0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:12 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa9250000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:12 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0xa00000000000000]}, 0x10) 11:42:12 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:12 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x48c1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:12 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r2, &(0x7f00000047c0)=[{{&(0x7f0000004500)=@ethernet={0x0, @local}, 0x80, &(0x7f0000004740)}}], 0x209, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/fscreate\x00') ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f00000000c0)) 11:42:12 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x8f41, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:13 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0xe00000000000000]}, 0x10) 11:42:13 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x217d000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:13 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x4000000000000000]}, 0x10) 11:42:13 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xbf91, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:13 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0xf4010000]}, 0x10) 11:42:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0xee) r3 = memfd_create(&(0x7f0000000000)='\x00', 0x1) syz_init_net_socket$llc(0x1a, 0x1, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, r3, 0xd, 0x2}, 0x14) sendmmsg(r2, &(0x7f00000047c0)=[{{&(0x7f0000004500)=@ethernet={0x0, @local}, 0x80, &(0x7f0000004740)}}], 0x209, 0x0) 11:42:13 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x317e000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:13 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x5e, @loopback, 0x8}, 0x1c) fcntl$setstatus(r1, 0x4, 0x4c00) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) r3 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0x7ff, 0x400000) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000300)={0x9, 0x0, 0x10001, 0x6}) ioctl$DRM_IOCTL_SG_FREE(r3, 0x40106439, &(0x7f0000000340)={0xff, r4}) sendmmsg(r2, &(0x7f00000047c0)=[{{&(0x7f0000004500)=@ethernet={0x0, @local}, 0x80, &(0x7f0000004740)}}], 0x209, 0x0) r5 = accept(r2, &(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @loopback}}, &(0x7f0000000140)=0x80) getsockopt$inet_mtu(r5, 0x0, 0xa, &(0x7f0000000180), &(0x7f00000001c0)=0x4) getsockopt$bt_BT_SNDMTU(r5, 0x112, 0xc, &(0x7f0000000200)=0x7fffffff, &(0x7f0000000240)=0x2) tee(r5, r1, 0x7fffffff, 0x1) tee(r2, r0, 0x8, 0x4) 11:42:13 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x7000000]}, 0x10) 11:42:13 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:13 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xf1dc000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:13 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0xe00]}, 0x10) 11:42:14 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x9]}, 0x10) 11:42:14 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd13c0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:14 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:14 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = gettid() ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000140)=r2) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r3 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r3, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r3, &(0x7f00000047c0)=[{{&(0x7f0000004500)=@ethernet={0x0, @local}, 0x80, &(0x7f0000004740)}}], 0x209, 0x0) 11:42:14 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:14 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x0, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:14 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9a6, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:14 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x34]}, 0x10) 11:42:14 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa1e1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:14 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x3400]}, 0x10) 11:42:14 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x0, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:14 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:14 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9c69, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:14 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:15 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0xa000000]}, 0x10) 11:42:15 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x79350000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:15 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x700]}, 0x10) 11:42:15 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:15 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:15 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:15 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:15 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc9f5, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:15 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x7]}, 0x10) 11:42:15 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xf16d0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:15 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x5]}, 0x10) 11:42:15 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x0, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:16 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:16 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x0, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:16 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x7138, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:16 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x0, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:16 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002]}, 0x10) 11:42:16 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x6381, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:16 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'vlan0\x00', 0x2003}) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f0000000180)=""/111) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 11:42:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000400)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000dc1000)="71e67a15cdf0311cfc093a52a7d86bd1", 0x10) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000a80)="76f39414f722fa0b71d26cbea8f410840db91e44ed4f345afdddb534dcc532eb0eb91a707f24a3722b202906f1cc994c104bd804befec167f8c66095042a24900d69a1cf082eacf877ec1b6999ad4e18e3439d345447d91e6d73ebbb2b7d0c4c4bc1a93b896e64fdfc23047fb71c0a3f1c8d0ed4c1c1bc07ba81a53807f910575c41f9f91b7013654c74e25de6f7961ea846883dd56388260a1bb1f3c2598763e23414dfa2d03bb709191400b19b2fdcb3262b2193350ab44aeab4e3774b15868aef6af9ef076874ef0dd3d9541fe4b4f905f400b50b195833ceffe0dda936025b5ca046f933409391410909439d9298ed87dcccc098846fd81b31f4bd1016e7210d92a34d40122614579a64f051262ee1ef98c76f5c03769c78abbf05c4f3a576882f874069f21c80ccad84c36cdff0d6a5125c49225ec5da06497a6e46fe5813407e2a86ccdfbe536e1658d17d438895f547d9d16b2c8aafe459809b686eff472e4e98e47c5ab293a949d72568cccd103146d20af9e946d4061519800e492f59dc79f4918bd987474600e133b9477adbcd61b29bd8686d61e8316484209f69915b48245dff30e515b505954d45233942c9a9cc9acf23a47fb5dad5c01ea748bf37f78fd01d23832d100ac866262b4515ad6845f2e63ac56ae67e8213856a6e9b04d07b05c673507a5b6c632f50e7ab9c0d3cff381714c30b43fd457c31a00f6a79d56067c32471511fd5492f5bb74a5df2651a8e5be4ed7069ec462acd6b5fb9da7128dcd6a875231c847916b46f8b7b039e6676105906c39ad8e4120cc124ffe806e9248724916decfe568c70c5965c3075c578fd7fab271527204ddc5ab97b2a093efccb779e5c1ca30275abec7cb865733ce818d6589049dd259c5854db872aa1c5f7ae6b1566fe0d07e51a5a597a31e038f252f3d14da8db040c584955e37d9d6ae147d0e0597d52cb11d23882ac2f909c6c361d9e59007130135a916ffbec04333bffcc1fc8833492f2ca5ec4d6cd0bb9518d25de04d24812c1777e88870fa784b5064c863a4d436579a9a313b42442a6df8eed7d6c2c4f2ebdb7b4c9e0b0eddfcf74ce1edd2043afe1ab0e5336959a689672776e5c06034d9444e24139c7ec5421f7d0d3fa434341660f816465adda2633f62fdc4323fd62234cb6cbe81c499899b7a4ea47cca41b82a5a4afacdbb5c781a8f6fdac9fe1bc67a357e7a3eed4c2068b249403c27a1772730a3ba913f2799bff42141708dba9c668516305e8ecb3a5db3556243dcda0927c482a809987ebe85573461caf787c4de4726e9af95c6605d211473f6300ad814fe0df4a2a576ed50dd27fc5b3fded3380d280b1fbc87419c6e8b047a2d89799e027a1a042be0e2c2545a126de9cb5a03bf9b7a050c29d452a146d2404b47ccb09f15955e8c1425c1e73ae6f6cb1c8851813356ffd48a0a51073023371c19c73e1f1f7928a7d88aef3194dd3b7f604ce88f4cd8a2d256b86b9f5a57e67ce6a73c089f8efa20dde3b5cbc3aba79c556c6d07d1d693629e0eca746a938af862cb30af852d9241b82afae7ab02d4512204d22b40e28813b1c8ba51a481c82e810181eedb4da0909621eeb7894fef008a5e5ded2c3161a3cce4f447465309b81f25d36f3cd66a34f63c4fee1f9f1fc21e0ac53a148128783ab720ce6e1331b0605ec137acf9f0fbed464857e395c67844d89dc085c0a546953394dab2e9b68b5729820fd8be62537b18def1e78f924c875f0edbbafcc4108b5bd973bac9f34e582cffa9474e88188b5f039fc61160009c0d5155ed5d6f352a2892dfecd2bc137c29abe9bc064ff99b4d6c2aecc02a5a2d5f60450ece397bdb9877b13e1d00849e8cf2c4cca9b96e776f8ac97f977c7798fe1f24811079726c2e588e2f788fede3f0069e43242acdc086eda25b3d587dd44e468d4d903c703ebf67dcc57d071f5f3cb5b76eaa4c3ead18f0214774e1fcf7c55fa60267cc65e2b59eebe72d841316fb467423871f14170c57e20b8892efea43f1302dce9b03ce91a68e929c59518a38551024d23c84f04546909928014d76ea844fa1ebd73d1c560891981fbd77ef7c19418b170fccd04537c61c23777127cdbea830273d3d8dd8cc34643b6c7c45af138183c49542df00b31dd575b18b1326642692e6d45e88d8701803cc516ad8b0fb6f4a9ff2d6128b05badc48028ae6a436d3e4dbb2d74b27bbf73f56fdb3c3cb61ea6f02ea1a6eadecc1c39c06dbeea24c9e3ed1a5d332da10c19bbfe2c444599d34b9ef9c9da83e15936526339c66458139e532f8b4c8118e1dc582597245125d55f6764814fb2df10cba00fc776c37cc0280118ca2e718a84a793de1d89433ddef250c989a59987162979ec9e98f7403285ac6e9ad12d170b2858670f5ab2af3766db000533eb979519176ed8b566c63a602bcf5fe5daaa6fb226156825f08d95f9d528c7d5f0b0d81e1871047c63d594572eccaccb1d49c8e2925eb9696fb2cfb7eaa6c3379cdc6dbc373fd7a771ae93812ac3cc00a0fcf2121173621e9e46e111083d2c194d12063bdda3496437681812fefd69819b765c8a492c359b478b40f82572f3de02a29a386c1937502c2971ce7332365763811a78bc6ea5ef8de5b83dcc6fa31324669d6e2fbc08ec195af7a822914c6c63b0e02661139bfc6122f3d30353c93f2343c6aedffdc76d1b5675c142fe223ad62df2f19ca859b045efc88bc4970041271d217e1f5b58ad6b3586effae8ef4c8b226a0db177cadd98612464c7594aa23f083cbffee045543f1a841169a204f12a6964edea8963cb81c13d2505efb93174ddbee60145e4e57aeaeebc769c86f22edf6f4bf65aa37331cb18ccc81f0d1d909c6a806bc05d5ea883b4aba19ae3ad5205c69682cd587b2dc3b1e0a5f313d15409068592264ad1c6e24100cf7b0ff17ad62c8737b4214126cb80ca82fbcb6ed417d71ec2c03fb176310e426cf84bd06ac5e8ddee34de92426541ad18c75f2763945f72d4d51fd855d04ee7ab1157309a25e7da33466994fcd04ea1a850f3751cbf5da4a68ac2063fce61408f30c77cbbe2b6bc1dba3a03233afd65f0e4a50c19a34a2cb1096643d40ed3b6a621cb2de33436dd7d4b9f9d463f8125e9c3c2722de458bc70eb3d2f35ab00779452a5ccbb21e495e4960596791479eb75ebf1b6d03a3504fcb1ff264741ea3e3dcf1d2abcf98551c51ecf272259dd3e86ff4120794408e83794f29bb46350c43b63f03b349cc4c3e87b1b0f0de0ea90aba7cdce45e71edd055a82bf426724dcb004d8ee7bc4bc2c9afa4b3b5e5cdc16289650ffa152f445f93b318516ba23ae972fc6e8b79cf9697d7b2aaf6446e9f8e92f2fe7add882201dc6db5040d5e76c71e5c7ff2355a771e537f3bd1e37e25625d72ba443a161c47d7daba1fc14e24d9f11d18eeb784aa6d1dc2509917fc686b3820fca1e551b23d6550a672d95087098273b088e331c069a57f8f4288d4b9f254935ef9481a2669a8638b9f73ee7a3b7362f26230e0abacf0be79e51287f04ca5e92c80f82cfc393ab0320edeed6bce99725c8e3c22bd1ad5561441610cdaed63d114548de78a4ac1ecb3b5da849d726764ccc42e352ba6002718afdd8c7171d86053043715bc3a32dcf5a2991f25432af98f738a9d40966692604807f8c29cc69364dcb39abbd727ee0c6254c1952b2ae887fde109deb9f9daf62502e87eccea44c5684211d642adad9d33319f18a93ccdd81ed736f04ed76410813f1b68c6084b61c092ada39973008baa05f37b1d134c9a57b702898799ebed16c7cdf65496a7fa6a5c3970c66108d9c3a9fc2337ffe537a9007320a58b4e74ccd6f432137f84e9f9deda5f1dcb9304ec57674f6b17d7ad0157b5bd6ac031a348946df90f3aaac4ce680b2b0449111276db3690e3592da4dabc63eed7ecdaf275bea54c6a08ea33e6c2eefddda14983652e9c773d0a26bf4797ebbf5f04cbb127adecd339a", 0xb10}], 0x1, &(0x7f00000001c0)}, 0x0) sendmsg$alg(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000000000)}, 0x0) recvmsg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000500)=""/220, 0x200005dc}], 0x1, &(0x7f0000000280)=""/91, 0x5b}, 0x0) 11:42:16 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:16 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x8c9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:16 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x700000000000000]}, 0x10) 11:42:16 executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, &(0x7f0000000300)={0xa, 0x0, 0x0, @local}, 0x1c) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @dev, [], {@ipv4={0x800, {{0x9, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @remote={0xac, 0x14, 0x223}}, @icmp=@timestamp_reply={0xe, 0xe803}}}}}, &(0x7f0000000040)) [ 430.770612] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 430.777465] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 11:42:16 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = memfd_create(&(0x7f0000000040)="00000600000000000000", 0x0) write$binfmt_elf64(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e00000000000000000400000000b6b54fb91d3f76b700000035570007efa973c914f53b380002"], 0x39) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) execveat(r1, &(0x7f0000000100)='\x00', &(0x7f00000001c0), &(0x7f0000000000), 0x1000) 11:42:17 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb931000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:17 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x8000000000000000]}, 0x10) 11:42:17 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:17 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd991000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:17 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xf401]}, 0x10) [ 431.205732] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 11:42:17 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:17 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) fstatfs(r0, &(0x7f0000000080)=""/53) 11:42:17 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xf907000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:17 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)=')\x00') sendmsg(r1, &(0x7f0000000400)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x2c01000000000000, 0x0, 0xf5ffffff00000000]}, 0x4}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000280)='m', 0x1}], 0x1, &(0x7f0000000c80)}, 0x4040040) 11:42:17 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:17 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x64b9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:17 executing program 0: 11:42:17 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:17 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x700]}, 0x10) 11:42:17 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0xa, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)=')\x00') sendmsg(r1, &(0x7f0000000400)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x2c01000000000000, 0x0, 0xf5ffffff00000000]}, 0x4}, 0x80, &(0x7f0000000300)=[{&(0x7f0000000280)='m', 0x1}], 0x1, &(0x7f0000000c80)}, 0x4040040) 11:42:17 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:17 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x11ec0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:17 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:18 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x614d0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:18 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x1f4]}, 0x10) 11:42:18 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:18 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:18 executing program 3: 11:42:18 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xcee1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:18 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xf401000000000000]}, 0x10) 11:42:18 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:18 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa972000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:18 executing program 3: 11:42:18 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:18 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000000]}, 0x10) 11:42:18 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:18 executing program 3: 11:42:18 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xfb51, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:18 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) accept$alg(r0, 0x0, 0x0) 11:42:18 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) recvmmsg(0xffffffffffffffff, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:18 executing program 3: 11:42:18 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803]}, 0x10) 11:42:18 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x5136000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:18 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:18 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:18 executing program 3: 11:42:18 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x7]}, 0x10) 11:42:18 executing program 1: r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x14, &(0x7f0000000080), 0x301) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r1) socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000000c0), 0xffffff24) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000000c0)}, 0x0) setsockopt$sock_attach_bpf(r1, 0x29, 0x14, &(0x7f0000000180), 0x3ec79f067f8087e) 11:42:18 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc1870000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x16, &(0x7f0000001000)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000003d0301000000000095000000000000007126000000000000bf67000000000000570600000f0000006706000002000000070600000ee619f2bf250000000000001f6500000000000067070000000000000707000099741df70f75000000000000bf5400000000000007000000040000003d43010000000000950000000000000061160000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00'}, 0x48) 11:42:19 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:19 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x19eb0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:19 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x100000000000000]}, 0x10) 11:42:19 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e24}, 0x1c) recvmsg(r0, &(0x7f0000000100)={&(0x7f00000001c0)=@nfc, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000001580)=""/106, 0xe}, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @loopback}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000000)=0x8, 0x4) sendmmsg(r0, &(0x7f00000000c0), 0x400000000000254, 0x0) 11:42:19 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x71fc, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe00]}, 0x10) 11:42:19 executing program 0: bind$alg(0xffffffffffffffff, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:19 executing program 5: bind$alg(0xffffffffffffffff, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:19 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x71b9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x8000003e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970403dc0d") socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(r1, &(0x7f0000000440)={&(0x7f00000003c0)=@can, 0x80, &(0x7f0000000900)=[{&(0x7f00000004c0)=""/255, 0xff}], 0x1, &(0x7f0000000980)=""/101, 0x65}, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000000c0)=""/49, 0x31}], 0x10000023, &(0x7f00000002c0)=""/77, 0x4d}, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0x2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0xffffff77}], 0x1, &(0x7f00000001c0)=""/17, 0xffda}, 0x3f00) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x47, &(0x7f0000000000)}, 0x0) close(r0) getpid() ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x541b, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000600)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x28, &(0x7f0000000340)}, 0x2e0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0494e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:42:19 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe15f000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:19 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x69f10000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xf4010000]}, 0x10) 11:42:19 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0xfb, &(0x7f0000000340)=""/251}, 0x48) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000a00)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000bc0)="2f67726f7574002b044a7b09ab0b0274e10985a6fa15b35ba69421f204dec5668a06000000b90ff860e01f262bafac752a6d5ce259cb61ea0cd94458583eef2fc597ea93a7dec9b4168e468be0576d1c0ebf8bc4478f8ed85b547c6924880400000000000000901e428b98add1375f51e135848fea98ace3574511e0c61f722ff61f1db073657764c13f23ed76e9f5ad9b0a121d3019202a82a3e997831b6e1e10f53b98ab1eb37dc61e5717d51a0369715e1e92e66a6b80c82805f9df4f8a02c23d874f64ae00", 0x2761, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)={0xd, 0x0, 0x9, 0x5, 0x1, r0, 0x9}, 0x2c) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000008c0)={r2, r2}) recvmsg(r2, &(0x7f0000007500)={&(0x7f0000006280)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f00000074c0)=[{&(0x7f0000006300)=""/4096, 0x1000}, {&(0x7f0000007300)=""/154, 0x9a}, {&(0x7f00000073c0)=""/244, 0xf4}], 0x3, 0x0, 0x0, 0x8001}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={"6e72300100", 0x2}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x28}, {0x16, 0x0, 0x4}]}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000680)="6c6f00966f380f64a1e3d75d627d1fa159ad34909d60d298034e00202759175d1563ca52dd984f43891be784e2058077d27c448d4b144278cb7548c2ee63bf3c3e591afc1f394f4281891836c571406eb4b673b00000fc0000080000daefec45ecd549b29bfe8d903f00e9e47e673ac1b2616a96bba7e2c0dcf95108eb167f5411d30d37e62266cf8eab640f747082aed2158e2b63f6bfe1343ea62da563ded7abea1ff873329c5646d518fe0e8f20010000792efc2a82a5a17035c87bf7efabe899eb77238a741c80fcb095a2a7d72c595d45388358f546dc882df5b0b55edb1ab6aa14e2b90d685e4a2dd1ba556e04276c1be06fdbc891251cb5bfb690b4c27f5d2fb3e7c92794cf496fdf0495b506841f483edac504209488eb27d43b367fd9992d1b7c478dd4b925aa51a04b100393e1cce76d8027f0a5ed280da80f26b1f3ff300c82255f928b44b9d9e7f2e4c16923dc8741b9c70d92fa1111b51f039ddd1b6adfac67e3a053d38ae16e97eaf5a0270be9a0f12066aa6ecfb569b664bc920bd5381608b35f3aa4210a79c4260a574d4da8c40b9f016ff4ab26b6170250c3214ea18622d704f1c021edffee24c8398c4230d16444e0495088a2f2599a662424f18196f750acca803a21b49423cb5e9f2703e393b982bfcfc4e3f7034f68f272ca8f66bb2f9f2aaf1a20a5a03f254da58698fa342731c70c3ccc40e88aac2edee4c7f59c6ba43021e91424b3056db56ded0c7493d8a3802759b905bb747cbebc7a0af3f570f89f7e1bd00b1c51") bpf$PROG_LOAD(0x5, &(0x7f0000007540)={0x0, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="25140c005400051e98e47d279cb844b6d28ca4cef0710000005bdf9007d87b86f0000000000000af068de17f3522ec78553752000076f09a000000000097808ff2c8c5a478ac991eca7297fe52e6f67315f4a58e28c2ff16421ffe", @ANYRES32=r2], &(0x7f0000000b40)='GPL\x00', 0x4, 0x1000, &(0x7f0000002bc0)=""/4096, 0x41100, 0x1, [], r4}, 0x48) sendmsg$kcm(r2, &(0x7f0000000640)={&(0x7f0000000a40)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x3, 0x4, 0x0, {0xa, 0x4e21, 0x6, @mcast1, 0x3ff}}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000003bc0)="ab256a7810a9779b1ad81929155c86b761f6a75bf89ce9bcdc40c79e41c7817fce6fd310301ec01e3d55d9eb2226d52106daaa867ce6dbfef2cda4455ff36630aeba5954556ca483e771d8671de347b63ace3752a752d32f7be4fccbbdf95c517f95dfc286d0c42da60e2adf67cc337d15b14910dc92db01cd1a1be0cdc20592ce73f779d04c6cd1e706874b4338865410bf39d43e15f06942d3bfae043f3e6be5cff020913753f4f7eefa4653a0bf2233a2e0d9f536c72c99f6438e5ac5553019b91b1796afa2e82fea91d9fb76c9873287bd28c7f6480cd0f06650e4c7a491d8579a546a9020d5d5cc31fc3740b7c1336671de40979223659ac52fe3935422bd4184f6769d1874fe1eb64c2f2997a1b11b27280f27bfa6b8ba0e3ad37e3d48e4cbdfb540bcf3486b9a27789b7713474b276c3c0cf6426d2c393fe1597ce63b79a2afd24efa04d7daa476f46642679f77e7f0fc0c9d4353955091691d2ccc3a38f2df64af2912770c6f6ad123041ed4d1e8a47c443ee6e2d591768d353c30ccaabc500840d181a857496921875b9008a658a1efd3353e8fae515dc2e55bbb21b811f4b6fabbc5a1568dadff12ffdae3eb9ed17a798503c058c901bed01458c221a43e4b95548178f016278c3afe6517de13581b478a9c28e66e1d7ce68cd37d10d711a6ec0e322183f359198670f99511e6c6657c924a4f02bd1f687750fa8ee9ebfe61bf35cfaf1924b40779cd4d3719aaa82b3cbc0560f27b8bf5bb1d5bee2a893b1971871ea45851ac471f876bb48343edb66537b33772fe7cdbc80edc6e76726ab21497fdadb96d924ec8885eeb829597ee67dc8914953f6eb524231212c4e26000a583385e2bae7aa7c6a3e42e31df4ed70198e6efb8d30dac99a584ed43a4f8d59b045c2438af7d98b40a5d36a75542ccee1bcf7376fc8ec914ed8c3ec2ffadf65c77b8260186b97aa52c11f6eff0639b08ceea418553596bf86f505979ca60584b3db3a9ce83a9688a04926e746ab41bdd70564f920bf6f54e3f91338ad58d2968b45c832f6eba61b46de1e33c4aac4fbcdd7774f542a25e59c4dbde650206589dd087413efd04720837732d31c9c5f498876168a65db20fcdcffe66f135c13edbdfa5344a8354866b84a58e75e8b2020fba94ee95bfa1900ec319440b1d985747850c8903a3fab31b80cf0fd4e851aa4aa7ba62477f9d75e11daa1c2d078c0d8b805088334c8c9ddfbcc5c42eeb0a6f276529f11839e94e2604ecc8fa10948e94f5e15289e04ca923aceccf14b0e105cbdd72885d7791d6159b45d7d9562890c6f3f3aa18edf0f50b7b8d0426b2fcb9939fca4d7692f0d7a7726749e9ce5513c51b46f6b0f0257d70174321421d46a4963120893b4511dea5bbd13d2ac472f5ec5f19ad98fc2d7d50de48378c2cc5605ea6430bd58c30a0bc708e9af53001a70a817ece02a341b45d34a8c77d377c7fdda090e00b3fbbd48761f994d270155a491900527ecee9ed0e32e6dd7a495109c977088ba368003b123f02b666868e9f1141db17e2eed8280008592b2ad28314ea91d50f46230c7203160fb9fbd34911e01956d486fc8617432f54c4c7d532c9c991e04304be4147bb3baaef4d6a057cf646098142c48009d691b86f0ce7c7f9c5482c535005bb15b7001a63427f63f59cc88a2bf6efc65a5e7486c86d70448f6d500788ea86a315181e8e52e686b3a23cccfdf6fcf13ab77a8ba1982837a656acac0affcabe9dbe22f40487c63bf2e2a9f3555838b8dec6e802f278926c906111bcd390a927c5426bdd1d0b37392321d817cc44928e07d6cccd667e8b59cc0a76f5c204225c0f3a23ae8e2191dd8fc7bd914a5f63b4a746d91acf6eff878bf3cb9f69935e75c3382d9f6671b30873b9bd25fb37fa5ec9b5a8f4233f0012d64a7c89b6d159844c31ecdce7bf2d302a20e571d2130d4a9614aa77434082c0c8e1994282fc31390c54e6429546fa88140da86ec62bc75844adcc61c920d8006d15368b359f40e4558fcdefd6c48da43f0e7fd2d22ff74bb9d795870fef4b932aad9c572bd2aa9365a7770991b4cff97dd010bed93bd4762482d1dee2bd3ef1f6db0766bd162fe63f60bb67549ba9bdc63b4b8dff93df1767c16a0fc31938a841bebf1b7cb3d0c98ff3612edacbcebafd57540466eb7d9a1dd1bef9e144be33f2b7c1a26543d78266ae4834174f4ce06c9125bcec73f547d97f5167d0d03fd88226f9de1a85a474934c01aa57fa32727c7852e44d01908bf3141775d6f29e7868d1600030d0c42afe8625368e186f02b9e1ccfa58b9749b39aa6695a364f6a9b008c17551de52c81f1e76a30b16b0971a12fb9a9401ca1b261a86cd1f108f4b91dd84b0fa6993c79357edce172fa7679f7e5712a2188d190c5698261a009611b8299f54e2195203bebdeda5400ac394a50bc7f32cb2cf31aaa9d7cccd588a02c24761f001ddf916bee0bd7cce3027436dec2211e800dbb0ef15f274d7608370b68c8477e04f999b2c1fc1857205999b9dde874a4672a39623ee68e8f6473c134a6aa75c8d507220af35ef4d4bc8cb71d62f83bf9861351139e03ae9cd3f87f336183d2fbbb7319205fc7455ef970c31ba2c194f37533e823a7b4ff323e966c3d38e342574f72955ce5ff134810e2bc19940e92d45c35fcb01cb538bb419723c0c2fd68fff7a1583d55c59f4b7354285716e9a0bd5b593fa0ff83846120a9d3c8ae5b2642ef2768e5353b9ec3ed31802054f0380e8f4c85d7c3c4b100d18427db21b080ee4fc9dda4bf9337fe64731c1319e9b7268ef64e918683431e5c3ca8b763e4d49ef5decdc8591eb6c12c8e19e0f6bb6281bc8353ec48a41879da6309459a47857b029e53140bc05c8386404c37e365f56a7d89b5272c2a7d174be99c4493a35b21cf106093e9bf7fa9cc641b9e45a29809762c796a38114d20a8ab9c14ddd9541d6c8487472f5488f8576fd4d2e82a63cc29bce9954700b386f273f4df07a479502071dcd769caa29bff1a4641a27939b10f29146278c58d37940421e785be34e711c45c57a49006bdb01f9dfcd31ecc202f4c2ee0327c329c5f60dc5ab6a4cb591792a264711a38f40447c19b4ddcaff66be7e69a26ac990dfdd4b81d4664f3450ac1fc7e3a272da297d1afb5f7e1660c75898d685b18fd6e3dcf1e1caf213ed51bbb883078f0c4047965be59e71d9e14aba7813f70c5e0b7da213737c941bb091af90c996b15959b6440dd013b1b71a703e42f287d8e320c9cf75bded1e8b416ffadb59105f68e7db37523ecf102d6164ec22b1b21567c55226c80301464a2a5d9178857760fee20232ce27ae6fef7d42b179378a64691fef09e7b4dab3f9878c5c37fbb915f57e3e09c3dd2b77c48e08a59d40bbdf84a171fb05eecfc28420ec8313417c16d9a49b44b2184dfc1a7cb0a62e7fa6b433cdab63f530f80b61a87a3487c8eb777db2c0d127c8f1c5b98408d0fc64a29705c679a70750a8e8023ff78f134cc9939f4b9f0a9ee5c2be9495f7af782093372e27f49cb9272b350e16dbdcdb6e33dea5460c2662625064fee8a2e4b5c77c3fd51e4be4d2e5cb50d607d4c148cc67b0f99ddf96a519c27f1404a55a0d0d05e2c26771f8c2c0ec1bbf9b170d198eecba58c968fa90a75b8891f330d4e3f4c144904daaa6c3c97d1c5a1dbf51c8a8429e827a8d34c5d86eb76e66f393d03d0fb9e79b8833c627cb26c6a0a627e3baf4902da184f4cc66ea3909a15f28afa9be60e66a3cd7cd0d176029e07f0eaedbdcb3d92067b2b5e949f8421b82b31ab6c390e8e42e5405fff6e33df045f81ba074ee44b844a8b023b29e48234348cedb38f6afecda001e1842395abc8b259e72014cc1c4b81d0b22783b84133289d53ad92166188be1291740a50c05b13d75f26a93a30a29ed7b875817f8110a9dcbde95f7076b3c1aeb0ecd9d198f62cc0afdd920cf1663c8fe86c396503cc5522aeb363041d87a2a177a8012b465b1c521f1af78bcece48cf4213f037c87f3afe49e3f7b913ba659dc5a9a6f76e2afe957ea83ce85d8e4068c623b56fea5d73864bfb5a1aaff1da0a7416d8a680015835d66ef69139ee09604dad8824137dee91a6a93d7b0f670fab2b984767a799b3b81bf092647c2a18f169d1e45c28ecda2bf61f143782c4730b6b7309422a0adfb399117c272eb16fc7bb36ee5607fa2bf30a605de0d33c12b5c8ad6ac26d4807a4487f12e75edf59edd498f06c763622866595285ed32c0bd0cdbe4fc5c709645cb5151b3c6015d3df976135b22bdace0bc1ba79d614e6d1e1e7492b9bf72459265b65612aac83c64e2dcd38721225f5e31ac94dee648bd6b18a66fc5d548cbd99ff37ed57be0e3190fd93814a7ab1529e6b429dda0b0889eb31f574d195763cf1d187ce5c19e6208bc2cbe985818c664b1d42a59ecd0bcb6eb57b2115dd2662004cb70ae3f8996c2ba69c1828f0e5a23906349b2d08497a357f0f6981e5845f7770625eba119f001a10e41166aab4d7e3043039a74f269655893b9786281df954a02ff73be05600c09256e9efa15347e39494bff5efb1fdd2447da358607a7857a2436327f91288d9146c4e04d85fd2f2402e7d898b1c5c3abf5aab8e747711104420d2ba655e576a755d32718de24b0fc8ee13a97f556623cf05a504b68b6c8803109eb56a5f61e42d013dadd03bb146e9ead05fe84c95a7c25152e43ac47fdd132f855a39e66c98d90e2f3d907d1a0147915e5ee06c20d30507f451959e98a1b5148cce8c99e04250b36505e24f52faeb20f8450feb84d168acad828bae5d1628af4fa6f4f98bb3dafee034e2325910b3afbb287bab3ad3d3a7c75e740d37c143fdb069eb5108cc596f3721f11082a96b781b7274773cc5c3b7db7f81994a569b311887258f8f6c794eab81d3aba445400a4aa73dba6074d76b0d79e109992e528b25e9e3e9223b7fdc91b6c65f0c1f00dfbe729f08bda4716bc3e5ae8c17eee2d292f9b3a40db60c93a6d47b4ea3172f5868557ed859b2dd8e9f6c7c5da5e4214515426aef2d116abd6bad0ee27e66e850f171f17d052a9197d39af5e7eff9b5fcc22f3f422a6a40b2cdd91a5d5ae5723b8e688635c72a4718c3e646f4d9cf2652ddce74b44bc8343aba202c639a6a6c3eea91a55e8bd79b8c5f6c3a4b65ae604c5b94d8d629b29e911ebfa8819177df669db422cbab062ac74c34b1afcc5858a1077926bd3c387754e2421fd69ba313d1d7cb72753c3ab1ce30dca83e12542129c4355894f30f91ad4d6d0bf7d457a940dfe592f0ee44e7aa6478b845bbe0fc5afe433099e61710ff93fe5f93329f52eda82e336e2e913ad95e773b25c68c816f99c0019f12de9882c26e9a767f1c2f2c79d2104a0996f1a429cee274a35347269448bb7fa8fc09c76e40cfc4313a78d13af4f458b1619f0e05cc27873a10aa5b88fa947a562996dfacabfac8da202823865d3b8b7cd9b4ec4142503b7daf1654f5e3b6dda04c87898a51d89204a2bd3a0c5d13dad80acdd94f70ab88ebad7b0ae444f10732b8e8c93a3f97eb825f8940ac33e16e7dec03f1855984285eb49764c0c7aa9f6484044a04ecb1dbb103e9b6ffe7e5578031407ba687d0a88850b79090546552c79cfe26d4231bfb38fd85297ed410ed666bac3f3fc91b690dfd06e8e7c4ef1ea4c933c7ef46ab01566f80b77379ee7b6db9bee84e080b9754869d1347937f3c2a77f0720b5f97bdcf31f4acd20e474e64d", 0xff0}], 0x1, 0x0, 0x0, 0x1}, 0x40000c0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000b00)}, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000580)={r3, &(0x7f00000004c0)="4250664c2d18e967d8df8833a210e6e77ce9b5cdbbd244a797c1b65cf4810cc72484b83581ce8f551b23769c3a01f4c31e291719da62cafc6c4069f9a5555ed4b1b563012200034f9151d08015ccbdad6ea5072ff6c10e9e34ca237646482fca9088ce", &(0x7f0000001080)=""/9}, 0x18) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000700)={r2, &(0x7f00000004c0), &(0x7f0000000200)=""/144}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000005c0)='\x00') bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000800)={r2, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000840)={r6, 0x5f6, 0x10}, 0xc) recvmsg$kcm(r2, &(0x7f0000002b00)={&(0x7f00000002c0)=@sco, 0x80, &(0x7f0000002940)=[{&(0x7f00000003c0)=""/200, 0xc8}, {&(0x7f0000000900)=""/194, 0xc2}, {&(0x7f00000015c0)=""/197, 0xc5}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000026c0)=""/242, 0xf2}, {&(0x7f00000027c0)=""/215, 0xd7}], 0x6, &(0x7f0000002a00)=""/216, 0xd8, 0x3}, 0x40) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000b00)) socket$kcm(0x29, 0x2, 0x0) 11:42:19 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:19 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x81ee, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:19 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x9000000]}, 0x10) 11:42:19 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) 11:42:20 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4021, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:20 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080), 0x0) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:20 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x40000000]}, 0x10) 11:42:20 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2", 0x2) 11:42:20 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0xfb, &(0x7f0000000340)=""/251}, 0x48) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup(0xffffffffffffff9c, &(0x7f0000000a00)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r1, &(0x7f0000000bc0)="2f67726f7574002b044a7b09ab0b0274e10985a6fa15b35ba69421f204dec5668a06000000b90ff860e01f262bafac752a6d5ce259cb61ea0cd94458583eef2fc597ea93a7dec9b4168e468be0576d1c0ebf8bc4478f8ed85b547c6924880400000000000000901e428b98add1375f51e135848fea98ace3574511e0c61f722ff61f1db073657764c13f23ed76e9f5ad9b0a121d3019202a82a3e997831b6e1e10f53b98ab1eb37dc61e5717d51a0369715e1e92e66a6b80c82805f9df4f8a02c23d874f64ae00", 0x2761, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)={0xd, 0x0, 0x9, 0x5, 0x1, r0, 0x9}, 0x2c) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f00000008c0)={r2, r2}) recvmsg(r2, &(0x7f0000007500)={&(0x7f0000006280)=@xdp={0x2c, 0x0, 0x0}, 0x80, &(0x7f00000074c0)=[{&(0x7f0000006300)=""/4096, 0x1000}, {&(0x7f0000007300)=""/154, 0x9a}, {&(0x7f00000073c0)=""/244, 0xf4}], 0x3, 0x0, 0x0, 0x8001}, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={"6e72300100", 0x2}) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x28}, {0x16, 0x0, 0x4}]}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f0000000680)="6c6f00966f380f64a1e3d75d627d1fa159ad34909d60d298034e00202759175d1563ca52dd984f43891be784e2058077d27c448d4b144278cb7548c2ee63bf3c3e591afc1f394f4281891836c571406eb4b673b00000fc0000080000daefec45ecd549b29bfe8d903f00e9e47e673ac1b2616a96bba7e2c0dcf95108eb167f5411d30d37e62266cf8eab640f747082aed2158e2b63f6bfe1343ea62da563ded7abea1ff873329c5646d518fe0e8f20010000792efc2a82a5a17035c87bf7efabe899eb77238a741c80fcb095a2a7d72c595d45388358f546dc882df5b0b55edb1ab6aa14e2b90d685e4a2dd1ba556e04276c1be06fdbc891251cb5bfb690b4c27f5d2fb3e7c92794cf496fdf0495b506841f483edac504209488eb27d43b367fd9992d1b7c478dd4b925aa51a04b100393e1cce76d8027f0a5ed280da80f26b1f3ff300c82255f928b44b9d9e7f2e4c16923dc8741b9c70d92fa1111b51f039ddd1b6adfac67e3a053d38ae16e97eaf5a0270be9a0f12066aa6ecfb569b664bc920bd5381608b35f3aa4210a79c4260a574d4da8c40b9f016ff4ab26b6170250c3214ea18622d704f1c021edffee24c8398c4230d16444e0495088a2f2599a662424f18196f750acca803a21b49423cb5e9f2703e393b982bfcfc4e3f7034f68f272ca8f66bb2f9f2aaf1a20a5a03f254da58698fa342731c70c3ccc40e88aac2edee4c7f59c6ba43021e91424b3056db56ded0c7493d8a3802759b905bb747cbebc7a0af3f570f89f7e1bd00b1c51") bpf$PROG_LOAD(0x5, &(0x7f0000007540)={0x0, 0xb, &(0x7f0000000d40)=ANY=[@ANYBLOB="25140c005400051e98e47d279cb844b6d28ca4cef0710000005bdf9007d87b86f0000000000000af068de17f3522ec78553752000076f09a000000000097808ff2c8c5a478ac991eca7297fe52e6f67315f4a58e28c2ff16421ffe", @ANYRES32=r2], &(0x7f0000000b40)='GPL\x00', 0x4, 0x1000, &(0x7f0000002bc0)=""/4096, 0x41100, 0x1, [], r4}, 0x48) sendmsg$kcm(r2, &(0x7f0000000640)={&(0x7f0000000a40)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x0, 0x3, 0x4, 0x0, {0xa, 0x4e21, 0x6, @mcast1, 0x3ff}}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000003bc0)="ab256a7810a9779b1ad81929155c86b761f6a75bf89ce9bcdc40c79e41c7817fce6fd310301ec01e3d55d9eb2226d52106daaa867ce6dbfef2cda4455ff36630aeba5954556ca483e771d8671de347b63ace3752a752d32f7be4fccbbdf95c517f95dfc286d0c42da60e2adf67cc337d15b14910dc92db01cd1a1be0cdc20592ce73f779d04c6cd1e706874b4338865410bf39d43e15f06942d3bfae043f3e6be5cff020913753f4f7eefa4653a0bf2233a2e0d9f536c72c99f6438e5ac5553019b91b1796afa2e82fea91d9fb76c9873287bd28c7f6480cd0f06650e4c7a491d8579a546a9020d5d5cc31fc3740b7c1336671de40979223659ac52fe3935422bd4184f6769d1874fe1eb64c2f2997a1b11b27280f27bfa6b8ba0e3ad37e3d48e4cbdfb540bcf3486b9a27789b7713474b276c3c0cf6426d2c393fe1597ce63b79a2afd24efa04d7daa476f46642679f77e7f0fc0c9d4353955091691d2ccc3a38f2df64af2912770c6f6ad123041ed4d1e8a47c443ee6e2d591768d353c30ccaabc500840d181a857496921875b9008a658a1efd3353e8fae515dc2e55bbb21b811f4b6fabbc5a1568dadff12ffdae3eb9ed17a798503c058c901bed01458c221a43e4b95548178f016278c3afe6517de13581b478a9c28e66e1d7ce68cd37d10d711a6ec0e322183f359198670f99511e6c6657c924a4f02bd1f687750fa8ee9ebfe61bf35cfaf1924b40779cd4d3719aaa82b3cbc0560f27b8bf5bb1d5bee2a893b1971871ea45851ac471f876bb48343edb66537b33772fe7cdbc80edc6e76726ab21497fdadb96d924ec8885eeb829597ee67dc8914953f6eb524231212c4e26000a583385e2bae7aa7c6a3e42e31df4ed70198e6efb8d30dac99a584ed43a4f8d59b045c2438af7d98b40a5d36a75542ccee1bcf7376fc8ec914ed8c3ec2ffadf65c77b8260186b97aa52c11f6eff0639b08ceea418553596bf86f505979ca60584b3db3a9ce83a9688a04926e746ab41bdd70564f920bf6f54e3f91338ad58d2968b45c832f6eba61b46de1e33c4aac4fbcdd7774f542a25e59c4dbde650206589dd087413efd04720837732d31c9c5f498876168a65db20fcdcffe66f135c13edbdfa5344a8354866b84a58e75e8b2020fba94ee95bfa1900ec319440b1d985747850c8903a3fab31b80cf0fd4e851aa4aa7ba62477f9d75e11daa1c2d078c0d8b805088334c8c9ddfbcc5c42eeb0a6f276529f11839e94e2604ecc8fa10948e94f5e15289e04ca923aceccf14b0e105cbdd72885d7791d6159b45d7d9562890c6f3f3aa18edf0f50b7b8d0426b2fcb9939fca4d7692f0d7a7726749e9ce5513c51b46f6b0f0257d70174321421d46a4963120893b4511dea5bbd13d2ac472f5ec5f19ad98fc2d7d50de48378c2cc5605ea6430bd58c30a0bc708e9af53001a70a817ece02a341b45d34a8c77d377c7fdda090e00b3fbbd48761f994d270155a491900527ecee9ed0e32e6dd7a495109c977088ba368003b123f02b666868e9f1141db17e2eed8280008592b2ad28314ea91d50f46230c7203160fb9fbd34911e01956d486fc8617432f54c4c7d532c9c991e04304be4147bb3baaef4d6a057cf646098142c48009d691b86f0ce7c7f9c5482c535005bb15b7001a63427f63f59cc88a2bf6efc65a5e7486c86d70448f6d500788ea86a315181e8e52e686b3a23cccfdf6fcf13ab77a8ba1982837a656acac0affcabe9dbe22f40487c63bf2e2a9f3555838b8dec6e802f278926c906111bcd390a927c5426bdd1d0b37392321d817cc44928e07d6cccd667e8b59cc0a76f5c204225c0f3a23ae8e2191dd8fc7bd914a5f63b4a746d91acf6eff878bf3cb9f69935e75c3382d9f6671b30873b9bd25fb37fa5ec9b5a8f4233f0012d64a7c89b6d159844c31ecdce7bf2d302a20e571d2130d4a9614aa77434082c0c8e1994282fc31390c54e6429546fa88140da86ec62bc75844adcc61c920d8006d15368b359f40e4558fcdefd6c48da43f0e7fd2d22ff74bb9d795870fef4b932aad9c572bd2aa9365a7770991b4cff97dd010bed93bd4762482d1dee2bd3ef1f6db0766bd162fe63f60bb67549ba9bdc63b4b8dff93df1767c16a0fc31938a841bebf1b7cb3d0c98ff3612edacbcebafd57540466eb7d9a1dd1bef9e144be33f2b7c1a26543d78266ae4834174f4ce06c9125bcec73f547d97f5167d0d03fd88226f9de1a85a474934c01aa57fa32727c7852e44d01908bf3141775d6f29e7868d1600030d0c42afe8625368e186f02b9e1ccfa58b9749b39aa6695a364f6a9b008c17551de52c81f1e76a30b16b0971a12fb9a9401ca1b261a86cd1f108f4b91dd84b0fa6993c79357edce172fa7679f7e5712a2188d190c5698261a009611b8299f54e2195203bebdeda5400ac394a50bc7f32cb2cf31aaa9d7cccd588a02c24761f001ddf916bee0bd7cce3027436dec2211e800dbb0ef15f274d7608370b68c8477e04f999b2c1fc1857205999b9dde874a4672a39623ee68e8f6473c134a6aa75c8d507220af35ef4d4bc8cb71d62f83bf9861351139e03ae9cd3f87f336183d2fbbb7319205fc7455ef970c31ba2c194f37533e823a7b4ff323e966c3d38e342574f72955ce5ff134810e2bc19940e92d45c35fcb01cb538bb419723c0c2fd68fff7a1583d55c59f4b7354285716e9a0bd5b593fa0ff83846120a9d3c8ae5b2642ef2768e5353b9ec3ed31802054f0380e8f4c85d7c3c4b100d18427db21b080ee4fc9dda4bf9337fe64731c1319e9b7268ef64e918683431e5c3ca8b763e4d49ef5decdc8591eb6c12c8e19e0f6bb6281bc8353ec48a41879da6309459a47857b029e53140bc05c8386404c37e365f56a7d89b5272c2a7d174be99c4493a35b21cf106093e9bf7fa9cc641b9e45a29809762c796a38114d20a8ab9c14ddd9541d6c8487472f5488f8576fd4d2e82a63cc29bce9954700b386f273f4df07a479502071dcd769caa29bff1a4641a27939b10f29146278c58d37940421e785be34e711c45c57a49006bdb01f9dfcd31ecc202f4c2ee0327c329c5f60dc5ab6a4cb591792a264711a38f40447c19b4ddcaff66be7e69a26ac990dfdd4b81d4664f3450ac1fc7e3a272da297d1afb5f7e1660c75898d685b18fd6e3dcf1e1caf213ed51bbb883078f0c4047965be59e71d9e14aba7813f70c5e0b7da213737c941bb091af90c996b15959b6440dd013b1b71a703e42f287d8e320c9cf75bded1e8b416ffadb59105f68e7db37523ecf102d6164ec22b1b21567c55226c80301464a2a5d9178857760fee20232ce27ae6fef7d42b179378a64691fef09e7b4dab3f9878c5c37fbb915f57e3e09c3dd2b77c48e08a59d40bbdf84a171fb05eecfc28420ec8313417c16d9a49b44b2184dfc1a7cb0a62e7fa6b433cdab63f530f80b61a87a3487c8eb777db2c0d127c8f1c5b98408d0fc64a29705c679a70750a8e8023ff78f134cc9939f4b9f0a9ee5c2be9495f7af782093372e27f49cb9272b350e16dbdcdb6e33dea5460c2662625064fee8a2e4b5c77c3fd51e4be4d2e5cb50d607d4c148cc67b0f99ddf96a519c27f1404a55a0d0d05e2c26771f8c2c0ec1bbf9b170d198eecba58c968fa90a75b8891f330d4e3f4c144904daaa6c3c97d1c5a1dbf51c8a8429e827a8d34c5d86eb76e66f393d03d0fb9e79b8833c627cb26c6a0a627e3baf4902da184f4cc66ea3909a15f28afa9be60e66a3cd7cd0d176029e07f0eaedbdcb3d92067b2b5e949f8421b82b31ab6c390e8e42e5405fff6e33df045f81ba074ee44b844a8b023b29e48234348cedb38f6afecda001e1842395abc8b259e72014cc1c4b81d0b22783b84133289d53ad92166188be1291740a50c05b13d75f26a93a30a29ed7b875817f8110a9dcbde95f7076b3c1aeb0ecd9d198f62cc0afdd920cf1663c8fe86c396503cc5522aeb363041d87a2a177a8012b465b1c521f1af78bcece48cf4213f037c87f3afe49e3f7b913ba659dc5a9a6f76e2afe957ea83ce85d8e4068c623b56fea5d73864bfb5a1aaff1da0a7416d8a680015835d66ef69139ee09604dad8824137dee91a6a93d7b0f670fab2b984767a799b3b81bf092647c2a18f169d1e45c28ecda2bf61f143782c4730b6b7309422a0adfb399117c272eb16fc7bb36ee5607fa2bf30a605de0d33c12b5c8ad6ac26d4807a4487f12e75edf59edd498f06c763622866595285ed32c0bd0cdbe4fc5c709645cb5151b3c6015d3df976135b22bdace0bc1ba79d614e6d1e1e7492b9bf72459265b65612aac83c64e2dcd38721225f5e31ac94dee648bd6b18a66fc5d548cbd99ff37ed57be0e3190fd93814a7ab1529e6b429dda0b0889eb31f574d195763cf1d187ce5c19e6208bc2cbe985818c664b1d42a59ecd0bcb6eb57b2115dd2662004cb70ae3f8996c2ba69c1828f0e5a23906349b2d08497a357f0f6981e5845f7770625eba119f001a10e41166aab4d7e3043039a74f269655893b9786281df954a02ff73be05600c09256e9efa15347e39494bff5efb1fdd2447da358607a7857a2436327f91288d9146c4e04d85fd2f2402e7d898b1c5c3abf5aab8e747711104420d2ba655e576a755d32718de24b0fc8ee13a97f556623cf05a504b68b6c8803109eb56a5f61e42d013dadd03bb146e9ead05fe84c95a7c25152e43ac47fdd132f855a39e66c98d90e2f3d907d1a0147915e5ee06c20d30507f451959e98a1b5148cce8c99e04250b36505e24f52faeb20f8450feb84d168acad828bae5d1628af4fa6f4f98bb3dafee034e2325910b3afbb287bab3ad3d3a7c75e740d37c143fdb069eb5108cc596f3721f11082a96b781b7274773cc5c3b7db7f81994a569b311887258f8f6c794eab81d3aba445400a4aa73dba6074d76b0d79e109992e528b25e9e3e9223b7fdc91b6c65f0c1f00dfbe729f08bda4716bc3e5ae8c17eee2d292f9b3a40db60c93a6d47b4ea3172f5868557ed859b2dd8e9f6c7c5da5e4214515426aef2d116abd6bad0ee27e66e850f171f17d052a9197d39af5e7eff9b5fcc22f3f422a6a40b2cdd91a5d5ae5723b8e688635c72a4718c3e646f4d9cf2652ddce74b44bc8343aba202c639a6a6c3eea91a55e8bd79b8c5f6c3a4b65ae604c5b94d8d629b29e911ebfa8819177df669db422cbab062ac74c34b1afcc5858a1077926bd3c387754e2421fd69ba313d1d7cb72753c3ab1ce30dca83e12542129c4355894f30f91ad4d6d0bf7d457a940dfe592f0ee44e7aa6478b845bbe0fc5afe433099e61710ff93fe5f93329f52eda82e336e2e913ad95e773b25c68c816f99c0019f12de9882c26e9a767f1c2f2c79d2104a0996f1a429cee274a35347269448bb7fa8fc09c76e40cfc4313a78d13af4f458b1619f0e05cc27873a10aa5b88fa947a562996dfacabfac8da202823865d3b8b7cd9b4ec4142503b7daf1654f5e3b6dda04c87898a51d89204a2bd3a0c5d13dad80acdd94f70ab88ebad7b0ae444f10732b8e8c93a3f97eb825f8940ac33e16e7dec03f1855984285eb49764c0c7aa9f6484044a04ecb1dbb103e9b6ffe7e5578031407ba687d0a88850b79090546552c79cfe26d4231bfb38fd85297ed410ed666bac3f3fc91b690dfd06e8e7c4ef1ea4c933c7ef46ab01566f80b77379ee7b6db9bee84e080b9754869d1347937f3c2a77f0720b5f97bdcf31f4acd20e474e64d", 