cfec56bdfd8d82bef1708b20f9cea77f458235046ff5677dd1efc1f9ebfdbda489cb32fdfe3d9f5cef546b7d949dd2ad374ed2b99fbfbb4793521d794050336381b552877e8dc9bca9c28e3aeed4ae71e9f5e6957107f39a42f6d181a100035af6a4e147283223a7b4f55f8b9e15e586dcbba3430e80a21f81f604eae097fc72d0f9c4f2f12e0b7b555c98938459c0dc4e94a8b5d12c8a58102eff9168008e26182a504070eaf22bc941391b4be362fefa7e736acff28834d7141eb84697de5a1c59df72ba54dec75ad11a10229a26c2b2eb90d479d54a0ba6cf2182a17fbf4ccd61d302d3a362ea3b5e4062d60e8b652e9e45141e9556f491846c67d0f7441f35c57f85d0f9986ec1e0762e0d5524d76d0506d56985e409a693c20958ccb0d90a2e974679cd569da66632a64c3d2642506dc7bd97417debf3c03088b8506871f3ca8882d1ed0cbc2722ec22c120b34ee59e0254ee2e6d7279ea60d2a1762bc4436171d063ea41e8d243749cf85eae6986f24b3260e678d55e41f0c06761de979238892d47e5272333d2c6b4d3af1f6b60f6e31544bd6dba7b90590577e8ba80f0e5afb37cbfa8e2b0f47229876e1177a0e137966389c91db15b035bbaba9c2457525b2ca546223fdb25f065a453a39da8290bed0fb2a2e4af64c155dfd38b8f177387f2e2cef455cd39bbc8f0dd41f46787d0ef21318021eece867636bc5462c80286b79744bcc89faa82beea07ebc11681f4a8d2d81c0e8be5b26466bc79c3eb6ca86e193e9da302c9ac809dcf13114062ec75c36e814d5721971221192055966cf1051f80da28e19e8d98f506affcffac21a6218bb176ba336646a716db832b3c5bffd270ed6ef2f50b5aa158f571568875e1c5cb5813d8a44d509ab6033834b9e0396000436829c9cf956e4a0f15d674f218dd032cca75515c171517029110b37e51931e6a177d09cb37da166aa476d78b20bb6059fbe9928623298ac9082c92285fc897318e1300d69161904178e00a9559ad4765b425e010e10d90c674977d2c0d0b0b3df841380845af90bfda23c039691f7d271474ccdb23d98ef35a1ec7c851da136d596327d9c25999ab5ed14b6d56aa2f8993ecae52d956c862082ae5f4befda1af66ef95f5d50e8d7f2cbf8c412233533a4472345c5df04d1be0831365b0192658bc9b97847d10bc7e5ef3eb810f9a76756bad5e066e803925e5c26f22029fc9fa73673061639bdbfe48883201b585c67a83f2b4fe641752220f9ffdceefaf1c590e8a0b5a899dc0f85395fc77878addfc37386a5287e5c6bc02d05f07d405e9bf43ed61741d37c855f82f23186c8ff090d3f1edec7cbe05eaae15f8a7ef0afd592c3f5e3f7e81c7e4500a67c49936416c9fc003d14df33027d3a16927ed3ed47a9986fc94f4801d0c377b8a8270ba78b5a9889a4d703e6a21b0bfd373a618c85fe808e6e65291eaf6a43b565e3bdba3311ea47673848cf5ce02a12c6812acdc5f64b9ed13f72d0a661a2126d3047190964edba0ebc5b89a1c96a0477f33e137a9078e3e0d4d2b32418378640296e1a958378b121dcb39751f36518a932854473f1516300cf0767c0a3c67c707f4dabbd8765919a4d82015afe9b520a01ae413698d4daf459c233a7372627c63925e2059b030212d7ba2ce269ec08701970864f6edc5b5f3479e85c3bbaf01f5295fb760698753b82b34134b81248b22eadd6d5f83d8fd388dd5b37731268bda6dba631121c07cbeda3485002919eaa1249979b986598f993f880255fe589381f4e06b9eeffae303aa0b92be2ceae9dc158f149032b353d22786990ea8883af43f0672c4397a8f1a0fed5af3133663a626c30d21442f8b07e514ce6eae0d4686156a12808544cace2197f38f0d875d33ee0faf98d786d3f68b6668643056d9a09ea1184c1dc45951d6cc1e9c604b40b5ecaa4ef2cb6f54e46764d4d3f081cee14d47dddb2bc3690963b8e87425226c8605a68a22b81c5eeea365af325f65f652e37e1e57ebb199fd45d94f1af695d83c8cc8a6ece557b49e4e38111d1a8a4196ac0d8dc0a43bcc148380b46b861ac10494f35a3ac799f8b753f7325bd3c33630a8a147f15248d7515fd007b3073ef57b798a1371ab3d1b065c9b3ce8961581723bf285a0e1f0bc077f063405365d506787ee9fbf8c516f003b72519aed5ff3566c161ff882109fd0902d714724913029ff2c6f9ef397ba0d9bd7d1bafd8afb0cec683f9cf147f0c90b254ca210172533b4e9d4bc1771d9bf4e4ea42afa8819cdee56b5591161c45434e598192403da7fc96700f04504aabbf3c1c2c2d7b6a97c918feb6d9731e2e9615d22e7752ce9d18e19a7429508d760266e2ef2a55bf560f7963cd8fe68f824a74d7235d296e53a441b1715d629cee718782ac2835a986f1e2610ee67f7657fc7b357576e951d69faf34c92d6e448cc9b0f8af0d35d22c5ef40cbd093d13ec0d769971c1104635114cc1ad54ef18e63848a437a2583a287c9a9d3d3a1cc5a96a91ab1dba92d27287a90f96376a7e4039604c9efb4385289c74f4f0946d0099a345ecdd2bf6872ee23d965a3d18f491da64394