000 RSI: ffffffff82656118 RDI: 0000000000000282 [ 881.733484] RBP: ffff8880473af7c8 R08: ffff88808a54e500 R09: ffff88808a54edc8 [ 881.740776] R10: 0000000000000000 R11: 0000000000000000 R12: ffff888096b44d40 [ 881.748078] R13: ffff8880810a6e48 R14: fffffffffffffff4 R15: dffffc0000000000 [ 881.755376] FS: 00007f96fb725700(0000) GS:ffff8880aef00000(0000) knlGS:0000000000000000 [ 881.763647] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 881.769545] CR2: 0000000001b660b8 CR3: 000000009fdf7000 CR4: 00000000001426e0 [ 881.776830] Call Trace: [ 881.779467] ? btrfs_alloc_device+0x6a0/0x6a0 [ 881.783993] btrfs_close_devices+0x29/0x140 [ 881.788350] btrfs_mount+0x1fc5/0x2b14 [ 881.792294] ? lock_downgrade+0x6e0/0x6e0 [ 881.796466] ? find_held_lock+0x35/0x130 [ 881.800632] ? pcpu_alloc+0x3af/0x1050 [ 881.804556] ? btrfs_remount+0x11f0/0x11f0 [ 881.808808] ? rcu_read_lock_sched_held+0x110/0x130 [ 881.813843] ? __lockdep_init_map+0x10c/0x570 [ 881.818348] mount_fs+0x97/0x2a1 [ 881.821741] vfs_kern_mount.part.0+0x5e/0x3d0 [ 881.826256] ? find_held_lock+0x35/0x130 [ 881.830343] vfs_kern_mount+0x40/0x60 [ 881.834177] btrfs_mount+0x3ce/0x2b14 [ 881.838015] ? lock_downgrade+0x6e0/0x6e0 [ 881.842194] ? find_held_lock+0x35/0x130 [ 881.846280] ? pcpu_alloc+0x3af/0x1050 [ 881.850220] ? btrfs_remount+0x11f0/0x11f0 [ 881.854492] ? rcu_read_lock_sched_held+0x110/0x130 [ 881.859586] ? __lockdep_init_map+0x10c/0x570 [ 881.864099] ? __lockdep_init_map+0x10c/0x570 [ 881.868612] mount_fs+0x97/0x2a1 [ 881.871997] vfs_kern_mount.part.0+0x5e/0x3d0 [ 881.876513] do_mount+0x417/0x27d0 [ 881.880097] ? copy_mount_options+0x5c/0x2f0 [ 881.884543] ? rcu_read_lock_sched_held+0x110/0x130 [ 881.889592] ? copy_mount_string+0x40/0x40 [ 881.893852] ? copy_mount_options+0x1fe/0x2f0 [ 881.898369] SyS_mount+0xab/0x120 [ 881.901862] ? copy_mnt_ns+0x8c0/0x8c0 [ 881.905782] do_syscall_64+0x1e8/0x640 [ 881.909683] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 881.914578] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 881.919789] RIP: 0033:0x45c27a [ 881.922977] RSP: 002b:00007f96fb724a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 881.930700] RAX: ffffffffffffffda RBX: 00007f96fb724b40 RCX: 000000000045c27a [ 881.938652] RDX: 00007f96fb724ae0 RSI: 0000000020000100 RDI: 00007f96fb724b00 [ 881.945958] RBP: 0000000000000001 R08: 00007f96fb724b40 R09: 00007f96fb724ae0 [ 881.953271] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 881.960646] R13: 00000000004c878a R14: 00000000004df3e8 R15: 0000000000000003 [ 881.967941] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 59 02 00 00 48 8b 45 80 c7 80 10 01 00 00 00 00 00 00 e9 e2 f8 ff ff e8 e8 45 f7 fe <0f> 0b e8 e1 45 f7 fe 0f 0b 48 89 f7 e8 87 e7 20 ff e9 ad f8 ff [ 881.987346] RIP: __btrfs_close_devices+0x7d8/0xa90 RSP: ffff8880473af700 [ 881.994688] kobject: 'input398' (ffff888060510c60): kobject_cleanup, parent (null) [ 882.003436] ---[ end trace 5d33939b28e0f4e2 ]--- [ 882.008233] Kernel panic - not syncing: Fatal exception [ 882.014758] Kernel Offset: disabled [ 882.018713] Rebooting in 86400 seconds..