0xff0}], 0x1, 0x0, 0x0, 0x1}, 0x40000c0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000b00)}, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000580)={r3, &(0x7f00000004c0)="4250664c2d18e967d8df8833a210e6e77ce9b5cdbbd244a797c1b65cf4810cc72484b83581ce8f551b23769c3a01f4c31e291719da62cafc6c4069f9a5555ed4b1b563012200034f9151d08015ccbdad6ea5072ff6c10e9e34ca237646482fca9088ce", &(0x7f0000001080)=""/9}, 0x18) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000700)={r2, &(0x7f00000004c0), &(0x7f0000000200)=""/144}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz1\x00', 0x1ff) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f00000005c0)='\x00') bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000800)={r2, 0x28, &(0x7f0000000080)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000840)={r6, 0x5f6, 0x10}, 0xc) recvmsg$kcm(r2, &(0x7f0000002b00)={&(0x7f00000002c0)=@sco, 0x80, &(0x7f0000002940)=[{&(0x7f00000003c0)=""/200, 0xc8}, {&(0x7f0000000900)=""/194, 0xc2}, {&(0x7f00000015c0)=""/197, 0xc5}, {&(0x7f00000016c0)=""/4096, 0x1000}, {&(0x7f00000026c0)=""/242, 0xf2}, {&(0x7f00000027c0)=""/215, 0xd7}], 0x6, &(0x7f0000002a00)=""/216, 0xd8, 0x3}, 0x40) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000b00)) socket$kcm(0x29, 0x2, 0x0) 11:42:20 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:20 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x72b1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:20 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2", 0x2) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:20 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f228", 0x3) 11:42:20 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x40020000]}, 0x10) 11:42:20 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:20 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:20 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd7a9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:20 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f228", 0x3) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:20 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:20 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x34]}, 0x10) 11:42:20 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:20 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x299e000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:20 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x0, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:20 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x5]}, 0x10) 11:42:21 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x0, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:21 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) accept$alg(r0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:21 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb9d6000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:21 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x9]}, 0x10) 11:42:21 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:21 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb1b4, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:21 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00), 0x0, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:21 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:21 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x3400000000000000]}, 0x10) 11:42:21 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xa000000]}, 0x10) 11:42:21 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00), 0x0, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:21 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:21 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa1930000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:22 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9ad0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:22 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00), 0x0, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:22 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:22 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x3400]}, 0x10) 11:42:22 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00), 0x0, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:22 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb0e9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:22 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x240]}, 0x10) 11:42:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00), 0x0, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:22 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:22 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc1aa000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:22 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:22 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe]}, 0x10) 11:42:23 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x31bd000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:23 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x0, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:23 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00), 0x0, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:23 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe803000000000000]}, 0x10) 11:42:23 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:23 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x51e4, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:23 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x400000000000000]}, 0x10) 11:42:23 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x0, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:23 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:23 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4947, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:23 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:23 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x4002000000000000]}, 0x10) 11:42:24 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:24 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xcf61, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:24 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:24 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe000000]}, 0x10) 11:42:24 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:24 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:24 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4126000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:24 executing program 0: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty=0x7000000}, 0x10) 11:42:24 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe8030000]}, 0x10) 11:42:24 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:24 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x3699, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:24 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd861, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:25 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000]}, 0x10) [ 438.904299] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 11:42:25 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x8a31, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:25 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x7000000]}, 0x10) 11:42:25 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x41f9000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:25 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x500]}, 0x10) 11:42:25 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:25 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x91da, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:25 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x500000000000000]}, 0x10) 11:42:26 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:26 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xe00000000000000]}, 0x10) 11:42:26 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x59d80000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:26 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:26 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:26 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9569, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:26 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x5000000]}, 0x10) 11:42:26 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:26 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:26 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd1ae000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:27 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x1000000]}, 0x10) 11:42:27 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:27 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:27 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:27 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x4000000000000000]}, 0x10) 11:42:27 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) ioctl$LOOP_CTL_ADD(r3, 0x4c80, 0x0) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:27 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd979000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:28 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xa00000000000000]}, 0x10) 11:42:28 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:28 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380), 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:28 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x952000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:28 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x34000000]}, 0x10) 11:42:28 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380), 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:28 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380), 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:28 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:28 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:28 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x8491, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:29 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xa00]}, 0x10) 11:42:29 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:29 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xef69, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:29 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380), 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:29 executing program 5: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:29 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x3e8]}, 0x10) 11:42:29 executing program 1: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:29 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xf919, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:29 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x4]}, 0x10) 11:42:29 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0xa]}, 0x10) 11:42:29 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r3) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:29 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe1920000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:30 executing program 1 (fault-call:4 fault-nth:0): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 444.094846] FAULT_INJECTION: forcing a failure. [ 444.094846] name failslab, interval 1, probability 0, space 0, times 0 [ 444.106933] CPU: 0 PID: 17124 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 444.115427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.124791] Call Trace: [ 444.127377] dump_stack+0x244/0x39d [ 444.130996] ? dump_stack_print_info.cold.1+0x20/0x20 [ 444.136188] should_fail.cold.4+0xa/0x17 [ 444.140255] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 444.145346] ? zap_class+0x640/0x640 [ 444.149054] ? print_usage_bug+0xc0/0xc0 [ 444.153137] ? zap_class+0x640/0x640 [ 444.156969] ? find_held_lock+0x36/0x1c0 [ 444.161066] ? find_held_lock+0x36/0x1c0 [ 444.165132] ? __lock_is_held+0xb5/0x140 [ 444.169223] ? perf_trace_sched_process_exec+0x860/0x860 [ 444.174683] __should_failslab+0x124/0x180 [ 444.178945] should_failslab+0x9/0x14 [ 444.182749] __kmalloc+0x2e0/0x760 [ 444.186281] ? __local_bh_enable_ip+0x160/0x260 [ 444.190946] ? sock_kmalloc+0x15a/0x1f0 [ 444.194924] sock_kmalloc+0x15a/0x1f0 [ 444.198717] ? __sk_mem_schedule+0xe0/0xe0 [ 444.203009] ? __init_waitqueue_head+0x150/0x150 [ 444.207774] ? trace_hardirqs_off_caller+0x300/0x300 [ 444.212906] af_alg_alloc_areq+0x83/0x280 [ 444.217078] ? alg_accept+0x60/0x60 [ 444.220702] ? __local_bh_enable_ip+0x160/0x260 [ 444.225379] skcipher_recvmsg+0x350/0x11e0 [ 444.229635] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.235163] ? _copy_from_user+0xdf/0x150 [ 444.239302] ? skcipher_bind+0x30/0x30 [ 444.243182] ? apparmor_socket_recvmsg+0x29/0x30 [ 444.247960] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.253513] ? security_socket_recvmsg+0x9c/0xc0 [ 444.258282] ? skcipher_bind+0x30/0x30 [ 444.262174] sock_recvmsg+0xd0/0x110 [ 444.265887] ? __sock_recv_ts_and_drops+0x420/0x420 [ 444.270945] ___sys_recvmsg+0x2b6/0x680 [ 444.274948] ? ___sys_sendmsg+0x930/0x930 [ 444.279106] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 444.284259] ? timespec64_add_safe+0x204/0x2f0 [ 444.288843] ? __fget_light+0x2e9/0x430 [ 444.292806] ? fget_raw+0x20/0x20 [ 444.296249] ? get_pid_task+0xd6/0x1a0 [ 444.300124] ? lock_downgrade+0x900/0x900 [ 444.304266] ? poll_select_set_timeout+0x156/0x240 [ 444.309186] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.314715] ? sockfd_lookup_light+0xc5/0x160 [ 444.319216] __sys_recvmmsg+0x303/0xb90 [ 444.323210] ? __ia32_sys_recvmsg+0xb0/0xb0 [ 444.327537] ? lock_release+0xa10/0xa10 [ 444.331499] ? perf_trace_sched_process_exec+0x860/0x860 [ 444.336963] ? kasan_check_write+0x14/0x20 [ 444.341200] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.346733] ? _copy_from_user+0xdf/0x150 [ 444.350876] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.356424] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 444.361978] do_sys_recvmmsg+0xe3/0x190 [ 444.365950] ? __sys_recvmmsg+0xb90/0xb90 [ 444.370096] ? trace_hardirqs_on+0xbd/0x310 [ 444.374433] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.379807] ? trace_hardirqs_off_caller+0x300/0x300 [ 444.384900] __x64_sys_recvmmsg+0xbe/0x150 [ 444.389151] do_syscall_64+0x1b9/0x820 [ 444.393040] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 444.398404] ? syscall_return_slowpath+0x5e0/0x5e0 [ 444.403331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 444.408163] ? trace_hardirqs_on_caller+0x310/0x310 [ 444.413185] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 444.418233] ? prepare_exit_to_usermode+0x291/0x3b0 [ 444.423256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 444.428105] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.433287] RIP: 0033:0x457569 [ 444.436493] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 444.455405] RSP: 002b:00007fdd7b6b9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 444.463110] RAX: ffffffffffffffda RBX: 00007fdd7b6b9c90 RCX: 0000000000457569 [ 444.470367] RDX: 0000000000000204 RSI: 0000000020005a00 RDI: 0000000000000004 [ 444.477629] RBP: 000000000072bf00 R08: 0000000020005c00 R09: 0000000000000000 [ 444.484896] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd7b6ba6d4 11:42:30 executing program 1 (fault-call:4 fault-nth:1): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 444.492168] R13: 00000000004c3244 R14: 00000000004d4de8 R15: 0000000000000005 [ 444.528416] FAULT_INJECTION: forcing a failure. [ 444.528416] name failslab, interval 1, probability 0, space 0, times 0 [ 444.539957] CPU: 0 PID: 17128 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 444.548438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.557780] Call Trace: [ 444.557840] dump_stack+0x244/0x39d [ 444.557861] ? dump_stack_print_info.cold.1+0x20/0x20 [ 444.569245] ? trace_hardirqs_on+0xbd/0x310 [ 444.573571] ? kasan_check_read+0x11/0x20 [ 444.573590] ? iov_iter_get_pages+0x2c9/0x11e0 [ 444.573615] should_fail.cold.4+0xa/0x17 [ 444.573637] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 444.573657] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 444.596515] ? get_user_pages_fast+0x2a9/0x450 [ 444.601108] ? __get_user_pages_fast+0x3f0/0x3f0 [ 444.605879] ? __kernel_text_address+0xd/0x40 [ 444.610414] ? unwind_get_return_address+0x61/0xa0 [ 444.615351] ? zap_class+0x640/0x640 [ 444.619067] ? __save_stack_trace+0x8d/0xf0 [ 444.623393] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 444.628421] ? find_held_lock+0x36/0x1c0 [ 444.632494] ? __lock_is_held+0xb5/0x140 [ 444.636587] ? perf_trace_sched_process_exec+0x860/0x860 [ 444.642088] ? find_held_lock+0x36/0x1c0 [ 444.646161] __should_failslab+0x124/0x180 [ 444.650402] should_failslab+0x9/0x14 [ 444.654210] __kmalloc+0x2e0/0x760 [ 444.657756] ? memset+0x31/0x40 [ 444.661042] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 444.666159] ? iov_iter_advance+0x315/0x1370 [ 444.670635] ? sg_init_table+0x28/0x60 [ 444.674526] ? sock_kmalloc+0x15a/0x1f0 [ 444.678509] sock_kmalloc+0x15a/0x1f0 [ 444.682319] ? __sk_mem_schedule+0xe0/0xe0 [ 444.686560] ? rcu_read_lock_sched_held+0x14f/0x180 [ 444.691588] af_alg_get_rsgl+0x1d7/0x920 [ 444.695662] ? af_alg_make_sg+0x550/0x550 [ 444.699816] ? trace_hardirqs_off_caller+0x300/0x300 [ 444.704941] ? af_alg_alloc_areq+0x1ec/0x280 [ 444.709356] ? alg_accept+0x60/0x60 [ 444.712992] ? __local_bh_enable_ip+0x160/0x260 [ 444.717672] skcipher_recvmsg+0x39e/0x11e0 [ 444.721937] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.727481] ? _copy_from_user+0xdf/0x150 [ 444.731637] ? skcipher_bind+0x30/0x30 [ 444.735558] ? apparmor_socket_recvmsg+0x29/0x30 [ 444.740321] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.745858] ? security_socket_recvmsg+0x9c/0xc0 [ 444.750616] ? skcipher_bind+0x30/0x30 [ 444.754510] sock_recvmsg+0xd0/0x110 [ 444.758241] ? __sock_recv_ts_and_drops+0x420/0x420 [ 444.763262] ___sys_recvmsg+0x2b6/0x680 [ 444.767250] ? ___sys_sendmsg+0x930/0x930 [ 444.771409] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 444.776430] ? timespec64_add_safe+0x204/0x2f0 [ 444.781019] ? __fget_light+0x2e9/0x430 [ 444.784997] ? fget_raw+0x20/0x20 [ 444.788454] ? get_pid_task+0xd6/0x1a0 [ 444.792348] ? lock_downgrade+0x900/0x900 [ 444.796509] ? poll_select_set_timeout+0x156/0x240 [ 444.801533] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.807073] ? sockfd_lookup_light+0xc5/0x160 [ 444.811592] __sys_recvmmsg+0x303/0xb90 [ 444.815596] ? __ia32_sys_recvmsg+0xb0/0xb0 [ 444.819950] ? lock_release+0xa10/0xa10 [ 444.823951] ? perf_trace_sched_process_exec+0x860/0x860 [ 444.829411] ? kasan_check_write+0x14/0x20 [ 444.833667] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 444.839205] ? _copy_from_user+0xdf/0x150 [ 444.843362] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 444.848924] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 444.854475] do_sys_recvmmsg+0xe3/0x190 [ 444.858458] ? __sys_recvmmsg+0xb90/0xb90 [ 444.862626] ? trace_hardirqs_on+0xbd/0x310 [ 444.866967] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.872345] ? trace_hardirqs_off_caller+0x300/0x300 [ 444.877462] __x64_sys_recvmmsg+0xbe/0x150 [ 444.881703] do_syscall_64+0x1b9/0x820 [ 444.885590] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 444.890962] ? syscall_return_slowpath+0x5e0/0x5e0 [ 444.895895] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 444.900757] ? trace_hardirqs_on_caller+0x310/0x310 [ 444.905781] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 444.910801] ? prepare_exit_to_usermode+0x291/0x3b0 [ 444.915824] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 444.920679] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 444.925870] RIP: 0033:0x457569 [ 444.929069] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 444.947971] RSP: 002b:00007fdd7b6b9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 444.955684] RAX: ffffffffffffffda RBX: 00007fdd7b6b9c90 RCX: 0000000000457569 [ 444.962953] RDX: 0000000000000204 RSI: 0000000020005a00 RDI: 0000000000000004 [ 444.970220] RBP: 000000000072bf00 R08: 0000000020005c00 R09: 0000000000000000 [ 444.977487] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd7b6ba6d4 [ 444.984755] R13: 00000000004c3244 R14: 00000000004d4de8 R15: 0000000000000005 11:42:31 executing program 0: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380), 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:31 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x41fa, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:31 executing program 5: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:31 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x900000000000000]}, 0x10) 11:42:31 executing program 1 (fault-call:4 fault-nth:2): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 445.169736] FAULT_INJECTION: forcing a failure. [ 445.169736] name failslab, interval 1, probability 0, space 0, times 0 [ 445.181241] CPU: 0 PID: 17141 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 445.189743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.189755] Call Trace: [ 445.201703] dump_stack+0x244/0x39d [ 445.201727] ? dump_stack_print_info.cold.1+0x20/0x20 [ 445.201750] ? trace_hardirqs_on+0xbd/0x310 [ 445.210547] ? iov_iter_get_pages+0x2c9/0x11e0 [ 445.210573] should_fail.cold.4+0xa/0x17 [ 445.210595] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 445.210611] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 445.210631] ? get_user_pages_fast+0x2a9/0x450 [ 445.219684] ? __get_user_pages_fast+0x3f0/0x3f0 [ 445.219702] ? kasan_kmalloc+0xc7/0xe0 [ 445.219718] ? sock_kmalloc+0x15a/0x1f0 [ 445.219734] ? af_alg_get_rsgl+0x1d7/0x920 [ 445.219750] ? zap_class+0x640/0x640 [ 445.219771] ? __sys_recvmmsg+0x303/0xb90 [ 445.228948] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 445.228991] ? find_held_lock+0x36/0x1c0 [ 445.229019] ? __lock_is_held+0xb5/0x140 [ 445.238605] ? perf_trace_sched_process_exec+0x860/0x860 [ 445.238635] __should_failslab+0x124/0x180 [ 445.238656] should_failslab+0x9/0x14 [ 445.238678] __kmalloc+0x2e0/0x760 [ 445.247304] ? memset+0x31/0x40 [ 445.247321] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 445.247337] ? iov_iter_advance+0x315/0x1370 [ 445.247353] ? sg_init_table+0x28/0x60 [ 445.247371] ? sock_kmalloc+0x15a/0x1f0 [ 445.255572] sock_kmalloc+0x15a/0x1f0 [ 445.255592] ? __sk_mem_schedule+0xe0/0xe0 [ 445.255618] ? rcu_read_lock_sched_held+0x14f/0x180 [ 445.255640] af_alg_get_rsgl+0x1d7/0x920 [ 445.263521] ? af_alg_make_sg+0x550/0x550 [ 445.263540] ? trace_hardirqs_off_caller+0x300/0x300 [ 445.263563] ? af_alg_alloc_areq+0x1ec/0x280 [ 445.272620] ? alg_accept+0x60/0x60 [ 445.272643] ? __local_bh_enable_ip+0x160/0x260 [ 445.272668] skcipher_recvmsg+0x39e/0x11e0 [ 445.272688] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 445.282177] ? _copy_from_user+0xdf/0x150 [ 445.282203] ? skcipher_bind+0x30/0x30 [ 445.282222] ? apparmor_socket_recvmsg+0x29/0x30 [ 445.282239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 445.282254] ? security_socket_recvmsg+0x9c/0xc0 [ 445.282273] ? skcipher_bind+0x30/0x30 [ 445.290292] sock_recvmsg+0xd0/0x110 [ 445.290311] ? __sock_recv_ts_and_drops+0x420/0x420 [ 445.290330] ___sys_recvmsg+0x2b6/0x680 [ 445.290358] ? ___sys_sendmsg+0x930/0x930 [ 445.290381] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 445.411691] ? timespec64_add_safe+0x204/0x2f0 [ 445.416267] ? __fget_light+0x2e9/0x430 [ 445.420230] ? fget_raw+0x20/0x20 [ 445.423671] ? get_pid_task+0xd6/0x1a0 [ 445.427550] ? lock_downgrade+0x900/0x900 [ 445.431755] ? poll_select_set_timeout+0x156/0x240 [ 445.436679] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 445.442214] ? sockfd_lookup_light+0xc5/0x160 [ 445.446723] __sys_recvmmsg+0x303/0xb90 [ 445.450707] ? __ia32_sys_recvmsg+0xb0/0xb0 [ 445.455019] ? lock_release+0xa10/0xa10 [ 445.458978] ? perf_trace_sched_process_exec+0x860/0x860 [ 445.464431] ? kasan_check_write+0x14/0x20 [ 445.468681] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 445.474208] ? _copy_from_user+0xdf/0x150 [ 445.478352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 445.483903] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 445.489477] do_sys_recvmmsg+0xe3/0x190 [ 445.493455] ? __sys_recvmmsg+0xb90/0xb90 [ 445.497618] ? trace_hardirqs_on+0xbd/0x310 [ 445.501956] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 445.507311] ? trace_hardirqs_off_caller+0x300/0x300 [ 445.512406] __x64_sys_recvmmsg+0xbe/0x150 [ 445.516636] do_syscall_64+0x1b9/0x820 [ 445.520512] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 445.525877] ? syscall_return_slowpath+0x5e0/0x5e0 [ 445.530793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 445.535638] ? trace_hardirqs_on_caller+0x310/0x310 [ 445.540648] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 445.545663] ? prepare_exit_to_usermode+0x291/0x3b0 [ 445.550684] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 445.555517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 445.560691] RIP: 0033:0x457569 [ 445.563874] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 445.582759] RSP: 002b:00007fdd7b6b9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 445.590481] RAX: ffffffffffffffda RBX: 00007fdd7b6b9c90 RCX: 0000000000457569 [ 445.597745] RDX: 0000000000000204 RSI: 0000000020005a00 RDI: 0000000000000004 [ 445.605011] RBP: 000000000072bf00 R08: 0000000020005c00 R09: 0000000000000000 [ 445.612280] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd7b6ba6d4 11:42:31 executing program 1 (fault-call:4 fault-nth:3): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 445.619542] R13: 00000000004c3244 R14: 00000000004d4de8 R15: 0000000000000005 [ 445.655184] FAULT_INJECTION: forcing a failure. [ 445.655184] name failslab, interval 1, probability 0, space 0, times 0 [ 445.666487] CPU: 1 PID: 17143 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 445.674977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.684316] Call Trace: [ 445.686919] dump_stack+0x244/0x39d [ 445.690555] ? dump_stack_print_info.cold.1+0x20/0x20 [ 445.695736] ? trace_hardirqs_on+0xbd/0x310 [ 445.700059] ? iov_iter_get_pages+0x2c9/0x11e0 [ 445.704648] should_fail.cold.4+0xa/0x17 [ 445.708722] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 445.713815] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 445.718822] ? get_user_pages_fast+0x2a9/0x450 [ 445.723394] ? __get_user_pages_fast+0x3f0/0x3f0 [ 445.728141] ? kasan_kmalloc+0xc7/0xe0 [ 445.732030] ? sock_kmalloc+0x15a/0x1f0 [ 445.736028] ? af_alg_get_rsgl+0x1d7/0x920 [ 445.740252] ? zap_class+0x640/0x640 [ 445.743956] ? __sys_recvmmsg+0x303/0xb90 [ 445.748098] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 445.753113] ? find_held_lock+0x36/0x1c0 [ 445.757170] ? __lock_is_held+0xb5/0x140 [ 445.761230] ? perf_trace_sched_process_exec+0x860/0x860 [ 445.766694] __should_failslab+0x124/0x180 [ 445.770947] should_failslab+0x9/0x14 [ 445.774745] __kmalloc+0x2e0/0x760 [ 445.778274] ? memset+0x31/0x40 [ 445.781541] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 445.786547] ? iov_iter_advance+0x315/0x1370 [ 445.790945] ? sg_init_table+0x28/0x60 [ 445.794818] ? sock_kmalloc+0x15a/0x1f0 [ 445.798781] sock_kmalloc+0x15a/0x1f0 [ 445.802572] ? __sk_mem_schedule+0xe0/0xe0 [ 445.806800] ? rcu_read_lock_sched_held+0x14f/0x180 [ 445.811808] af_alg_get_rsgl+0x1d7/0x920 [ 445.815865] ? af_alg_make_sg+0x550/0x550 [ 445.820017] ? trace_hardirqs_off_caller+0x300/0x300 [ 445.825144] ? af_alg_alloc_areq+0x1ec/0x280 [ 445.829540] ? alg_accept+0x60/0x60 [ 445.833162] ? __local_bh_enable_ip+0x160/0x260 [ 445.837853] skcipher_recvmsg+0x39e/0x11e0 [ 445.842081] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 445.847630] ? _copy_from_user+0xdf/0x150 [ 445.851770] ? skcipher_bind+0x30/0x30 [ 445.855649] ? apparmor_socket_recvmsg+0x29/0x30 [ 445.860392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 445.865928] ? security_socket_recvmsg+0x9c/0xc0 [ 445.870677] ? skcipher_bind+0x30/0x30 [ 445.874565] sock_recvmsg+0xd0/0x110 [ 445.878271] ? __sock_recv_ts_and_drops+0x420/0x420 [ 445.883287] ___sys_recvmsg+0x2b6/0x680 [ 445.887286] ? ___sys_sendmsg+0x930/0x930 [ 445.891459] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 445.896488] ? timespec64_add_safe+0x204/0x2f0 [ 445.901104] ? __fget_light+0x2e9/0x430 [ 445.905081] ? fget_raw+0x20/0x20 [ 445.908539] ? get_pid_task+0xd6/0x1a0 [ 445.912439] ? lock_downgrade+0x900/0x900 [ 445.916598] ? poll_select_set_timeout+0x156/0x240 [ 445.921535] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 445.927074] ? sockfd_lookup_light+0xc5/0x160 [ 445.931576] __sys_recvmmsg+0x303/0xb90 [ 445.935564] ? __ia32_sys_recvmsg+0xb0/0xb0 [ 445.939893] ? lock_release+0xa10/0xa10 [ 445.943875] ? perf_trace_sched_process_exec+0x860/0x860 [ 445.949328] ? kasan_check_write+0x14/0x20 [ 445.953581] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 445.959123] ? _copy_from_user+0xdf/0x150 [ 445.963276] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 445.968822] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 445.974364] do_sys_recvmmsg+0xe3/0x190 [ 445.978344] ? __sys_recvmmsg+0xb90/0xb90 [ 445.982496] ? trace_hardirqs_on+0xbd/0x310 [ 445.986819] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 445.992185] ? trace_hardirqs_off_caller+0x300/0x300 [ 445.997298] __x64_sys_recvmmsg+0xbe/0x150 [ 446.001538] do_syscall_64+0x1b9/0x820 [ 446.005432] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 446.010803] ? syscall_return_slowpath+0x5e0/0x5e0 [ 446.015731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 446.020580] ? trace_hardirqs_on_caller+0x310/0x310 [ 446.025600] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 446.030621] ? prepare_exit_to_usermode+0x291/0x3b0 [ 446.035649] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 446.040502] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.045689] RIP: 0033:0x457569 [ 446.048884] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 446.067796] RSP: 002b:00007fdd7b6b9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 446.075504] RAX: ffffffffffffffda RBX: 00007fdd7b6b9c90 RCX: 0000000000457569 [ 446.082771] RDX: 0000000000000204 RSI: 0000000020005a00 RDI: 0000000000000004 [ 446.090252] RBP: 000000000072bf00 R08: 0000000020005c00 R09: 0000000000000000 [ 446.097518] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd7b6ba6d4 11:42:32 executing program 1 (fault-call:4 fault-nth:4): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 446.104785] R13: 00000000004c3244 R14: 00000000004d4de8 R15: 0000000000000005 [ 446.138447] FAULT_INJECTION: forcing a failure. [ 446.138447] name failslab, interval 1, probability 0, space 0, times 0 [ 446.150158] CPU: 0 PID: 17145 Comm: syz-executor1 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 446.158660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.158667] Call Trace: [ 446.158693] dump_stack+0x244/0x39d [ 446.158718] ? dump_stack_print_info.cold.1+0x20/0x20 [ 446.158755] should_fail.cold.4+0xa/0x17 [ 446.158780] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 446.158799] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 446.158817] ? check_preemption_disabled+0x48/0x280 [ 446.158847] ? zap_class+0x640/0x640 [ 446.158876] ? find_held_lock+0x36/0x1c0 [ 446.170808] ? __lock_is_held+0xb5/0x140 [ 446.170839] ? perf_trace_sched_process_exec+0x860/0x860 [ 446.179650] ? rcu_read_lock_sched_held+0x14f/0x180 [ 446.188805] __should_failslab+0x124/0x180 [ 446.188826] should_failslab+0x9/0x14 [ 446.188843] __kmalloc+0x2e0/0x760 [ 446.188864] ? af_alg_make_sg+0x550/0x550 [ 446.188882] ? sock_kmalloc+0x15a/0x1f0 [ 446.199419] sock_kmalloc+0x15a/0x1f0 [ 446.199438] ? __sk_mem_schedule+0xe0/0xe0 [ 446.199457] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 446.199472] ? af_alg_count_tsgl+0x1bc/0x250 [ 446.199499] skcipher_recvmsg+0x4fd/0x11e0 [ 446.207257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 446.216742] ? _copy_from_user+0xa0/0x150 [ 446.216767] ? skcipher_bind+0x30/0x30 [ 446.216788] ? apparmor_socket_recvmsg+0x29/0x30 [ 446.226031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 11:42:32 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0xc) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r3 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_ADD(r2, 0x4c80, r3) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 446.233362] ? security_socket_recvmsg+0x9c/0xc0 [ 446.233380] ? skcipher_bind+0x30/0x30 [ 446.233399] sock_recvmsg+0xd0/0x110 [ 446.245297] ? __sock_recv_ts_and_drops+0x420/0x420 [ 446.259460] ___sys_recvmsg+0x2b6/0x680 [ 446.259490] ? ___sys_sendmsg+0x930/0x930 [ 446.259516] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 446.259537] ? timespec64_add_safe+0x204/0x2f0 [ 446.269323] ? __fget_light+0x2e9/0x430 [ 446.269340] ? fget_raw+0x20/0x20 [ 446.269356] ? get_pid_task+0xd6/0x1a0 [ 446.269375] ? lock_downgrade+0x900/0x900 [ 446.277401] ? poll_select_set_timeout+0x156/0x240 [ 446.287672] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 446.287690] ? sockfd_lookup_light+0xc5/0x160 [ 446.287711] __sys_recvmmsg+0x303/0xb90 [ 446.287740] ? __ia32_sys_recvmsg+0xb0/0xb0 [ 446.305068] ? lock_release+0xa10/0xa10 [ 446.305084] ? perf_trace_sched_process_exec+0x860/0x860 [ 446.305106] ? kasan_check_write+0x14/0x20 [ 446.313230] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 446.313248] ? _copy_from_user+0xdf/0x150 [ 446.313268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 446.322863] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 446.322887] do_sys_recvmmsg+0xe3/0x190 [ 446.322907] ? __sys_recvmmsg+0xb90/0xb90 [ 446.322938] ? trace_hardirqs_on+0xbd/0x310 [ 446.322959] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.330386] ? trace_hardirqs_off_caller+0x300/0x300 [ 446.330410] __x64_sys_recvmmsg+0xbe/0x150 [ 446.330431] do_syscall_64+0x1b9/0x820 [ 446.353353] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 446.361632] ? syscall_return_slowpath+0x5e0/0x5e0 [ 446.361648] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 446.361666] ? trace_hardirqs_on_caller+0x310/0x310 [ 446.361687] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 446.371104] ? prepare_exit_to_usermode+0x291/0x3b0 [ 446.371128] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 446.371150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 446.385067] RIP: 0033:0x457569 [ 446.396125] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:42:32 executing program 1 (fault-call:4 fault-nth:5): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:32 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 446.396135] RSP: 002b:00007fdd7b6b9c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 446.396151] RAX: ffffffffffffffda RBX: 00007fdd7b6b9c90 RCX: 0000000000457569 [ 446.396165] RDX: 0000000000000204 RSI: 0000000020005a00 RDI: 0000000000000004 [ 446.408579] RBP: 000000000072bf00 R08: 0000000020005c00 R09: 0000000000000000 [ 446.408589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fdd7b6ba6d4 [ 446.408599] R13: 00000000004c3244 R14: 00000000004d4de8 R15: 0000000000000005 11:42:32 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x204, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:32 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x900]}, 0x10) 11:42:33 executing program 0: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x900]}, 0x10) 11:42:33 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x99a5000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:33 executing program 5 (fault-call:15 fault-nth:0): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:33 executing program 3 (fault-call:2 fault-nth:0): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:33 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x8000000000000000]}, 0x10) 11:42:33 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x199a0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:33 executing program 0 (fault-call:23 fault-nth:0): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 447.306709] FAULT_INJECTION: forcing a failure. [ 447.306709] name failslab, interval 1, probability 0, space 0, times 0 [ 447.341579] CPU: 1 PID: 17192 Comm: syz-executor3 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 447.350123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.359494] Call Trace: [ 447.362107] dump_stack+0x244/0x39d [ 447.365757] ? dump_stack_print_info.cold.1+0x20/0x20 [ 447.370984] should_fail.cold.4+0xa/0x17 [ 447.375066] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 447.380188] ? lock_downgrade+0x900/0x900 [ 447.384346] ? check_preemption_disabled+0x48/0x280 [ 447.389366] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 447.394299] ? kasan_check_read+0x11/0x20 [ 447.398443] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 447.403723] ? zap_class+0x640/0x640 [ 447.407464] ? find_held_lock+0x36/0x1c0 [ 447.411543] ? __lock_is_held+0xb5/0x140 [ 447.415631] ? perf_trace_sched_process_exec+0x860/0x860 [ 447.421120] ? find_held_lock+0x36/0x1c0 [ 447.425208] __should_failslab+0x124/0x180 [ 447.429467] should_failslab+0x9/0x14 [ 447.433285] __kmalloc+0x2e0/0x760 [ 447.436836] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 447.441440] ? trace_hardirqs_on+0xbd/0x310 [ 447.445777] ? lock_release+0xa10/0xa10 [ 447.449760] ? sock_kmalloc+0x15a/0x1f0 [ 447.453751] sock_kmalloc+0x15a/0x1f0 [ 447.457568] ? __sk_mem_schedule+0xe0/0xe0 [ 447.461818] ? __local_bh_enable_ip+0x160/0x260 [ 447.466511] alg_setsockopt+0x264/0x3b0 [ 447.470499] __sys_setsockopt+0x1ba/0x3c0 [ 447.474668] ? kernel_accept+0x310/0x310 [ 447.478793] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 447.483405] ? trace_hardirqs_on+0xbd/0x310 [ 447.487751] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 447.493129] ? trace_hardirqs_off_caller+0x300/0x300 [ 447.498273] __x64_sys_setsockopt+0xbe/0x150 [ 447.502698] do_syscall_64+0x1b9/0x820 11:42:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:33 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe000000]}, 0x10) 11:42:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 447.506601] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 447.511984] ? syscall_return_slowpath+0x5e0/0x5e0 [ 447.516938] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 447.521802] ? trace_hardirqs_on_caller+0x310/0x310 [ 447.526838] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 447.531868] ? prepare_exit_to_usermode+0x291/0x3b0 [ 447.536903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 447.541783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 447.546976] RIP: 0033:0x457569 [ 447.550182] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 447.569093] RSP: 002b:00007fc62d1d4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 447.576810] RAX: ffffffffffffffda RBX: 00007fc62d1d4c90 RCX: 0000000000457569 [ 447.584100] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 447.591356] RBP: 000000000072bf00 R08: 0000000000000004 R09: 0000000000000000 [ 447.598611] R10: 0000000020000080 R11: 0000000000000246 R12: 00007fc62d1d56d4 11:42:33 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc9080000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:33 executing program 3 (fault-call:2 fault-nth:1): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) [ 447.605865] R13: 00000000004c3a00 R14: 00000000004d5a18 R15: 0000000000000004 11:42:33 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:33 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:33 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803]}, 0x10) 11:42:33 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x51c6, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 447.952013] FAULT_INJECTION: forcing a failure. [ 447.952013] name failslab, interval 1, probability 0, space 0, times 0 [ 448.003839] CPU: 1 PID: 17232 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 448.012381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.021750] Call Trace: [ 448.024358] dump_stack+0x244/0x39d [ 448.028012] ? dump_stack_print_info.cold.1+0x20/0x20 [ 448.033215] ? retint_kernel+0x2d/0x2d [ 448.037133] should_fail.cold.4+0xa/0x17 [ 448.041217] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 448.046346] ? _raw_spin_unlock+0x2c/0x50 [ 448.050509] ? __mutex_lock+0x85e/0x16f0 [ 448.054681] ? loop_control_ioctl+0x91/0x530 [ 448.059116] ? zap_class+0x640/0x640 [ 448.062831] ? mutex_trylock+0x2b0/0x2b0 [ 448.066882] ? print_usage_bug+0xc0/0xc0 [ 448.070941] ? find_held_lock+0x36/0x1c0 [ 448.075009] ? __lock_is_held+0xb5/0x140 [ 448.079065] ? perf_trace_sched_process_exec+0x860/0x860 [ 448.084655] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 448.089229] ? trace_hardirqs_on_caller+0xc0/0x310 [ 448.094418] __should_failslab+0x124/0x180 [ 448.098648] should_failslab+0x9/0x14 [ 448.102443] kmem_cache_alloc_trace+0x2d7/0x750 [ 448.107134] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 448.111921] loop_add+0xa3/0xa40 [ 448.115287] ? retint_kernel+0x2d/0x2d [ 448.119179] ? loop_queue_rq+0x6d0/0x6d0 [ 448.123232] loop_control_ioctl+0x199/0x530 [ 448.127540] ? loop_add+0xa40/0xa40 [ 448.131160] ? loop_control_ioctl+0x1d/0x530 [ 448.135575] ? loop_add+0xa40/0xa40 [ 448.139191] do_vfs_ioctl+0x1de/0x1720 [ 448.143066] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 448.147809] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 448.153262] ? ioctl_preallocate+0x300/0x300 [ 448.157674] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 448.162429] ? retint_kernel+0x2d/0x2d [ 448.166365] ? security_file_ioctl+0x94/0xc0 [ 448.170766] ksys_ioctl+0xa9/0xd0 [ 448.174222] __x64_sys_ioctl+0x73/0xb0 [ 448.178098] do_syscall_64+0x1b9/0x820 [ 448.181972] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 448.187326] ? syscall_return_slowpath+0x5e0/0x5e0 [ 448.192253] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 448.197082] ? trace_hardirqs_on_caller+0x310/0x310 [ 448.202096] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 448.207101] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 448.212627] ? prepare_exit_to_usermode+0x291/0x3b0 [ 448.217633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 448.222465] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 448.227639] RIP: 0033:0x457569 [ 448.230839] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:42:34 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x300, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:34 executing program 0 (fault-call:23 fault-nth:1): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:34 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb2c1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:34 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa00]}, 0x10) [ 448.249732] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 448.257437] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 448.264699] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 448.271960] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 448.279221] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 448.286482] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:34 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c42, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:34 