b27da06bade4624d816f7056843210d7fac4e83c1f965621b5f670e130410d7b4b0ab3992a241078c4a6fa8583cae0fcd115e4542f4d02e6e80c7533ebdacdf430a16f0809863c2b4a7ad41ebaa94ec4e5f93b5cc04faeb13f8d1249c80e2fcbd0e4cba2ff3ba0aa2c876fc7090829ed2c89f29fe360a72f046fc26f838b1fa1b29cbc4783db5c5734ea3f8b95b337148b0dc41075196d18ec4dbcdbcce4ac9747d92d766ab1d8de68564fedac757373b0133fd3287c797383ece2cfe226769bf672175746df33140696e8fec43cc3a54a0ffdb03f506086c92b666a98ceca27dc55fac3c325f861adaf42cc77845a70400a854ce78d217a16a33f875d8176aa9195f5a92b9f7bcac7eca8d098fdbe06abe1632be52807d3e8ce8a86a31f7f097e10465a68122c0703a6b28850368512a1985b2b2108c3dff51615fac0f61c7bea21093ac0356d0b78f8ac45c4095c1518c1e1890735f5db2ed224e1aa927b09c270e43849287f4ba2878deb44ed4ad1dbf819ff57d9005cb1ae512f1547bc44e7a493b07e3a16004076341694791338c5c6672c10eaec4cac4994fb7f6785f9ec31a740a204f4cab02e20a64d2a07840c64c30f0484591b63713db0141aa466191c1890dabea95261ece517772fa8bc7e9d67419b51f658fa2055c0174c679638a4a86cde55715efec080e6225c162196617364beb6729b4881e80f57771f4b43ad2d4b3c3848f21df7e1f06eb72882bba60956cde7ba4109b97b0c651331282c2f93faf59f0bdb85a519113fbdd14aa29b376ed4f90b9f7dab9ab62e64f064c6e9eae4e26057cd16d52fa03f1fb3ff3b42a3f76e99ab00dcf841b9fc17ae0e82c93d8f7d6973774a9f28a923cb7a65ceaaad03de9f4a35422368ce2c525895dc8f8134137851c503ac33e4ea06448d5acc08c30d81210e1cb5ba1ff1626d53da24ce70b25d1626c780685f94be2c7bf3279e779050c63457d267f8a46cf5e878d807b23aa52e8592d33846b83e07c0f01bac0bf181edbdb2344c68a286d15b492ad4eb1cf7b92b3329abfb835e60e2a40cb52d764b7e5d9cabac5dcadee36e0ac3e7de268784daf1987f9484cafadf6e738045b7a5abdcdf00c7d426e5532f04c2fd4025f0fbb0d7f2b84f4938c88b3829efc35b6615d4f6ec0fb1eff9e5ad90ad6efa94cd5ab93ec068123a78e5407f5c26d27203ea6e60465c8d31a5ca559530fbcf86da5462fd75d8daa7ba2e49eff5e522b7753d5c35c525cbc892d4e886150515160aa65debf4bbc8f4a1750a2e37aab23cd74856eb1996f4db06723ebe6406c8f86a8caa06b90b8e294d778615bbbdc5a6a8283508ec6202e20fb7eeece76fd7901f9c78bbe5bdbcd5ff4ed1d082c76f9b4b01d023f3f25d9e7472ff7593cc2a3617922e33e65ae0e1c5bfa711b056f5d609445574c8251b5309585d245b4d67227b163e7bcd51e987c252ffc2cdc2fc627f92e84c3f4883af293103fb87145b0460f81db9c4183f03cf91c1bc7c1498a21c59f5d13dc2cf9ba0cef12fe086ce28ccb5049587c2321df62b8c1f04121db10768a33b16cfbf9959c438ed9c97631acb05f8565246cb446a3885fbae87b9a7412b6e2c78824dfde8d25a6983f0dab1b350c3015ed65589a9dd8783bd83da0e219a240986aada2df5164be4192c9d2294a45f2c1ac9d6148f05bd81625b6562a37b69a2486307a5c75bfa4f534b3b3f1a2f62d4219585de5c75869999eb4e76ea44de9c14a3da1f3e851b6161b6eae7ed10058c57d8ec53d2f1cdbb8e56d9ab6725aee3ee065c434f1999cbe0210942ec200be5dd17b9d98f754b74b2c2edc7f8af7e00e3c5f6567dbadbd7da800da180f535cb847600c1b6fa212f978305ece22eba42062cbab5d51aeaec915731906b478d2f8d29461dfc9362fde50dfd09a71a51b031d58d010164264006e2389535e25a3baaab548a842932ac6de25f08b697d4f91e266da097894d48f8febdaaa2f1f350d4b7cb76b6641a7459474c30d78857af0110b65f6f576e24e2b818a768dac8e46198e553134585981aeb9ea10cf314a58897fb7bded49aee7d31e24fc70668ef7b131ab1c4013bf03475f2b07c766537f9fd6e28a3450b9b9eaf01492d4830d357dda88b8448a3431c13f3c230440b1f235ca3e2d611b031c2575f4438112c67ef7c2fa9bac53f5589b5d7b17b1128f857e009c9917e6222e49a62fd54615b53bea0abe5954f9b5eaf4a1b58a3612929bdd2047544a66fc4fbc1c92d7f1052909ce70e70757c3c9b43872d3ad4c0bc5544a88c5f6649b7be4b5c30782fd5961f122b5d5f640126f412f344b8382e3e89743e5a7dbb9814b9c0c8f6c000c441a9015d2a2d426935b95d9190c9f4a8d32123a4536c45a783fb0b177008f5ec2ddf71432ebc7afb667236f06920000c05efb421323f274c33123f7df659a7055966ec43dc65a454d0497626d9236b2522d161c910f3941e7acfe11f37b6013f77b40e4f8717f62ac8b91f68ad22d34141b78e320bad91d02ccc7fa93688669f6015e8f96132f88393128d37b9f2bf91b364daf711f6f5b5148290b4e4e1d0ddf55a9dddce663f1817fc1e23014d42330d700798bfda6ab0a0fd058a21f868a8ed81029a35e7771261fe2bc57d30432df440a6e93a5d8a1f482cbc4cca095ad0a6997cfe720bd4b1ce7a71291429179dd689e50871cb1a3fd901742094d5ad6de9b30f85001167ecb7bc4cc6b5e8fecb1657c5cc030f482d55d7009f220c1181c8605a69c24fffa8a578f90821172347ac6fa4fe443010a14b6d547f95af026a47b09b08abb66859f8a1049e86bce18c0e678d49f463eef1adc93823d18c256e8607992d3fc757ae82d4073d400f3e58d", 