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x318f000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:34 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x12, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:34 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x9]}, 0x10) 11:42:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 448.678052] FAULT_INJECTION: forcing a failure. [ 448.678052] name failslab, interval 1, probability 0, space 0, times 0 [ 448.725195] CPU: 1 PID: 17267 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 448.733736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.743095] Call Trace: [ 448.745703] dump_stack+0x244/0x39d [ 448.749359] ? dump_stack_print_info.cold.1+0x20/0x20 [ 448.754575] ? should_fail.cold.4+0x5/0x17 [ 448.758821] ? dump_stack+0xd/0x39d [ 448.762474] should_fail.cold.4+0xa/0x17 [ 448.766557] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 448.771689] ? zap_class+0x640/0x640 [ 448.775421] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 448.780209] ? find_held_lock+0x36/0x1c0 [ 448.784280] ? __lock_is_held+0xb5/0x140 [ 448.788339] ? perf_trace_sched_process_exec+0x860/0x860 [ 448.793790] ? retint_kernel+0x2d/0x2d [ 448.797699] __should_failslab+0x124/0x180 [ 448.801943] should_failslab+0x9/0x14 [ 448.805732] kmem_cache_alloc_node_trace+0x270/0x740 [ 448.810824] ? __fprop_inc_percpu_max+0x2d0/0x2d0 [ 448.815657] __kmalloc_node+0x3c/0x70 [ 448.819524] blk_mq_alloc_tag_set+0x385/0xad0 [ 448.824011] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 448.829536] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 448.834740] loop_add+0x2c9/0xa40 [ 448.838202] ? loop_queue_rq+0x6d0/0x6d0 [ 448.842272] loop_control_ioctl+0x199/0x530 [ 448.846581] ? loop_add+0xa40/0xa40 [ 448.850203] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 448.855153] ? loop_add+0xa40/0xa40 [ 448.858786] do_vfs_ioctl+0x1de/0x1720 [ 448.862680] ? __lock_is_held+0xb5/0x140 [ 448.866738] ? ioctl_preallocate+0x300/0x300 [ 448.871135] ? __fget_light+0x2e9/0x430 [ 448.875097] ? fget_raw+0x20/0x20 [ 448.878559] ? __sb_end_write+0xd9/0x110 [ 448.882627] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 448.888155] ? fput+0x130/0x1a0 [ 448.891432] ? do_syscall_64+0x9a/0x820 [ 448.895392] ? do_syscall_64+0x9a/0x820 [ 448.899354] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 448.903938] ? security_file_ioctl+0x94/0xc0 [ 448.908340] ksys_ioctl+0xa9/0xd0 [ 448.911785] __x64_sys_ioctl+0x73/0xb0 [ 448.915662] do_syscall_64+0x1b9/0x820 [ 448.919535] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 448.924887] ? syscall_return_slowpath+0x5e0/0x5e0 [ 448.929826] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 448.934672] ? trace_hardirqs_on_caller+0x310/0x310 [ 448.939739] ? prepare_exit_to_usermode+0x291/0x3b0 [ 448.944759] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 448.949604] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 448.954789] RIP: 0033:0x457569 [ 448.957983] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 448.976869] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 448.984562] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 448.991814] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 448.999076] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 449.006346] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 449.013604] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:35 executing program 0 (fault-call:23 fault-nth:2): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:35 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x81940000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:35 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x3, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:35 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1f4]}, 0x10) 11:42:35 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c73, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:35 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd936000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:35 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x5, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:35 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40000000]}, 0x10) 11:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 449.321392] FAULT_INJECTION: forcing a failure. [ 449.321392] name failslab, interval 1, probability 0, space 0, times 0 11:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 449.366874] CPU: 0 PID: 17304 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 449.375431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 449.384796] Call Trace: [ 449.387406] dump_stack+0x244/0x39d [ 449.391055] ? dump_stack_print_info.cold.1+0x20/0x20 [ 449.396273] should_fail.cold.4+0xa/0x17 [ 449.400365] ? kernel_text_address+0x79/0xf0 [ 449.404792] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 449.409906] ? unwind_get_return_address+0x61/0xa0 [ 449.414875] ? __save_stack_trace+0x8d/0xf0 [ 449.419236] ? zap_class+0x640/0x640 [ 449.422971] ? save_stack+0xa9/0xd0 [ 449.426614] ? find_held_lock+0x36/0x1c0 [ 449.430695] ? __lock_is_held+0xb5/0x140 [ 449.434789] ? perf_trace_sched_process_exec+0x860/0x860 [ 449.440261] __should_failslab+0x124/0x180 [ 449.444521] should_failslab+0x9/0x14 [ 449.448336] kmem_cache_alloc_node_trace+0x270/0x740 [ 449.453454] ? kasan_unpoison_shadow+0x35/0x50 [ 449.458053] __kmalloc_node+0x3c/0x70 [ 449.461880] blk_mq_alloc_tag_set+0x41c/0xad0 [ 449.466381] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 449.471959] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 449.477179] loop_add+0x2c9/0xa40 [ 449.480655] ? loop_queue_rq+0x6d0/0x6d0 [ 449.484745] loop_control_ioctl+0x199/0x530 [ 449.489089] ? loop_add+0xa40/0xa40 [ 449.492736] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 449.497668] ? loop_add+0xa40/0xa40 [ 449.501285] do_vfs_ioctl+0x1de/0x1720 [ 449.505162] ? __lock_is_held+0xb5/0x140 [ 449.509215] ? ioctl_preallocate+0x300/0x300 [ 449.513624] ? __fget_light+0x2e9/0x430 [ 449.517613] ? fget_raw+0x20/0x20 [ 449.521059] ? __sb_end_write+0xd9/0x110 [ 449.525110] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 449.530636] ? fput+0x130/0x1a0 [ 449.533902] ? do_syscall_64+0x9a/0x820 [ 449.537877] ? do_syscall_64+0x9a/0x820 [ 449.541839] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 449.546411] ? security_file_ioctl+0x94/0xc0 [ 449.550809] ksys_ioctl+0xa9/0xd0 [ 449.554259] __x64_sys_ioctl+0x73/0xb0 [ 449.558137] do_syscall_64+0x1b9/0x820 [ 449.562013] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 449.567365] ? syscall_return_slowpath+0x5e0/0x5e0 [ 449.572280] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 449.577111] ? trace_hardirqs_on_caller+0x310/0x310 [ 449.582116] ? prepare_exit_to_usermode+0x291/0x3b0 [ 449.587122] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 449.591954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 449.597158] RIP: 0033:0x457569 [ 449.600357] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 449.619245] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 449.626944] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 449.634198] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 449.641449] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 449.648721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 449.655976] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:35 executing program 0 (fault-call:23 fault-nth:3): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:35 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x5000000]}, 0x10) 11:42:35 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb9bc000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:35 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x4, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:35 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c41, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:35 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x2141000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:35 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0xffffff1f, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:35 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x1000000]}, 0x10) 11:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 449.961859] FAULT_INJECTION: forcing a failure. [ 449.961859] name failslab, interval 1, probability 0, space 0, times 0 [ 450.019271] CPU: 1 PID: 17349 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 450.027802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.037164] Call Trace: [ 450.039769] dump_stack+0x244/0x39d [ 450.043420] ? dump_stack_print_info.cold.1+0x20/0x20 [ 450.048645] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 450.053604] should_fail.cold.4+0xa/0x17 [ 450.057687] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 450.062812] ? kernel_text_address+0x79/0xf0 11:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 450.067237] ? __kernel_text_address+0xd/0x40 [ 450.071750] ? zap_class+0x640/0x640 [ 450.075480] ? __save_stack_trace+0x8d/0xf0 [ 450.079821] ? find_held_lock+0x36/0x1c0 [ 450.084117] ? __lock_is_held+0xb5/0x140 [ 450.088210] ? perf_trace_sched_process_exec+0x860/0x860 [ 450.093677] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 450.099236] __should_failslab+0x124/0x180 [ 450.103492] should_failslab+0x9/0x14 [ 450.107309] kmem_cache_alloc_node_trace+0x270/0x740 [ 450.112417] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 450.117967] ? find_next_bit+0x104/0x130 [ 450.122054] blk_mq_init_tags+0x79/0x2b0 [ 450.126161] blk_mq_alloc_rq_map+0x9f/0x220 [ 450.130505] __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 450.135021] blk_mq_alloc_tag_set+0x627/0xad0 [ 450.139527] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 450.144725] loop_add+0x2c9/0xa40 [ 450.148171] ? loop_queue_rq+0x6d0/0x6d0 [ 450.152228] loop_control_ioctl+0x199/0x530 [ 450.156640] ? loop_add+0xa40/0xa40 [ 450.160263] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 450.165185] ? loop_add+0xa40/0xa40 [ 450.168816] do_vfs_ioctl+0x1de/0x1720 [ 450.172733] ? __lock_is_held+0xb5/0x140 [ 450.176798] ? ioctl_preallocate+0x300/0x300 [ 450.181234] ? __fget_light+0x2e9/0x430 [ 450.185222] ? fget_raw+0x20/0x20 [ 450.188792] ? __sb_end_write+0xd9/0x110 [ 450.192843] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 450.198369] ? fput+0x130/0x1a0 [ 450.201652] ? do_syscall_64+0x9a/0x820 [ 450.205635] ? do_syscall_64+0x9a/0x820 [ 450.209610] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 450.214194] ? security_file_ioctl+0x94/0xc0 [ 450.218606] ksys_ioctl+0xa9/0xd0 [ 450.222077] __x64_sys_ioctl+0x73/0xb0 [ 450.225967] do_syscall_64+0x1b9/0x820 [ 450.229844] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 450.235208] ? syscall_return_slowpath+0x5e0/0x5e0 [ 450.240136] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 450.244969] ? trace_hardirqs_on_caller+0x310/0x310 [ 450.249991] ? prepare_exit_to_usermode+0x291/0x3b0 [ 450.255004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 450.259857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 450.265035] RIP: 0033:0x457569 [ 450.268215] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 450.287101] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 450.294796] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 450.302051] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 450.309305] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 11:42:36 executing program 0 (fault-call:23 fault-nth:4): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:36 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa000000]}, 0x10) 11:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:36 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xed59, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:36 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x38) [ 450.316566] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 450.323832] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 450.337163] blk-mq: reduced tag depth (128 -> 64) 11:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:36 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0xc0045878, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 450.502317] FAULT_INJECTION: forcing a failure. [ 450.502317] name failslab, interval 1, probability 0, space 0, times 0 11:42:36 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x44f1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:36 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x20000084) [ 450.547671] CPU: 1 PID: 17378 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 450.556197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.565552] Call Trace: [ 450.568162] dump_stack+0x244/0x39d [ 450.571816] ? dump_stack_print_info.cold.1+0x20/0x20 [ 450.577043] should_fail.cold.4+0xa/0x17 [ 450.581121] ? check_preemption_disabled+0x48/0x280 [ 450.586161] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 450.591284] ? mark_held_locks+0xc7/0x130 11:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 450.595458] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 450.600232] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 450.604841] ? retint_kernel+0x2d/0x2d [ 450.608743] ? trace_hardirqs_on_caller+0xc0/0x310 [ 450.613688] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 450.618462] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 450.623939] ? find_held_lock+0x36/0x1c0 [ 450.628017] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 450.632793] ? retint_kernel+0x2d/0x2d [ 450.636704] ? __should_failslab+0x7c/0x180 [ 450.641047] ? write_comp_data+0x22/0x70 11:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 450.645126] __should_failslab+0x124/0x180 [ 450.649381] should_failslab+0x9/0x14 [ 450.653194] kmem_cache_alloc_node_trace+0x270/0x740 [ 450.658313] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 450.663088] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 450.668558] __kmalloc_node+0x3c/0x70 [ 450.672485] sbitmap_init_node+0x288/0x440 [ 450.676746] sbitmap_queue_init_node+0xb2/0x850 [ 450.681435] ? __lock_is_held+0xb5/0x140 [ 450.685520] ? sbitmap_init_node+0x440/0x440 [ 450.689952] ? blk_mq_init_tags+0x79/0x2b0 11:42:36 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x700]}, 0x10) [ 450.694201] ? rcu_read_lock_sched_held+0x14f/0x180 [ 450.699232] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 450.704529] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 450.710080] ? find_next_bit+0x104/0x130 [ 450.714165] blk_mq_init_tags+0x116/0x2b0 [ 450.718343] blk_mq_alloc_rq_map+0x9f/0x220 [ 450.722692] __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 450.727213] blk_mq_alloc_tag_set+0x627/0xad0 [ 450.731727] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 450.736952] loop_add+0x2c9/0xa40 [ 450.740429] ? loop_queue_rq+0x6d0/0x6d0 [ 450.744522] loop_control_ioctl+0x199/0x530 [ 450.748861] ? loop_add+0xa40/0xa40 [ 450.752515] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 450.757475] ? loop_add+0xa40/0xa40 [ 450.761118] do_vfs_ioctl+0x1de/0x1720 [ 450.765022] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 450.769795] ? ioctl_preallocate+0x300/0x300 [ 450.774205] ? __fget_light+0x2e9/0x430 [ 450.778179] ? fget_raw+0x20/0x20 [ 450.781653] ? __sb_end_write+0xd9/0x110 [ 450.785723] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 450.790509] ? security_file_ioctl+0x94/0xc0 [ 450.794921] ksys_ioctl+0xa9/0xd0 [ 450.798369] __x64_sys_ioctl+0x73/0xb0 [ 450.802246] ? do_syscall_64+0xca/0x820 [ 450.806208] do_syscall_64+0x1b9/0x820 [ 450.810087] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 450.815456] ? syscall_return_slowpath+0x5e0/0x5e0 [ 450.820404] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 450.825245] ? trace_hardirqs_on_caller+0x310/0x310 [ 450.830251] ? prepare_exit_to_usermode+0x291/0x3b0 [ 450.835256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 450.840093] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 450.845274] RIP: 0033:0x457569 [ 450.848455] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 450.867352] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 450.875054] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 450.882317] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 450.889575] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 450.896844] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 450.904100] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 450.915187] blk-mq: reduced tag depth (128 -> 64) 11:42:37 executing program 0 (fault-call:23 fault-nth:5): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:37 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x12) 11:42:37 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xea51, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:37 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe803000000000000]}, 0x10) 11:42:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x7ffff000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 451.248163] FAULT_INJECTION: forcing a failure. [ 451.248163] name failslab, interval 1, probability 0, space 0, times 0 [ 451.300180] CPU: 1 PID: 17418 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 451.308723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 451.318084] Call Trace: [ 451.320700] dump_stack+0x244/0x39d [ 451.324358] ? dump_stack_print_info.cold.1+0x20/0x20 [ 451.329573] ? mark_held_locks+0xc7/0x130 [ 451.333745] should_fail.cold.4+0xa/0x17 [ 451.337822] ? retint_kernel+0x2d/0x2d [ 451.341725] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 451.346844] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 451.352329] ? zap_class+0x640/0x640 [ 451.356067] ? find_held_lock+0x36/0x1c0 [ 451.360144] ? __lock_is_held+0xb5/0x140 [ 451.364233] ? perf_trace_sched_process_exec+0x860/0x860 [ 451.369683] ? __kmalloc_node+0x3c/0x70 [ 451.373655] ? __kmalloc_node+0x3c/0x70 [ 451.377653] __should_failslab+0x124/0x180 [ 451.381905] should_failslab+0x9/0x14 [ 451.385732] kmem_cache_alloc_node_trace+0x270/0x740 [ 451.390851] ? check_preemption_disabled+0x48/0x280 [ 451.395882] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 451.400931] ? find_next_bit+0x104/0x130 [ 451.405024] sbitmap_queue_init_node+0x34d/0x850 [ 451.409769] ? __lock_is_held+0xb5/0x140 [ 451.413825] ? sbitmap_init_node+0x440/0x440 [ 451.418223] ? blk_mq_init_tags+0x79/0x2b0 [ 451.422463] ? rcu_read_lock_sched_held+0x14f/0x180 [ 451.427481] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 451.432746] ? find_next_bit+0x104/0x130 [ 451.436799] blk_mq_init_tags+0x116/0x2b0 [ 451.440946] blk_mq_alloc_rq_map+0x9f/0x220 [ 451.445259] __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 451.449745] blk_mq_alloc_tag_set+0x627/0xad0 [ 451.454233] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 451.459415] loop_add+0x2c9/0xa40 [ 451.462865] ? loop_queue_rq+0x6d0/0x6d0 [ 451.466911] ? retint_kernel+0x2d/0x2d [ 451.470801] ? trace_hardirqs_on_caller+0xc0/0x310 [ 451.475740] loop_control_ioctl+0x199/0x530 [ 451.480056] ? loop_add+0xa40/0xa40 [ 451.483686] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 451.488440] ? loop_add+0xa40/0xa40 [ 451.492060] do_vfs_ioctl+0x1de/0x1720 [ 451.495961] ? ioctl_preallocate+0x300/0x300 [ 451.500371] ? __fget_light+0x2e9/0x430 [ 451.504333] ? fget_raw+0x20/0x20 [ 451.507778] ? __sb_end_write+0xd9/0x110 [ 451.511843] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 451.516605] ? security_file_ioctl+0x94/0xc0 [ 451.521002] ksys_ioctl+0xa9/0xd0 [ 451.524449] __x64_sys_ioctl+0x73/0xb0 [ 451.528326] do_syscall_64+0x1b9/0x820 [ 451.532201] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 451.537567] ? syscall_return_slowpath+0x5e0/0x5e0 [ 451.542512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 451.547345] ? trace_hardirqs_on_caller+0x310/0x310 [ 451.552349] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 451.557354] ? prepare_exit_to_usermode+0x291/0x3b0 [ 451.562374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 451.567222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 451.572400] RIP: 0033:0x457569 [ 451.575585] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 451.594488] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 451.602182] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 451.609441] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 451.616696] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 451.623970] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 451.631231] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 451.645616] blk-mq: reduced tag depth (128 -> 64) 11:42:38 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c60, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0xffffffffffffffff}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:38 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10) 11:42:38 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x5000) 11:42:38 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd9a5000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:38 executing program 0 (fault-call:23 fault-nth:6): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0xf3c0}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:38 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000000]}, 0x10) 11:42:38 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x81c4, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 452.050814] FAULT_INJECTION: forcing a failure. [ 452.050814] name failslab, interval 1, probability 0, space 0, times 0 [ 452.088814] CPU: 0 PID: 17444 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 452.097390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.106752] Call Trace: [ 452.109360] dump_stack+0x244/0x39d [ 452.113013] ? dump_stack_print_info.cold.1+0x20/0x20 [ 452.118231] should_fail.cold.4+0xa/0x17 [ 452.122314] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 452.127442] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 452.132988] ? zap_class+0x640/0x640 [ 452.136697] ? find_held_lock+0x36/0x1c0 [ 452.140749] ? __lock_is_held+0xb5/0x140 [ 452.144813] ? perf_trace_sched_process_exec+0x860/0x860 11:42:38 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x20000, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="0bc5c34d917fcfa54d4852283fdb5527da97373f94bc2df7cf1c05d1da4efa1eaf2a55b86001929f3e95a8cf3df5fc6e9e0588a881db2e5463599d304070d171ad07fb01098567e0a856bb86b2512e1bbd44c0ca5d1ea3a82e418f166497bfd82195c489dda369a10d39347baec334b3deeb4ed18f7f4f4bf2f231a7f1b4a6a9d5c2e4935f2167c86c95", 0x8a) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) keyctl$session_to_parent(0x12) [ 452.150269] ? __lockdep_init_map+0x105/0x590 [ 452.154786] __should_failslab+0x124/0x180 [ 452.159036] should_failslab+0x9/0x14 [ 452.162844] kmem_cache_alloc_node_trace+0x270/0x740 [ 452.167947] ? init_wait_entry+0x1c0/0x1c0 [ 452.172186] ? check_preemption_disabled+0x48/0x280 [ 452.177205] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 452.182214] sbitmap_queue_init_node+0x34d/0x850 [ 452.186966] ? __lock_is_held+0xb5/0x140 [ 452.191024] ? sbitmap_init_node+0x440/0x440 [ 452.195420] ? blk_mq_init_tags+0x79/0x2b0 [ 452.199648] ? rcu_read_lock_sched_held+0x14f/0x180 [ 452.204654] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 452.209931] ? find_next_bit+0x104/0x130 [ 452.214003] blk_mq_init_tags+0x177/0x2b0 [ 452.218154] blk_mq_alloc_rq_map+0x9f/0x220 [ 452.222465] __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 452.226955] blk_mq_alloc_tag_set+0x627/0xad0 [ 452.231445] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 452.236661] loop_add+0x2c9/0xa40 [ 452.240136] ? loop_queue_rq+0x6d0/0x6d0 [ 452.244192] loop_control_ioctl+0x199/0x530 [ 452.248504] ? loop_add+0xa40/0xa40 [ 452.252142] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 452.257064] ? loop_add+0xa40/0xa40 [ 452.260680] do_vfs_ioctl+0x1de/0x1720 [ 452.264555] ? __lock_is_held+0xb5/0x140 [ 452.268605] ? ioctl_preallocate+0x300/0x300 [ 452.273004] ? __fget_light+0x2e9/0x430 [ 452.276964] ? fget_raw+0x20/0x20 [ 452.280406] ? __sb_end_write+0xd9/0x110 [ 452.284464] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 452.289987] ? fput+0x130/0x1a0 [ 452.293255] ? do_syscall_64+0x9a/0x820 [ 452.297217] ? do_syscall_64+0x9a/0x820 [ 452.301182] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 452.305770] ? security_file_ioctl+0x94/0xc0 [ 452.310167] ksys_ioctl+0xa9/0xd0 [ 452.313610] __x64_sys_ioctl+0x73/0xb0 [ 452.317486] do_syscall_64+0x1b9/0x820 [ 452.321376] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 452.326737] ? syscall_return_slowpath+0x5e0/0x5e0 [ 452.331675] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 452.336508] ? trace_hardirqs_on_caller+0x310/0x310 [ 452.341516] ? prepare_exit_to_usermode+0x291/0x3b0 [ 452.346522] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 452.351357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 452.356532] RIP: 0033:0x457569 [ 452.359734] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 452.378635] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 452.386327] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 452.393589] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 11:42:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x1f3c0}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 452.400856] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 452.408110] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 452.415364] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 452.426211] blk-mq: reduced tag depth (128 -> 64) 11:42:38 executing program 0 (fault-call:23 fault-nth:7): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x30402}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:38 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c44, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 452.654191] FAULT_INJECTION: forcing a failure. [ 452.654191] name failslab, interval 1, probability 0, space 0, times 0 11:42:38 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x900]}, 0x10) [ 452.711868] CPU: 0 PID: 17467 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 452.720414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 452.729773] Call Trace: [ 452.732385] dump_stack+0x244/0x39d [ 452.736044] ? dump_stack_print_info.cold.1+0x20/0x20 [ 452.741247] ? __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 452.745944] ? blk_mq_alloc_tag_set+0x627/0xad0 [ 452.750631] ? loop_add+0x2c9/0xa40 [ 452.754260] ? loop_control_ioctl+0x199/0x530 [ 452.758744] ? ksys_ioctl+0xa9/0xd0 [ 452.762368] should_fail.cold.4+0xa/0x17 [ 452.766430] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 452.771535] ? zap_class+0x640/0x640 [ 452.775243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 452.780790] ? check_preemption_disabled+0x48/0x280 [ 452.785813] ? zap_class+0x640/0x640 [ 452.789541] ? __lock_is_held+0xb5/0x140 [ 452.793595] ? __lockdep_init_map+0x105/0x590 [ 452.798083] ? __lock_is_held+0xb5/0x140 [ 452.802138] ? perf_trace_sched_process_exec+0x860/0x860 [ 452.807576] ? sbitmap_queue_init_node+0xce/0x850 [ 452.812404] ? __lock_is_held+0xb5/0x140 [ 452.816474] __should_failslab+0x124/0x180 [ 452.820715] should_failslab+0x9/0x14 [ 452.824505] kmem_cache_alloc_node_trace+0x270/0x740 [ 452.829645] ? find_next_bit+0x104/0x130 [ 452.833699] __kmalloc_node+0x3c/0x70 [ 452.837491] blk_mq_alloc_rq_map+0xcc/0x220 [ 452.841799] ? blk_mq_free_tag_set+0x1a0/0x1a0 [ 452.846371] __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 452.850858] blk_mq_alloc_tag_set+0x627/0xad0 [ 452.855346] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 452.860527] loop_add+0x2c9/0xa40 [ 452.863972] ? loop_queue_rq+0x6d0/0x6d0 [ 452.868027] loop_control_ioctl+0x199/0x530 [ 452.872339] ? loop_add+0xa40/0xa40 [ 452.875960] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 452.880882] ? loop_add+0xa40/0xa40 [ 452.884497] do_vfs_ioctl+0x1de/0x1720 [ 452.888382] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 452.892955] ? retint_kernel+0x2d/0x2d [ 452.896833] ? ioctl_preallocate+0x300/0x300 [ 452.901230] ? __fget_light+0x2e9/0x430 [ 452.905191] ? fget_raw+0x20/0x20 [ 452.908637] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 452.913401] ? retint_kernel+0x2d/0x2d [ 452.917294] ? security_file_ioctl+0x94/0xc0 [ 452.921693] ksys_ioctl+0xa9/0xd0 [ 452.925138] __x64_sys_ioctl+0x73/0xb0 [ 452.929013] do_syscall_64+0x1b9/0x820 [ 452.932888] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 452.938240] ? syscall_return_slowpath+0x5e0/0x5e0 [ 452.943158] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 452.947991] ? trace_hardirqs_on_caller+0x310/0x310 [ 452.952995] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 452.957998] ? prepare_exit_to_usermode+0x291/0x3b0 [ 452.963005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 452.967840] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 452.973025] RIP: 0033:0x457569 [ 452.976219] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 452.995125] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.002840] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 11:42:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34008}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:39 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x49af0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:39 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x533, 0x2200) ioctl$sock_inet_SIOCRTMSG(r1, 0x890d, &(0x7f0000000200)={0xfffffffffffffffd, {0x2, 0x4e22, @multicast1}, {0x2, 0x4e24, @multicast1}, {0x2, 0x4e23}, 0x120, 0x200, 0xfff, 0x5, 0x908, 0x0, 0x9, 0x0, 0x1}) r2 = request_key(&(0x7f0000000040)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000180)='\x00', 0xfffffffffffffffe) keyctl$get_persistent(0x16, 0x0, r2) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) semget(0x1, 0x6, 0x4c0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000280)={0x80000000, 0x7, 0x55fc, 0x8, 0x5, 0x3, 0x9, 0x6, 0x800, 0x0, 0x1, 0x40}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288a", 0x4) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x1ff) [ 453.010107] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 453.017375] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 453.024631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 453.031885] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 453.052009] blk-mq: reduced tag depth (128 -> 64) 11:42:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x2f3c0}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:39 executing program 0 (fault-call:23 fault-nth:8): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x20035c40}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:39 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xff, 0x40000) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000040), 0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:39 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x51d70000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:39 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x700000000000000]}, 0x10) 11:42:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x8, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 453.358166] FAULT_INJECTION: forcing a failure. [ 453.358166] name failslab, interval 1, probability 0, space 0, times 0 [ 453.421318] CPU: 0 PID: 17508 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 453.429855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.439218] Call Trace: [ 453.441824] dump_stack+0x244/0x39d [ 453.445467] ? dump_stack_print_info.cold.1+0x20/0x20 [ 453.450710] should_fail.cold.4+0xa/0x17 [ 453.454786] ? kernel_text_address+0x79/0xf0 [ 453.459213] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 453.464319] ? unwind_get_return_address+0x61/0xa0 [ 453.469250] ? __save_stack_trace+0x8d/0xf0 [ 453.473583] ? zap_class+0x640/0x640 [ 453.477302] ? save_stack+0xa9/0xd0 [ 453.480965] ? save_stack+0x43/0xd0 [ 453.484605] ? kasan_kmalloc+0xc7/0xe0 [ 453.488509] ? __kmalloc_node+0x50/0x70 [ 453.492487] ? blk_mq_alloc_rq_map+0xcc/0x220 [ 453.496970] ? __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 453.501623] ? blk_mq_alloc_tag_set+0x627/0xad0 [ 453.506283] ? loop_add+0x2c9/0xa40 [ 453.509932] ? __lock_is_held+0xb5/0x140 [ 453.513982] ? zap_class+0x640/0x640 [ 453.517702] ? check_preemption_disabled+0x48/0x280 [ 453.522712] ? perf_trace_sched_process_exec+0x860/0x860 [ 453.528165] ? __lock_is_held+0xb5/0x140 [ 453.532245] __should_failslab+0x124/0x180 [ 453.536484] should_failslab+0x9/0x14 [ 453.540278] kmem_cache_alloc_node_trace+0x270/0x740 [ 453.545372] ? kasan_unpoison_shadow+0x35/0x50 [ 453.549991] __kmalloc_node+0x3c/0x70 [ 453.553823] blk_mq_alloc_rq_map+0x10d/0x220 [ 453.558236] __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 453.562727] blk_mq_alloc_tag_set+0x627/0xad0 [ 453.567234] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 453.572438] loop_add+0x2c9/0xa40 [ 453.575885] ? loop_queue_rq+0x6d0/0x6d0 [ 453.579952] loop_control_ioctl+0x199/0x530 [ 453.584273] ? loop_add+0xa40/0xa40 [ 453.587933] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 453.592856] ? loop_add+0xa40/0xa40 [ 453.596483] do_vfs_ioctl+0x1de/0x1720 [ 453.600372] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 453.605119] ? ioctl_preallocate+0x300/0x300 [ 453.609528] ? __fget_light+0x2e9/0x430 [ 453.613519] ? fget_raw+0x20/0x20 [ 453.616986] ? __sb_end_write+0xd9/0x110 [ 453.621065] ? do_syscall_64+0x9a/0x820 [ 453.625044] ? do_syscall_64+0x9a/0x820 [ 453.629049] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 453.633631] ? security_file_ioctl+0x94/0xc0 [ 453.638036] ksys_ioctl+0xa9/0xd0 [ 453.641482] __x64_sys_ioctl+0x73/0xb0 [ 453.645359] do_syscall_64+0x1b9/0x820 [ 453.649252] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 453.654606] ? syscall_return_slowpath+0x5e0/0x5e0 [ 453.659520] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 453.664354] ? trace_hardirqs_on_caller+0x310/0x310 [ 453.669377] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 453.674384] ? prepare_exit_to_usermode+0x291/0x3b0 [ 453.679406] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 453.684253] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 453.689437] RIP: 0033:0x457569 [ 453.692641] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 453.711542] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 453.719236] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 453.726490] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 453.733745] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 453.741000] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 453.748263] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 453.764130] blk-mq: reduced tag depth (128 -> 64) 11:42:40 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c6d, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:40 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x8969, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:40 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x500000000000000]}, 0x10) 11:42:40 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x9e) r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x3, 0x101000) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000040), &(0x7f0000000140)=0x4) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) socket$alg(0x26, 0x5, 0x0) 11:42:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x204, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:40 executing program 0 (fault-call:23 fault-nth:9): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 454.181373] FAULT_INJECTION: forcing a failure. [ 454.181373] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 454.200279] CPU: 1 PID: 17534 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 454.208791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.218152] Call Trace: [ 454.220756] dump_stack+0x244/0x39d [ 454.224403] ? dump_stack_print_info.cold.1+0x20/0x20 [ 454.229633] should_fail.cold.4+0xa/0x17 [ 454.233715] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 454.238843] ? zap_class+0x640/0x640 [ 454.242572] ? find_held_lock+0x36/0x1c0 [ 454.246643] ? is_bpf_text_address+0xac/0x170 [ 454.251132] ? __lock_is_held+0xb5/0x140 [ 454.255186] ? rcu_softirq_qs+0x20/0x20 [ 454.259153] ? perf_trace_sched_process_exec+0x860/0x860 [ 454.264606] ? is_bpf_text_address+0xd3/0x170 [ 454.269092] ? __might_sleep+0x95/0x190 [ 454.273069] __alloc_pages_nodemask+0x34b/0xdd0 [ 454.277745] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 454.282754] ? save_stack+0xa9/0xd0 [ 454.286383] ? save_stack+0x43/0xd0 [ 454.290007] ? kasan_kmalloc+0xc7/0xe0 [ 454.293885] ? __kmalloc_node+0x50/0x70 [ 454.297851] ? blk_mq_alloc_rq_map+0x10d/0x220 [ 454.302418] ? __blk_mq_alloc_rq_map+0xb1/0x2e0 [ 454.307084] ? __x64_sys_ioctl+0x73/0xb0 [ 454.311140] ? do_syscall_64+0x1b9/0x820 [ 454.315203] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 454.320555] ? zap_class+0x640/0x640 [ 454.324257] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 454.329782] ? find_next_bit+0x104/0x130 [ 454.333903] ? __cpu_to_node+0x7d/0xa0 [ 454.337796] ? blk_mq_hw_queue_to_node+0xcc/0x110 [ 454.342630] blk_mq_alloc_rqs+0x31c/0x980 [ 454.346774] ? blk_mq_alloc_rq_map+0x220/0x220 [ 454.351345] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 454.356608] ? kasan_unpoison_shadow+0x35/0x50 [ 454.361182] ? __kmalloc_node+0x50/0x70 [ 454.365149] __blk_mq_alloc_rq_map+0x15f/0x2e0 [ 454.369722] blk_mq_alloc_tag_set+0x627/0xad0 [ 454.374208] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 454.379392] loop_add+0x2c9/0xa40 [ 454.382840] ? loop_queue_rq+0x6d0/0x6d0 [ 454.386914] loop_control_ioctl+0x199/0x530 [ 454.391251] ? loop_add+0xa40/0xa40 [ 454.394869] ? __mutex_unlock_slowpath+0x491/0x8c0 [ 454.399788] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 454.404711] ? loop_add+0xa40/0xa40 [ 454.408339] do_vfs_ioctl+0x1de/0x1720 [ 454.412230] ? __lock_is_held+0xb5/0x140 [ 454.416297] ? ioctl_preallocate+0x300/0x300 [ 454.420721] ? __fget_light+0x2e9/0x430 [ 454.424699] ? fget_raw+0x20/0x20 [ 454.428143] ? __sb_end_write+0xd9/0x110 [ 454.432199] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 454.437736] ? fput+0x130/0x1a0 [ 454.441015] ? do_syscall_64+0x9a/0x820 [ 454.444981] ? do_syscall_64+0x9a/0x820 [ 454.448953] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 454.453526] ? security_file_ioctl+0x94/0xc0 [ 454.457935] ksys_ioctl+0xa9/0xd0 [ 454.461382] __x64_sys_ioctl+0x73/0xb0 [ 454.465259] do_syscall_64+0x1b9/0x820 [ 454.469133] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 454.474484] ? syscall_return_slowpath+0x5e0/0x5e0 [ 454.479401] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 454.484237] ? trace_hardirqs_on_caller+0x310/0x310 [ 454.489241] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 454.494245] ? prepare_exit_to_usermode+0x291/0x3b0 [ 454.499253] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 454.504094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 454.509272] RIP: 0033:0x457569 [ 454.512458] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:42:40 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x240]}, 0x10) 11:42:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x5, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:40 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xdd89, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:40 executing program 3: r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r0, 0x50, &(0x7f00000000c0)}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) [ 454.531345] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 454.539051] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 454.546324] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 454.553594] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 454.560874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 454.568131] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:40 executing program 0 (fault-call:23 fault-nth:10): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x402, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 454.726873] FAULT_INJECTION: forcing a failure. [ 454.726873] name failslab, interval 1, probability 0, space 0, times 0 [ 454.779084] CPU: 0 PID: 17552 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 454.787610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.796968] Call Trace: [ 454.799572] dump_stack+0x244/0x39d [ 454.803227] ? dump_stack_print_info.cold.1+0x20/0x20 [ 454.808429] ? mark_held_locks+0xc7/0x130 [ 454.812586] ? is_bpf_text_address+0xac/0x170 [ 454.817094] should_fail.cold.4+0xa/0x17 [ 454.821168] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 454.826277] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 454.831727] ? mark_held_locks+0xc7/0x130 [ 454.835887] ? zap_class+0x640/0x640 [ 454.839633] ? find_held_lock+0x36/0x1c0 [ 454.843702] ? __lock_is_held+0xb5/0x140 [ 454.847779] ? perf_trace_sched_process_exec+0x860/0x860 [ 454.853242] __should_failslab+0x124/0x180 [ 454.857488] should_failslab+0x9/0x14 [ 454.861293] kmem_cache_alloc_node+0x26e/0x730 [ 454.865885] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 454.870994] blk_alloc_queue_node+0xed/0xe80 [ 454.875415] ? blk_init_allocated_queue+0x640/0x640 [ 454.880435] ? __mutex_init+0x1f7/0x290 [ 454.884424] ? __ia32_sys_membarrier+0x150/0x150 [ 454.889224] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 454.894769] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 454.899534] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 454.904217] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 454.909426] blk_mq_init_queue+0x4b/0xb0 [ 454.913506] loop_add+0x376/0xa40 [ 454.916980] ? loop_queue_rq+0x6d0/0x6d0 [ 454.921061] loop_control_ioctl+0x199/0x530 [ 454.925387] ? loop_add+0xa40/0xa40 [ 454.929019] ? __f_unlock_pos+0x19/0x20 [ 454.933005] ? __f_unlock_pos+0x19/0x20 [ 454.936991] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 454.941958] ? loop_add+0xa40/0xa40 [ 454.945595] do_vfs_ioctl+0x1de/0x1720 [ 454.949489] ? __lock_is_held+0xb5/0x140 [ 454.953559] ? ioctl_preallocate+0x300/0x300 [ 454.957971] ? __fget_light+0x2e9/0x430 [ 454.961956] ? fget_raw+0x20/0x20 [ 454.965424] ? __sb_end_write+0xd9/0x110 [ 454.969491] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 454.975030] ? fput+0x130/0x1a0 [ 454.978313] ? do_syscall_64+0x9a/0x820 [ 454.982289] ? do_syscall_64+0x9a/0x820 [ 454.986267] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 454.990857] ? security_file_ioctl+0x94/0xc0 [ 454.995275] ksys_ioctl+0xa9/0xd0 [ 454.998739] __x64_sys_ioctl+0x73/0xb0 [ 455.002639] do_syscall_64+0x1b9/0x820 [ 455.006543] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 455.011923] ? syscall_return_slowpath+0x5e0/0x5e0 [ 455.016860] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.021715] ? trace_hardirqs_on_caller+0x310/0x310 [ 455.026739] ? retint_kernel+0x2d/0x2d [ 455.030636] ? prepare_exit_to_usermode+0x291/0x3b0 [ 455.035660] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.040513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 455.045705] RIP: 0033:0x457569 [ 455.048905] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 455.067817] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 455.075525] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 455.082792] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 455.090059] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 455.097327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 455.104593] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x10, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:41 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c04, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:41 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb95e000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:41 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x40020000]}, 