0x1000}], 0x1, 0x0, 0x0, 0xc}, 0x400) utimensat(r2, &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000040)={{0x6, 0x5}, {0x7, 0x7fffffff}}, 0x0) r6 = shmget(0x0, 0x4000, 0x10, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_UNLOCK(r6, 0x4) symlink(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00') r7 = accept$inet(r4, 0x0, 0x0) sendto(r7, &(0x7f0000000040), 0xfe81, 0x0, 0x0, 0x100000118) getsockname$unix(r4, &(0x7f00000001c0)=@abs, &(0x7f0000000200)=0x8) write(0xffffffffffffffff, 0x0, 0x2d1) getuid() clock_getres(0x0, 0x0) 03:26:38 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x0) ioctl$EVIOCGMASK(r1, 0x80104592, &(0x7f0000000100)={0x17, 0x12, &(0x7f00000000c0)="b6a54e9b19e5c4e5fdf7985779a163e041c0"}) 03:26:38 executing program 2: recvmsg(0xffffffffffffffff, &(0x7f00000014c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000001340)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/95, 0x5f}, {&(0x7f00000011c0)=""/102, 0x66}, {&(0x7f0000000100)=""/16, 0x10}, {&(0x7f0000001240)=""/220, 0xdc}], 0x5, &(0x7f00000013c0)=""/236, 0xec}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001500)='cgroup.controllers\x00', 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000001540)={r1}) r2 = socket$inet(0xa, 0x801, 0x84) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x100000001) r4 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9e\x00'}}}]}, 0x13c}}, 0x0) 03:26:38 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x40, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) 03:26:38 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20082, 0x0) bind$rxrpc(r1, &(0x7f00000000c0)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e22, @loopback}}, 0x24) 03:26:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:26:38 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair(0xf, 0x0, 0x20, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet_sctp(r1, &(0x7f0000000500)={&(0x7f0000000140)=@in6={0xa, 0x4e24, 0x0, @mcast1, 0x1}, 0x1c, &(0x7f0000000440)=[{&(0x7f0000000180)="7d4130580359895007ff0dd63ef40de3dac5edcd16c7f158615de8ac60210df23f4b3ecc3c751c6a0d5339cf1a8e8e4bf5d26677c843e3bb69cde2a397c47c0c700d8e2ae2fa458c05ad236420b66cf0440abbd4e5f823b9d82ed8c166a4868fe4a195c62a", 0x65}, {&(0x7f0000000200)="fc6f3a87a154b95547aa4620dbf8062ecee6faca2078edbb2da5b76394182a809d194350e0aa888620e1b09b4e51d2d7e49bd191cb55ec91c0a8eb40ddece1d67ee83ba1d37a372efea75e6e07fc317af4a66ebec0e77474dba986360c42eb9dd587043e07860eef5ab33ddb93dbc24e6f7c4020715eeff092a208ae4580fcbfd561d118f2486ddea7bc972fddda", 0x8e}, {&(0x7f00000002c0)="7474a7c73a50e15699ef017e83847b1aa9d40598", 0x14}, {&(0x7f0000000300)="73f7aa5d89d98e5fba4dcc6517fa43fb9b83ae48f88fc1b23e", 0x19}, {&(0x7f0000000340)="89cb10297eee6458940990db52600af8f1250a4ea27e9e218765b64d", 0x1c}, {&(0x7f0000000380)="ff8c51eb00b0cdf52611042123bcd959dc71acf42cae77bbe84cb16798605357fc32176df9827fd807d80cd884bf184dafbdb7f5c3235d3eb01de79ff2c480051536f7baa7d90609e27d896fad51832ba80cd9dfa002ac4ddde048dffd0265294c50dcb9665f724be83c8a92037366a889368e388fcbaf909335646daf76d414c728763bbf6ed8b856479afe2b1a3597b9f7f3ae4144e0df6defcd397ed6b50144146e498ab6512cfad90c6ddbeee5", 0xaf}], 0x6, &(0x7f00000004c0), 0x0, 0x4040}, 0x1) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm_plock\x00', 0x2, 0x0) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, &(0x7f0000000540)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = socket$inet(0x2, 0x7, 0x100) setsockopt$IPT_SO_SET_ADD_COUNTERS(r3, 0x0, 0x41, &(0x7f00000000c0)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000"], 0x58) 03:26:38 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:38 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25153904, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f00000000c0)) fsetxattr$security_ima(r0, &(0x7f0000000000)='security.ima\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="07010200000000070076fc0700cc56f0b992e8e11462ca9fccfe50daed4091a455f855cb1b71fa7c5e72ddb3da4711573dd99c94befa983859fba3fbf9c57c7ce20871b32f722350a3a0351bddf56c80efddfbc8403d9f615832a72e5607c6a163c9dc9203eef3d517359e49c00ca61b402ad838930b70d11ce30715c258079d"], 0x80, 0x0) 03:26:39 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x200101, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000100)={0x3, 0x10000}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") syncfs(r0) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) memfd_create(&(0x7f00000001c0)='ppp1\x00', 0x3) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) write$binfmt_elf64(r3, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x7b4, 0x4b9377e6, 0x5, 0x1, 0x2, 0x3, 0x8000, 0xd0, 0x40, 0x269, 0xfffffffffffffffa, 0x4, 0x38, 0x1, 0x0, 0x0, 0x1a}, [{0x1, 0xfff, 0x30c, 0x1f, 0x0, 0x609, 0x7, 0x1ff}], "d076a501f8ee6509c304820e6cfa1b9dc05aefb325afb260a225495828f450615ba2f73e4e491657270cfb4c821c61a010279d470fa3be7a7299e24beb9e4a1e81e440f9d9e0e6"}, 0xbf) 03:26:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2909.385686][ C0] net_ratelimit: 24 callbacks suppressed [ 2909.385694][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2909.397238][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:26:39 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000440)={0x4, 0x70, 0x0, 0x0, 0x4, 0x8, 0x0, 0x1, 0x8000, 0x8, 0x4, 0x0, 0xe18, 0x0, 0x0, 0x10000, 0x5, 0x3, 0x3ff, 0x7f, 0xfffffffffffffff9, 0x8, 0x5, 0x1ff, 0x100, 0x0, 0x4, 0x6ce2d468, 0x3, 0x2, 0x0, 0x0, 0xe7, 0x96, 0x3, 0xff, 0x6, 0x0, 0x0, 0x9, 0x1, @perf_config_ext={0x5}, 0x10100, 0xfff, 0x5, 0x7, 0xffffffff, 0x65}, 0x0, 0xa, r0, 0x3) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/.yz0\x00', 0x1ff) r2 = openat$cgroup_subtree(r1, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000340)='tasks\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x40086602, 0x400007) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f00000002c0)=ANY=[], 0x1010a) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x20032600) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000000)={0x0, 0x21, "5c9136518707126391994cb0530686bcdfec2fa1fda35526a048c666b326d5a91d"}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a0f, 0x1700) 03:26:39 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x410000, 0x0) ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x2) ioctl(r0, 0x3ff, &(0x7f00000000c0)="75d068e0c7486539516fdcfb0416113b7e5f349696263e3c") 03:26:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:26:39 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x441, 0x1) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x40000, 0x0) ioctl$VIDIOC_G_FREQUENCY(r1, 0xc02c5638, &(0x7f0000000140)={0x0, 0x7, 0x3}) 03:26:39 executing program 2: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x2000, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r0, 0x12, 0x3, &(0x7f0000000040)=0x23, 0x4) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0x100000001) r3 