0x10) 11:42:41 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = syz_open_dev$usb(&(0x7f0000000640)='/dev/bus/usb/00#/00#\x00', 0xd252, 0x6) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000240)={0x0}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000600)={r2, 0x2}) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/net/pfkey\x00', 0x400000, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0xffffffffffffff44) r4 = syz_open_dev$mice(&(0x7f00000001c0)='/dev/input/mice\x00', 0x0, 0x0) ioctl$VT_GETMODE(r4, 0x5601, &(0x7f0000000200)) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x210800, 0x0) r6 = getuid() ioctl$SG_SET_COMMAND_Q(r5, 0x2271, &(0x7f0000000180)) getgroups(0x3, &(0x7f0000000140)=[0xee01, 0xee01, 0xffffffffffffffff]) mount$fuseblk(&(0x7f0000000000)='/dev/loop0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x40000, &(0x7f0000000300)=ANY=[@ANYBLOB="b91f060f46413d8efddbed93bbcc0fcc7863c2cfb380a52388b94136f07110e0354f78214c760c0ef5f6fbb7530b4293ae8c30f9013602c0ad41b8b75e4a2381263f05304b55ee67658ccfa90831ed27b1457f8100000000000000e1904ea123b208256a9eec4c7a", @ANYRESHEX=r5, @ANYBLOB="2c727f6f743030303030303030303030303136303030302c7573657254c976571cd7d010d0a94b691e0400000000000000000000", @ANYRESDEC=r6, @ANYBLOB="37c9643d6f0d0d4e7ef30c721f89413c07a47ec062ab6395ad7bc1c3f6ef4dfe3646146fec1195f48e79e974e108ebbad1e191379159d9de38d7799ff76f2f4fc7fb760b69798c29f72957da2adc974365c9e0fcf8aec01ce9c850266be122631956f7aa8e1ba6212ea348246e2339eda1fe5c88a9fc40810383e0959b6700af85b9b9fe18a33b48046434033583639058c6b000746ffae068c992c9ab11097379bd0cd05eb2a38d51dec1217fa8f3a937bfda53041d0902dfaa7efa40946b906c924e21dfda6f63572c79ab683d5be48268775121d801b088b58437ef2dd59c9b3557801b1cf65fd49ed3769c56dbe4910a1b89", @ANYRESDEC=r7, @ANYBLOB=',max_read=0x0000000000000000,allow_other,max_read=0x0000000000000005,max_read=0x0000000000000009,blksize=0x0000000000000a00,default_permissions,smackfsfloor=skcipher\x00,\x00']) 11:42:41 executing program 0 (fault-call:23 fault-nth:11): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:41 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa18d0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:41 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x500]}, 0x10) 11:42:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x2, &(0x7f0000001e40)=""/213, 0xd5}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0x204}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x8000000000000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:41 executing program 3: openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x201, 0xa0) r0 = socket$alg(0x26, 0x5, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x78) socket$pptp(0x18, 0x1, 0x2) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000180)="7a5c7834381cf4018a1d2dbea870147282195f7087e04a35996e22ad2ee4d47e3534112e63dbe03696d4f7111c654f59b757d0d45d7f79c6ca4bae286a38f7ecc3ed35cce98a3571a0dd5a857a03d3ddf0fd7df8e23fd45bdcb120c8a6e7f1b1afdc78f1a3b68b5bcb46515ec1994046d16be23ab8279152029c812993fc988ff14873b837146cf7d1c02c15c2767c272507a45ad5", 0x95) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) [ 455.490552] FAULT_INJECTION: forcing a failure. [ 455.490552] name failslab, interval 1, probability 0, space 0, times 0 11:42:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x800000000000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 455.532433] CPU: 1 PID: 17595 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 455.540963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.550319] Call Trace: [ 455.552933] dump_stack+0x244/0x39d [ 455.556574] ? dump_stack_print_info.cold.1+0x20/0x20 [ 455.561760] should_fail.cold.4+0xa/0x17 [ 455.565811] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 455.570600] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 455.575727] ? mark_held_locks+0xc7/0x130 [ 455.579905] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 455.584701] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 455.589294] ? retint_kernel+0x2d/0x2d [ 455.593195] ? trace_hardirqs_on_caller+0xc0/0x310 [ 455.598140] ? retint_kernel+0x2d/0x2d [ 455.602038] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 455.606810] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 455.612326] ? find_held_lock+0x36/0x1c0 [ 455.616445] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 455.621222] ? retint_kernel+0x2d/0x2d [ 455.625133] ? __should_failslab+0x6a/0x180 [ 455.629477] __should_failslab+0x124/0x180 [ 455.633736] should_failslab+0x9/0x14 [ 455.637554] kmem_cache_alloc_node_trace+0x270/0x740 [ 455.642677] ? lockdep_init_map+0x9/0x10 [ 455.646752] ? __init_waitqueue_head+0x9e/0x150 [ 455.651443] ? init_wait_entry+0x1c0/0x1c0 [ 455.655700] __kmalloc_node+0x3c/0x70 [ 455.659517] ? mempool_alloc_slab+0x60/0x60 [ 455.663857] mempool_init_node+0x131/0x550 [ 455.668110] ? ida_alloc_range+0x953/0xc70 [ 455.672357] ? mempool_free+0x370/0x370 [ 455.676345] ? mempool_alloc_slab+0x60/0x60 [ 455.680682] mempool_init+0x3d/0x50 [ 455.684327] bioset_init+0x3d4/0x840 [ 455.688059] ? bioset_exit+0x370/0x370 [ 455.691966] ? retint_kernel+0x2d/0x2d [ 455.695872] blk_alloc_queue_node+0x287/0xe80 [ 455.700376] ? blk_init_allocated_queue+0x640/0x640 [ 455.705393] ? __mutex_init+0x1f7/0x290 [ 455.709366] ? blk_mq_alloc_rq_map+0x12a/0x220 [ 455.713951] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 455.719476] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 455.724220] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 455.728885] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 455.734091] blk_mq_init_queue+0x4b/0xb0 [ 455.738143] loop_add+0x376/0xa40 [ 455.741599] ? retint_kernel+0x2d/0x2d [ 455.745473] ? loop_queue_rq+0x6d0/0x6d0 [ 455.749526] loop_control_ioctl+0x199/0x530 [ 455.753847] ? loop_add+0xa40/0xa40 [ 455.757478] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 455.762396] ? loop_add+0xa40/0xa40 [ 455.766011] do_vfs_ioctl+0x1de/0x1720 [ 455.769886] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 455.774458] ? ioctl_preallocate+0x300/0x300 [ 455.778856] ? __fget_light+0x2e9/0x430 [ 455.782817] ? fget_raw+0x20/0x20 [ 455.786264] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 455.791026] ? do_syscall_64+0x9a/0x820 [ 455.794985] ? do_syscall_64+0x9a/0x820 [ 455.798973] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 455.803555] ? security_file_ioctl+0x94/0xc0 [ 455.807964] ksys_ioctl+0xa9/0xd0 [ 455.811404] __x64_sys_ioctl+0x73/0xb0 [ 455.815288] do_syscall_64+0x1b9/0x820 [ 455.819163] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 455.824516] ? syscall_return_slowpath+0x5e0/0x5e0 [ 455.829437] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.834281] ? trace_hardirqs_on_caller+0x310/0x310 [ 455.839293] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 455.844310] ? prepare_exit_to_usermode+0x291/0x3b0 [ 455.849331] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 455.854167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 455.859343] RIP: 0033:0x457569 [ 455.862522] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:42:42 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c74, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x8dffffff00000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:42 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x59ab0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:42 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3400]}, 0x10) [ 455.881407] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 455.889112] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 455.896385] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 455.903648] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 455.910900] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 455.918177] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:42 executing program 0 (fault-call:23 fault-nth:12): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:42 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa191000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:42 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4002]}, 0x10) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x40030000000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:42 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x109000, 0x0) r2 = semget$private(0x0, 0x3, 0x0) semctl$SEM_STAT(r2, 0x7, 0x12, &(0x7f0000000140)=""/251) write$FUSE_GETXATTR(r1, &(0x7f0000000080)={0x18, 0x0, 0x2}, 0x18) semget$private(0x0, 0x2, 0x0) connect$vsock_dgram(r1, &(0x7f0000000040)={0x28, 0x0, 0x0, @reserved}, 0x10) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xffc99a3b00000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xf0ffffff}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 456.250408] FAULT_INJECTION: forcing a failure. [ 456.250408] name failslab, interval 1, probability 0, space 0, times 0 [ 456.300671] CPU: 1 PID: 17634 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 456.309203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.318565] Call Trace: [ 456.321181] dump_stack+0x244/0x39d [ 456.324838] ? dump_stack_print_info.cold.1+0x20/0x20 [ 456.330058] should_fail.cold.4+0xa/0x17 [ 456.334142] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 456.339590] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 456.344170] ? retint_kernel+0x2d/0x2d [ 456.348130] ? trace_hardirqs_on_caller+0xc0/0x310 [ 456.353060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 456.357832] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 456.363298] ? zap_class+0x640/0x640 [ 456.367038] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 456.371809] ? retint_kernel+0x2d/0x2d [ 456.375724] ? ___might_sleep+0x1e8/0x340 [ 456.379900] ? perf_trace_sched_process_exec+0x860/0x860 [ 456.385375] ? __lock_is_held+0xb5/0x140 [ 456.389466] __should_failslab+0x124/0x180 [ 456.393720] should_failslab+0x9/0x14 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x4}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 456.397530] kmem_cache_alloc+0x2be/0x730 [ 456.401690] ? kasan_kmalloc+0xc7/0xe0 [ 456.405598] ? mempool_free+0x370/0x370 [ 456.409585] mempool_alloc_slab+0x44/0x60 [ 456.413744] mempool_init_node+0x2d2/0x550 [ 456.417996] ? mempool_free+0x370/0x370 [ 456.421986] ? mempool_alloc_slab+0x60/0x60 [ 456.426320] mempool_init+0x3d/0x50 [ 456.429973] bioset_init+0x3d4/0x840 [ 456.433709] ? bioset_exit+0x370/0x370 [ 456.437615] blk_alloc_queue_node+0x287/0xe80 [ 456.442126] ? blk_init_allocated_queue+0x640/0x640 [ 456.447143] ? __mutex_init+0x1f7/0x290 [ 456.451117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 456.456660] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 456.461403] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 456.466064] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 456.471246] blk_mq_init_queue+0x4b/0xb0 [ 456.475292] loop_add+0x376/0xa40 [ 456.478736] ? loop_queue_rq+0x6d0/0x6d0 [ 456.482786] loop_control_ioctl+0x199/0x530 [ 456.487092] ? loop_add+0xa40/0xa40 [ 456.490728] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 456.495645] ? loop_add+0xa40/0xa40 [ 456.499260] do_vfs_ioctl+0x1de/0x1720 [ 456.503135] ? __lock_is_held+0xb5/0x140 [ 456.507183] ? ioctl_preallocate+0x300/0x300 [ 456.511582] ? __fget_light+0x2e9/0x430 [ 456.515546] ? fget_raw+0x20/0x20 [ 456.518988] ? __sb_end_write+0xd9/0x110 [ 456.523035] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 456.528568] ? fput+0x130/0x1a0 [ 456.531846] ? do_syscall_64+0x9a/0x820 [ 456.535821] ? do_syscall_64+0x9a/0x820 [ 456.539795] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 456.544398] ? security_file_ioctl+0x94/0xc0 [ 456.548809] ksys_ioctl+0xa9/0xd0 [ 456.552248] __x64_sys_ioctl+0x73/0xb0 [ 456.556125] do_syscall_64+0x1b9/0x820 [ 456.560021] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 456.565384] ? syscall_return_slowpath+0x5e0/0x5e0 [ 456.570299] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 456.575130] ? trace_hardirqs_on_caller+0x310/0x310 [ 456.580133] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 456.585135] ? prepare_exit_to_usermode+0x291/0x3b0 [ 456.590141] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 456.594971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 456.600143] RIP: 0033:0x457569 [ 456.603324] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 456.622209] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 456.629900] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 456.637160] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 456.644439] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 456.651699] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 456.658974] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:42 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c38, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xffffff8d}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:42 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe]}, 0x10) 11:42:42 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000006400)='/dev/snapshot\x00', 0x400800, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040)=0x100000001, 0xfffffdfa) 11:42:42 executing program 0 (fault-call:23 fault-nth:13): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:42 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa1f0, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x34000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:42 executing program 3: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vga_arbiter\x00', 0x410100, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000003c0)=[@in6={0xa, 0x4e23, 0x4, @mcast1}, @in6={0xa, 0x4e24, 0x3, @loopback, 0x5}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e20, @loopback}, @in={0x2, 0x4e21, @multicast2}, @in={0x2, 0x4e23, @remote}], 0x98) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) recvmsg(r1, &(0x7f0000000200)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/131, 0x83}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x2, &(0x7f00000001c0)=""/21, 0x15, 0x2}, 0x2) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e23, 0xc06, @remote, 0x2}}, 0xffff, 0x1}, &(0x7f0000000300)=0x90) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000340)={r3, 0x0, 0x1}, 0x8) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:42 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x817b0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:42 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa]}, 0x10) 11:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xeffdffff}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xffc99a3b}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 456.980863] FAULT_INJECTION: forcing a failure. [ 456.980863] name failslab, interval 1, probability 0, space 0, times 0 [ 457.025982] CPU: 1 PID: 17688 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 457.034521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.043883] Call Trace: [ 457.046508] dump_stack+0x244/0x39d [ 457.050173] ? dump_stack_print_info.cold.1+0x20/0x20 [ 457.055372] ? should_fail+0x8f3/0xd01 [ 457.059270] should_fail.cold.4+0xa/0x17 [ 457.063343] ? __kernel_text_address+0xd/0x40 [ 457.067857] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 457.072976] ? __save_stack_trace+0x8d/0xf0 [ 457.077323] ? zap_class+0x640/0x640 [ 457.081051] ? save_stack+0xa9/0xd0 [ 457.084699] ? save_stack+0x43/0xd0 [ 457.088336] ? kasan_kmalloc+0xc7/0xe0 [ 457.092252] ? find_held_lock+0x36/0x1c0 [ 457.096331] ? __lock_is_held+0xb5/0x140 [ 457.100415] ? perf_trace_sched_process_exec+0x860/0x860 [ 457.105892] __should_failslab+0x124/0x180 [ 457.110154] should_failslab+0x9/0x14 [ 457.113969] kmem_cache_alloc+0x2be/0x730 [ 457.118134] ? kasan_kmalloc+0xc7/0xe0 [ 457.122041] ? mempool_free+0x370/0x370 [ 457.126030] mempool_alloc_slab+0x44/0x60 [ 457.130187] mempool_init_node+0x2d2/0x550 [ 457.134443] ? mempool_free+0x370/0x370 [ 457.138436] ? mempool_alloc_slab+0x60/0x60 [ 457.142772] mempool_init+0x3d/0x50 [ 457.146439] bioset_init+0x3d4/0x840 [ 457.150144] ? bioset_exit+0x370/0x370 [ 457.154039] blk_alloc_queue_node+0x287/0xe80 [ 457.158570] ? blk_init_allocated_queue+0x640/0x640 [ 457.163634] ? __mutex_init+0x1f7/0x290 [ 457.167609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 457.173135] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 457.177878] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 457.182538] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 457.187721] blk_mq_init_queue+0x4b/0xb0 [ 457.191782] loop_add+0x376/0xa40 [ 457.195254] ? loop_queue_rq+0x6d0/0x6d0 [ 457.199322] loop_control_ioctl+0x199/0x530 [ 457.203649] ? loop_add+0xa40/0xa40 [ 457.207260] ? __f_unlock_pos+0x19/0x20 [ 457.211224] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 457.216147] ? loop_add+0xa40/0xa40 [ 457.219783] do_vfs_ioctl+0x1de/0x1720 [ 457.223674] ? __lock_is_held+0xb5/0x140 [ 457.227735] ? ioctl_preallocate+0x300/0x300 [ 457.232154] ? __fget_light+0x2e9/0x430 [ 457.236128] ? fget_raw+0x20/0x20 [ 457.239574] ? __sb_end_write+0xd9/0x110 [ 457.243645] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 457.249178] ? fput+0x130/0x1a0 [ 457.252465] ? do_syscall_64+0x9a/0x820 [ 457.256473] ? do_syscall_64+0x9a/0x820 [ 457.260448] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 457.265049] ? security_file_ioctl+0x94/0xc0 [ 457.269506] ksys_ioctl+0xa9/0xd0 [ 457.272986] __x64_sys_ioctl+0x73/0xb0 [ 457.276876] do_syscall_64+0x1b9/0x820 [ 457.280750] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 457.286102] ? syscall_return_slowpath+0x5e0/0x5e0 [ 457.291019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 457.295863] ? trace_hardirqs_on_caller+0x310/0x310 [ 457.300883] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 457.305892] ? prepare_exit_to_usermode+0x291/0x3b0 [ 457.310950] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 457.315801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 457.320976] RIP: 0033:0x457569 [ 457.324157] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 457.343050] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.350748] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 457.358004] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 457.365257] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 11:42:43 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c5a, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:43 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x80000000, 0x10000) ioctl$KVM_GET_CLOCK(r1, 0x8030ae7c, &(0x7f0000000040)) 11:42:43 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x394e0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xfffffff0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 457.372516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 457.379784] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:43 executing program 0 (fault-call:23 fault-nth:14): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:43 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x9000000]}, 0x10) 11:42:43 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd914, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:43 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x100, 0x200) ioctl$RTC_SET_TIME(r1, 0x4024700a, &(0x7f0000000180)={0xc, 0xb, 0xa, 0x3, 0x0, 0x3, 0x5, 0x91}) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r2 = syz_open_pts(0xffffffffffffffff, 0x80000) ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000000040)={0x3, 0x9, 0x33d0a25d}) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000100)=0x8) mkdir(&(0x7f0000000000)='./file0\x00', 0x120) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:43 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x7000000]}, 0x10) 11:42:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xeffdffff00000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xf0ffffff00000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x4000000000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 457.686063] FAULT_INJECTION: forcing a failure. [ 457.686063] name failslab, interval 1, probability 0, space 0, times 0 11:42:43 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c1e, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:43 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x2800, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 457.728872] CPU: 0 PID: 17732 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 457.737417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.746781] Call Trace: [ 457.749390] dump_stack+0x244/0x39d [ 457.753035] ? dump_stack_print_info.cold.1+0x20/0x20 [ 457.758233] ? mark_held_locks+0xc7/0x130 [ 457.762387] ? unwind_get_return_address+0x61/0xa0 [ 457.767327] should_fail.cold.4+0xa/0x17 [ 457.771397] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 457.776513] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 457.781997] ? save_stack+0xa9/0xd0 [ 457.785651] ? zap_class+0x640/0x640 [ 457.789370] ? find_held_lock+0x36/0x1c0 [ 457.793419] ? __lock_is_held+0xb5/0x140 [ 457.797489] ? perf_trace_sched_process_exec+0x860/0x860 [ 457.802955] __should_failslab+0x124/0x180 [ 457.807179] should_failslab+0x9/0x14 [ 457.810967] kmem_cache_alloc+0x2be/0x730 [ 457.815102] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 457.820626] ? __phys_addr+0xa6/0x120 [ 457.824415] ? mempool_init+0x3d/0x50 [ 457.828206] ? mempool_free+0x370/0x370 [ 457.832167] mempool_alloc_slab+0x44/0x60 [ 457.836301] mempool_init_node+0x2d2/0x550 [ 457.840525] ? mempool_free+0x370/0x370 [ 457.844510] ? mempool_alloc_slab+0x60/0x60 [ 457.848830] mempool_init+0x3d/0x50 [ 457.852449] bioset_init+0x3d4/0x840 [ 457.856155] ? bioset_exit+0x370/0x370 [ 457.860033] blk_alloc_queue_node+0x287/0xe80 [ 457.864519] ? blk_init_allocated_queue+0x640/0x640 [ 457.869523] ? __mutex_init+0x1f7/0x290 [ 457.873494] ? blk_mq_alloc_rqs+0x79b/0x980 [ 457.877803] ? __blk_mq_alloc_rq_map+0x15f/0x2e0 [ 457.882544] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 457.888065] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 457.892807] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 457.897474] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 457.902684] blk_mq_init_queue+0x4b/0xb0 [ 457.906734] loop_add+0x376/0xa40 [ 457.910177] ? loop_queue_rq+0x6d0/0x6d0 [ 457.914236] loop_control_ioctl+0x199/0x530 [ 457.918557] ? loop_add+0xa40/0xa40 [ 457.922189] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 457.927111] ? loop_add+0xa40/0xa40 [ 457.930724] do_vfs_ioctl+0x1de/0x1720 [ 457.934598] ? __lock_is_held+0xb5/0x140 [ 457.938650] ? ioctl_preallocate+0x300/0x300 [ 457.943057] ? __fget_light+0x2e9/0x430 [ 457.947033] ? fget_raw+0x20/0x20 [ 457.950472] ? __sb_end_write+0xd9/0x110 [ 457.954520] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 457.960056] ? fput+0x130/0x1a0 [ 457.963322] ? do_syscall_64+0x9a/0x820 [ 457.967289] ? do_syscall_64+0x9a/0x820 [ 457.971249] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 457.975820] ? security_file_ioctl+0x94/0xc0 [ 457.980215] ksys_ioctl+0xa9/0xd0 [ 457.983654] __x64_sys_ioctl+0x73/0xb0 [ 457.987539] do_syscall_64+0x1b9/0x820 [ 457.991419] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 457.996769] ? syscall_return_slowpath+0x5e0/0x5e0 [ 458.001682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 458.006513] ? trace_hardirqs_on_caller+0x310/0x310 [ 458.011515] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 458.016519] ? prepare_exit_to_usermode+0x291/0x3b0 [ 458.021524] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 458.026361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 458.031550] RIP: 0033:0x457569 [ 458.034732] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 458.053620] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 458.061319] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 458.068590] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 11:42:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x8000000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 458.075895] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 458.083173] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 458.090430] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:44 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/packet\x00') ioctl$KVM_NMI(r0, 0xae9a) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:44 executing program 0 (fault-call:23 fault-nth:15): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:44 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf401]}, 0x10) 11:42:44 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c48, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:44 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x2c81, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x400300}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:44 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:44 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400040, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:44 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9829, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:44 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3e8]}, 0x10) 11:42:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x3b9ac9ff}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x8}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:44 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) close(r0) [ 458.525090] FAULT_INJECTION: forcing a failure. [ 458.525090] name failslab, interval 1, probability 0, space 0, times 0 [ 458.575239] CPU: 1 PID: 17791 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 458.583804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.593183] Call Trace: [ 458.595790] dump_stack+0x244/0x39d [ 458.599447] ? dump_stack_print_info.cold.1+0x20/0x20 [ 458.604646] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 458.609418] should_fail.cold.4+0xa/0x17 [ 458.613502] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 458.618619] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 458.623385] ? zap_class+0x640/0x640 [ 458.627111] ? retint_kernel+0x2d/0x2d [ 458.631006] ? __lock_is_held+0xb5/0x140 [ 458.635062] ? perf_trace_sched_process_exec+0x860/0x860 [ 458.640525] __should_failslab+0x124/0x180 [ 458.644766] should_failslab+0x9/0x14 [ 458.648564] kmem_cache_alloc_node_trace+0x270/0x740 [ 458.653665] ? lockdep_init_map+0x9/0x10 [ 458.657716] ? __init_waitqueue_head+0x9e/0x150 [ 458.662373] ? init_wait_entry+0x1c0/0x1c0 [ 458.666598] __kmalloc_node+0x3c/0x70 [ 458.670387] ? mempool_alloc_slab+0x60/0x60 [ 458.674697] mempool_init_node+0x131/0x550 [ 458.678929] ? mempool_free+0x370/0x370 [ 458.682891] ? mempool_alloc_slab+0x60/0x60 [ 458.687200] mempool_init+0x3d/0x50 [ 458.690817] bioset_init+0x646/0x840 [ 458.694519] ? bioset_exit+0x370/0x370 [ 458.698399] blk_alloc_queue_node+0x287/0xe80 [ 458.702883] ? blk_init_allocated_queue+0x640/0x640 [ 458.707889] ? __mutex_init+0x1f7/0x290 [ 458.711862] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 458.717386] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 458.722133] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 458.726793] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 458.731979] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 458.736730] blk_mq_init_queue+0x4b/0xb0 [ 458.740782] loop_add+0x376/0xa40 [ 458.744224] ? loop_queue_rq+0x6d0/0x6d0 [ 458.748280] loop_control_ioctl+0x199/0x530 [ 458.752593] ? loop_add+0xa40/0xa40 [ 458.756209] ? loop_add+0xa40/0xa40 [ 458.759833] ? loop_add+0xa40/0xa40 [ 458.763453] do_vfs_ioctl+0x1de/0x1720 [ 458.767329] ? __lock_is_held+0xb5/0x140 [ 458.771380] ? ioctl_preallocate+0x300/0x300 [ 458.775776] ? __fget_light+0x2e9/0x430 [ 458.779745] ? fget_raw+0x20/0x20 [ 458.783191] ? __sb_end_write+0xd9/0x110 [ 458.787242] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 458.792792] ? fput+0x130/0x1a0 [ 458.796076] ? do_syscall_64+0x9a/0x820 [ 458.800036] ? do_syscall_64+0x9a/0x820 [ 458.804011] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 458.808607] ? security_file_ioctl+0x94/0xc0 [ 458.813018] ksys_ioctl+0xa9/0xd0 [ 458.816475] __x64_sys_ioctl+0x73/0xb0 [ 458.820353] do_syscall_64+0x1b9/0x820 [ 458.824228] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 458.829595] ? syscall_return_slowpath+0x5e0/0x5e0 [ 458.834525] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 458.839357] ? trace_hardirqs_on_caller+0x310/0x310 [ 458.844359] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 458.849363] ? prepare_exit_to_usermode+0x291/0x3b0 [ 458.854378] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 458.859230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 458.864415] RIP: 0033:0x457569 [ 458.867598] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 458.886492] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 458.894216] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 458.901474] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 458.908738] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 458.916003] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 458.923255] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:45 executing program 0 (fault-call:23 fault-nth:16): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x8dffffff}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:45 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c2b, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:45 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x3400000000000000]}, 0x10) 11:42:45 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4d51, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:45 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0xa00, 0x0) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000100)=0xffffffffffffff9c) ioctl$SNDRV_TIMER_IOCTL_START(r1, 0x54a0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:45 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x7fb1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:45 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(cast6)\x00'}, 0x63) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:45 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000000000000000]}, 0x10) 11:42:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x40000}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0xfffffdef}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 459.223158] FAULT_INJECTION: forcing a failure. [ 459.223158] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 459.235013] CPU: 0 PID: 17836 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 459.243510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.252873] Call Trace: [ 459.255480] dump_stack+0x244/0x39d [ 459.259132] ? dump_stack_print_info.cold.1+0x20/0x20 [ 459.264345] ? zap_class+0x640/0x640 [ 459.268082] should_fail.cold.4+0xa/0x17 [ 459.272156] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 459.277271] ? find_held_lock+0x36/0x1c0 [ 459.281358] ? mark_held_locks+0x130/0x130 [ 459.285603] ? check_preemption_disabled+0x48/0x280 [ 459.290650] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 459.295593] ? kasan_check_read+0x11/0x20 [ 459.299761] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 459.305055] ? rcu_softirq_qs+0x20/0x20 [ 459.309044] ? rcu_softirq_qs+0x20/0x20 [ 459.313044] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.317818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 459.323367] ? should_fail+0x22d/0xd01 [ 459.327268] ? trace_hardirqs_on_caller+0xc0/0x310 [ 459.332212] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 459.337322] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 459.342788] __alloc_pages_nodemask+0x34b/0xdd0 [ 459.347481] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 459.352518] ? find_held_lock+0x36/0x1c0 [ 459.356622] ? trace_hardirqs_off+0xb8/0x310 [ 459.361052] cache_grow_begin+0xa5/0x8c0 [ 459.361071] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 459.361086] ? check_preemption_disabled+0x48/0x280 [ 459.361108] kmem_cache_alloc+0x66b/0x730 [ 459.375704] ? mempool_free+0x370/0x370 [ 459.375722] mempool_alloc_slab+0x44/0x60 [ 459.375745] mempool_init_node+0x2d2/0x550 [ 459.392218] ? mempool_free+0x370/0x370 [ 459.396205] ? mempool_alloc_slab+0x60/0x60 [ 459.400540] mempool_init+0x3d/0x50 [ 459.404187] bioset_init+0x646/0x840 [ 459.407937] ? bioset_exit+0x370/0x370 [ 459.411844] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 459.416487] blk_alloc_queue_node+0x287/0xe80 [ 459.421001] ? blk_init_allocated_queue+0x640/0x640 [ 459.426019] ? __mutex_init+0x1f7/0x290 [ 459.430018] ? retint_kernel+0x2d/0x2d [ 459.433944] ? blk_mq_alloc_tag_set+0x7bd/0xad0 [ 459.438620] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 459.443312] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 459.448517] blk_mq_init_queue+0x4b/0xb0 [ 459.452592] loop_add+0x376/0xa40 [ 459.456038] ? loop_queue_rq+0x6d0/0x6d0 [ 459.460094] loop_control_ioctl+0x199/0x530 [ 459.464420] ? loop_add+0xa40/0xa40 [ 459.468051] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 459.472967] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.477744] ? loop_add+0xa40/0xa40 [ 459.481373] do_vfs_ioctl+0x1de/0x1720 [ 459.485271] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 459.490725] ? ioctl_preallocate+0x300/0x300 [ 459.495124] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 459.499890] ? retint_kernel+0x2d/0x2d [ 459.503802] ? security_file_ioctl+0x94/0xc0 [ 459.508197] ksys_ioctl+0xa9/0xd0 [ 459.511638] __x64_sys_ioctl+0x73/0xb0 [ 459.515521] do_syscall_64+0x1b9/0x820 [ 459.519416] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 459.524795] ? syscall_return_slowpath+0x5e0/0x5e0 [ 459.529737] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 459.534593] ? trace_hardirqs_on_caller+0x310/0x310 [ 459.539607] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 459.544625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 459.550173] ? prepare_exit_to_usermode+0x291/0x3b0 [ 459.555196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 459.560041] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 459.565229] RIP: 0033:0x457569 [ 459.568412] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 459.587310] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 459.595017] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 459.602281] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 459.609547] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 459.616814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 459.624079] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:45 executing program 0 (fault-call:23 fault-nth:17): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:45 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x985000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:45 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0xc0045878, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:45 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x410080, 0x20) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f00000000c0)) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='overlay\x00', 0x14, &(0x7f00000001c0)={[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'htcp\x00'}}, {@appraise_type='appraise_type=imasig'}]}) 11:42:45 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe8030000]}, 0x10) 11:42:45 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x6149, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 459.942591] FAULT_INJECTION: forcing a failure. [ 459.942591] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 459.954460] CPU: 1 PID: 17864 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 459.962965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.972326] Call Trace: [ 459.974944] dump_stack+0x244/0x39d [ 459.978600] ? dump_stack_print_info.cold.1+0x20/0x20 [ 459.983813] ? zap_class+0x640/0x640 [ 459.987546] should_fail.cold.4+0xa/0x17 11:42:46 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf4010000]}, 0x10) 11:42:46 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x10f9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 459.991634] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 459.996753] ? find_held_lock+0x36/0x1c0 [ 460.000845] ? mark_held_locks+0x130/0x130 [ 460.005088] ? check_preemption_disabled+0x48/0x280 [ 460.010119] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 460.015060] ? kasan_check_read+0x11/0x20 [ 460.019215] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 460.024587] ? rcu_softirq_qs+0x20/0x20 [ 460.028576] ? rcu_softirq_qs+0x20/0x20 [ 460.032561] ? unwind_dump+0x190/0x190 [ 460.036481] ? is_bpf_text_address+0xd3/0x170 [ 460.040983] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 460.046511] ? should_fail+0x22d/0xd01 [ 460.050393] ? __kernel_text_address+0xd/0x40 [ 460.054877] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 460.059971] ? __save_stack_trace+0x8d/0xf0 [ 460.064288] __alloc_pages_nodemask+0x34b/0xdd0 [ 460.068959] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 460.073967] ? save_stack+0x43/0xd0 [ 460.077604] ? kasan_kmalloc+0xc7/0xe0 [ 460.081496] ? find_held_lock+0x36/0x1c0 [ 460.085752] ? trace_hardirqs_off+0xb8/0x310 [ 460.090180] cache_grow_begin+0xa5/0x8c0 [ 460.094244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 460.099770] ? check_preemption_disabled+0x48/0x280 [ 460.104776] kmem_cache_alloc+0x66b/0x730 [ 460.108931] ? mempool_free+0x370/0x370 [ 460.112909] mempool_alloc_slab+0x44/0x60 [ 460.117068] mempool_init_node+0x2d2/0x550 [ 460.121297] ? mempool_free+0x370/0x370 [ 460.125270] ? mempool_alloc_slab+0x60/0x60 [ 460.129590] mempool_init+0x3d/0x50 [ 460.133237] bioset_init+0x646/0x840 [ 460.136969] ? bioset_exit+0x370/0x370 [ 460.140873] blk_alloc_queue_node+0x287/0xe80 [ 460.145361] ? blk_init_allocated_queue+0x640/0x640 [ 460.150376] ? __mutex_init+0x1f7/0x290 [ 460.154370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 460.159909] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 460.164669] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 460.169341] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 460.174543] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.179302] blk_mq_init_queue+0x4b/0xb0 [ 460.183414] loop_add+0x376/0xa40 [ 460.186885] ? loop_queue_rq+0x6d0/0x6d0 [ 460.190968] loop_control_ioctl+0x199/0x530 [ 460.195305] ? loop_add+0xa40/0xa40 [ 460.198950] ? retint_kernel+0x2d/0x2d [ 460.202842] ? do_vfs_ioctl+0x123/0x1720 [ 460.206903] ? loop_add+0xa40/0xa40 [ 460.210540] do_vfs_ioctl+0x1de/0x1720 [ 460.214452] ? ioctl_preallocate+0x300/0x300 [ 460.218864] ? __fget_light+0x2e9/0x430 [ 460.222824] ? fget_raw+0x20/0x20 [ 460.226268] ? __sb_end_write+0xd9/0x110 [ 460.230332] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 460.235883] ? fput+0x130/0x1a0 [ 460.239189] ? do_syscall_64+0x9a/0x820 11:42:46 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vga_arbiter\x00', 0x2063e, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffff9c, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x3}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000100)={r2, 0xeabc}, &(0x7f0000000140)=0x8) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) [ 460.243176] ? do_syscall_64+0x9a/0x820 [ 460.247158] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 460.251757] ? security_file_ioctl+0x94/0xc0 [ 460.256168] ksys_ioctl+0xa9/0xd0 [ 460.259626] __x64_sys_ioctl+0x73/0xb0 [ 460.263531] do_syscall_64+0x1b9/0x820 [ 460.267420] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 460.272776] ? syscall_return_slowpath+0x5e0/0x5e0 [ 460.277691] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.282525] ? trace_hardirqs_on_caller+0x310/0x310 [ 460.287541] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 460.292552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 460.298078] ? prepare_exit_to_usermode+0x291/0x3b0 [ 460.303126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.307987] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 460.313181] RIP: 0033:0x457569 [ 460.316363] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 460.335249] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 11:42:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 460.342956] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 460.350224] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 460.357479] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 460.364740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 460.372008] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:46 executing program 0 (fault-call:23 fault-nth:18): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:46 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x113200, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f00000000c0)={0x2, @time={0x77359400}, 0x5, {0x90000000000000, 0x316}, 0x6, 0x1, 0x9}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:46 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c37, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:46 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4000]}, 0x10) 11:42:46 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x115f000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:46 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="6b57d0ad643402c57486a981b944d34acab31fd8a40907ac9714a695a4c12167f7af727b0c71c812c8de6ed66bc506612c156ca83045aa478ad00ff1186859bacce7c5d3e611e9fa3ff37d549b3bc8d75058bcac67e23f72d4c93d35085a2b53d16daa29428fc70fe47b029a63c6fe70181bccf57b83995d8750328c081a5b9267043fa03c3cd739fcbbe3c42f363ea46b28425e08a7c31754d8676f3feae79da73f54d92af7125d5613845e91b3478f1ff117ccb4cda9843f01", 0xba) r1 = dup3(r0, r0, 0x80000) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7}) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000080)=0x100000001, &(0x7f00000000c0)=0x2) [ 460.806582] FAULT_INJECTION: forcing a failure. [ 460.806582] name failslab, interval 1, probability 0, space 0, times 0 [ 460.841242] CPU: 0 PID: 17911 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 460.849759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.859122] Call Trace: [ 460.861731] dump_stack+0x244/0x39d [ 460.865391] ? dump_stack_print_info.cold.1+0x20/0x20 [ 460.870599] ? __kernel_text_address+0xd/0x40 [ 460.875113] ? unwind_get_return_address+0x61/0xa0 [ 460.880067] should_fail.cold.4+0xa/0x17 [ 460.884146] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 460.889266] ? save_stack+0xa9/0xd0 [ 460.892908] ? kasan_kmalloc+0xc7/0xe0 [ 460.896820] ? kasan_slab_alloc+0x12/0x20 [ 460.900979] ? kmem_cache_alloc+0x12e/0x730 [ 460.905316] ? zap_class+0x640/0x640 [ 460.909040] ? mark_held_locks+0xc7/0x130 [ 460.913195] ? do_vfs_ioctl+0x1de/0x1720 [ 460.917270] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.922045] ? find_held_lock+0x36/0x1c0 [ 460.926127] ? __lock_is_held+0xb5/0x140 [ 460.930263] ? xfs_bmap_add_extent_delay_real+0x458/0x5610 [ 460.935914] ? perf_trace_sched_process_exec+0x860/0x860 [ 460.941410] __should_failslab+0x124/0x180 [ 460.945664] should_failslab+0x9/0x14 [ 460.949479] kmem_cache_alloc+0x2be/0x730 [ 460.953647] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 460.959196] ? __phys_addr+0xa6/0x120 [ 460.963008] ? mempool_init+0x3d/0x50 [ 460.966826] ? mempool_free+0x370/0x370 [ 460.970809] mempool_alloc_slab+0x44/0x60 [ 460.974971] mempool_init_node+0x2d2/0x550 [ 460.979223] ? mempool_free+0x370/0x370 [ 460.983214] ? mempool_alloc_slab+0x60/0x60 [ 460.987548] mempool_init+0x3d/0x50 [ 460.991189] bioset_init+0x646/0x840 [ 460.994941] ? bioset_exit+0x370/0x370 [ 460.998845] ? write_comp_data+0x70/0x70 [ 461.002942] blk_alloc_queue_node+0x287/0xe80 [ 461.007454] ? blk_init_allocated_queue+0x640/0x640 [ 461.012483] ? __mutex_init+0x1f7/0x290 [ 461.016492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 461.022042] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 461.026816] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 461.031505] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 461.036723] blk_mq_init_queue+0x4b/0xb0 [ 461.040801] loop_add+0x376/0xa40 [ 461.044277] ? loop_queue_rq+0x6d0/0x6d0 [ 461.048358] loop_control_ioctl+0x199/0x530 [ 461.052690] ? loop_add+0xa40/0xa40 11:42:47 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x99340000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:47 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)) openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x802, 0x0) [ 461.056333] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 461.061310] ? loop_add+0xa40/0xa40 [ 461.064976] do_vfs_ioctl+0x1de/0x1720 [ 461.068893] ? __lock_is_held+0xb5/0x140 [ 461.073003] ? ioctl_preallocate+0x300/0x300 [ 461.077421] ? __fget_light+0x2e9/0x430 [ 461.081410] ? fget_raw+0x20/0x20 [ 461.084882] ? __sb_end_write+0xd9/0x110 [ 461.088975] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 461.094524] ? fput+0x130/0x1a0 [ 461.097821] ? do_syscall_64+0x9a/0x820 [ 461.101810] ? do_syscall_64+0x9a/0x820 [ 461.105800] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 461.110403] ? security_file_ioctl+0x94/0xc0 [ 461.114826] ksys_ioctl+0xa9/0xd0 [ 461.118294] __x64_sys_ioctl+0x73/0xb0 [ 461.122190] do_syscall_64+0x1b9/0x820 [ 461.126087] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 461.131455] ? syscall_return_slowpath+0x5e0/0x5e0 [ 461.136369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 461.141196] ? trace_hardirqs_on_caller+0x310/0x310 [ 461.146196] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 461.151199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 461.156736] ? prepare_exit_to_usermode+0x291/0x3b0 [ 461.161743] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 461.166596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 461.171767] RIP: 0033:0x457569 [ 461.174950] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 461.193833] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 461.201524] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 461.208777] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 461.216169] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 461.223421] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 461.230675] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:47 executing program 0 (fault-call:23 fault-nth:19): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:47 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c21, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:47 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe00]}, 0x10) 11:42:47 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc9500000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:47 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000000)='trusted.overlay.upper\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="00fbf202000e5d08560b7696ba071b663ca0243c4cc2881f090e27927d811d901e596ffcc2f5d7a42542965ef7ca228bcefe947ae12f59adeafcd8b0f4f28a0947e60f36f82c83f3513bb0d7f591e2deb1de5e685b124b45baee4281b9ee70e5323b001d314b5401c82b9636b132345e89667568cd5750419f7507d5c79db1a84493c3227fc12bbd7eb41cd73267e2880f058e17bf7784808315fd81a293577892dc6d99e253551e8aa8375923ee47bdcdfdcb03a6e6ee3eb2db5ee6c373e002a26109440dda19296139baaec98cae925ee26f06fb865d1969dbf53ffc3b298ad3b819871f8877d14503bb7e4e4e1cd6ebadbe39df1d4064"], 0xf2, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="b7f2288a", 0xfffffffffffffcdd) 11:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:47 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x3, 0x41) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) 11:42:47 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb922, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:47 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x4]}, 0x10) 11:42:47 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) fcntl$dupfd(r0, 0x406, r0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 461.621427] FAULT_INJECTION: forcing a failure. [ 461.621427] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 461.633287] CPU: 1 PID: 17978 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 461.641783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 461.641792] Call Trace: [ 461.641818] dump_stack+0x244/0x39d [ 461.641852] ? dump_stack_print_info.cold.1+0x20/0x20 [ 461.662583] should_fail.cold.4+0xa/0x17 [ 461.666665] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 461.671781] ? is_bpf_text_address+0xac/0x170 [ 461.676291] ? lock_downgrade+0x900/0x900 [ 461.680461] ? check_preemption_disabled+0x48/0x280 [ 461.685499] ? print_usage_bug+0xc0/0xc0 [ 461.689577] ? mark_held_locks+0x130/0x130 [ 461.693832] ? rcu_softirq_qs+0x20/0x20 [ 461.697814] ? unwind_dump+0x190/0x190 [ 461.697843] ? is_bpf_text_address+0xd3/0x170 [ 461.697862] ? kernel_text_address+0x79/0xf0 [ 461.697884] ? mark_held_locks+0xc7/0x130 [ 461.697905] ? __save_stack_trace+0x8d/0xf0 [ 461.719128] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 461.724683] ? should_fail+0x22d/0xd01 [ 461.728581] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 461.733180] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 461.733200] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 461.733224] __alloc_pages_nodemask+0x34b/0xdd0 [ 461.733242] ? kasan_slab_alloc+0x12/0x20 [ 461.751888] ? kmem_cache_alloc+0x12e/0x730 [ 461.751912] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 461.751952] ? retint_kernel+0x2d/0x2d [ 461.765189] ? trace_hardirqs_off+0xb8/0x310 [ 461.769613] cache_grow_begin+0xa5/0x8c0 [ 461.773687] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 461.779237] ? check_preemption_disabled+0x48/0x280 [ 461.784276] kmem_cache_alloc+0x66b/0x730 [ 461.788449] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 461.794007] ? mempool_free+0x370/0x370 [ 461.797997] mempool_alloc_slab+0x44/0x60 [ 461.802162] mempool_init_node+0x2d2/0x550 [ 461.806424] ? mempool_free+0x370/0x370 [ 461.810415] ? mempool_alloc_slab+0x60/0x60 [ 461.814752] mempool_init+0x3d/0x50 [ 461.818395] bioset_init+0x646/0x840 [ 461.822125] ? bioset_exit+0x370/0x370 [ 461.826032] blk_alloc_queue_node+0x287/0xe80 [ 461.830543] ? blk_init_allocated_queue+0x640/0x640 [ 461.835572] ? __mutex_init+0x1f7/0x290 [ 461.839582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 461.845139] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 461.849948] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 461.854637] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 461.859845] blk_mq_init_queue+0x4b/0xb0 [ 461.863932] loop_add+0x376/0xa40 [ 461.867406] ? loop_queue_rq+0x6d0/0x6d0 [ 461.871497] loop_control_ioctl+0x199/0x530 [ 461.875823] ? loop_add+0xa40/0xa40 [ 461.879447] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 461.884375] ? loop_add+0xa40/0xa40 [ 461.887990] do_vfs_ioctl+0x1de/0x1720 [ 461.891864] ? __lock_is_held+0xb5/0x140 [ 461.895913] ? ioctl_preallocate+0x300/0x300 [ 461.900319] ? __fget_light+0x2e9/0x430 [ 461.904281] ? fget_raw+0x20/0x20 [ 461.907725] ? __sb_end_write+0xd9/0x110 [ 461.911792] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 461.917326] ? fput+0x130/0x1a0 [ 461.920610] ? do_syscall_64+0x9a/0x820 [ 461.924583] ? do_syscall_64+0x9a/0x820 [ 461.928552] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 461.933138] ? security_file_ioctl+0x94/0xc0 [ 461.937544] ksys_ioctl+0xa9/0xd0 [ 461.940993] __x64_sys_ioctl+0x73/0xb0 [ 461.944866] do_syscall_64+0x1b9/0x820 [ 461.948748] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 461.954109] ? syscall_return_slowpath+0x5e0/0x5e0 [ 461.959034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 461.963874] ? trace_hardirqs_on_caller+0x310/0x310 [ 461.968875] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 461.973883] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 461.979406] ? prepare_exit_to_usermode+0x291/0x3b0 [ 461.984411] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 461.989248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 461.994440] RIP: 0033:0x457569 [ 461.997634] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 462.016521] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 462.024211] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 462.031483] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 462.038740] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 462.046035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 462.053292] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:48 executing program 0 (fault-call:23 fault-nth:20): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:48 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c4f, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:48 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x900000000000000]}, 0x10) 11:42:48 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept$inet(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e23, 0xd63, @mcast2, 0xfffffffffffffff9}}, 0x1, 0x3}, &(0x7f0000000200)=0x90) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000240)={r2, @in6={{0xa, 0x4e24, 0x4, @empty, 0xff}}}, 0x84) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x40, 0x0) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000040)=0x3, 0x4) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:48 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9eb000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 462.310167] FAULT_INJECTION: forcing a failure. [ 462.310167] name failslab, interval 1, probability 0, space 0, times 0 [ 462.344328] CPU: 1 PID: 18003 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 462.352844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.362209] Call Trace: [ 462.364827] dump_stack+0x244/0x39d [ 462.368485] ? dump_stack_print_info.cold.1+0x20/0x20 [ 462.373701] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.378483] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 462.383084] should_fail.cold.4+0xa/0x17 [ 462.387163] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 462.392630] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 462.397762] ? zap_class+0x640/0x640 [ 462.401489] ? retint_kernel+0x2d/0x2d [ 462.405403] ? __lock_is_held+0xb5/0x140 11:42:48 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x1010000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 462.409573] ? nfs3_proc_lookup+0x28/0x750 [ 462.413838] ? perf_trace_sched_process_exec+0x860/0x860 [ 462.419315] __should_failslab+0x124/0x180 [ 462.423563] should_failslab+0x9/0x14 [ 462.427377] kmem_cache_alloc_node_trace+0x270/0x740 [ 462.432500] ? bioset_exit+0x370/0x370 [ 462.436409] bdi_alloc_node+0x89/0xe0 [ 462.440237] blk_alloc_queue_node+0x2b7/0xe80 [ 462.444751] ? blk_init_allocated_queue+0x640/0x640 [ 462.449781] ? __mutex_init+0x1f7/0x290 [ 462.453793] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 11:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 462.459344] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 462.464121] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 462.468811] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 462.474019] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.478794] blk_mq_init_queue+0x4b/0xb0 [ 462.482876] loop_add+0x376/0xa40 [ 462.486347] ? loop_queue_rq+0x6d0/0x6d0 [ 462.490440] loop_control_ioctl+0x199/0x530 [ 462.494776] ? loop_add+0xa40/0xa40 [ 462.498427] ? loop_add+0xa40/0xa40 [ 462.502085] ? loop_add+0xa40/0xa40 [ 462.505726] do_vfs_ioctl+0x1de/0x1720 11:42:48 executing program 3: syz_emit_ethernet(0x21e, &(0x7f00000000c0)={@dev={[], 0x14}, @dev={[], 0x17}, [{[], {0x8100, 0x10000, 0x1, 0x2}}], {@ipv6={0x86dd, {0x85, 0x6, "848718", 0x1e4, 0x7f, 0x0, @mcast1, @mcast2, {[@srh={0x76, 0x8, 0x4, 0x4, 0xbf, 0x40, 0x3ff, [@empty, @ipv4={[], [], @multicast2}, @mcast2, @loopback]}, @srh={0xff, 0x8, 0x4, 0x4, 0x1, 0x20, 0x1000, [@remote, @mcast1, @mcast1, @mcast2]}, @dstopts={0x3a, 0x8, [], [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x5}, @pad1, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x28, {0x7, 0x8, 0x449147e7, 0x1dd, [0x8, 0x1e, 0x0, 0xfffffffffffffffc]}}]}], @udp={0x4e21, 0x4e24, 0x104, 0x0, [@guehdr={0x1, 0x6, 0x3, 0x3f, 0x100}, @guehdr={0x2, 0x1f, 0x684a, 0x1000, 0x0, [0x0]}, @guehdr={0x2, 0x3, 0x800, 0x87, 0x100, [0x80]}, @guehdr={0x1, 0xc59, 0x2, 0xfffffffffffffff3, 0x100}, @guehdr={0x1, 0x4, 0x10000, 0x8}, @guehdr={0x1, 0x2, 0xffff00000000000, 0xfff}, @guehdr={0x1, 0x1ff, 0x4, 0x6, 0x100}, @guehdr={0x2, 0x5, 0x7, 0x114c5898, 0x100, [0x80]}, @guehdr={0x2, 0x7ff, 0x4, 0x92, 0x100, [0x80]}, @guehdr={0x2, 0x1ae, 0x2, 0x8, 0x100, [0x80]}], "68982cad6a6a202ad98193150587394695872e862b98e7628f71f67b9107946738cb0d006bcba31171970dc7da05140d106016c001b079abf4b03ac8e99c522432b7ea590859433026e25d13ae361062405680b636e64326a7a93cbddfe629ff2c9d3c15ccd54527756efd415d629c1cc335235fab7554266fa34ed72562e9139d378a0638234d0810451919908c041c3d77ecc33712f45f407f20a332cefe0062575b81b6a8058dfca42625f7e61543b15e8cb3a9d4a84b91239f5ce6893e60"}}}}}}, &(0x7f0000000000)={0x1, 0x3, [0xddb, 0x385, 0x308, 0x9ee]}) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) [ 462.509630] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.514401] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 462.519874] ? ioctl_preallocate+0x300/0x300 [ 462.524302] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 462.529080] ? retint_kernel+0x2d/0x2d [ 462.532996] ksys_ioctl+0xa9/0xd0 [ 462.536472] __x64_sys_ioctl+0x73/0xb0 [ 462.540377] do_syscall_64+0x1b9/0x820 [ 462.544277] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 462.549665] ? syscall_return_slowpath+0x5e0/0x5e0 [ 462.554609] ? trace_hardirqs_off_thunk+0x1a/0x1c 11:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 462.559473] ? trace_hardirqs_on_caller+0x310/0x310 [ 462.564507] ? prepare_exit_to_usermode+0x291/0x3b0 [ 462.569539] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 462.574404] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 462.579609] RIP: 0033:0x457569 [ 462.582816] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 462.601754] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 462.609471] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 462.616749] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 462.624022] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 462.631300] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 462.638577] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:48 executing program 0 (fault-call:23 fault-nth:21): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:48 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x5]}, 0x10) 11:42:48 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c78, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:48 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x6195, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:48 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) 11:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:49 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x51b0, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:49 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xe00000000000000]}, 0x10) 11:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:49 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3, 0x28200) write$P9_RFSYNC(r1, &(0x7f0000000040)={0x7, 0x33, 0x2}, 0x7) [ 463.033622] FAULT_INJECTION: forcing a failure. [ 463.033622] name failslab, interval 1, probability 0, space 0, times 0 [ 463.061714] CPU: 0 PID: 18068 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 463.070224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 463.079584] Call Trace: [ 463.082196] dump_stack+0x244/0x39d [ 463.085888] ? dump_stack_print_info.cold.1+0x20/0x20 [ 463.091179] ? blkg_create+0xa61/0x1a70 [ 463.095178] should_fail.cold.4+0xa/0x17 [ 463.099264] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 463.104389] ? mark_held_locks+0xc7/0x130 [ 463.108558] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 463.113332] ? retint_kernel+0x2d/0x2d [ 463.117233] ? trace_hardirqs_on_caller+0xc0/0x310 [ 463.122180] ? blkg_create+0xa66/0x1a70 [ 463.126164] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 463.130945] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 463.136411] ? find_held_lock+0x36/0x1c0 [ 463.140479] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 463.145238] ? retint_kernel+0x2d/0x2d [ 463.149134] ? __should_failslab+0x5c/0x180 [ 463.153447] ? write_comp_data+0x22/0x70 [ 463.157499] __should_failslab+0x124/0x180 [ 463.161741] should_failslab+0x9/0x14 [ 463.165531] kmem_cache_alloc_trace+0x2d7/0x750 [ 463.170188] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 463.175107] ? kasan_check_read+0x11/0x20 [ 463.179241] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 463.184506] ? rcu_softirq_qs+0x20/0x20 [ 463.188469] blk_iolatency_init+0x51/0x2e0 [ 463.192692] blkcg_init_queue+0x1e3/0x560 [ 463.196844] blk_alloc_queue_node+0x972/0xe80 [ 463.201330] ? blk_init_allocated_queue+0x640/0x640 [ 463.206339] ? __mutex_init+0x1f7/0x290 [ 463.210310] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 463.215989] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 463.220739] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 463.225955] blk_mq_init_queue+0x4b/0xb0 [ 463.230021] loop_add+0x376/0xa40 [ 463.233464] ? loop_queue_rq+0x6d0/0x6d0 [ 463.237519] loop_control_ioctl+0x199/0x530 [ 463.241829] ? loop_add+0xa40/0xa40 [ 463.245465] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 463.250386] ? loop_add+0xa40/0xa40 [ 463.254000] do_vfs_ioctl+0x1de/0x1720 [ 463.257875] ? __lock_is_held+0xb5/0x140 [ 463.261938] ? ioctl_preallocate+0x300/0x300 [ 463.266335] ? __fget_light+0x2e9/0x430 [ 463.270305] ? fget_raw+0x20/0x20 [ 463.273768] ? __sb_end_write+0xd9/0x110 [ 463.277826] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 463.283350] ? fput+0x130/0x1a0 [ 463.286616] ? do_syscall_64+0x9a/0x820 [ 463.290592] ? do_syscall_64+0x9a/0x820 [ 463.294557] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 463.299129] ? security_file_ioctl+0x94/0xc0 [ 463.303527] ksys_ioctl+0xa9/0xd0 [ 463.306974] __x64_sys_ioctl+0x73/0xb0 [ 463.310850] do_syscall_64+0x1b9/0x820 [ 463.314734] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 463.320119] ? syscall_return_slowpath+0x5e0/0x5e0 [ 463.325048] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.329881] ? trace_hardirqs_on_caller+0x310/0x310 [ 463.334899] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 463.339943] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 463.345484] ? prepare_exit_to_usermode+0x291/0x3b0 [ 463.350502] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.355360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 463.360534] RIP: 0033:0x457569 [ 463.363726] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 11:42:49 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x2d99, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 463.382612] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 463.390306] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 463.397566] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 463.404824] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 463.412082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 463.419335] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:49 executing program 0 (fault-call:23 fault-nth:22): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:49 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c66, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:49 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xf401000000000000]}, 0x10) 11:42:49 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) getgroups(0x2, &(0x7f0000000000)=[0xffffffffffffffff, 0xee01]) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) getgroups(0x1, &(0x7f0000000100)=[0xffffffffffffffff]) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x5, &(0x7f0000000280)=[r1, r2, r3, r4, r5]) 11:42:49 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe0b9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:49 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa987000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:49 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0xa00000000000000]}, 0x10) 11:42:49 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) pause() fcntl$setpipe(r0, 0x407, 0x3) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) 11:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5, 0x0}}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 463.772192] FAULT_INJECTION: forcing a failure. [ 463.772192] name failslab, interval 1, probability 0, space 0, times 0 [ 463.822722] CPU: 0 PID: 18107 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 463.831265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 463.840629] Call Trace: [ 463.843244] dump_stack+0x244/0x39d [ 463.846896] ? dump_stack_print_info.cold.1+0x20/0x20 [ 463.852117] ? rcu_softirq_qs+0x20/0x20 [ 463.856114] should_fail.cold.4+0xa/0x17 [ 463.860196] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 463.865303] ? kernel_text_address+0x79/0xf0 11:42:49 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x100000000000000]}, 0x10) [ 463.869718] ? __save_stack_trace+0x8d/0xf0 [ 463.874051] ? zap_class+0x640/0x640 [ 463.877782] ? find_held_lock+0x36/0x1c0 [ 463.881858] ? __lock_is_held+0xb5/0x140 [ 463.885948] ? drm_connector_init.cold.12+0x68/0x154 [ 463.891090] ? perf_trace_sched_process_exec+0x860/0x860 [ 463.896549] ? mark_held_locks+0xc7/0x130 [ 463.900701] ? _raw_spin_unlock_irq+0x27/0x80 [ 463.905186] __should_failslab+0x124/0x180 [ 463.909420] should_failslab+0x9/0x14 [ 463.913228] kmem_cache_alloc_node_trace+0x270/0x740 [ 463.918353] ? __lock_is_held+0xb5/0x140 [ 463.922408] iolatency_pd_alloc+0x93/0x120 [ 463.926643] ? blk_queue_bypass_start+0x196/0x2c0 [ 463.931487] ? iolatency_set_limit+0x620/0x620 [ 463.936058] blkcg_activate_policy+0xf4/0x580 [ 463.940546] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 463.945462] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 463.950756] blk_iolatency_init+0x130/0x2e0 [ 463.955079] blkcg_init_queue+0x1e3/0x560 [ 463.959245] blk_alloc_queue_node+0x972/0xe80 [ 463.963754] ? blk_init_allocated_queue+0x640/0x640 [ 463.968762] ? __mutex_init+0x1f7/0x290 [ 463.972740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 463.978284] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 463.983049] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 463.988227] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 463.992990] blk_mq_init_queue+0x4b/0xb0 [ 463.997042] loop_add+0x376/0xa40 [ 464.000486] ? loop_queue_rq+0x6d0/0x6d0 [ 464.004538] loop_control_ioctl+0x199/0x530 [ 464.008853] ? loop_add+0xa40/0xa40 [ 464.012497] ? loop_add+0xa40/0xa40 [ 464.016131] ? loop_add+0xa40/0xa40 [ 464.019746] do_vfs_ioctl+0x1de/0x1720 [ 464.023625] ? ioctl_preallocate+0x300/0x300 [ 464.028021] ? __fget_light+0x2e9/0x430 [ 464.031983] ? fget_raw+0x20/0x20 [ 464.035427] ? __sb_end_write+0xd9/0x110 [ 464.039496] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 464.045031] ? fput+0x130/0x1a0 [ 464.048296] ? do_syscall_64+0x9a/0x820 [ 464.052255] ? do_syscall_64+0x9a/0x820 [ 464.056216] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 464.060786] ? security_file_ioctl+0x94/0xc0 [ 464.065184] ksys_ioctl+0xa9/0xd0 [ 464.068626] __x64_sys_ioctl+0x73/0xb0 [ 464.072500] do_syscall_64+0x1b9/0x820 [ 464.076385] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 464.081737] ? syscall_return_slowpath+0x5e0/0x5e0 [ 464.086664] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 464.091509] ? trace_hardirqs_on_caller+0x310/0x310 [ 464.096532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 464.102068] ? prepare_exit_to_usermode+0x291/0x3b0 [ 464.107087] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 464.111918] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 464.117121] RIP: 0033:0x457569 [ 464.120311] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 464.139197] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 464.146891] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 464.154145] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 464.161412] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 464.168706] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 464.175977] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:50 executing program 0 (fault-call:23 fault-nth:23): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:50 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x11ec000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:50 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c2a, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x8000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:50 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x400000000000000]}, 0x10) 11:42:50 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x11b9000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x8dffffff}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x4}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xffffff8d}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 464.517710] FAULT_INJECTION: forcing a failure. [ 464.517710] name failslab, interval 1, probability 0, space 0, times 0 [ 464.529344] CPU: 0 PID: 18148 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 464.537841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.547208] Call Trace: [ 464.549817] dump_stack+0x244/0x39d [ 464.553478] ? dump_stack_print_info.cold.1+0x20/0x20 [ 464.558689] ? mark_held_locks+0x130/0x130 [ 464.562942] should_fail.cold.4+0xa/0x17 [ 464.566997] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 464.572112] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 464.577678] ? pcpu_balance_workfn+0x1700/0x1700 [ 464.582449] ? zap_class+0x640/0x640 [ 464.586181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 464.591721] ? check_preemption_disabled+0x48/0x280 [ 464.596731] ? lock_acquire+0x1ed/0x520 [ 464.600692] __should_failslab+0x124/0x180 [ 464.604921] should_failslab+0x9/0x14 [ 464.608757] kmem_cache_alloc_node_trace+0x5a/0x740 [ 464.613762] ? rwlock_bug.part.2+0x90/0x90 [ 464.617995] ? trace_hardirqs_on+0x310/0x310 [ 464.622393] iolatency_pd_alloc+0x93/0x120 [ 464.626617] ? iolatency_set_limit+0x620/0x620 [ 464.631189] blkcg_activate_policy+0x221/0x580 [ 464.635764] blk_iolatency_init+0x130/0x2e0 [ 464.640110] blkcg_init_queue+0x1e3/0x560 [ 464.644261] blk_alloc_queue_node+0x972/0xe80 [ 464.648767] ? blk_init_allocated_queue+0x640/0x640 [ 464.653777] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 464.658562] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 464.663243] ? __sanitizer_cov_trace_pc+0x32/0x50 [ 464.668095] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 464.673277] blk_mq_init_queue+0x4b/0xb0 [ 464.677339] loop_add+0x376/0xa40 [ 464.680781] ? loop_queue_rq+0x6d0/0x6d0 [ 464.684832] ? loop_control_ioctl+0xa0/0x530 [ 464.689229] loop_control_ioctl+0x199/0x530 [ 464.693549] ? loop_add+0xa40/0xa40 [ 464.697181] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 464.702100] ? loop_add+0xa40/0xa40 [ 464.705716] do_vfs_ioctl+0x1de/0x1720 [ 464.709592] ? __lock_is_held+0xb5/0x140 [ 464.713657] ? ioctl_preallocate+0x300/0x300 [ 464.718055] ? __fget_light+0x2e9/0x430 [ 464.722023] ? fget_raw+0x20/0x20 [ 464.725466] ? __sb_end_write+0xd9/0x110 [ 464.729528] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 464.735071] ? fput+0x130/0x1a0 [ 464.738351] ? do_syscall_64+0x9a/0x820 [ 464.742310] ? do_syscall_64+0x9a/0x820 [ 464.746280] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 464.750878] ? security_file_ioctl+0x94/0xc0 [ 464.755289] ksys_ioctl+0xa9/0xd0 [ 464.758753] __x64_sys_ioctl+0x73/0xb0 [ 464.762628] do_syscall_64+0x1b9/0x820 [ 464.766512] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 464.771876] ? syscall_return_slowpath+0x5e0/0x5e0 [ 464.776788] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 464.781620] ? trace_hardirqs_on_caller+0x310/0x310 [ 464.786622] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 464.791634] ? prepare_exit_to_usermode+0x291/0x3b0 [ 464.796640] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 464.801470] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 464.806645] RIP: 0033:0x457569 [ 464.809826] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 464.828710] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 464.836401] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 464.843653] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 464.850907] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 464.858170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 464.865423] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:51 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:51 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x34]}, 0x10) 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x34000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:51 executing program 0 (fault-call:23 fault-nth:24): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:51 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x40049409, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:51 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc9a7, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x8}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:51 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x7]}, 0x10) 11:42:51 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x3944, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x8dffffff00000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:51 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x34000000]}, 0x10) 11:42:51 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = msgget$private(0x0, 0x220) msgsnd(r1, &(0x7f00000000c0)={0x3, "5fae10631197d799bb5be7929429be8602c6232635ff108c666e5b6ba86a918362793d78eb59c9215bbb3ddc3cb1887c88db72c3bf9149a0f1401f27e3e566d393403b8c9d64abf4b89ab80002ba2a2e682b58e74e"}, 0x5d, 0x800) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x7fffffff, 0x80000) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2) 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xf0ffffff}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 465.275244] FAULT_INJECTION: forcing a failure. [ 465.275244] name failslab, interval 1, probability 0, space 0, times 0 [ 465.326499] CPU: 1 PID: 18199 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 465.335016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.344377] Call Trace: [ 465.346989] dump_stack+0x244/0x39d [ 465.350646] ? dump_stack_print_info.cold.1+0x20/0x20 [ 465.355869] ? should_fail.cold.4+0x5/0x17 [ 465.360131] should_fail.cold.4+0xa/0x17 [ 465.364212] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 465.369326] ? retint_kernel+0x2d/0x2d [ 465.373224] ? trace_hardirqs_on_caller+0xc0/0x310 [ 465.378179] ? zap_class+0x640/0x640 [ 465.381913] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 465.386701] ? find_held_lock+0x36/0x1c0 [ 465.390779] ? __lock_is_held+0xb5/0x140 [ 465.394874] ? perf_trace_sched_process_exec+0x860/0x860 [ 465.400338] ? __lock_is_held+0xb5/0x140 [ 465.404426] __should_failslab+0x124/0x180 [ 465.408686] should_failslab+0x9/0x14 [ 465.412499] kmem_cache_alloc_node_trace+0x270/0x740 [ 465.417615] ? blkcg_iolatency_throttle+0x1850/0x1850 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x400300}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xfffffff0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 465.422819] ? init_timer_on_stack_key+0xe0/0xe0 [ 465.427595] blk_throtl_init+0xca/0x630 [ 465.431588] ? blk_throtl_drain+0x810/0x810 [ 465.435935] ? blk_iolatency_init+0x1f7/0x2e0 [ 465.440456] blkcg_init_queue+0x205/0x560 [ 465.444617] blk_alloc_queue_node+0x972/0xe80 [ 465.449138] ? blk_init_allocated_queue+0x640/0x640 [ 465.454172] ? __mutex_init+0x1f7/0x290 [ 465.458181] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 465.463732] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 465.468513] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 465.473722] blk_mq_init_queue+0x4b/0xb0 [ 465.477798] loop_add+0x376/0xa40 [ 465.481266] ? loop_queue_rq+0x6d0/0x6d0 [ 465.485353] loop_control_ioctl+0x199/0x530 [ 465.489690] ? loop_add+0xa40/0xa40 [ 465.493328] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 465.498247] ? loop_add+0xa40/0xa40 [ 465.501873] do_vfs_ioctl+0x1de/0x1720 [ 465.505764] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 465.510508] ? ioctl_preallocate+0x300/0x300 [ 465.514941] ? __fget_light+0x2e9/0x430 [ 465.518920] ? fget_raw+0x20/0x20 [ 465.522398] ? __sb_end_write+0xd9/0x110 [ 465.526497] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 465.531243] ? security_file_ioctl+0x94/0xc0 [ 465.535638] ksys_ioctl+0xa9/0xd0 [ 465.539081] __x64_sys_ioctl+0x73/0xb0 [ 465.542969] ? do_syscall_64+0xca/0x820 [ 465.546953] do_syscall_64+0x1b9/0x820 [ 465.550831] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 465.556185] ? syscall_return_slowpath+0x5e0/0x5e0 [ 465.561103] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 465.565954] ? trace_hardirqs_on_caller+0x310/0x310 [ 465.570962] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 465.575979] ? prepare_exit_to_usermode+0x291/0x3b0 [ 465.581001] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 465.585844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 465.591019] RIP: 0033:0x457569 [ 465.594212] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 465.613120] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 465.620833] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 465.628102] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 465.635367] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 465.642624] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 465.649970] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:51 executing program 0 (fault-call:23 fault-nth:25): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xfffffdef}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:51 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa9cc, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:51 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c16, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:51 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe803]}, 0x10) 11:42:51 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288a", 0x4) r1 = dup2(r0, r0) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000040)={0x40000, 0x0, [0x7fff, 0x1ff, 0x1, 0x80000001, 0x6, 0x5, 0x5db, 0x5c7a3af2]}) 11:42:51 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x83c9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:52 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xeffdffff00000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:52 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe8030000]}, 0x10) 11:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xffc99a3b}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 465.995469] FAULT_INJECTION: forcing a failure. [ 465.995469] name failslab, interval 1, probability 0, space 0, times 0 [ 466.031166] CPU: 0 PID: 18241 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 466.039684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.049052] Call Trace: [ 466.051662] dump_stack+0x244/0x39d [ 466.055315] ? dump_stack_print_info.cold.1+0x20/0x20 [ 466.060524] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 466.065641] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 466.070770] should_fail.cold.4+0xa/0x17 [ 466.074849] ? mark_held_locks+0x130/0x130 [ 466.079105] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 466.084707] ? __debug_object_init+0x57d/0x1290 [ 466.089384] ? find_held_lock+0x36/0x1c0 [ 466.093460] ? zap_class+0x640/0x640 [ 466.097201] ? find_held_lock+0x36/0x1c0 [ 466.101282] ? __lock_is_held+0xb5/0x140 [ 466.105370] ? check_preemption_disabled+0x48/0x280 [ 466.110402] ? perf_trace_sched_process_exec+0x860/0x860 [ 466.115885] __should_failslab+0x124/0x180 [ 466.120157] should_failslab+0x9/0x14 [ 466.123981] kmem_cache_alloc_node_trace+0x270/0x740 [ 466.129097] ? mark_held_locks+0xc7/0x130 [ 466.133260] ? _raw_spin_unlock_irq+0x27/0x80 [ 466.137776] throtl_pd_alloc+0xff/0x990 [ 466.141761] ? blk_queue_bypass_start+0x151/0x2c0 [ 466.146609] ? throtl_add_bio_tg+0x210/0x210 [ 466.151015] ? __lock_is_held+0xb5/0x140 [ 466.155108] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 466.160649] ? throtl_add_bio_tg+0x210/0x210 [ 466.165049] blkcg_activate_policy+0xf4/0x580 [ 466.169537] blk_throtl_init+0x3d3/0x630 [ 466.173587] ? blk_throtl_drain+0x810/0x810 [ 466.177916] ? blk_iolatency_init+0x1f7/0x2e0 [ 466.182415] blkcg_init_queue+0x205/0x560 [ 466.186551] blk_alloc_queue_node+0x972/0xe80 [ 466.191037] ? blk_init_allocated_queue+0x640/0x640 [ 466.196042] ? __mutex_init+0x1f7/0x290 [ 466.200014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 466.205537] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 466.210301] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 466.215483] blk_mq_init_queue+0x4b/0xb0 [ 466.219534] loop_add+0x376/0xa40 [ 466.222978] ? loop_queue_rq+0x6d0/0x6d0 [ 466.227032] loop_control_ioctl+0x199/0x530 [ 466.231338] ? loop_add+0xa40/0xa40 [ 466.234963] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 466.239883] ? loop_add+0xa40/0xa40 [ 466.243497] do_vfs_ioctl+0x1de/0x1720 [ 466.247375] ? __lock_is_held+0xb5/0x140 [ 466.251425] ? ioctl_preallocate+0x300/0x300 [ 466.255825] ? __fget_light+0x2e9/0x430 [ 466.259786] ? fget_raw+0x20/0x20 [ 466.263231] ? __sb_end_write+0xd9/0x110 [ 466.267281] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 466.272805] ? fput+0x130/0x1a0 [ 466.276070] ? do_syscall_64+0x9a/0x820 [ 466.280031] ? do_syscall_64+0x9a/0x820 [ 466.283991] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 466.288577] ? security_file_ioctl+0x94/0xc0 [ 466.292989] ksys_ioctl+0xa9/0xd0 [ 466.296443] __x64_sys_ioctl+0x73/0xb0 [ 466.300331] do_syscall_64+0x1b9/0x820 [ 466.304222] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 466.309583] ? syscall_return_slowpath+0x5e0/0x5e0 [ 466.314500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.319330] ? trace_hardirqs_on_caller+0x310/0x310 [ 466.324347] ? prepare_exit_to_usermode+0x291/0x3b0 [ 466.329357] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.334190] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 466.339362] RIP: 0033:0x457569 [ 466.342543] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 466.361426] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 466.369136] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 466.376390] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 466.383646] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 11:42:52 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3400000000000000]}, 0x10) [ 466.390901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 466.398163] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:52 executing program 0 (fault-call:23 fault-nth:26): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:52 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x101000, 0x0) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000040)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x3b9ac9ff}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:52 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x39ab000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:52 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c0e, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:52 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x100000000000000]}, 0x10) 11:42:52 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x11b1000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:52 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x40030000000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:52 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x10) 11:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x800000000000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x8000000000000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 466.748500] FAULT_INJECTION: forcing a failure. [ 466.748500] name failslab, interval 1, probability 0, space 0, times 0 [ 466.759750] CPU: 1 PID: 18288 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 466.768238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.777583] Call Trace: [ 466.780201] dump_stack+0x244/0x39d [ 466.783853] ? dump_stack_print_info.cold.1+0x20/0x20 [ 466.789056] ? debug_object_free+0x690/0x690 [ 466.793474] ? __kernel_text_address+0xd/0x40 [ 466.797991] should_fail.cold.4+0xa/0x17 [ 466.802071] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 466.807177] ? zap_class+0x640/0x640 [ 466.810901] ? save_stack+0xa9/0xd0 [ 466.814548] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 466.820095] ? check_preemption_disabled+0x48/0x280 [ 466.825120] ? __lock_is_held+0xb5/0x140 [ 466.829276] ? __lockdep_init_map+0x105/0x590 [ 466.833792] ? lockdep_init_map+0x9/0x10 [ 466.837870] ? init_timer_on_stack_key+0xe0/0xe0 [ 466.842646] ? __lock_is_held+0xb5/0x140 [ 466.846720] __should_failslab+0x124/0x180 [ 466.851015] should_failslab+0x9/0x14 [ 466.854826] kmem_cache_alloc_node_trace+0x5a/0x740 [ 466.854847] ? lock_acquire+0x1ed/0x520 [ 466.854870] throtl_pd_alloc+0xff/0x990 [ 466.854888] ? throtl_add_bio_tg+0x210/0x210 [ 466.854904] ? rwlock_bug.part.2+0x90/0x90 [ 466.854920] ? trace_hardirqs_on+0x310/0x310 [ 466.854955] ? throtl_add_bio_tg+0x210/0x210 [ 466.885336] blkcg_activate_policy+0x221/0x580 [ 466.889955] blk_throtl_init+0x3d3/0x630 [ 466.894035] ? blk_throtl_drain+0x810/0x810 [ 466.898369] ? blk_iolatency_init+0x1f7/0x2e0 [ 466.902884] blkcg_init_queue+0x205/0x560 [ 466.907047] blk_alloc_queue_node+0x972/0xe80 [ 466.911560] ? blk_init_allocated_queue+0x640/0x640 [ 466.916592] ? __mutex_init+0x1f7/0x290 [ 466.920607] ? blk_mq_alloc_tag_set+0x60e/0xad0 [ 466.925302] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 466.930510] blk_mq_init_queue+0x4b/0xb0 [ 466.934599] loop_add+0x376/0xa40 [ 466.938068] ? loop_queue_rq+0x6d0/0x6d0 [ 466.942151] loop_control_ioctl+0x199/0x530 [ 466.946482] ? loop_add+0xa40/0xa40 [ 466.950138] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 466.955090] ? loop_add+0xa40/0xa40 [ 466.958735] do_vfs_ioctl+0x1de/0x1720 [ 466.962645] ? ioctl_preallocate+0x300/0x300 [ 466.967059] ? __fget_light+0x2e9/0x430 [ 466.971033] ? fget_raw+0x20/0x20 [ 466.974504] ? __sb_end_write+0xd9/0x110 [ 466.978578] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 466.984125] ? fput+0x130/0x1a0 [ 466.987422] ? do_syscall_64+0x9a/0x820 [ 466.991418] ? do_syscall_64+0x9a/0x820 [ 466.995410] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 467.000008] ? security_file_ioctl+0x94/0xc0 [ 467.004419] ksys_ioctl+0xa9/0xd0 [ 467.007895] __x64_sys_ioctl+0x73/0xb0 [ 467.011801] do_syscall_64+0x1b9/0x820 [ 467.015675] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 467.021039] ? syscall_return_slowpath+0x5e0/0x5e0 [ 467.025980] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 467.030825] ? trace_hardirqs_on_caller+0x310/0x310 [ 467.035841] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 467.040860] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 467.046387] ? prepare_exit_to_usermode+0x291/0x3b0 [ 467.051395] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 467.056229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 467.061402] RIP: 0033:0x457569 [ 467.064589] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 467.083492] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 467.091270] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 467.098527] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 467.105792] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 467.113044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 467.120299] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:53 executing program 0 (fault-call:23 fault-nth:27): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:53 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe9de0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:53 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4002000000000000]}, 0x10) 11:42:53 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x4, 0x400100) ioctl$TIOCNOTTY(r1, 0x5422) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x40000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:53 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c2c, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 467.381006] FAULT_INJECTION: forcing a failure. [ 467.381006] name failslab, interval 1, probability 0, space 0, times 0 11:42:53 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xeb1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:53 executing program 3: ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f00000001c0)={[0x4, 0x1000, 0x10f000, 0xf000], 0x10000, 0x80, 0x3}) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000180), 0x4) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) write$selinux_attr(0xffffffffffffffff, &(0x7f0000000240)='system_u:object_r:udev_exec_t:s0\x00', 0x21) rseq(&(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x2, 0xffffffff, 0xfa, 0x2}, 0x4}, 0x20, 0x1, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x5, 0x100) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000100)=0x9) [ 467.430079] CPU: 1 PID: 18309 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 467.438602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 467.447969] Call Trace: [ 467.450581] dump_stack+0x244/0x39d [ 467.454240] ? dump_stack_print_info.cold.1+0x20/0x20 [ 467.459460] ? should_fail+0x906/0xd01 [ 467.463363] should_fail.cold.4+0xa/0x17 [ 467.467459] ? print_usage_bug+0xc0/0xc0 [ 467.471537] ? fault_create_debugfs_attr+0x1f0/0x1f0 11:42:53 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xa000000]}, 0x10) 11:42:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xeffdffff}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 467.476667] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 467.481273] ? retint_kernel+0x2d/0x2d [ 467.485171] ? trace_hardirqs_on_caller+0xc0/0x310 [ 467.490114] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 467.495573] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 467.500166] ? zap_class+0x640/0x640 [ 467.503907] ? find_held_lock+0x36/0x1c0 [ 467.507993] ? __lock_is_held+0xb5/0x140 [ 467.512082] ? perf_trace_sched_process_exec+0x860/0x860 [ 467.517557] ? blkcg_activate_policy+0x3db/0x580 [ 467.522332] __should_failslab+0x124/0x180 [ 467.526586] should_failslab+0x9/0x14 11:42:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xf0ffffff00000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 467.530401] kmem_cache_alloc_trace+0x2d7/0x750 [ 467.535091] ? blk_throtl_init+0x3e7/0x630 [ 467.539343] ? blk_throtl_drain+0x810/0x810 [ 467.543694] ? blk_mq_can_queue+0x50/0x50 [ 467.547855] ? plug_ctx_cmp+0x110/0x110 [ 467.551844] blk_stat_alloc_callback+0x5b/0x280 [ 467.556532] blk_mq_init_allocated_queue+0x12c/0x1680 [ 467.561733] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 467.567279] ? blk_alloc_queue_node+0x988/0xe80 [ 467.571976] ? blk_mq_map_swqueue+0xa50/0xa50 [ 467.576496] ? __mutex_init+0x1f7/0x290 11:42:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x4000000000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 467.580538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 467.586087] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 467.590879] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 467.596088] blk_mq_init_queue+0x63/0xb0 [ 467.600161] loop_add+0x376/0xa40 [ 467.603635] ? loop_queue_rq+0x6d0/0x6d0 [ 467.607718] loop_control_ioctl+0x199/0x530 [ 467.612053] ? loop_add+0xa40/0xa40 [ 467.615698] ? retint_kernel+0x2d/0x2d [ 467.619632] ? loop_add+0xa40/0xa40 [ 467.623274] do_vfs_ioctl+0x1de/0x1720 [ 467.627178] ? check_memory_region+0x113/0x1b0 [ 467.631776] ? ioctl_preallocate+0x300/0x300 [ 467.636197] ? __fget_light+0x2e9/0x430 [ 467.640184] ? fget_raw+0x20/0x20 [ 467.643660] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 467.649212] ? fput+0x130/0x1a0 [ 467.652506] ? do_syscall_64+0x9a/0x820 [ 467.656486] ? do_syscall_64+0x9a/0x820 [ 467.660482] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 467.665080] ? security_file_ioctl+0x94/0xc0 [ 467.669491] ksys_ioctl+0xa9/0xd0 [ 467.672944] __x64_sys_ioctl+0x73/0xb0 [ 467.676835] do_syscall_64+0x1b9/0x820 [ 467.680723] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 467.686077] ? syscall_return_slowpath+0x5e0/0x5e0 [ 467.691009] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 467.695840] ? trace_hardirqs_on_caller+0x310/0x310 [ 467.700844] ? prepare_exit_to_usermode+0x291/0x3b0 [ 467.705849] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 467.710680] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 467.715853] RIP: 0033:0x457569 [ 467.719042] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 467.737951] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 467.745643] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 467.752897] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 467.760152] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 467.767406] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 467.774658] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:53 executing program 0 (fault-call:23 fault-nth:28): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0xffc99a3b00000000}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:54 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x87e1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:54 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x1000000]}, 0x10) 11:42:54 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x66, 0x802) ioctl$UI_SET_PHYS(r2, 0x4008556c, &(0x7f0000000040)='syz0\x00') 11:42:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:54 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c68, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 468.132754] FAULT_INJECTION: forcing a failure. [ 468.132754] name failslab, interval 1, probability 0, space 0, times 0 [ 468.161385] CPU: 1 PID: 18357 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 468.169913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.179295] Call Trace: 11:42:54 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x1001, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:54 executing program 3: r0 = open(&(0x7f0000000000)='./file0\x00', 0x20400, 0x10) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000200)) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x8}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000180)={r1, 0x6}, &(0x7f00000001c0)=0x8) bind$alg(r0, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) socket$nl_netfilter(0x10, 0x3, 0xc) [ 468.181905] dump_stack+0x244/0x39d [ 468.185568] ? dump_stack_print_info.cold.1+0x20/0x20 [ 468.190789] should_fail.cold.4+0xa/0x17 [ 468.194883] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 468.200051] ? __sched_text_start+0x8/0x8 [ 468.204221] ? mark_held_locks+0xc7/0x130 [ 468.208381] ? zap_class+0x640/0x640 [ 468.212107] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 468.216696] ? retint_kernel+0x2d/0x2d [ 468.220600] ? find_held_lock+0x36/0x1c0 [ 468.224681] ? __lock_is_held+0xb5/0x140 [ 468.228813] ? insert+0x78/0x12b0 11:42:54 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10) [ 468.232296] ? perf_trace_sched_process_exec+0x860/0x860 [ 468.237740] ? blk_mq_can_queue+0x50/0x50 [ 468.241888] __should_failslab+0x124/0x180 [ 468.246140] should_failslab+0x9/0x14 [ 468.249951] __kmalloc+0x2e0/0x760 [ 468.253511] ? kmem_cache_alloc_trace+0x353/0x750 [ 468.258369] ? blk_throtl_init+0x3e7/0x630 [ 468.262632] ? blk_stat_alloc_callback+0x84/0x280 [ 468.267474] ? blk_mq_can_queue+0x50/0x50 [ 468.271622] ? plug_ctx_cmp+0x110/0x110 [ 468.275632] blk_stat_alloc_callback+0x84/0x280 [ 468.280298] blk_mq_init_allocated_queue+0x12c/0x1680 [ 468.285474] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 468.291006] ? blk_alloc_queue_node+0x988/0xe80 [ 468.295663] ? blk_mq_map_swqueue+0xa50/0xa50 [ 468.300150] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 468.304914] ? blk_mq_alloc_tag_set+0x50e/0xad0 [ 468.309591] ? __sanitizer_cov_trace_pc+0x2b/0x50 [ 468.314427] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 468.319621] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 468.324362] blk_mq_init_queue+0x63/0xb0 [ 468.328414] loop_add+0x376/0xa40 [ 468.331874] ? loop_queue_rq+0x6d0/0x6d0 [ 468.335952] loop_control_ioctl+0x199/0x530 [ 468.340261] ? loop_add+0xa40/0xa40 [ 468.343874] ? loop_add+0xa40/0xa40 [ 468.347491] ? loop_add+0xa40/0xa40 [ 468.351105] do_vfs_ioctl+0x1de/0x1720 [ 468.354982] ? __lock_is_held+0xb5/0x140 [ 468.359035] ? ioctl_preallocate+0x300/0x300 [ 468.363432] ? __fget_light+0x2e9/0x430 [ 468.367398] ? fget_raw+0x20/0x20 [ 468.370877] ? __sb_end_write+0xd9/0x110 [ 468.374950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 468.380474] ? fput+0x130/0x1a0 [ 468.383740] ? do_syscall_64+0x9a/0x820 [ 468.387718] ? do_syscall_64+0x9a/0x820 [ 468.391678] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 468.396275] ? security_file_ioctl+0x94/0xc0 [ 468.400683] ksys_ioctl+0xa9/0xd0 [ 468.404139] __x64_sys_ioctl+0x73/0xb0 [ 468.408031] do_syscall_64+0x1b9/0x820 [ 468.411906] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 468.417268] ? syscall_return_slowpath+0x5e0/0x5e0 [ 468.422196] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 468.427028] ? trace_hardirqs_on_caller+0x310/0x310 [ 468.432032] ? prepare_exit_to_usermode+0x291/0x3b0 [ 468.437039] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 468.441874] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 468.447050] RIP: 0033:0x457569 [ 468.450231] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 468.469116] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 468.476807] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 11:42:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 468.484076] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 468.491332] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 468.498590] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 468.505857] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:54 executing program 0 (fault-call:23 fault-nth:29): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:54 executing program 3: socket$alg(0x26, 0x5, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) socketpair$inet6_sctp(0xa, 0x5, 0x84, &(0x7f0000000500)={0xffffffffffffffff}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000001600)={{0xa, 0x4e24, 0x5, @empty, 0x7}, {0xa, 0x4e24, 0x4, @ipv4={[], [], @loopback}, 0x9}, 0x100000001, [0x3ffc0, 0x5, 0x3, 0x3, 0x7, 0x0, 0x9, 0x9]}, 0x5c) 11:42:54 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa1990000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:54 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xa]}, 0x10) 11:42:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:54 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c62, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 468.805355] FAULT_INJECTION: forcing a failure. [ 468.805355] name failslab, interval 1, probability 0, space 0, times 0 11:42:54 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x79ce0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:54 executing program 3: r0 = accept4(0xffffffffffffffff, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x80, 0x0) r1 = socket$inet6(0xa, 0xb, 0x3f) sendfile(r0, r1, &(0x7f0000000100), 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 468.868380] CPU: 1 PID: 18392 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 468.876923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.886293] Call Trace: [ 468.888903] dump_stack+0x244/0x39d [ 468.892568] ? dump_stack_print_info.cold.1+0x20/0x20 [ 468.897791] ? should_fail.cold.4+0x5/0x17 [ 468.902029] should_fail.cold.4+0xa/0x17 [ 468.906096] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 468.911212] ? zap_class+0x640/0x640 11:42:55 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x40000000]}, 0x10) [ 468.914957] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 468.920512] ? pcpu_alloc+0x190/0x15d0 [ 468.924404] ? find_held_lock+0x36/0x1c0 [ 468.928459] ? __lock_is_held+0xb5/0x140 [ 468.932584] ? __dquot_initialize+0xbc8/0xdd0 [ 468.937104] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 468.942565] ? perf_trace_sched_process_exec+0x860/0x860 [ 468.948032] ? kobject_init+0x23d/0x2f0 [ 468.952020] __should_failslab+0x124/0x180 [ 468.956260] should_failslab+0x9/0x14 [ 468.960054] kmem_cache_alloc_node_trace+0x270/0x740 [ 468.965144] ? find_next_bit+0x104/0x130 [ 468.969205] __kmalloc_node+0x3c/0x70 [ 468.972999] blk_mq_init_allocated_queue+0x227/0x1680 [ 468.978175] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 468.983699] ? blk_alloc_queue_node+0x988/0xe80 [ 468.988358] ? blk_mq_map_swqueue+0xa50/0xa50 [ 468.992844] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 468.997591] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 469.002158] ? retint_kernel+0x2d/0x2d [ 469.006044] ? trace_hardirqs_on_caller+0xc0/0x310 [ 469.010987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.015733] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 469.021176] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.025921] ? retint_kernel+0x2d/0x2d [ 469.029833] blk_mq_init_queue+0x63/0xb0 [ 469.033891] loop_add+0x376/0xa40 [ 469.037358] ? loop_queue_rq+0x6d0/0x6d0 [ 469.041411] loop_control_ioctl+0x199/0x530 [ 469.045725] ? loop_add+0xa40/0xa40 [ 469.049347] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 469.054266] ? loop_add+0xa40/0xa40 [ 469.057890] do_vfs_ioctl+0x1de/0x1720 [ 469.061802] ? __lock_is_held+0xb5/0x140 [ 469.065896] ? ioctl_preallocate+0x300/0x300 [ 469.070307] ? __fget_light+0x2e9/0x430 [ 469.074271] ? fget_raw+0x20/0x20 [ 469.077731] ? __sb_end_write+0xd9/0x110 [ 469.081795] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 469.087319] ? fput+0x130/0x1a0 [ 469.090588] ? do_syscall_64+0x9a/0x820 [ 469.094550] ? do_syscall_64+0x9a/0x820 [ 469.098511] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 469.103089] ? security_file_ioctl+0x94/0xc0 [ 469.107491] ksys_ioctl+0xa9/0xd0 [ 469.110981] __x64_sys_ioctl+0x73/0xb0 [ 469.114857] do_syscall_64+0x1b9/0x820 [ 469.118729] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 469.124096] ? syscall_return_slowpath+0x5e0/0x5e0 [ 469.129021] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.133852] ? trace_hardirqs_on_caller+0x310/0x310 [ 469.138857] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 469.143861] ? prepare_exit_to_usermode+0x291/0x3b0 [ 469.148883] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.153745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 469.158921] RIP: 0033:0x457569 [ 469.162113] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 469.181002] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 469.188783] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 469.196039] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 469.203318] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 469.210573] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 469.217828] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:55 executing program 0 (fault-call:23 fault-nth:30): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:55 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x21390000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:55 executing program 3: r0 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0xfffffffffffff363, 0x40000) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000140)={'bcsh0\x00', 0xbf}) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000180)=[@in6={0xa, 0x4e20, 0xfffffffffffffffb, @mcast2, 0x1}, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, @in={0x2, 0x4e22}, @in6={0xa, 0x4e21, 0xffffffffffffff80, @mcast2, 0x1f}], 0x58) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x100000000, 0x101000) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r2, 0x84, 0x20, &(0x7f0000000040), &(0x7f00000000c0)=0x4) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:55 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x240]}, 0x10) 11:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:55 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c69, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:55 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x493e0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 469.554534] FAULT_INJECTION: forcing a failure. [ 469.554534] name failslab, interval 1, probability 0, space 0, times 0 [ 469.619021] CPU: 0 PID: 18434 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 469.627557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 469.636914] Call Trace: [ 469.639546] dump_stack+0x244/0x39d [ 469.643210] ? dump_stack_print_info.cold.1+0x20/0x20 [ 469.648437] ? zap_class+0x640/0x640 [ 469.652180] should_fail.cold.4+0xa/0x17 [ 469.656247] ? print_usage_bug+0xc0/0xc0 [ 469.660324] ? fault_create_debugfs_attr+0x1f0/0x1f0 11:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 469.665441] ? __lock_is_held+0xb5/0x140 [ 469.669522] ? zap_class+0x640/0x640 [ 469.673248] ? mark_held_locks+0xc7/0x130 [ 469.677408] ? find_held_lock+0x36/0x1c0 [ 469.681495] ? __lock_is_held+0xb5/0x140 [ 469.685563] ? nbd_read_stat+0x1298/0x1720 [ 469.689824] ? perf_trace_sched_process_exec+0x860/0x860 [ 469.695292] ? kobject_init+0x23d/0x2f0 [ 469.699281] __should_failslab+0x124/0x180 [ 469.703536] should_failslab+0x9/0x14 [ 469.707351] kmem_cache_alloc_node_trace+0x270/0x740 [ 469.712471] ? find_next_bit+0x104/0x130 11:42:55 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x40020000]}, 0x10) 11:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 469.716555] __kmalloc_node+0x3c/0x70 [ 469.720369] blk_mq_init_allocated_queue+0x227/0x1680 [ 469.725575] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 469.731121] ? blk_alloc_queue_node+0x988/0xe80 [ 469.735810] ? blk_mq_map_swqueue+0xa50/0xa50 [ 469.740319] ? __mutex_init+0x1f7/0x290 [ 469.744326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 469.749885] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 469.754671] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 469.759882] blk_mq_init_queue+0x63/0xb0 [ 469.763973] loop_add+0x376/0xa40 [ 469.767471] ? loop_queue_rq+0x6d0/0x6d0 [ 469.771554] loop_control_ioctl+0x199/0x530 [ 469.775890] ? loop_add+0xa40/0xa40 [ 469.779552] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 469.784493] ? loop_add+0xa40/0xa40 [ 469.788134] do_vfs_ioctl+0x1de/0x1720 [ 469.792039] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.796800] ? ioctl_preallocate+0x300/0x300 [ 469.801199] ? __fget_light+0x2e9/0x430 [ 469.805162] ? fget_raw+0x20/0x20 [ 469.808609] ? __sb_end_write+0xd9/0x110 [ 469.812662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 469.817421] ? security_file_ioctl+0x94/0xc0 [ 469.821835] ksys_ioctl+0xa9/0xd0 [ 469.825291] __x64_sys_ioctl+0x73/0xb0 [ 469.829194] ? do_syscall_64+0xca/0x820 [ 469.833156] do_syscall_64+0x1b9/0x820 [ 469.837029] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 469.842390] ? syscall_return_slowpath+0x5e0/0x5e0 [ 469.847321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.852152] ? trace_hardirqs_on_caller+0x310/0x310 [ 469.857155] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 469.862158] ? prepare_exit_to_usermode+0x291/0x3b0 [ 469.867176] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 469.872024] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 469.877197] RIP: 0033:0x457569 [ 469.880377] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 469.899261] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 469.906955] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 469.914207] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 469.921459] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 469.928714] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 469.935983] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:56 executing program 0 (fault-call:23 fault-nth:31): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:56 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) getsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) read(r0, &(0x7f00000000c0)=""/15, 0xf) 11:42:56 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb41, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:56 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x500]}, 0x10) 11:42:56 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c76, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:56 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) syz_open_dev$sndtimer(&(0x7f0000000000)='/dev/snd/timer\x00', 0x0, 0x200) 11:42:56 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x2f31, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:56 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x900]}, 0x10) 11:42:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:56 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) poll(&(0x7f0000000000)=[{r0, 0x20}, {r0, 0x22}], 0x2, 0x700000000000) 11:42:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 470.427815] FAULT_INJECTION: forcing a failure. [ 470.427815] name failslab, interval 1, probability 0, space 0, times 0 [ 470.456062] CPU: 1 PID: 18497 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 470.464574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.473942] Call Trace: [ 470.476599] dump_stack+0x244/0x39d [ 470.480241] ? dump_stack_print_info.cold.1+0x20/0x20 [ 470.485419] ? print_usage_bug+0xc0/0xc0 [ 470.489496] should_fail.cold.4+0xa/0x17 [ 470.493571] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 470.498684] ? print_usage_bug+0xc0/0xc0 [ 470.502765] ? mark_held_locks+0xc7/0x130 [ 470.506922] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.511697] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 470.516295] ? retint_kernel+0x2d/0x2d [ 470.520175] ? trace_hardirqs_on_caller+0xc0/0x310 [ 470.525090] ? kasan_check_write+0x14/0x20 [ 470.529310] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.534051] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 470.539493] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 470.544237] ? retint_kernel+0x2d/0x2d [ 470.548112] __should_failslab+0x124/0x180 [ 470.552333] should_failslab+0x9/0x14 [ 470.556119] kmem_cache_alloc_node_trace+0x270/0x740 [ 470.561208] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 470.566727] ? check_preemption_disabled+0x48/0x280 [ 470.571733] __kmalloc_node+0x3c/0x70 [ 470.575521] blk_mq_realloc_hw_ctxs+0x62c/0x12a0 [ 470.580268] ? blk_mq_free_map_and_requests+0x160/0x160 [ 470.585616] ? __lock_is_held+0xb5/0x140 [ 470.589684] ? __kmalloc_node+0x3c/0x70 [ 470.593658] ? __kmalloc_node+0x3c/0x70 [ 470.597616] ? rcu_read_lock_sched_held+0x14f/0x180 [ 470.602622] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 470.607885] ? kasan_unpoison_shadow+0x35/0x50 [ 470.612455] ? kasan_kmalloc+0xc7/0xe0 [ 470.616331] blk_mq_init_allocated_queue+0x2bb/0x1680 [ 470.621511] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 470.627048] ? blk_alloc_queue_node+0x988/0xe80 [ 470.631704] ? blk_mq_map_swqueue+0xa50/0xa50 [ 470.636193] ? __mutex_init+0x1f7/0x290 [ 470.640165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 470.645701] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 470.650453] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 470.655632] blk_mq_init_queue+0x63/0xb0 [ 470.659696] loop_add+0x376/0xa40 [ 470.663137] ? loop_queue_rq+0x6d0/0x6d0 [ 470.667193] loop_control_ioctl+0x199/0x530 [ 470.671499] ? loop_add+0xa40/0xa40 [ 470.675114] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 470.680037] ? loop_add+0xa40/0xa40 [ 470.683650] do_vfs_ioctl+0x1de/0x1720 [ 470.687522] ? __lock_is_held+0xb5/0x140 [ 470.691573] ? ioctl_preallocate+0x300/0x300 [ 470.695969] ? __fget_light+0x2e9/0x430 [ 470.699934] ? fget_raw+0x20/0x20 [ 470.703380] ? __sb_end_write+0xd9/0x110 [ 470.707428] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 470.712959] ? fput+0x130/0x1a0 [ 470.716223] ? do_syscall_64+0x9a/0x820 [ 470.720187] ? do_syscall_64+0x9a/0x820 [ 470.724149] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 470.728719] ? security_file_ioctl+0x94/0xc0 [ 470.733113] ksys_ioctl+0xa9/0xd0 [ 470.736552] __x64_sys_ioctl+0x73/0xb0 [ 470.740426] do_syscall_64+0x1b9/0x820 [ 470.744299] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 470.749651] ? syscall_return_slowpath+0x5e0/0x5e0 [ 470.754580] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 470.759445] ? trace_hardirqs_on_caller+0x310/0x310 [ 470.764465] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 470.769467] ? prepare_exit_to_usermode+0x291/0x3b0 [ 470.774471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 470.779304] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 470.784475] RIP: 0033:0x457569 [ 470.787665] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 470.806548] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.814236] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 470.821488] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 470.828739] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 470.836021] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 470.843288] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:57 executing program 0 (fault-call:23 fault-nth:32): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:57 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x6991, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:57 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4002]}, 0x10) 11:42:57 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x5452, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:57 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:57 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x7109, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:57 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x7]}, 0x10) 11:42:57 executing program 3: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x8, 0x499bacf209bc7b0b) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x30aa, 0x9, [0x2, 0x7fffffff, 0x4, 0x7ff, 0x6, 0x8000, 0x4, 0x5, 0x0]}, &(0x7f0000000100)=0x1a) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000140)={r1, 0x800, 0x2}, 0x8) r2 = socket$alg(0x26, 0x5, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0) bind$alg(r2, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x33) fsetxattr$security_smack_transmute(r2, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000180)='TRUE', 0x4, 0xf913dc085e81e9a0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 471.168274] FAULT_INJECTION: forcing a failure. [ 471.168274] name failslab, interval 1, probability 0, space 0, times 0 [ 471.208252] CPU: 1 PID: 18539 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 471.217241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 471.226607] Call Trace: [ 471.229223] dump_stack+0x244/0x39d [ 471.232885] ? dump_stack_print_info.cold.1+0x20/0x20 [ 471.238107] ? rcu_softirq_qs+0x20/0x20 [ 471.242102] should_fail.cold.4+0xa/0x17 [ 471.246167] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 471.251272] ? kernel_text_address+0x79/0xf0 [ 471.255712] ? __kernel_text_address+0xd/0x40 [ 471.260235] ? __save_stack_trace+0x8d/0xf0 [ 471.264573] ? zap_class+0x640/0x640 11:42:57 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x103100, 0x0) ioctl$RTC_WIE_ON(r0, 0x700f) r1 = socket$alg(0x26, 0x5, 0x0) getsockopt$llc_int(r0, 0x10c, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000200)=0x0) fcntl$setown(r1, 0x8, r2) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f00000000c0)=""/161) [ 471.268311] ? save_stack+0xa9/0xd0 [ 471.271962] ? __lock_is_held+0xb5/0x140 [ 471.276032] ? loop_add+0x376/0xa40 [ 471.279684] ? perf_trace_sched_process_exec+0x860/0x860 [ 471.285140] __should_failslab+0x124/0x180 [ 471.289381] should_failslab+0x9/0x14 [ 471.293200] kmem_cache_alloc_node_trace+0x270/0x740 [ 471.298311] ? __kmalloc_node+0x3c/0x70 [ 471.302297] ? __kmalloc_node+0x3c/0x70 [ 471.306271] ? rcu_read_lock_sched_held+0x14f/0x180 [ 471.311296] __kmalloc_node+0x3c/0x70 [ 471.315087] sbitmap_init_node+0x288/0x440 [ 471.319312] blk_mq_realloc_hw_ctxs+0x6a5/0x12a0 [ 471.324063] ? blk_mq_free_map_and_requests+0x160/0x160 [ 471.329413] ? __lock_is_held+0xb5/0x140 [ 471.333472] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 471.338217] ? retint_kernel+0x2d/0x2d [ 471.342098] blk_mq_init_allocated_queue+0x2bb/0x1680 [ 471.347277] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 471.352799] ? blk_alloc_queue_node+0x988/0xe80 [ 471.357461] ? blk_mq_map_swqueue+0xa50/0xa50 [ 471.361953] ? __mutex_init+0x1f7/0x290 [ 471.365935] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 471.371465] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 471.376222] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 471.381403] blk_mq_init_queue+0x63/0xb0 [ 471.385459] loop_add+0x376/0xa40 [ 471.388900] ? loop_queue_rq+0x6d0/0x6d0 [ 471.392962] loop_control_ioctl+0x199/0x530 [ 471.397277] ? loop_add+0xa40/0xa40 [ 471.400894] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 471.406345] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 471.411280] ? loop_add+0xa40/0xa40 [ 471.414898] do_vfs_ioctl+0x1de/0x1720 [ 471.418789] ? ioctl_preallocate+0x300/0x300 [ 471.423197] ? __fget_light+0x2e9/0x430 [ 471.427168] ? fget_raw+0x20/0x20 [ 471.430625] ? check_memory_region+0xbd/0x1b0 [ 471.435131] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 471.440658] ? fput+0x130/0x1a0 [ 471.443940] ? do_syscall_64+0x9a/0x820 [ 471.447918] ? do_syscall_64+0x9a/0x820 [ 471.451891] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 471.456466] ? security_file_ioctl+0x94/0xc0 [ 471.460861] ksys_ioctl+0xa9/0xd0 [ 471.464301] __x64_sys_ioctl+0x73/0xb0 [ 471.468175] do_syscall_64+0x1b9/0x820 [ 471.472066] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 471.477416] ? syscall_return_slowpath+0x5e0/0x5e0 [ 471.482333] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 471.487172] ? trace_hardirqs_on_caller+0x310/0x310 [ 471.492188] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 471.497207] ? prepare_exit_to_usermode+0x291/0x3b0 [ 471.502228] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 471.507062] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 471.512235] RIP: 0033:0x457569 [ 471.515415] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 471.534304] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 471.541998] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 471.549251] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 471.556504] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 471.563756] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 471.571010] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:57 executing program 0 (fault-call:23 fault-nth:33): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:57 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x34]}, 0x10) 11:42:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:57 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0xc020660b, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:57 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x1962000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:57 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:57 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x126000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:58 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = msgget$private(0x0, 0x2) msgctl$IPC_INFO(r1, 0x3, &(0x7f00000001c0)=""/112) socketpair(0x3, 0x3, 0xfffffffffffff605, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KDSETLED(r3, 0x4b32, 0x9) ioctl$VT_OPENQRY(r2, 0x5600, &(0x7f0000000240)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r4 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) faccessat(r4, &(0x7f0000000140)='./file0\x00', 0x8c617add90e653ed, 0xda88d81f85ada028) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x82) ioctl$DRM_IOCTL_FREE_BUFS(r5, 0x4010641a, &(0x7f00000000c0)={0x5, &(0x7f0000000040)=[0x0, 0x9, 0x8, 0x7, 0xcc]}) 11:42:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:58 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x1f4]}, 0x10) [ 472.018010] FAULT_INJECTION: forcing a failure. [ 472.018010] name failslab, interval 1, probability 0, space 0, times 0 [ 472.087165] CPU: 0 PID: 18579 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 472.095708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.105064] Call Trace: [ 472.107671] dump_stack+0x244/0x39d [ 472.111332] ? dump_stack_print_info.cold.1+0x20/0x20 [ 472.116551] ? lock_downgrade+0x900/0x900 [ 472.120715] should_fail.cold.4+0xa/0x17 [ 472.124790] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 472.129899] ? rcu_softirq_qs+0x20/0x20 [ 472.133893] ? unwind_dump+0x190/0x190 [ 472.137808] ? is_bpf_text_address+0xd3/0x170 [ 472.142309] ? zap_class+0x640/0x640 [ 472.146033] ? __kernel_text_address+0xd/0x40 [ 472.150536] ? unwind_get_return_address+0x61/0xa0 [ 472.155478] ? __save_stack_trace+0x8d/0xf0 [ 472.159816] ? __lock_is_held+0xb5/0x140 [ 472.163890] ? kasan_kmalloc+0xc7/0xe0 [ 472.167808] ? loop_add+0x376/0xa40 [ 472.171444] ? perf_trace_sched_process_exec+0x860/0x860 [ 472.176899] ? __x64_sys_ioctl+0x73/0xb0 [ 472.180981] ? do_syscall_64+0x1b9/0x820 [ 472.185055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 472.190431] ? zap_class+0x640/0x640 [ 472.194164] __should_failslab+0x124/0x180 [ 472.198422] should_failslab+0x9/0x14 [ 472.202244] kmem_cache_alloc_node_trace+0x270/0x740 [ 472.207360] ? __lock_is_held+0xb5/0x140 [ 472.211435] blk_alloc_flush_queue+0x120/0x460 [ 472.216032] ? __kmalloc_node+0x3c/0x70 [ 472.220022] ? blk_insert_flush+0xb00/0xb00 [ 472.224351] ? kasan_unpoison_shadow+0x35/0x50 [ 472.228975] ? kasan_kmalloc+0xc7/0xe0 [ 472.232875] ? __lockdep_init_map+0x105/0x590 [ 472.237385] blk_mq_realloc_hw_ctxs+0x8c2/0x12a0 [ 472.242157] ? blk_mq_free_map_and_requests+0x160/0x160 [ 472.247527] ? __lock_is_held+0xb5/0x140 [ 472.251596] ? __kmalloc_node+0x3c/0x70 [ 472.255577] ? __kmalloc_node+0x3c/0x70 [ 472.259571] ? rcu_read_lock_sched_held+0x14f/0x180 [ 472.264608] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 472.269901] ? kasan_unpoison_shadow+0x35/0x50 [ 472.274541] ? kasan_kmalloc+0xc7/0xe0 [ 472.278446] blk_mq_init_allocated_queue+0x2bb/0x1680 [ 472.283646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 472.289187] ? blk_alloc_queue_node+0x988/0xe80 [ 472.293872] ? blk_mq_map_swqueue+0xa50/0xa50 [ 472.298384] ? __mutex_init+0x1f7/0x290 [ 472.302392] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 472.307950] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 472.312732] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 472.317950] blk_mq_init_queue+0x63/0xb0 [ 472.322021] loop_add+0x376/0xa40 [ 472.325488] ? loop_queue_rq+0x6d0/0x6d0 [ 472.329568] loop_control_ioctl+0x199/0x530 [ 472.333894] ? loop_add+0xa40/0xa40 [ 472.337553] ? retint_kernel+0x2d/0x2d [ 472.341452] ? loop_add+0xa40/0xa40 [ 472.345091] do_vfs_ioctl+0x1de/0x1720 [ 472.348992] ? check_memory_region+0x117/0x1b0 [ 472.353585] ? ioctl_preallocate+0x300/0x300 [ 472.358021] ? __fget_light+0x2e9/0x430 [ 472.362010] ? fget_raw+0x20/0x20 [ 472.365476] ? fput+0x1f/0x1a0 [ 472.368681] ? fput+0x24/0x1a0 [ 472.371886] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 472.377427] ? fput+0x130/0x1a0 [ 472.380712] ? do_syscall_64+0x9a/0x820 [ 472.384695] ? do_syscall_64+0x9a/0x820 [ 472.388675] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 472.393270] ? security_file_ioctl+0x94/0xc0 [ 472.397687] ksys_ioctl+0xa9/0xd0 [ 472.401155] __x64_sys_ioctl+0x73/0xb0 [ 472.405053] do_syscall_64+0x1b9/0x820 [ 472.408958] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 472.414334] ? syscall_return_slowpath+0x5e0/0x5e0 [ 472.419266] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 472.424114] ? trace_hardirqs_on_caller+0x310/0x310 [ 472.429140] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 472.434165] ? prepare_exit_to_usermode+0x291/0x3b0 [ 472.439193] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 472.444056] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 472.449271] RIP: 0033:0x457569 [ 472.452475] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 472.471377] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 472.479091] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 11:42:58 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe00000000000000]}, 0x10) 11:42:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) [ 472.486366] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 472.493635] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 472.500922] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 472.508224] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:58 executing program 0 (fault-call:23 fault-nth:34): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:58 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(md4-generic,ctr-camellia-aesni-avx2)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = memfd_create(&(0x7f0000000000)='skcipher\x00', 0x0) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000040), &(0x7f00000000c0)=0x18) setsockopt$inet_sctp_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000100)={0x9, 0x8fdc, 0xfffffffffffffffb, 0x1000}, 0x8) 11:42:58 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x61480000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:58 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x5460, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:58 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x8000000000000000]}, 0x10) 11:42:58 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe1830000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}, 0x0}], 0x204, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:59 executing program 3: r0 = syz_open_dev$mouse(&(0x7f00000007c0)='/dev/input/mouse#\x00', 0x200, 0x102) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x2, 0x20100) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000880)={0x3207, 0x40000000000037c, 0x2, 0x1ff, &(0x7f0000000900)=[{}, {}, {}, {}, {}]}) write$uinput_user_dev(r2, &(0x7f0000000180)={'syz0\x00', {0x6, 0x3c5ad942, 0x2, 0x8}, 0x39, [0x7, 0x3, 0x9, 0x7, 0x0, 0x1, 0x2f67, 0x8344, 0x3, 0x2, 0x8000, 0xfffffffffffffffd, 0xdf8, 0x1, 0x2, 0x4, 0x1, 0x74, 0x80, 0xffff, 0x1ff, 0x1000, 0x80, 0x8, 0x0, 0x7, 0x7, 0x2, 0x0, 0x1, 0xffffffffffffffff, 0x2, 0x800, 0x7fffffff, 0x7, 0x6, 0x7fff, 0xfff, 0x3, 0x0, 0x7, 0x18, 0xfffffffffffffffc, 0x6, 0x7, 0x401, 0x7f, 0x4, 0x6, 0x6, 0xe6, 0x8, 0x1, 0x8, 0x7, 0x2, 0x0, 0x7, 0x1, 0x8, 0xb75, 0x0, 0x1e, 0x80000001], [0x2, 0x80000001, 0x9, 0xffffffffffffff2f, 0x2, 0x5, 0xfffffffffffffc01, 0x6fc5, 0xe62, 0x3, 0xfff, 0x0, 0x8, 0x7, 0x5, 0x8, 0x7, 0x9, 0x0, 0xdaf, 0x8, 0x7ff, 0xffff, 0x6de02e61, 0xf819, 0x8001, 0x1f, 0x0, 0x2e6, 0x2, 0xfffffffffffff001, 0xfffffffffffffffe, 0x80000000, 0x40, 0x3, 0x3, 0x6, 0x1, 0x5, 0x83f, 0x5, 0x0, 0x2, 0x0, 0x1, 0xa6c3, 0xfffffffffffffffd, 0x1, 0xfffffffffffffff7, 0x3, 0x7, 0x40, 0x3, 0x80, 0xfdb, 0x2, 0x100, 0x10001, 0x1, 0x8000, 0x3, 0x6ac8000000000000, 0x1], [0xfffffffffffffff9, 0x4, 0x101, 0x8, 0x3, 0x2, 0x1781, 0x3, 0x0, 0x450fff11, 0x1c000000, 0xac35, 0x3b, 0x0, 0x9, 0x8001, 0x34, 0x4, 0x200, 0x2, 0x1f, 0x5, 0x2, 0xac22, 0x3, 0x1, 0xee, 0x100000001, 0xffff, 0x6, 0x5, 0x1, 0x8001, 0x100000000, 0x2, 0x5, 0x8, 0x1, 0xff, 0x0, 0x4, 0x1, 0x8001, 0x8001, 0x5cb5, 0x9, 0x7fffffff, 0xfffffffffffff512, 0x7, 0x40, 0x101, 0x400, 0xfff, 0x1, 0x400, 0x800, 0x8, 0xaa6, 0x7c, 0x3, 0xffffffff, 0x1, 0x80, 0x6], [0x1, 0x8001, 0x6, 0x5, 0x40, 0x1ff, 0x800, 0x4, 0x5, 0x2, 0x1c, 0x8, 0x2, 0x1, 0x1, 0x3, 0x0, 0x483edbd4, 0x2, 0x6, 0x10001, 0x40, 0x8, 0x0, 0x9, 0x1, 0x80000001, 0x2, 0x7, 0x6, 0x7fffffff, 0x6, 0x4, 0x7fff, 0xc6ca, 0x91fc, 0x9, 0x400, 0x7ff, 0x4, 0x10000, 0x438, 0xffffffffffffffda, 0x2, 0x44f, 0x400, 0x10001, 0x5, 0x0, 0xcea, 0x6, 0x200, 0x8, 0x7, 0xc4, 0x2, 0x8, 0x9, 0x7, 0x9, 0xfffffffffffff801, 0x1, 0x1, 0x1]}, 0x45c) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(pcbc(aes-aesni),sha384)\x00'}, 0x58) munmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000) bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-avx2\x00'}, 0x58) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000800), &(0x7f0000000840)=0x4) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x4e23, 0xcf, @remote, 0x80}, {0xa, 0x4e21, 0xb5fb, @mcast1, 0x7}, 0x4, [0x3, 0x5, 0x7f, 0x6, 0xbb30, 0x8, 0x7, 0x3]}, 0x5c) [ 472.911171] FAULT_INJECTION: forcing a failure. [ 472.911171] name failslab, interval 1, probability 0, space 0, times 0 11:42:59 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xa00]}, 0x10) [ 472.963047] CPU: 1 PID: 18632 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 472.971580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.980958] Call Trace: [ 472.983574] dump_stack+0x244/0x39d [ 472.987234] ? dump_stack_print_info.cold.1+0x20/0x20 [ 472.992452] ? is_bpf_text_address+0xd3/0x170 [ 472.996985] should_fail.cold.4+0xa/0x17 [ 473.001058] ? __save_stack_trace+0x8d/0xf0 [ 473.005402] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 473.010510] ? save_stack+0xa9/0xd0 [ 473.014140] ? zap_class+0x640/0x640 [ 473.017865] ? kmem_cache_alloc_node_trace+0x14c/0x740 [ 473.023155] ? blk_alloc_flush_queue+0x120/0x460 [ 473.027917] ? blk_mq_realloc_hw_ctxs+0x8c2/0x12a0 [ 473.032861] ? blk_mq_init_allocated_queue+0x2bb/0x1680 [ 473.038227] ? blk_mq_init_queue+0x63/0xb0 [ 473.042467] ? loop_add+0x376/0xa40 [ 473.046101] ? loop_control_ioctl+0x199/0x530 [ 473.050595] ? do_vfs_ioctl+0x1de/0x1720 [ 473.054660] ? ksys_ioctl+0xa9/0xd0 [ 473.058284] ? __x64_sys_ioctl+0x73/0xb0 [ 473.062349] ? do_syscall_64+0x1b9/0x820 [ 473.066410] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 473.071788] ? __lock_is_held+0xb5/0x140 [ 473.075939] ? sdev_store_queue_depth+0x20/0x280 [ 473.080718] ? check_preemption_disabled+0x48/0x280 [ 473.085737] ? perf_trace_sched_process_exec+0x860/0x860 [ 473.091204] __should_failslab+0x124/0x180 [ 473.095454] should_failslab+0x9/0x14 [ 473.099260] kmem_cache_alloc_node_trace+0x270/0x740 [ 473.104387] ? rcu_read_lock_sched_held+0x14f/0x180 [ 473.109413] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 473.114703] __kmalloc_node+0x3c/0x70 [ 473.118514] blk_alloc_flush_queue+0x1e5/0x460 [ 473.123101] ? __kmalloc_node+0x3c/0x70 [ 473.127082] ? blk_insert_flush+0xb00/0xb00 [ 473.131412] ? kasan_unpoison_shadow+0x35/0x50 [ 473.136016] ? kasan_kmalloc+0xc7/0xe0 [ 473.139917] ? __lockdep_init_map+0x105/0x590 [ 473.144438] blk_mq_realloc_hw_ctxs+0x8c2/0x12a0 [ 473.149219] ? blk_mq_free_map_and_requests+0x160/0x160 [ 473.154587] ? __lock_is_held+0xb5/0x140 [ 473.158661] ? __kmalloc_node+0x3c/0x70 [ 473.162639] ? __kmalloc_node+0x3c/0x70 [ 473.166620] ? rcu_read_lock_sched_held+0x14f/0x180 [ 473.171643] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 473.176927] ? kasan_unpoison_shadow+0x35/0x50 [ 473.181525] ? kasan_kmalloc+0xc7/0xe0 [ 473.185429] blk_mq_init_allocated_queue+0x2bb/0x1680 [ 473.190632] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 473.196173] ? blk_alloc_queue_node+0x988/0xe80 [ 473.200853] ? blk_mq_map_swqueue+0xa50/0xa50 [ 473.205349] ? __mutex_init+0x1f7/0x290 [ 473.209350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 473.214892] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 473.220124] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 473.225326] blk_mq_init_queue+0x63/0xb0 [ 473.229400] loop_add+0x376/0xa40 [ 473.232861] ? loop_queue_rq+0x6d0/0x6d0 [ 473.236946] loop_control_ioctl+0x199/0x530 [ 473.241273] ? loop_add+0xa40/0xa40 [ 473.244914] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 473.249862] ? loop_add+0xa40/0xa40 [ 473.253494] do_vfs_ioctl+0x1de/0x1720 [ 473.257389] ? __lock_is_held+0xb5/0x140 [ 473.261461] ? ioctl_preallocate+0x300/0x300 [ 473.265875] ? __fget_light+0x2e9/0x430 [ 473.269852] ? fget_raw+0x20/0x20 [ 473.273315] ? __sb_end_write+0xd9/0x110 [ 473.277383] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 473.282927] ? fput+0x130/0x1a0 [ 473.286221] ? do_syscall_64+0x9a/0x820 [ 473.290203] ? do_syscall_64+0x9a/0x820 [ 473.294184] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 473.298777] ? security_file_ioctl+0x94/0xc0 [ 473.303192] ksys_ioctl+0xa9/0xd0 [ 473.306655] __x64_sys_ioctl+0x73/0xb0 [ 473.310553] do_syscall_64+0x1b9/0x820 [ 473.314459] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 473.319828] ? syscall_return_slowpath+0x5e0/0x5e0 [ 473.324762] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 473.329614] ? trace_hardirqs_on_caller+0x310/0x310 [ 473.334634] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 473.339657] ? prepare_exit_to_usermode+0x291/0x3b0 [ 473.344682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 473.349536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 473.354728] RIP: 0033:0x457569 [ 473.357925] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 473.376845] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 473.384561] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 473.391833] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 473.399104] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 473.406375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 11:42:59 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xff59, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 473.413668] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:42:59 executing program 0 (fault-call:23 fault-nth:35): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xb3, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:59 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c3d, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:42:59 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x9]}, 0x10) 11:42:59 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9850000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:42:59 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x2}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f0000000100)={r4, @in6={{0xa, 0x4e20, 0x9, @remote, 0x80}}, 0x10000, 0xfffffffffffff06e}, &(0x7f00000001c0)=0x90) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x40000020}]}) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:42:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x78, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:59 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4000000]}, 0x10) 11:42:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1e5, 0x0, &(0x7f0000005c00)={0x77359400}) 11:42:59 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x49b4, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 473.793684] FAULT_INJECTION: forcing a failure. [ 473.793684] name failslab, interval 1, probability 0, space 0, times 0 [ 473.823320] CPU: 0 PID: 18686 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 473.831850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.841216] Call Trace: [ 473.843829] dump_stack+0x244/0x39d [ 473.847472] ? dump_stack_print_info.cold.1+0x20/0x20 [ 473.852679] should_fail.cold.4+0xa/0x17 [ 473.856732] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 473.861842] ? print_usage_bug+0xc0/0xc0 [ 473.865927] ? __mutex_lock+0x85e/0x16f0 [ 473.870023] ? zap_class+0x640/0x640 [ 473.873742] ? mark_held_locks+0xc7/0x130 [ 473.877893] ? find_held_lock+0x36/0x1c0 [ 473.881976] ? __lock_is_held+0xb5/0x140 [ 473.886033] ? perf_trace_sched_process_exec+0x860/0x860 [ 473.891480] __should_failslab+0x124/0x180 [ 473.895707] should_failslab+0x9/0x14 [ 473.899497] kmem_cache_alloc_node_trace+0x270/0x740 [ 473.904590] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 473.910115] ? find_next_bit+0x104/0x130 [ 473.914170] blk_mq_init_tags+0x79/0x2b0 [ 473.918224] blk_mq_alloc_rq_map+0x9f/0x220 [ 473.922538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 473.928074] blk_mq_init_sched+0x21d/0x770 [ 473.932306] elevator_init_mq+0xd7/0x160 [ 473.936368] blk_mq_init_allocated_queue+0x1074/0x1680 [ 473.941652] ? blk_mq_map_swqueue+0xa50/0xa50 [ 473.946139] ? __mutex_init+0x1f7/0x290 [ 473.950117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 473.955642] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 473.960401] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 473.965584] blk_mq_init_queue+0x63/0xb0 [ 473.969635] loop_add+0x376/0xa40 [ 473.973077] ? loop_queue_rq+0x6d0/0x6d0 [ 473.977129] loop_control_ioctl+0x199/0x530 [ 473.981448] ? loop_add+0xa40/0xa40 [ 473.985088] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 473.990013] ? loop_add+0xa40/0xa40 [ 473.993629] do_vfs_ioctl+0x1de/0x1720 [ 473.997513] ? __lock_is_held+0xb5/0x140 [ 474.001564] ? ioctl_preallocate+0x300/0x300 [ 474.005972] ? __fget_light+0x2e9/0x430 [ 474.009950] ? fget_raw+0x20/0x20 [ 474.013397] ? __sb_end_write+0xd9/0x110 [ 474.017462] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 474.023001] ? fput+0x130/0x1a0 [ 474.026274] ? do_syscall_64+0x9a/0x820 [ 474.030234] ? do_syscall_64+0x9a/0x820 [ 474.034196] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 474.038769] ? security_file_ioctl+0x94/0xc0 [ 474.043169] ksys_ioctl+0xa9/0xd0 [ 474.046614] __x64_sys_ioctl+0x73/0xb0 [ 474.050505] do_syscall_64+0x1b9/0x820 [ 474.054382] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 474.059735] ? syscall_return_slowpath+0x5e0/0x5e0 [ 474.064649] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 474.069485] ? trace_hardirqs_on_caller+0x310/0x310 [ 474.074491] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 474.079494] ? prepare_exit_to_usermode+0x291/0x3b0 [ 474.084500] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 474.089333] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.094508] RIP: 0033:0x457569 [ 474.097688] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 474.116595] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 474.124301] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 474.131570] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 11:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x48, 0x0, &(0x7f0000005c00)={0x77359400}) [ 474.138826] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 474.146083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 474.153338] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:00 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3400]}, 0x10) 11:43:00 executing program 0 (fault-call:23 fault-nth:36): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:00 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c59, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:00 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x204000, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x48}) socket$alg(0x26, 0x5, 0x0) 11:43:00 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xca49, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xe2, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:00 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4000000000000000]}, 0x10) 11:43:00 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ca240145", 0x4) 11:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x194, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x172, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x6d, 0x0, &(0x7f0000005c00)={0x77359400}) [ 474.573860] FAULT_INJECTION: forcing a failure. [ 474.573860] name failslab, interval 1, probability 0, space 0, times 0 11:43:00 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x460) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x190, 0x0, &(0x7f0000005c00)={0x77359400}) [ 474.670721] CPU: 1 PID: 18726 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 474.679265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 474.688718] Call Trace: [ 474.691328] dump_stack+0x244/0x39d [ 474.694983] ? dump_stack_print_info.cold.1+0x20/0x20 [ 474.700196] should_fail.cold.4+0xa/0x17 [ 474.704267] ? check_preemption_disabled+0x48/0x280 [ 474.709302] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 474.714416] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 474.719360] ? kasan_check_read+0x11/0x20 [ 474.723525] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 474.728827] ? is_bpf_text_address+0x70/0x170 [ 474.733349] ? zap_class+0x640/0x640 [ 474.737082] ? is_bpf_text_address+0xd3/0x170 [ 474.741594] ? find_held_lock+0x36/0x1c0 [ 474.745671] ? __lock_is_held+0xb5/0x140 [ 474.749817] ? intel_thermal_interrupt+0x4d8/0x520 [ 474.754772] ? save_stack+0xa9/0xd0 [ 474.758414] ? perf_trace_sched_process_exec+0x860/0x860 [ 474.763875] ? mark_held_locks+0xc7/0x130 [ 474.768018] __should_failslab+0x124/0x180 [ 474.772263] should_failslab+0x9/0x14 [ 474.776078] kmem_cache_alloc_node_trace+0x270/0x740 [ 474.781196] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 474.785963] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 474.791414] __kmalloc_node+0x3c/0x70 [ 474.795222] sbitmap_init_node+0x288/0x440 [ 474.799475] sbitmap_queue_init_node+0xb2/0x850 [ 474.804147] ? __lock_is_held+0xb5/0x140 [ 474.808200] ? sbitmap_init_node+0x440/0x440 [ 474.812597] ? blk_mq_init_tags+0x79/0x2b0 [ 474.816822] ? rcu_read_lock_sched_held+0x14f/0x180 [ 474.821844] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 474.827126] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 474.832653] ? find_next_bit+0x104/0x130 [ 474.836720] blk_mq_init_tags+0x116/0x2b0 [ 474.840873] blk_mq_alloc_rq_map+0x9f/0x220 [ 474.845184] blk_mq_init_sched+0x21d/0x770 [ 474.849414] elevator_init_mq+0xd7/0x160 [ 474.853483] blk_mq_init_allocated_queue+0x1074/0x1680 [ 474.858752] ? blk_mq_map_swqueue+0xa50/0xa50 [ 474.863238] ? __mutex_init+0x1f7/0x290 [ 474.867210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 474.872735] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 474.877485] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 474.882682] blk_mq_init_queue+0x63/0xb0 [ 474.886750] loop_add+0x376/0xa40 [ 474.890218] ? retint_kernel+0x2d/0x2d [ 474.894109] ? loop_queue_rq+0x6d0/0x6d0 [ 474.898186] loop_control_ioctl+0x199/0x530 [ 474.902513] ? loop_add+0xa40/0xa40 [ 474.906146] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 474.911080] ? loop_add+0xa40/0xa40 [ 474.914698] do_vfs_ioctl+0x1de/0x1720 [ 474.918590] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 474.923353] ? ioctl_preallocate+0x300/0x300 [ 474.927765] ? __fget_light+0x2e9/0x430 [ 474.931727] ? fget_raw+0x20/0x20 [ 474.935173] ? __sb_end_write+0xd9/0x110 [ 474.939236] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 474.944005] ? security_file_ioctl+0x94/0xc0 [ 474.948415] ksys_ioctl+0xa9/0xd0 [ 474.951972] __x64_sys_ioctl+0x73/0xb0 [ 474.955867] do_syscall_64+0x1b9/0x820 [ 474.959750] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 474.965103] ? syscall_return_slowpath+0x5e0/0x5e0 [ 474.970019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 474.974862] ? trace_hardirqs_on_caller+0x310/0x310 [ 474.979879] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 474.984898] ? prepare_exit_to_usermode+0x291/0x3b0 [ 474.989943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 474.994794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 474.999976] RIP: 0033:0x457569 [ 475.003184] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 475.022084] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 475.029777] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 475.037038] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 475.044306] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 475.051573] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 475.058835] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:01 executing program 0 (fault-call:23 fault-nth:37): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x113, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:01 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x48a9, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:01 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}, 0x10) 11:43:01 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c32, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:01 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) socketpair$inet6_tcp(0xa, 0x1, 0x0, &(0x7f0000000000)) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:01 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x700000000000000]}, 0x10) 11:43:01 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xa1a60000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1ed, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x84, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x203, 0x0, &(0x7f0000005c00)={0x77359400}) [ 475.381784] FAULT_INJECTION: forcing a failure. [ 475.381784] name failslab, interval 1, probability 0, space 0, times 0 [ 475.418242] CPU: 0 PID: 18772 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 475.426791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.436152] Call Trace: [ 475.438757] dump_stack+0x244/0x39d [ 475.442409] ? dump_stack_print_info.cold.1+0x20/0x20 [ 475.447600] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 475.452346] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 475.456922] should_fail.cold.4+0xa/0x17 [ 475.460987] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 475.466429] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 475.471528] ? zap_class+0x640/0x640 [ 475.475245] ? retint_kernel+0x2d/0x2d [ 475.479130] ? __lock_is_held+0xb5/0x140 [ 475.483187] ? perf_trace_sched_process_exec+0x860/0x860 [ 475.488633] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 475.493393] __should_failslab+0x124/0x180 [ 475.497630] should_failslab+0x9/0x14 [ 475.501436] kmem_cache_alloc_node_trace+0x270/0x740 [ 475.506530] ? check_preemption_disabled+0x48/0x280 [ 475.511534] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 475.516536] ? find_next_bit+0x104/0x130 [ 475.520590] sbitmap_queue_init_node+0x34d/0x850 [ 475.525333] ? __lock_is_held+0xb5/0x140 [ 475.529384] ? sbitmap_init_node+0x440/0x440 [ 475.533779] ? blk_mq_init_tags+0x79/0x2b0 [ 475.538019] ? rcu_read_lock_sched_held+0x14f/0x180 [ 475.543024] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 475.548302] ? __cpu_to_node+0x22/0xa0 [ 475.552194] blk_mq_init_tags+0x116/0x2b0 [ 475.556335] blk_mq_alloc_rq_map+0x9f/0x220 [ 475.560646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 475.566173] blk_mq_init_sched+0x21d/0x770 [ 475.570417] elevator_init_mq+0xd7/0x160 [ 475.574472] blk_mq_init_allocated_queue+0x1074/0x1680 [ 475.579741] ? blk_mq_map_swqueue+0xa50/0xa50 [ 475.584224] ? __mutex_init+0x1f7/0x290 [ 475.588196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 475.593718] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 475.598474] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 475.603659] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 475.608406] blk_mq_init_queue+0x63/0xb0 [ 475.612459] loop_add+0x376/0xa40 [ 475.615925] ? loop_queue_rq+0x6d0/0x6d0 [ 475.620015] loop_control_ioctl+0x199/0x530 [ 475.624327] ? loop_add+0xa40/0xa40 [ 475.627955] ? retint_kernel+0x2d/0x2d [ 475.631839] ? do_vfs_ioctl+0x123/0x1720 [ 475.635886] ? loop_add+0xa40/0xa40 [ 475.639501] do_vfs_ioctl+0x1de/0x1720 [ 475.643377] ? __lock_is_held+0xb5/0x140 [ 475.647425] ? ioctl_preallocate+0x300/0x300 [ 475.651829] ? __fget_light+0x2e9/0x430 [ 475.655789] ? fget_raw+0x20/0x20 [ 475.659233] ? __sb_end_write+0xd9/0x110 [ 475.663295] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 475.668834] ? fput+0x130/0x1a0 [ 475.672108] ? do_syscall_64+0x9a/0x820 [ 475.676069] ? do_syscall_64+0x9a/0x820 [ 475.680031] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 475.684603] ? security_file_ioctl+0x94/0xc0 [ 475.689003] ksys_ioctl+0xa9/0xd0 [ 475.692447] __x64_sys_ioctl+0x73/0xb0 [ 475.696326] do_syscall_64+0x1b9/0x820 [ 475.700201] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 475.705553] ? syscall_return_slowpath+0x5e0/0x5e0 [ 475.710470] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 475.715301] ? trace_hardirqs_on_caller+0x310/0x310 [ 475.720308] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 475.725320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 475.730857] ? prepare_exit_to_usermode+0x291/0x3b0 [ 475.735863] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 475.740694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 475.745873] RIP: 0033:0x457569 [ 475.749068] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 475.767974] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 475.775669] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 11:43:01 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd1a30000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 475.782939] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 475.790206] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 475.797469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 475.804737] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:02 executing program 0 (fault-call:23 fault-nth:38): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x12d, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) fstat(r0, &(0x7f0000000000)) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:02 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c03, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:02 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xa00000000000000]}, 0x10) 11:43:02 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xf936000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) ioctl$sock_SIOCGSKNS(r0, 0x894c, &(0x7f0000000000)=0x200) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1fd, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:02 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe1530000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:02 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xf4010000]}, 0x10) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x144, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x55, 0x0, &(0x7f0000005c00)={0x77359400}) [ 476.215835] FAULT_INJECTION: forcing a failure. [ 476.215835] name failslab, interval 1, probability 0, space 0, times 0 [ 476.279405] CPU: 0 PID: 18825 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 476.287955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 476.297330] Call Trace: [ 476.299961] dump_stack+0x244/0x39d [ 476.303617] ? dump_stack_print_info.cold.1+0x20/0x20 [ 476.308839] should_fail.cold.4+0xa/0x17 [ 476.312919] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 476.318237] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 476.323797] ? zap_class+0x640/0x640 [ 476.327530] ? find_held_lock+0x36/0x1c0 [ 476.331598] ? __lock_is_held+0xb5/0x140 [ 476.335657] ? perf_trace_sched_process_exec+0x860/0x860 [ 476.341097] ? __lockdep_init_map+0x105/0x590 [ 476.345582] __should_failslab+0x124/0x180 [ 476.349826] should_failslab+0x9/0x14 [ 476.353634] kmem_cache_alloc_node_trace+0x270/0x740 [ 476.358740] ? init_wait_entry+0x1c0/0x1c0 [ 476.362980] ? check_preemption_disabled+0x48/0x280 [ 476.367982] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 476.372990] sbitmap_queue_init_node+0x34d/0x850 [ 476.377735] ? __lock_is_held+0xb5/0x140 [ 476.381786] ? sbitmap_init_node+0x440/0x440 [ 476.386181] ? blk_mq_init_tags+0x79/0x2b0 [ 476.390406] ? rcu_read_lock_sched_held+0x14f/0x180 [ 476.395409] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 476.400672] ? find_next_bit+0x104/0x130 [ 476.404725] blk_mq_init_tags+0x177/0x2b0 [ 476.408877] blk_mq_alloc_rq_map+0x9f/0x220 [ 476.413199] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 476.418728] blk_mq_init_sched+0x21d/0x770 [ 476.422968] elevator_init_mq+0xd7/0x160 [ 476.427038] blk_mq_init_allocated_queue+0x1074/0x1680 [ 476.432321] ? blk_mq_map_swqueue+0xa50/0xa50 [ 476.436816] ? __mutex_init+0x1f7/0x290 [ 476.440801] ? blk_mq_alloc_tag_set+0x75b/0xad0 [ 476.445469] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 476.450651] blk_mq_init_queue+0x63/0xb0 [ 476.454701] loop_add+0x376/0xa40 [ 476.458145] ? loop_queue_rq+0x6d0/0x6d0 [ 476.462218] loop_control_ioctl+0x199/0x530 [ 476.466543] ? loop_add+0xa40/0xa40 [ 476.470161] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 476.474736] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 476.479654] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 476.485098] ? loop_add+0xa40/0xa40 [ 476.488721] do_vfs_ioctl+0x1de/0x1720 [ 476.492610] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 476.497368] ? ioctl_preallocate+0x300/0x300 [ 476.501768] ? __fget_light+0x2e9/0x430 [ 476.505731] ? fget_raw+0x20/0x20 [ 476.509178] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 476.514703] ? fput+0x130/0x1a0 [ 476.517976] ? do_syscall_64+0x9a/0x820 [ 476.521958] ? do_syscall_64+0x9a/0x820 [ 476.525949] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 476.530525] ? security_file_ioctl+0x94/0xc0 [ 476.534922] ksys_ioctl+0xa9/0xd0 [ 476.538376] __x64_sys_ioctl+0x73/0xb0 [ 476.542253] do_syscall_64+0x1b9/0x820 [ 476.546128] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 476.551482] ? syscall_return_slowpath+0x5e0/0x5e0 [ 476.556397] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 476.561228] ? trace_hardirqs_on_caller+0x310/0x310 [ 476.566231] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 476.571234] ? prepare_exit_to_usermode+0x291/0x3b0 [ 476.576256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 476.581101] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 476.586288] RIP: 0033:0x457569 [ 476.589472] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 476.608365] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 476.616071] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 476.623325] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 476.630580] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 476.637848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 476.645101] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:02 executing program 0 (fault-call:23 fault-nth:39): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:02 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x510f0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:02 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x9000000]}, 0x10) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xa3, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, [], [{0x1, 0xffff, 0x1f, 0x7f, 0x2f9, 0x2}, {0xeb4, 0x0, 0x1, 0xb9, 0x3, 0x8}], [[], []]}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:02 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c51, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:02 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xe2b1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = getpgrp(0xffffffffffffffff) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x32d200, 0x0) write$P9_RSTAT(r2, &(0x7f0000000180)={0x55, 0x7d, 0x1, {0x0, 0x4e, 0x8, 0x0, {0x0, 0x1, 0x1}, 0x8200000, 0xffffffffffffffff, 0x10000, 0x7fff, 0x0, "", 0x9, '/dev/dsp\x00', 0x9, 'skcipher\x00', 0x9, 'skcipher\x00'}}, 0x55) r3 = getpgid(0xffffffffffffffff) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000200)) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x0, 0x0) kcmp$KCMP_EPOLL_TFD(r1, r3, 0x7, r0, &(0x7f0000000100)={r4, r0, 0x7}) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1ce, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:02 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4000]}, 0x10) 11:43:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1d6, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x120, 0x0, &(0x7f0000005c00)={0x77359400}) [ 476.987043] FAULT_INJECTION: forcing a failure. [ 476.987043] name failslab, interval 1, probability 0, space 0, times 0 [ 477.030744] CPU: 1 PID: 18868 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 477.039285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.048648] Call Trace: [ 477.051255] dump_stack+0x244/0x39d [ 477.054913] ? dump_stack_print_info.cold.1+0x20/0x20 [ 477.060132] ? should_fail.cold.4+0x5/0x17 [ 477.064387] should_fail.cold.4+0xa/0x17 [ 477.068472] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 477.073598] ? zap_class+0x640/0x640 [ 477.077335] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 477.082635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 477.088175] ? check_preemption_disabled+0x48/0x280 [ 477.093190] ? zap_class+0x640/0x640 [ 477.096922] ? __lock_is_held+0xb5/0x140 [ 477.101009] ? __lockdep_init_map+0x105/0x590 [ 477.105501] ? __lock_is_held+0xb5/0x140 [ 477.109577] ? perf_trace_sched_process_exec+0x860/0x860 [ 477.115045] ? sbitmap_queue_init_node+0xce/0x850 [ 477.119900] ? __lock_is_held+0xb5/0x140 [ 477.123990] __should_failslab+0x124/0x180 [ 477.128246] should_failslab+0x9/0x14 [ 477.132058] kmem_cache_alloc_node_trace+0x270/0x740 [ 477.137163] ? find_next_bit+0x104/0x130 [ 477.141235] __kmalloc_node+0x3c/0x70 [ 477.145036] blk_mq_alloc_rq_map+0xcc/0x220 [ 477.149355] ? blk_mq_free_tag_set+0x1a0/0x1a0 [ 477.153967] blk_mq_init_sched+0x21d/0x770 [ 477.158227] elevator_init_mq+0xd7/0x160 [ 477.162301] blk_mq_init_allocated_queue+0x1074/0x1680 [ 477.167598] ? blk_mq_map_swqueue+0xa50/0xa50 [ 477.172100] ? __mutex_init+0x1f7/0x290 [ 477.176072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 477.181596] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 477.186344] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 477.191522] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 477.196268] blk_mq_init_queue+0x63/0xb0 [ 477.200322] loop_add+0x376/0xa40 [ 477.203762] ? loop_queue_rq+0x6d0/0x6d0 [ 477.207811] loop_control_ioctl+0x199/0x530 [ 477.212122] ? loop_add+0xa40/0xa40 [ 477.215734] ? retint_kernel+0x2d/0x2d [ 477.219610] ? do_vfs_ioctl+0x178/0x1720 [ 477.223656] ? loop_add+0xa40/0xa40 [ 477.227268] do_vfs_ioctl+0x1de/0x1720 [ 477.231144] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 477.235883] ? ioctl_preallocate+0x300/0x300 [ 477.240285] ? __fget_light+0x2e9/0x430 [ 477.244241] ? fget_raw+0x20/0x20 [ 477.247680] ? __sb_end_write+0xd9/0x110 [ 477.251757] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 477.256503] ? security_file_ioctl+0x94/0xc0 [ 477.260900] ksys_ioctl+0xa9/0xd0 [ 477.264337] __x64_sys_ioctl+0x73/0xb0 [ 477.268206] ? do_syscall_64+0x198/0x820 [ 477.272252] do_syscall_64+0x1b9/0x820 [ 477.276126] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 477.281474] ? syscall_return_slowpath+0x5e0/0x5e0 [ 477.286386] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 477.291214] ? trace_hardirqs_on_caller+0x310/0x310 [ 477.296215] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 477.301222] ? prepare_exit_to_usermode+0x291/0x3b0 [ 477.306246] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 477.311078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 477.316250] RIP: 0033:0x457569 [ 477.319430] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 477.338318] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 477.346011] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 477.353265] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 477.360517] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 477.367770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 477.375023] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:03 executing program 0 (fault-call:23 fault-nth:40): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:03 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x5421, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x17b, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:03 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x5]}, 0x10) 11:43:03 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-avx2\x00'}, 0xfffffffffffffe3b) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x3) 11:43:03 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x932000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:03 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe000000]}, 0x10) 11:43:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x10d, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:03 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x40000, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="b7f2288a6030bc22478e977520538532661f0a1cd380d0a5d988293323df3406a92c25903288e96a6254f920481c471570eb2fb46ea4ad546136df7db7dee4", 0xfffffffffffffff9) 11:43:03 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4998000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xcd, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:03 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x5000000]}, 0x10) [ 477.758011] FAULT_INJECTION: forcing a failure. [ 477.758011] name failslab, interval 1, probability 0, space 0, times 0 [ 477.774406] CPU: 1 PID: 18901 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 477.782924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.792302] Call Trace: [ 477.794893] dump_stack+0x244/0x39d [ 477.798513] ? dump_stack_print_info.cold.1+0x20/0x20 [ 477.803708] should_fail.cold.4+0xa/0x17 [ 477.807760] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 477.812850] ? retint_kernel+0x2d/0x2d [ 477.816733] ? zap_class+0x640/0x640 [ 477.820437] ? save_stack+0xa9/0xd0 [ 477.824056] ? save_stack+0x43/0xd0 [ 477.827668] ? kasan_kmalloc+0xc7/0xe0 [ 477.831558] ? __kmalloc_node+0x50/0x70 [ 477.835521] ? blk_mq_alloc_rq_map+0xcc/0x220 [ 477.840013] ? blk_mq_init_sched+0x21d/0x770 [ 477.844425] ? elevator_init_mq+0xd7/0x160 [ 477.848669] ? blk_mq_init_allocated_queue+0x1074/0x1680 [ 477.854109] ? __lock_is_held+0xb5/0x140 [ 477.858162] ? check_preemption_disabled+0x48/0x280 [ 477.863183] ? perf_trace_sched_process_exec+0x860/0x860 [ 477.868622] ? __lock_is_held+0xb5/0x140 [ 477.872685] __should_failslab+0x124/0x180 [ 477.876920] should_failslab+0x9/0x14 [ 477.880719] kmem_cache_alloc_node_trace+0x270/0x740 [ 477.885812] ? kasan_unpoison_shadow+0x35/0x50 [ 477.890403] __kmalloc_node+0x3c/0x70 [ 477.894196] blk_mq_alloc_rq_map+0x10d/0x220 [ 477.898610] blk_mq_init_sched+0x21d/0x770 [ 477.902855] elevator_init_mq+0xd7/0x160 [ 477.906906] blk_mq_init_allocated_queue+0x1074/0x1680 [ 477.912181] ? blk_mq_map_swqueue+0xa50/0xa50 [ 477.916664] ? __mutex_init+0x1f7/0x290 [ 477.920636] ? blk_mq_alloc_tag_set+0x633/0xad0 [ 477.925299] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 477.930490] blk_mq_init_queue+0x63/0xb0 [ 477.934553] loop_add+0x376/0xa40 [ 477.937996] ? loop_queue_rq+0x6d0/0x6d0 [ 477.942051] loop_control_ioctl+0x199/0x530 [ 477.946361] ? loop_add+0xa40/0xa40 [ 477.949986] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 477.954920] ? loop_add+0xa40/0xa40 [ 477.958568] do_vfs_ioctl+0x1de/0x1720 [ 477.962460] ? __lock_is_held+0xb5/0x140 [ 477.966509] ? ioctl_preallocate+0x300/0x300 [ 477.970904] ? __fget_light+0x2e9/0x430 [ 477.974865] ? fget_raw+0x20/0x20 [ 477.978322] ? __sb_end_write+0xd9/0x110 [ 477.982387] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 477.987910] ? fput+0x130/0x1a0 [ 477.991183] ? do_syscall_64+0x9a/0x820 [ 477.995142] ? do_syscall_64+0x9a/0x820 [ 477.999105] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 478.003681] ? security_file_ioctl+0x94/0xc0 [ 478.008076] ksys_ioctl+0xa9/0xd0 [ 478.011517] __x64_sys_ioctl+0x73/0xb0 [ 478.015394] do_syscall_64+0x1b9/0x820 [ 478.019267] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 478.024616] ? syscall_return_slowpath+0x5e0/0x5e0 [ 478.029550] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.034380] ? trace_hardirqs_on_caller+0x310/0x310 [ 478.039416] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 478.044439] ? prepare_exit_to_usermode+0x291/0x3b0 [ 478.049464] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.054299] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 478.059477] RIP: 0033:0x457569 [ 478.062656] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 478.081559] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 478.089276] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 478.096820] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 478.104078] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 478.111338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 478.118601] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:04 executing program 0 (fault-call:23 fault-nth:41): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:04 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1fa, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:04 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c3a, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:04 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x100000000, 0x70000) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="ff1de6d00e4af196103240bd412eec11f057531dc41e66a1138560d3decd420e0e9415569af69d97a3c0a3898ce5b50418d486c36a90b2d6f54a152e2b1b30d640a37a467d00e45535e684dc8137db7a56453d3f289dd85b40b878eaa6a6c1bd3cf725fe9d8588f3f15e6a00c891375ddb13aa1c2675f709e8401491efe3c9fa567035a4e9a90bf6ca5119f83146887841c47aaf0c17d2c7077c9ba555099b25cc71639b7dc9917f0749be4e92b7b32f30f62e06bfa5daa89543", 0xba) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:04 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x700]}, 0x10) 11:43:04 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x41f0000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:04 executing program 3: r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f00000000c0)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000100)='TRUE', 0x4, 0x3) r1 = socket$alg(0x26, 0x5, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x20000, 0x0) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000000)="b7f2208a", 0xff96) 11:43:04 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x2104000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:04 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x68, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:04 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xf401]}, 0x10) 11:43:04 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1a6, 0x0, &(0x7f0000005c00)={0x77359400}) [ 478.471600] FAULT_INJECTION: forcing a failure. [ 478.471600] name fail_page_alloc, interval 1, probability 0, space 0, times 0 11:43:04 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c07, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) [ 478.527006] CPU: 0 PID: 18946 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 478.535557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 478.544906] Call Trace: [ 478.547498] dump_stack+0x244/0x39d [ 478.551135] ? dump_stack_print_info.cold.1+0x20/0x20 [ 478.556341] ? mark_held_locks+0xc7/0x130 [ 478.560484] should_fail.cold.4+0xa/0x17 [ 478.564536] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 478.569632] ? zap_class+0x640/0x640 [ 478.573334] ? find_held_lock+0x36/0x1c0 [ 478.577391] ? is_bpf_text_address+0xac/0x170 [ 478.581878] ? __lock_is_held+0xb5/0x140 [ 478.585947] ? rcu_softirq_qs+0x20/0x20 [ 478.589915] ? perf_trace_sched_process_exec+0x860/0x860 [ 478.595369] ? is_bpf_text_address+0xd3/0x170 [ 478.599851] ? __might_sleep+0x95/0x190 [ 478.603827] __alloc_pages_nodemask+0x34b/0xdd0 [ 478.608503] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 478.613520] ? save_stack+0xa9/0xd0 [ 478.617176] ? save_stack+0x43/0xd0 [ 478.620800] ? kasan_kmalloc+0xc7/0xe0 [ 478.624681] ? __kmalloc_node+0x50/0x70 [ 478.628653] ? blk_mq_alloc_rq_map+0x10d/0x220 [ 478.633250] ? blk_mq_init_sched+0x21d/0x770 [ 478.637659] ? do_vfs_ioctl+0x1de/0x1720 [ 478.641717] ? ksys_ioctl+0xa9/0xd0 [ 478.645328] ? __x64_sys_ioctl+0x73/0xb0 [ 478.649377] ? do_syscall_64+0x1b9/0x820 [ 478.653433] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 478.658800] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 478.664323] ? find_next_bit+0x104/0x130 [ 478.668375] ? __cpu_to_node+0x7d/0xa0 [ 478.672252] ? blk_mq_hw_queue_to_node+0xcc/0x110 [ 478.677086] blk_mq_alloc_rqs+0x31c/0x980 [ 478.681228] ? blk_mq_alloc_rq_map+0x220/0x220 [ 478.685804] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 478.691072] ? kasan_unpoison_shadow+0x35/0x50 [ 478.695649] ? __kmalloc_node+0x50/0x70 [ 478.699619] blk_mq_init_sched+0x279/0x770 [ 478.703849] elevator_init_mq+0xd7/0x160 [ 478.707906] blk_mq_init_allocated_queue+0x1074/0x1680 [ 478.713192] ? blk_mq_map_swqueue+0xa50/0xa50 [ 478.717677] ? __mutex_init+0x1f7/0x290 [ 478.721653] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 478.727187] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 478.731983] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 478.737176] blk_mq_init_queue+0x63/0xb0 [ 478.741228] loop_add+0x376/0xa40 [ 478.744683] ? loop_queue_rq+0x6d0/0x6d0 [ 478.748764] loop_control_ioctl+0x199/0x530 [ 478.753092] ? loop_add+0xa40/0xa40 [ 478.756727] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 478.761648] ? loop_add+0xa40/0xa40 [ 478.765275] do_vfs_ioctl+0x1de/0x1720 [ 478.769168] ? __lock_is_held+0xb5/0x140 [ 478.773233] ? ioctl_preallocate+0x300/0x300 [ 478.777630] ? __fget_light+0x2e9/0x430 [ 478.781594] ? fget_raw+0x20/0x20 [ 478.785067] ? __sb_end_write+0xd9/0x110 [ 478.789136] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 478.794689] ? fput+0x130/0x1a0 [ 478.797972] ? do_syscall_64+0x9a/0x820 [ 478.801949] ? do_syscall_64+0x9a/0x820 [ 478.805929] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 478.810531] ? security_file_ioctl+0x94/0xc0 [ 478.814958] ksys_ioctl+0xa9/0xd0 [ 478.818664] __x64_sys_ioctl+0x73/0xb0 [ 478.822543] do_syscall_64+0x1b9/0x820 [ 478.826426] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 478.831807] ? syscall_return_slowpath+0x5e0/0x5e0 [ 478.836724] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.841556] ? trace_hardirqs_on_caller+0x310/0x310 [ 478.846559] ? prepare_exit_to_usermode+0x291/0x3b0 [ 478.851567] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 478.856409] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 478.861603] RIP: 0033:0x457569 [ 478.864798] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 478.883701] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 478.891412] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 478.898669] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 478.905922] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 478.913189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 478.920446] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:05 executing program 0 (fault-call:23 fault-nth:42): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:05 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x0) bind$alg(r0, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000180)={0x0, 0x76, "06e6a0c45a441e238ea1c577af5d69f4f9dc550cf9d1bf3350435329695d5d0ad1e42b264301476e014b9b2e29cd97320ed13c989452f974ac433168e24e5f34611f0541d4271bda8b94ef6010828d11c18815cb6d89d613375ccb366a44e7c8021671b105a1f57862f4a843aa15ebc3b0a595e04098"}, &(0x7f0000000000)=0x7e) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000200)=@assoc_id=r2, &(0x7f0000000240)=0x4) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={'vlan0\x00'}) 11:43:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xf9, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:05 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4029, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:05 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe00]}, 0x10) 11:43:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xcb, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x138, 0x0, &(0x7f0000005c00)={0x77359400}) [ 479.192363] FAULT_INJECTION: forcing a failure. [ 479.192363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 479.224711] CPU: 1 PID: 18975 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 479.233233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 11:43:05 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x1059, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 479.242594] Call Trace: [ 479.245203] dump_stack+0x244/0x39d [ 479.248856] ? dump_stack_print_info.cold.1+0x20/0x20 [ 479.254062] ? should_fail+0x1a8/0xd01 [ 479.257968] should_fail.cold.4+0xa/0x17 [ 479.262036] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 479.267165] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 479.271949] ? zap_class+0x640/0x640 [ 479.275674] ? find_held_lock+0x36/0x1c0 [ 479.279753] ? is_bpf_text_address+0xac/0x170 [ 479.284263] ? __lock_is_held+0xb5/0x140 [ 479.288334] ? rcu_softirq_qs+0x20/0x20 11:43:05 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_dev$dspn(&(0x7f00000002c0)='/dev/dsp#\x00', 0x2, 0x400) setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000300)=0x2, 0x4) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:05 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xe]}, 0x10) [ 479.292315] ? perf_trace_sched_process_exec+0x860/0x860 [ 479.297784] ? is_bpf_text_address+0xd3/0x170 [ 479.302291] ? __might_sleep+0x95/0x190 [ 479.306280] __alloc_pages_nodemask+0x34b/0xdd0 [ 479.311017] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 479.316047] ? save_stack+0xa9/0xd0 [ 479.319686] ? save_stack+0x43/0xd0 [ 479.323321] ? kasan_kmalloc+0xc7/0xe0 [ 479.327218] ? __kmalloc_node+0x50/0x70 [ 479.331205] ? blk_mq_alloc_rq_map+0x10d/0x220 [ 479.335805] ? blk_mq_init_sched+0x21d/0x770 [ 479.340232] ? do_vfs_ioctl+0x1de/0x1720 [ 479.344287] ? ksys_ioctl+0xa9/0xd0 [ 479.347896] ? __x64_sys_ioctl+0x73/0xb0 [ 479.351953] ? do_syscall_64+0x1b9/0x820 [ 479.356003] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 479.361358] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 479.366887] ? find_next_bit+0x104/0x130 [ 479.370952] ? __cpu_to_node+0x7d/0xa0 [ 479.374833] ? blk_mq_hw_queue_to_node+0xcc/0x110 [ 479.379665] blk_mq_alloc_rqs+0x31c/0x980 [ 479.383805] ? blk_mq_alloc_rq_map+0x220/0x220 [ 479.388383] ? kmem_cache_alloc_node_trace+0x34b/0x740 [ 479.393646] ? kasan_unpoison_shadow+0x35/0x50 [ 479.398220] ? __kmalloc_node+0x50/0x70 [ 479.402185] blk_mq_init_sched+0x279/0x770 [ 479.406415] elevator_init_mq+0xd7/0x160 [ 479.410472] blk_mq_init_allocated_queue+0x1074/0x1680 [ 479.415757] ? blk_mq_map_swqueue+0xa50/0xa50 [ 479.420248] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 479.424815] ? retint_kernel+0x2d/0x2d [ 479.428689] ? trace_hardirqs_on_caller+0xc0/0x310 [ 479.433605] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 479.438172] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 479.442916] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 479.448362] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 479.453803] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 479.458570] ? blk_alloc_queue_node+0x988/0xe80 [ 479.463250] blk_mq_init_queue+0x63/0xb0 [ 479.467299] loop_add+0x376/0xa40 [ 479.470744] ? loop_queue_rq+0x6d0/0x6d0 [ 479.474799] loop_control_ioctl+0x199/0x530 [ 479.479107] ? loop_add+0xa40/0xa40 [ 479.482739] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 479.487675] ? loop_add+0xa40/0xa40 [ 479.491290] do_vfs_ioctl+0x1de/0x1720 [ 479.495165] ? __lock_is_held+0xb5/0x140 [ 479.499215] ? ioctl_preallocate+0x300/0x300 [ 479.503610] ? __fget_light+0x2e9/0x430 [ 479.507588] ? fget_raw+0x20/0x20 [ 479.511035] ? __sb_end_write+0xd9/0x110 [ 479.515102] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 479.520627] ? fput+0x130/0x1a0 [ 479.523893] ? do_syscall_64+0x9a/0x820 [ 479.527853] ? do_syscall_64+0x9a/0x820 [ 479.531818] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 479.536390] ? security_file_ioctl+0x94/0xc0 [ 479.540786] ksys_ioctl+0xa9/0xd0 [ 479.544245] __x64_sys_ioctl+0x73/0xb0 [ 479.548122] do_syscall_64+0x1b9/0x820 [ 479.551997] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 479.557348] ? syscall_return_slowpath+0x5e0/0x5e0 [ 479.562263] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 479.567121] ? trace_hardirqs_on_caller+0x310/0x310 [ 479.572139] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 479.577664] ? prepare_exit_to_usermode+0x291/0x3b0 [ 479.582669] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 479.587503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 479.592681] RIP: 0033:0x457569 [ 479.595860] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 479.614746] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.622437] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 479.629698] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 479.636957] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 11:43:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1bf, 0x0, &(0x7f0000005c00)={0x77359400}) [ 479.644211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 479.651468] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x119, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:05 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c29, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:05 executing program 0 (fault-call:23 fault-nth:43): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:06 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="b7f2288a170e6e4886c5a49c185d3bb145b1987ef44a50146015e46c63bdb3c6e0f7bfa2f5b6ae83e89dcde74f2b89931ac3ad6fb4739a0b1b3d3abbf7dbc1e3312b525c656282c880a0bf9caba7b47e66717f4599339ead4cdf69242aa92628577d5486281d650447ed784b1065366cad392d252ed70fa30b9c2b871ea2c65c1b6593bf544ca1c8141a3e3e3837ba5a5a1098bfc97becda8a328c2c882b55a2f813604382fd15dfd249f82fc80c4f9769a3489ae7aa7276ff028c9d94fbc382d6c94a3677948ff4dd75d1ee2c34b2d319b005d4059f9331762ceaf25a857fd92b8d247614a797d5dc68f617ada469d475e9f75d8cf386578253d34af62ebfc559d4e2b82a964c2b390a2cbc8f2799b539043de7fac7a34948d0e60d437d44be55f7a5d070e04225a1069f2983ce38c0faa79faf9abd61c8006bad918ab6b62a4c373f3b64b1b289bdaee65ba93e0e9590ace4846e9ccfc9bcf7b7d3fa310d0098e302a7755618c22330dc6d8115f9efac7a6629fcc6a03d9b191283cc4b78e7e480", 0x182) 11:43:06 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x4]}, 0x10) 11:43:06 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x712e, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x19d, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:06 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vhci\x00', 0x404002, 0x0) accept$alg(r1, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={0xffffffffffffffff}, 0x106, 0x1009}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f0000000300)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r2}}, 0x18) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r3 = dup2(0xffffffffffffff9c, r0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x6, 0x3, 0x4, 0x3}) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000000)=ANY=[@ANYBLOB="04000001e3ff000000000000"], &(0x7f0000000040)=0xc) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000340)={0x0, 0x80000001, 0x8}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f00000003c0)={r4, 0x9}, &(0x7f0000000400)=0x8) 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x198, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x50, 0x0, &(0x7f0000005c00)={0x77359400}) [ 480.152730] FAULT_INJECTION: forcing a failure. [ 480.152730] name failslab, interval 1, probability 0, space 0, times 0 [ 480.192434] CPU: 0 PID: 19024 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 480.200974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 11:43:06 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xb980, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 480.210338] Call Trace: [ 480.212988] dump_stack+0x244/0x39d [ 480.216650] ? dump_stack_print_info.cold.1+0x20/0x20 [ 480.221857] ? mark_held_locks+0xc7/0x130 [ 480.226018] ? __switch_to_asm+0x40/0x70 [ 480.230105] should_fail.cold.4+0xa/0x17 [ 480.234188] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 480.239303] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 480.244776] ? mark_held_locks+0xc7/0x130 [ 480.248961] ? zap_class+0x640/0x640 [ 480.252692] ? find_held_lock+0x36/0x1c0 [ 480.256742] ? __lock_is_held+0xb5/0x140 11:43:06 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x900000000000000]}, 0x10) [ 480.260798] ? perf_trace_sched_process_exec+0x860/0x860 [ 480.266258] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 480.271042] __should_failslab+0x124/0x180 [ 480.275288] should_failslab+0x9/0x14 [ 480.279106] kmem_cache_alloc_node_trace+0x270/0x740 [ 480.284220] ? blk_mq_alloc_rqs+0x65f/0x980 [ 480.288569] elevator_alloc+0x82/0x1f0 [ 480.292547] dd_init_queue+0x9c/0x600 [ 480.296374] ? dd_exit_queue+0x250/0x250 [ 480.300460] ? kasan_unpoison_shadow+0x35/0x50 [ 480.305038] ? __kmalloc_node+0x50/0x70 [ 480.309006] blk_mq_init_sched+0x3b3/0x770 [ 480.313238] elevator_init_mq+0xd7/0x160 [ 480.317348] blk_mq_init_allocated_queue+0x1074/0x1680 [ 480.322617] ? blk_mq_map_swqueue+0xa50/0xa50 [ 480.327108] ? __mutex_init+0x1f7/0x290 [ 480.331085] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 480.336607] ? __blk_mq_alloc_rq_map+0x17d/0x2e0 [ 480.341359] ? blk_mq_update_nr_hw_queues+0xf00/0xf00 [ 480.346557] blk_mq_init_queue+0x63/0xb0 [ 480.350623] loop_add+0x376/0xa40 [ 480.354082] ? loop_queue_rq+0x6d0/0x6d0 [ 480.358135] loop_control_ioctl+0x199/0x530 [ 480.362447] ? loop_add+0xa40/0xa40 [ 480.366069] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 480.371005] ? loop_add+0xa40/0xa40 [ 480.374626] do_vfs_ioctl+0x1de/0x1720 [ 480.378504] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 480.383250] ? ioctl_preallocate+0x300/0x300 [ 480.387643] ? __fget_light+0x2e9/0x430 [ 480.391604] ? fget_raw+0x20/0x20 [ 480.395057] ? __sb_end_write+0xd9/0x110 [ 480.399122] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 480.403884] ? security_file_ioctl+0x94/0xc0 [ 480.408287] ksys_ioctl+0xa9/0xd0 [ 480.411730] __x64_sys_ioctl+0x73/0xb0 [ 480.415607] ? do_syscall_64+0x1a3/0x820 [ 480.419654] do_syscall_64+0x1b9/0x820 [ 480.423550] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 480.428909] ? syscall_return_slowpath+0x5e0/0x5e0 [ 480.433831] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 480.438664] ? trace_hardirqs_on_caller+0x310/0x310 [ 480.443666] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 480.448687] ? prepare_exit_to_usermode+0x291/0x3b0 [ 480.453696] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 480.458532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 480.463720] RIP: 0033:0x457569 [ 480.466900] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 480.485802] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 480.493502] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 480.500788] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1c3, 0x0, &(0x7f0000005c00)={0x77359400}) [ 480.508040] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 480.515293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 480.522547] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:06 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c72, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:06 executing program 0 (fault-call:23 fault-nth:44): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:06 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) fadvise64(r0, 0x0, 0x7, 0x5) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) ioctl$EXT4_IOC_RESIZE_FS(r0, 0x40086610, &(0x7f0000000000)=0x100) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x5, 0x410000) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f00000000c0)="58e539154a") 11:43:06 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xde69, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:06 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x500000000000000]}, 0x10) 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x25, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:06 executing program 3: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'vcan0\x00', 0x0}) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000700)={r1, 0x1, 0x6, @remote}, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f00000000c0)={0x0, 0x0, 0x2, 0x0, [], [{0x3, 0xfb, 0x8001, 0x96d3, 0x80000001, 0x5f}, {0x3f, 0x7, 0x3, 0x2, 0x28a, 0x3}], [[], []]}) bind$alg(r2, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:06 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x49480000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:06 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}, 0x10) 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1db, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:06 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x175, 0x0, &(0x7f0000005c00)={0x77359400}) [ 480.924862] FAULT_INJECTION: forcing a failure. [ 480.924862] name failslab, interval 1, probability 0, space 0, times 0 11:43:07 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x34000000]}, 0x10) [ 480.989277] CPU: 0 PID: 19077 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 480.997809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.007157] Call Trace: [ 481.009771] dump_stack+0x244/0x39d [ 481.013428] ? dump_stack_print_info.cold.1+0x20/0x20 [ 481.018620] ? __save_stack_trace+0x8d/0xf0 [ 481.022979] should_fail.cold.4+0xa/0x17 [ 481.027042] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 481.032147] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.036910] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 481.041500] ? zap_class+0x640/0x640 [ 481.045201] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.049961] ? find_held_lock+0x36/0x1c0 [ 481.054014] ? __lock_is_held+0xb5/0x140 [ 481.058092] ? perf_trace_sched_process_exec+0x860/0x860 [ 481.063546] ? retint_kernel+0x2d/0x2d [ 481.067426] __should_failslab+0x124/0x180 [ 481.071685] should_failslab+0x9/0x14 [ 481.075478] kmem_cache_alloc_node_trace+0x270/0x740 [ 481.080659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 481.086192] dd_init_queue+0x10e/0x600 [ 481.090082] ? dd_exit_queue+0x250/0x250 [ 481.094147] ? kasan_unpoison_shadow+0x35/0x50 [ 481.098723] ? __kmalloc_node+0x50/0x70 [ 481.102699] blk_mq_init_sched+0x3b3/0x770 [ 481.106931] elevator_init_mq+0xd7/0x160 [ 481.111014] blk_mq_init_allocated_queue+0x1074/0x1680 [ 481.116296] ? blk_mq_map_swqueue+0xa50/0xa50 [ 481.120807] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.125568] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 481.130138] ? retint_kernel+0x2d/0x2d [ 481.134012] ? trace_hardirqs_on_caller+0xc0/0x310 [ 481.138964] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.143722] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 481.149184] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.153951] ? retint_kernel+0x2d/0x2d [ 481.157834] blk_mq_init_queue+0x63/0xb0 [ 481.161887] loop_add+0x376/0xa40 [ 481.165328] ? loop_queue_rq+0x6d0/0x6d0 [ 481.169399] loop_control_ioctl+0x199/0x530 [ 481.173723] ? loop_add+0xa40/0xa40 [ 481.177356] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 481.182290] ? loop_add+0xa40/0xa40 [ 481.185904] do_vfs_ioctl+0x1de/0x1720 [ 481.189791] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.194564] ? ioctl_preallocate+0x300/0x300 [ 481.198980] ? __fget_light+0x2e9/0x430 [ 481.202971] ? fget_raw+0x20/0x20 [ 481.206421] ? __sb_end_write+0xd9/0x110 [ 481.210493] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 481.215421] ? security_file_ioctl+0x94/0xc0 [ 481.219827] ksys_ioctl+0xa9/0xd0 [ 481.223269] __x64_sys_ioctl+0x73/0xb0 [ 481.227145] ? do_syscall_64+0xca/0x820 [ 481.231108] do_syscall_64+0x1b9/0x820 [ 481.234985] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 481.240354] ? syscall_return_slowpath+0x5e0/0x5e0 [ 481.245269] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 481.250100] ? trace_hardirqs_on_caller+0x310/0x310 [ 481.255112] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 481.260138] ? prepare_exit_to_usermode+0x291/0x3b0 [ 481.265157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 481.270003] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 481.275177] RIP: 0033:0x457569 [ 481.278365] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 481.297279] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 481.304995] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 481.312248] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 481.319515] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 481.326767] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 481.334026] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x42, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:07 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/vcs\x00', 0x8000, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000440)={0x0, @in6={{0xa, 0x4e20, 0xdb, @loopback, 0xfff}}, 0x7, 0x10001, 0x100000000000000, 0x1ff, 0x4}, &(0x7f0000000500)=0x98) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000540)={r2, 0xffff}, &(0x7f0000000600)=0x8) r3 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x8000, 0x80000) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r3, 0x4010ae68, &(0x7f00000000c0)={0x10000, 0x10000}) ioctl$VHOST_GET_VRING_BASE(r3, 0xc008af12, &(0x7f0000000640)) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) timer_create(0x7, &(0x7f0000000280)={0x0, 0x21, 0x7, @thr={&(0x7f0000000100)="b2355080f9fb71c9eadc4ee3aad7a71a6544324bcb7d5ffe0719a6cf0954b0f954c911b44c52752de658f8008341b5390aa35906b23cb13369f3082e836fd843d6175e6d8526da6abd54e347a6da588ccb2f8ed5728c3d8ad6864f5adf31c8ebf2ab760cfbbf56f83e1efca5ca98e5d716f83d39ad1bd3ee3f453bedf1bfc4af5de790255927ca539401331b7dad13eadf4ac56c0281aca834756d7e4cab46588f2f4118445a8198942fc8456976054ab90605b30325affd9a575e8440f2a89ff2988eebbf1be9ec2b50fb8deeaebdf5f84eeec7d749d722b4e388534e82aceb85b2024d158851b880bfefc6a7e294fc2a3630", &(0x7f0000000200)="84ea7124908f63e9df7a6d5ecb8e8b6d2320be61fb63775632641be58e352406f5daa3eb69cb6682853ab78cbd05ff9087affb4f34dcde8a405a2fa97a46d97a127c34561b9d635f1b0504b41b370b0a22ea48b4a8"}}, &(0x7f00000002c0)=0x0) clock_gettime(0x0, &(0x7f0000000300)={0x0, 0x0}) timer_settime(r5, 0x1, &(0x7f0000000340)={{r6, r7+30000000}, {0x77359400}}, &(0x7f0000000380)) setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x48c, &(0x7f0000000000)={0x0, 'sit0\x00', 0x3}, 0x18) 11:43:07 executing program 0 (fault-call:23 fault-nth:45): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:07 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x613a0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:07 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c15, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:07 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x3e8]}, 0x10) 11:43:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xc8, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:07 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xc91e0000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:07 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000040)={'ifb0\x00', 0xcc}) r1 = socket$alg(0x26, 0x5, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000140)={0x0}, &(0x7f0000000180)=0xc) r4 = dup3(r0, r1, 0x80000) kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, r1, &(0x7f00000001c0)={r4, r1, 0x6}) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x400000, 0x0) setns(r5, 0x20000000) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x4000, 0x0) 11:43:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xca, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:07 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c7a, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:07 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xd913, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:07 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000]}, 0x10) [ 481.822006] FAULT_INJECTION: forcing a failure. [ 481.822006] name failslab, interval 1, probability 0, space 0, times 0 [ 481.833527] CPU: 0 PID: 19128 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 481.842003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 481.851342] Call Trace: [ 481.853920] dump_stack+0x244/0x39d [ 481.857561] ? dump_stack_print_info.cold.1+0x20/0x20 [ 481.862750] should_fail.cold.4+0xa/0x17 [ 481.866798] ? retint_kernel+0x2d/0x2d [ 481.870675] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 481.875766] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 481.881214] ? print_usage_bug+0xc0/0xc0 [ 481.885277] ? zap_class+0x640/0x640 [ 481.888995] ? find_held_lock+0x36/0x1c0 [ 481.893059] ? __lock_is_held+0xb5/0x140 [ 481.897112] ? trace_hardirqs_on_caller+0xc0/0x310 [ 481.902030] ? perf_trace_sched_process_exec+0x860/0x860 [ 481.907473] __should_failslab+0x124/0x180 [ 481.911706] should_failslab+0x9/0x14 [ 481.915498] kmem_cache_alloc_node_trace+0x270/0x740 [ 481.920610] __alloc_disk_node+0xc9/0x510 [ 481.924759] ? disk_expand_part_tbl+0x3d0/0x3d0 [ 481.929413] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 481.934502] ? blk_queue_flag_set+0xf6/0x160 [ 481.938903] loop_add+0x459/0xa40 [ 481.942344] ? loop_queue_rq+0x6d0/0x6d0 [ 481.946399] loop_control_ioctl+0x199/0x530 [ 481.950709] ? loop_add+0xa40/0xa40 [ 481.954327] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 481.959248] ? loop_add+0xa40/0xa40 [ 481.962880] do_vfs_ioctl+0x1de/0x1720 [ 481.966754] ? __lock_is_held+0xb5/0x140 [ 481.970805] ? ioctl_preallocate+0x300/0x300 [ 481.975199] ? __fget_light+0x2e9/0x430 [ 481.979159] ? fget_raw+0x20/0x20 [ 481.982600] ? __sb_end_write+0xd9/0x110 [ 481.986651] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 481.992192] ? fput+0x130/0x1a0 [ 481.995475] ? do_syscall_64+0x9a/0x820 [ 481.999436] ? do_syscall_64+0x9a/0x820 [ 482.003401] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 482.007977] ? security_file_ioctl+0x94/0xc0 [ 482.012372] ksys_ioctl+0xa9/0xd0 [ 482.015811] __x64_sys_ioctl+0x73/0xb0 [ 482.019686] do_syscall_64+0x1b9/0x820 [ 482.023589] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 482.028976] ? syscall_return_slowpath+0x5e0/0x5e0 [ 482.033902] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.038735] ? trace_hardirqs_on_caller+0x310/0x310 [ 482.043740] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 482.048856] ? prepare_exit_to_usermode+0x291/0x3b0 [ 482.053862] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.058697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 482.063878] RIP: 0033:0x457569 [ 482.067070] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.085968] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 482.093663] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 482.100916] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 482.108182] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 482.115439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 482.122694] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:08 executing program 0 (fault-call:23 fault-nth:46): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:08 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000600)=""/4096, &(0x7f0000000000)=0x1000) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_tables_targets\x00') ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f00000000c0)=0x5) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1c4, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:08 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xe803000000000000]}, 0x10) 11:43:08 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xef81, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:08 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsuid(r2) setfsuid(r2) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xa2, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x1d5, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x11a, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:08 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c2e, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:08 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x4f91, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:08 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000]}, 0x10) [ 482.517440] FAULT_INJECTION: forcing a failure. [ 482.517440] name failslab, interval 1, probability 0, space 0, times 0 [ 482.530246] CPU: 0 PID: 19170 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 482.538748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.548101] Call Trace: [ 482.550679] dump_stack+0x244/0x39d [ 482.554297] ? dump_stack_print_info.cold.1+0x20/0x20 [ 482.559481] should_fail.cold.4+0xa/0x17 [ 482.563531] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 482.568635] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 482.573394] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 482.578834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 482.584362] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 482.589108] ? retint_kernel+0x2d/0x2d [ 482.592991] ? lock_is_held_type+0x18b/0x210 [ 482.597396] ? perf_trace_sched_process_exec+0x860/0x860 [ 482.602832] ? pcpu_balance_workfn+0x1700/0x1700 [ 482.607578] __should_failslab+0x124/0x180 [ 482.611802] should_failslab+0x9/0x14 [ 482.615592] kmem_cache_alloc_node_trace+0x270/0x740 [ 482.620685] ? lockdep_init_map+0x9/0x10 [ 482.624736] __kmalloc_node+0x3c/0x70 [ 482.628526] disk_expand_part_tbl+0x24b/0x3d0 [ 482.633018] ? blk_free_devt+0x60/0x60 [ 482.636900] __alloc_disk_node+0x177/0x510 [ 482.641137] ? disk_expand_part_tbl+0x3d0/0x3d0 [ 482.645792] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 482.650894] ? blk_queue_flag_set+0xf6/0x160 [ 482.655312] loop_add+0x459/0xa40 [ 482.658767] ? loop_queue_rq+0x6d0/0x6d0 [ 482.662813] ? __mutex_lock+0x40/0x16f0 [ 482.666781] loop_control_ioctl+0x199/0x530 [ 482.671090] ? loop_add+0xa40/0xa40 [ 482.674700] ? retint_kernel+0x2d/0x2d [ 482.678598] ? do_vfs_ioctl+0x178/0x1720 [ 482.682660] ? loop_add+0xa40/0xa40 [ 482.686274] do_vfs_ioctl+0x1de/0x1720 [ 482.690147] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 482.694908] ? __bpf_trace_preemptirq_template+0x30/0x30 [ 482.700352] ? ioctl_preallocate+0x300/0x300 [ 482.704752] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 482.709496] ? retint_kernel+0x2d/0x2d [ 482.713374] ? ksys_ioctl+0x3e/0xd0 [ 482.716994] ? security_file_ioctl+0x94/0xc0 [ 482.721388] ksys_ioctl+0xa9/0xd0 [ 482.724832] __x64_sys_ioctl+0x73/0xb0 [ 482.728712] do_syscall_64+0x1b9/0x820 [ 482.732587] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 482.737951] ? syscall_return_slowpath+0x5e0/0x5e0 [ 482.742868] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.747698] ? trace_hardirqs_on_caller+0x310/0x310 [ 482.752699] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 482.757718] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 482.763241] ? prepare_exit_to_usermode+0x291/0x3b0 [ 482.768244] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.773087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 482.778279] RIP: 0033:0x457569 [ 482.781461] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 482.800347] RSP: 002b:00007fd2b956ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 482.808036] RAX: ffffffffffffffda RBX: 00007fd2b956ac90 RCX: 0000000000457569 [ 482.815298] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 482.822581] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 482.829835] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b956b6d4 [ 482.837094] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:09 executing program 0 (fault-call:23 fault-nth:47): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x85, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:09 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x10) 11:43:09 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x31ba000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x10) write$tun(r1, &(0x7f0000000100)={@val={0x0, 0x1b}, @void, @ipv6={0x4, 0x6, "a3b5db", 0x18a, 0x87, 0xfffffffffffffff8, @local, @ipv4={[], [], @local}, {[@srh={0xbf, 0x4, 0x4, 0x2, 0x52, 0x0, 0x80, [@loopback, @empty]}, @srh={0xff, 0x4, 0x4, 0x2, 0x8, 0x30, 0x1, [@mcast1, @ipv4={[], [], @remote}]}, @hopopts={0x33, 0x2, [], [@hao={0xc9, 0x10, @dev={0xfe, 0x80, [], 0x11}}]}, @dstopts={0xff, 0x3, [], [@enc_lim={0x4, 0x1, 0x7ff}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x7fff00000}]}, @fragment={0x0, 0x0, 0x5, 0x7fffffff, 0x0, 0x1ff, 0x68}, @fragment={0x87, 0x0, 0x5, 0x7, 0x0, 0x1, 0x64}], @udp={0x4e24, 0x4e21, 0xea, 0x0, [@guehdr={0x2, 0x86, 0x4, 0x5da0, 0x100, [0x80]}], "bd0f1a39e497ba1aabaaa93f683aa222dbea16d31b3366f28e920ce20455bd4a36faf602dd3f6a55c4305dbf891f7bbf7ce9418a14e983d7ee7d89d872eed072372fb11f265457e1ab9dbdf572f79abc8426ade301cf6c8a7afb690f481170b7788a8d6b419d909bdebea515e986464645f1a3387f2a73c680c76ec8fa97afb2c79f052a7b35e0988c616949e928ae39a7c64c871235aad93d658edef0d63d787bf77e1e347a135ad1cf1d6aa119e66ccd98cdce6d0722cdf1ea95b6b1c4e9b47f89a6047d95584e3bc9dd629bfb7cf3afb10ebd0240791a5ad3"}}}}, 0x1b6) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x149000, 0x0) ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f0000000040)=[0x1, 0x4]) 11:43:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x137, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xf6, 0x0, &(0x7f0000005c00)={0x77359400}) [ 483.118076] FAULT_INJECTION: forcing a failure. [ 483.118076] name failslab, interval 1, probability 0, space 0, times 0 11:43:09 executing program 3: bind$alg(0xffffffffffffffff, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) [ 483.186298] CPU: 1 PID: 19201 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 483.194878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.204226] Call Trace: [ 483.206819] dump_stack+0x244/0x39d [ 483.210435] ? dump_stack_print_info.cold.1+0x20/0x20 [ 483.215664] ? should_fail+0x913/0xd01 [ 483.219547] should_fail.cold.4+0xa/0x17 [ 483.223597] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 483.228695] ? zap_class+0x640/0x640 [ 483.232421] ? find_held_lock+0x36/0x1c0 [ 483.236495] ? __lock_is_held+0xb5/0x140 [ 483.240551] ? perf_trace_sched_process_exec+0x860/0x860 [ 483.246002] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 483.250764] __should_failslab+0x124/0x180 [ 483.255005] should_failslab+0x9/0x14 [ 483.258811] kmem_cache_alloc_trace+0x2d7/0x750 [ 483.263473] ? part_uevent+0x120/0x120 [ 483.267351] ? percpu_ref_noop_confirm_switch+0x10/0x10 [ 483.272771] rand_initialize_disk+0x43/0xc0 [ 483.277091] __alloc_disk_node+0x2ba/0x510 [ 483.281313] ? disk_expand_part_tbl+0x3d0/0x3d0 [ 483.285975] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 483.291076] ? blk_queue_flag_set+0xf6/0x160 [ 483.295491] loop_add+0x459/0xa40 [ 483.298933] ? loop_queue_rq+0x6d0/0x6d0 [ 483.302999] loop_control_ioctl+0x199/0x530 [ 483.307307] ? loop_add+0xa40/0xa40 [ 483.310925] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 483.315854] ? loop_add+0xa40/0xa40 [ 483.319488] do_vfs_ioctl+0x1de/0x1720 [ 483.323385] ? __lock_is_held+0xb5/0x140 [ 483.327439] ? ioctl_preallocate+0x300/0x300 [ 483.331868] ? __fget_light+0x2e9/0x430 [ 483.335843] ? fget_raw+0x20/0x20 [ 483.339287] ? __sb_end_write+0xd9/0x110 [ 483.343351] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 483.348896] ? fput+0x130/0x1a0 [ 483.352198] ? do_syscall_64+0x9a/0x820 [ 483.356188] ? do_syscall_64+0x9a/0x820 [ 483.360154] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 483.364728] ? security_file_ioctl+0x94/0xc0 [ 483.369132] ksys_ioctl+0xa9/0xd0 [ 483.372577] __x64_sys_ioctl+0x73/0xb0 [ 483.376460] do_syscall_64+0x1b9/0x820 [ 483.380343] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 483.385705] ? syscall_return_slowpath+0x5e0/0x5e0 [ 483.390633] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 483.395478] ? trace_hardirqs_on_caller+0x310/0x310 [ 483.400499] ? prepare_exit_to_usermode+0x291/0x3b0 [ 483.405520] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 483.410353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 483.415535] RIP: 0033:0x457569 [ 483.418732] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 483.437620] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 483.452357] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 483.459622] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 483.466910] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 483.474190] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 11:43:09 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x3400000000000000]}, 0x10) [ 483.481478] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b 11:43:09 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x9d9000000000000, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x18c, 0x0, &(0x7f0000005c00)={0x77359400}) 11:43:09 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c92, r1) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:09 executing program 0 (fault-call:23 fault-nth:48): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)="2e2f6367726f75702e63707500609fb8ab74b0f30ef7048e470929889a2605dc92ffa1937e27b84b5d3511d2e95cccfd6656e1e43257e640083198770e5dab3441b5", 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000180)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f0000000380)=0x40, 0x12) write$cgroup_subtree(r2, &(0x7f0000000280)=ANY=[], 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000300), &(0x7f0000000340)=0x30) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000100), 0x2) keyctl$join(0x1, &(0x7f00000005c0)) syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x7, 0x880) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/attr/current\x00', 0x2, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/attr/current\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0xec3cb9ac915778ed, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000740)={@ethernet={0x0, @dev}, {&(0x7f0000000680)=""/183, 0xb7}, &(0x7f0000000300)}, 0xa0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu/syz1\x00', 0x1ff) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x6, 0x9, 0x0, 0x20, 0x4, 0x20, 0x80000001, 0x0, 0x0, 0x7}, 0xb) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/loop-control\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0x0) ioctl$LOOP_GET_STATUS(0xffffffffffffffff, 0x4c03, &(0x7f0000000800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47744279}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)=@req3, 0x94) r5 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000008c0)=ANY=[]) close(0xffffffffffffffff) 11:43:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) 11:43:09 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf401000000000000]}, 0x10) 11:43:09 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0x411f, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) [ 483.902935] FAULT_INJECTION: forcing a failure. [ 483.902935] name failslab, interval 1, probability 0, space 0, times 0 [ 483.925027] CPU: 0 PID: 19234 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 [ 483.933553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 483.942907] Call Trace: [ 483.945525] dump_stack+0x244/0x39d [ 483.949170] ? dump_stack_print_info.cold.1+0x20/0x20 [ 483.954388] should_fail.cold.4+0xa/0x17 [ 483.958469] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 483.963582] ? mark_held_locks+0xc7/0x130 [ 483.967745] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 483.972857] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 483.977450] ? zap_class+0x640/0x640 [ 483.981173] ? __debug_object_init+0x57d/0x1290 [ 483.985850] ? trace_hardirqs_off_caller+0x300/0x300 [ 483.990975] ? do_raw_spin_trylock+0x270/0x270 [ 483.995578] ? find_held_lock+0x36/0x1c0 [ 483.999656] ? __lock_is_held+0xb5/0x140 [ 484.003752] ? perf_trace_sched_process_exec+0x860/0x860 [ 484.009215] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 484.014325] ? __debug_object_init+0x57d/0x1290 [ 484.019014] __should_failslab+0x124/0x180 [ 484.023267] should_failslab+0x9/0x14 [ 484.027086] kmem_cache_alloc_trace+0x2d7/0x750 [ 484.031772] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 484.037325] ? check_preemption_disabled+0x48/0x280 [ 484.042446] device_create_groups_vargs+0xa7/0x270 [ 484.047398] device_create_vargs+0x46/0x60 11:43:10 executing program 3: r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x20000, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, &(0x7f0000000600), 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000000000009) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f00000004c0)) r6 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000001c0)={0x17, 0x0, 0x7}) ioctl$KVM_RUN(r5, 0xae80, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) socketpair$inet_sctp(0x2, 0x0, 0x84, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000640)={"b2ad94c2310e3620aa16aea25af4e7d66439165ac30f633dc60443c6a969cb9f85ac601cf37e05b18d6aff7f01f83e25a8cbb1e3b455f60232a7dc959418dbf5f62755b8af1a5f1deafacd94f382f0ebec168e2fd6c92a7754377fb651cd1acfcb8997c7e251598c231f5361dec89b3eb508cff0e33ca756f0c6392af1d67fa7351f5ec6a81559dfb0daf567fc965377a7ee81f35f694e3ee691cc037450451ba29fa59f87b85de1ab251d2b240e641a16cb7f9be436438a2d0ecf5420200693574b3833797d45d009d4cfa9a429dff969e4f32c7ffa23a4c774828a298fd207ba546f1fbda2aa43d20572cc0e761f445aaf2d275ef6686e2fe9aa6531576d86ac46910b67637d223a2e2098bfc2049c172857c3aba4ba2ee02c0e56af6c6605776d55412a4d985fc293222f2b931178d09f4f0ee789eda37ddee644ca1d39d517a631701534682a9509e0e80cdb9d974d02ca16dfe20e1dfcab3523c797271dbae85a712ee5e6ecdc8eb2d53ac87fcf405942d5e11d9b1fb4ce73a43fc82187bcbc3c08b8494ddee8f3df06261d1c76c107a3a137b998eb7cee034a8f5237001434acceae3e29b1cea4ed423dc41a0b1572e4b5394fea8509fa48e40c8ea16340ae63bd2d998902606587f5b0da18640282fc31f5afd58d589f5815387743eed536ed0a9a9119612abc3f874c2180e87b0222aaceba79f2d0c2c42ca471f357936d5531242e620b7f2c97dfb6ada3e7a4c80640d14f799db609712ef82576504681f88194a9e8f46dd9868c2ab5094be416d42886a628b669b9d5a7f24b7d0fc04e537f06082848f01a64460b2f0bc5ca4591ab54c136429bd74af51ae88a4f44e2c4fb241603b934ab4e9017af6d8b57d1421e809222adf11f545c3e0668047ca1753554e6ce288ab44e759d7deec9536ea0f05dae4c7f85c489741e0112139d16bf53bb97d683e54a82f7cc803e2316a3638398d8b57ee94d5b3e0f5893e694ad3ac60792db0ea55c5b26aca7cd576c0f9e46f9d5f07ac89a9079cc30814e846149a5474f8f86674d0654ac8ceeebdd57294d74e8d0fff3f6bfb3d8923c238821a1aa632c9c2417edeee83a098c09221208396867b88f1a4f80b7ffbc41fb33dcfb7fbd1720837186b21557d81fe0343aad787bb74eaf68ef63af1cfdbcc39f543691cb30eafbbbdc86e31d118fd8bfee75b1766e7658319b7f959d78b6b70c5c50f80fd1e37070bb6f0ab81e84a1779ca56fa0df45e3e54201fefc7db4e4f8ac136c6b19f1e540134f80ef507f38a3ccaf5dbf42894c0671f81992d653066f85deb524c6d8e28966ad954fbc986015682d9f35cab5d32f1b6d498ff39df90b711491697ec4910c9c2396078f27d43fd7831be3a2b28fdd19019befcd2f8a14a818579046b3d86da8a0b696e9a642562702805ee03a0b746b9896a7e38c02"}) perf_event_open(&(0x7f0000000a40)={0x5, 0x70, 0xebd, 0x80000000, 0x8c, 0x5, 0x0, 0x10001, 0x0, 0x8, 0x1, 0x7ff, 0x0, 0x1, 0x5ca, 0x3d032287, 0x0, 0x14000, 0xe90b, 0x0, 0x1, 0x0, 0x401, 0x3f, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1f, 0x1, 0x7ff, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0xd5c, 0x4}, 0x0, 0x2, 0x0, 0x0, 0x7, 0x1, 0x101}, 0x0, 0xa, r6, 0x0) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r8, 0x0) socket$inet(0x2, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100), 0x0, 0x0, 0xfffffffffffffffe) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000540)={0x0, @in={{0x2, 0x4e20, @rand_addr=0x4}}, 0x0, 0x0, 0x0, 0x20, 0x40}, &(0x7f0000000600)=0x98) r9 = getpgid(0xffffffffffffffff) ptrace(0xffffffffffffffff, r9) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000240)="83848b27f5d6093fb90db8f04c0a5760dc6bd6c8ef3b8e433085937ba19623cdc7febb3e574ce2c9c1611501f7902c51249ddc216f8f21fd51d255815e5c615946d39eea48200b036ed674219e32416ace926785ee0eb6b0dcf9317369ce538ec511e853dcac154c160e4c7a87ae7ca1695f3b814b11ae62bc8d8d3c22ad331f531ea4bd55e8d30d341e5dbdf80f8502516d383a3b00000000", 0x314) [ 484.051655] bdi_register_va.part.9+0xc3/0x9b0 [ 484.056264] ? cgwb_kill+0x640/0x640 [ 484.060001] ? lockdep_init_map+0x9/0x10 [ 484.064080] ? __init_waitqueue_head+0x9e/0x150 [ 484.068760] ? init_wait_entry+0x1c0/0x1c0 [ 484.073037] ? __lockdep_init_map+0x105/0x590 [ 484.077621] ? pm_runtime_init+0x459/0x560 [ 484.081875] ? update_pm_runtime_accounting+0x1b0/0x1b0 [ 484.087760] bdi_register+0x111/0x130 [ 484.091574] ? bdi_register_va+0x80/0x80 [ 484.095685] bdi_register_owner+0x5e/0x100 [ 484.099933] __device_add_disk+0xebd/0x13e0 11:43:10 executing program 4: syz_emit_ethernet(0x1019f, &(0x7f0000000700)={@local, @broadcast, [], {@ipv6={0x86dd, {0xaaa1, 0x6, "c22df7", 0x7fe545227c00, 0x0, 0x0, @dev, @local, {[], @dccp={{0x0, 0x91010100, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "0087ae", 0x0, "ca8345"}}}}}}}, &(0x7f0000000000)) 11:43:10 executing program 2: r0 = socket$inet(0x2, 0x801, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x9, &(0x7f0000000080)=0x3003, 0x4) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000001000)={0x2, 0x0, @empty, [0x0, 0x0, 0x0, 0x0, 0x0, 0x7000000]}, 0x10) [ 484.104292] ? blk_alloc_devt+0x2e0/0x2e0 [ 484.108465] ? pointer+0x900/0x900 [ 484.112014] ? __mutex_init+0x1f7/0x290 [ 484.116002] ? __ia32_sys_membarrier+0x150/0x150 [ 484.120775] ? sprintf+0xb0/0xe0 [ 484.124160] ? scnprintf+0x130/0x130 [ 484.127890] ? __lockdep_init_map+0x105/0x590 [ 484.132406] device_add_disk+0x2a/0x40 [ 484.136314] loop_add+0x75b/0xa40 [ 484.139795] ? loop_queue_rq+0x6d0/0x6d0 [ 484.143881] loop_control_ioctl+0x199/0x530 [ 484.148218] ? loop_add+0xa40/0xa40 [ 484.151852] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 484.156775] ? loop_add+0xa40/0xa40 [ 484.160404] do_vfs_ioctl+0x1de/0x1720 [ 484.164297] ? __lock_is_held+0xb5/0x140 [ 484.168350] ? ioctl_preallocate+0x300/0x300 [ 484.172747] ? __fget_light+0x2e9/0x430 [ 484.176708] ? fget_raw+0x20/0x20 [ 484.180154] ? __sb_end_write+0xd9/0x110 [ 484.184211] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 484.189733] ? fput+0x130/0x1a0 [ 484.193002] ? do_syscall_64+0x9a/0x820 [ 484.196981] ? do_syscall_64+0x9a/0x820 [ 484.200969] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 484.205667] ? security_file_ioctl+0x94/0xc0 [ 484.210069] ksys_ioctl+0xa9/0xd0 [ 484.213514] __x64_sys_ioctl+0x73/0xb0 [ 484.217407] do_syscall_64+0x1b9/0x820 [ 484.221285] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 484.226635] ? syscall_return_slowpath+0x5e0/0x5e0 [ 484.231564] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 484.236405] ? trace_hardirqs_on_caller+0x310/0x310 [ 484.241419] ? prepare_exit_to_usermode+0x291/0x3b0 [ 484.246429] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 484.251276] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 484.256451] RIP: 0033:0x457569 [ 484.259635] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 484.278547] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 484.286252] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 484.293519] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 11:43:10 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0xfe, 0x0, &(0x7f0000005c00)={0x77359400}) [ 484.300772] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 484.308044] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 484.315298] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 484.326838] WARNING: CPU: 0 PID: 19234 at block/genhd.c:704 __device_add_disk+0x10e6/0x13e0 [ 484.335349] Kernel panic - not syncing: panic_on_warn set ... [ 484.341242] CPU: 0 PID: 19234 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181016+ #95 11:43:10 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'cfb(blowfish-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a", 0x4) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000005a00)=[{{&(0x7f0000001bc0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x80, &(0x7f0000001e00)=[{&(0x7f0000001c40)=""/180, 0x34000}], 0x1, &(0x7f0000001e40)=""/213, 0xd5}}], 0x11e, 0x0, &(0x7f0000005c00)={0x77359400}) [ 484.349730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 484.359086] Call Trace: [ 484.361689] dump_stack+0x244/0x39d [ 484.365336] ? dump_stack_print_info.cold.1+0x20/0x20 [ 484.370552] panic+0x2ad/0x55c [ 484.373754] ? add_taint.cold.5+0x16/0x16 [ 484.377932] ? __warn.cold.8+0x5/0x45 [ 484.381767] ? __device_add_disk+0x10e6/0x13e0 [ 484.386361] __warn.cold.8+0x20/0x45 [ 484.390101] ? rcu_softirq_qs+0x20/0x20 [ 484.394082] ? __device_add_disk+0x10e6/0x13e0 [ 484.398667] report_bug+0x254/0x2d0 [ 484.402286] do_error_trap+0x11b/0x200 [ 484.406162] do_invalid_op+0x36/0x40 [ 484.409860] ? __device_add_disk+0x10e6/0x13e0 [ 484.414431] invalid_op+0x14/0x20 [ 484.417877] RIP: 0010:__device_add_disk+0x10e6/0x13e0 [ 484.423054] Code: 00 80 a3 dc 00 00 00 ef e9 57 f7 ff ff e8 c2 c5 fe fd 0f 0b e9 cf f7 ff ff e8 b6 c5 fe fd 0f 0b e9 eb f6 ff ff e8 aa c5 fe fd <0f> 0b e9 e5 fd ff ff 4c 89 f7 e8 2b 0e 42 fe e9 97 f0 ff ff e8 71 [ 484.441954] RSP: 0018:ffff8801c824f870 EFLAGS: 00010246 [ 484.447320] RAX: 0000000000040000 RBX: ffff8801b8a5ae80 RCX: ffffc90001e5a000 [ 484.454599] RDX: 0000000000040000 RSI: ffffffff837f5d96 RDI: 0000000000000005 [ 484.461895] RBP: ffff8801c824fa48 R08: ffff8801c611e040 R09: ffffed003b5c5b4f [ 484.469163] R10: ffffed003b5c5b4f R11: ffff8801dae2da7b R12: ffff8801c824fa20 [ 484.476433] R13: 00000000fffffff4 R14: ffff8801b8a5b3f0 R15: ffff8801b8a5ae84 [ 484.483718] ? __device_add_disk+0x10e6/0x13e0 [ 484.488326] ? blk_alloc_devt+0x2e0/0x2e0 [ 484.492500] ? pointer+0x900/0x900 [ 484.496036] ? __mutex_init+0x1f7/0x290 [ 484.500013] ? __ia32_sys_membarrier+0x150/0x150 [ 484.504773] ? sprintf+0xb0/0xe0 [ 484.508126] ? scnprintf+0x130/0x130 [ 484.511838] ? __lockdep_init_map+0x105/0x590 [ 484.516334] device_add_disk+0x2a/0x40 [ 484.520215] loop_add+0x75b/0xa40 [ 484.523661] ? loop_queue_rq+0x6d0/0x6d0 [ 484.527716] loop_control_ioctl+0x199/0x530 [ 484.532040] ? loop_add+0xa40/0xa40 [ 484.535672] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 484.540622] ? loop_add+0xa40/0xa40 [ 484.544252] do_vfs_ioctl+0x1de/0x1720 [ 484.548132] ? __lock_is_held+0xb5/0x140 [ 484.552182] ? ioctl_preallocate+0x300/0x300 [ 484.556578] ? __fget_light+0x2e9/0x430 [ 484.560541] ? fget_raw+0x20/0x20 [ 484.563995] ? __sb_end_write+0xd9/0x110 [ 484.568065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 484.573603] ? fput+0x130/0x1a0 [ 484.576886] ? do_syscall_64+0x9a/0x820 [ 484.580849] ? do_syscall_64+0x9a/0x820 [ 484.584815] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 484.589389] ? security_file_ioctl+0x94/0xc0 [ 484.593797] ksys_ioctl+0xa9/0xd0 [ 484.597285] __x64_sys_ioctl+0x73/0xb0 [ 484.601186] do_syscall_64+0x1b9/0x820 [ 484.605062] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 484.610415] ? syscall_return_slowpath+0x5e0/0x5e0 [ 484.615338] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 484.620184] ? trace_hardirqs_on_caller+0x310/0x310 [ 484.625191] ? prepare_exit_to_usermode+0x291/0x3b0 [ 484.630198] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 484.635057] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 484.640253] RIP: 0033:0x457569 [ 484.643448] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 484.662353] RSP: 002b:00007fd2b958bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 484.670067] RAX: ffffffffffffffda RBX: 00007fd2b958bc90 RCX: 0000000000457569 [ 484.677338] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000009 [ 484.684611] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 484.691880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fd2b958c6d4 [ 484.699159] R13: 00000000004c039f R14: 00000000004d0540 R15: 000000000000000b [ 484.707646] Kernel Offset: disabled [ 484.711409] Rebooting in 86400 seconds..