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:39 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x2) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x10880) mknodat(r1, &(0x7f00000000c0)='./file0\x00', 0x8204, 0x1) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2909.848738][ T3191] binder: 3184:3191 ioctl 3ff 200000c0 returned -22 03:26:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:26:39 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:39 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000000)='trusted.overlay.nlink\x00', &(0x7f0000000040)={'U+', 0x1}, 0x28, 0x3) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:39 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) 03:26:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9e\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:26:40 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x8, 0x10000) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f00000000c0)=0x1) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2910.335733][ T26] audit: type=1804 audit(1561519600.332:237): pid=3230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir153509552/syzkaller.MVCZif/5006/memory.events" dev="sda1" ino=16991 res=1 03:26:40 executing program 1: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x10) 03:26:40 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) ptrace$getregs(0xe, r1, 0x1, &(0x7f0000000340)=""/76) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r3 = accept4(r2, 0x0, 0x0, 0x80800) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:40 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000200)={{{@in=@initdev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@multicast2}}, &(0x7f0000000300)=0xe8) stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000400)={{{@in6=@empty, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@dev}}, &(0x7f0000000500)=0xe8) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x4008, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@nodevmap='nodevmap'}, {@loose='loose'}, {@debug={'debug', 0x3d, 0x800}}, {@dfltuid={'dfltuid', 0x3d, r1}}, {@posixacl='posixacl'}, {@cache_fscache='cache=fscache'}, {@dfltuid={'dfltuid', 0x3d, r2}}], [{@context={'context', 0x3d, 'staff_u'}}, {@uid_eq={'uid', 0x3d, r3}}, {@dont_appraise='dont_appraise'}, {@permit_directio='permit_directio'}, {@appraise_type='appraise_type=imasig'}, {@subj_role={'subj_role', 0x3d, 'eth1:'}}, {@fsuuid={'fsuuid', 0x3d, {[0x30, 0x62, 0x0, 0x66, 0x76, 0x0, 0x38, 0x77], 0x2d, [0x34, 0x39, 0x37, 0x39], 0x2d, [0x33, 0x39, 0x62, 0x63], 0x2d, [0x38, 0x30, 0x38, 0x65], 0x2d, [0x77, 0x7f, 0x7a, 0x32, 0x0, 0x36, 0x64, 0x35]}}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}]}}) r4 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r4, 0x40046208, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) syz_open_procfs(r6, &(0x7f0000000140)='net/icmp6\x00') 03:26:40 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80102, 0x0) ioctl$KDDISABIO(r1, 0x4b37) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:40 executing program 0: r0 = io_uring_setup(0xf63, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x398}) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000180)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4000, 0x0) ioctl$SIOCRSACCEPT(r3, 0x89e3) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f00000000c0)=[r1], 0x1) [ 2910.425612][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2910.431438][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2910.437356][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2910.443151][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2910.449084][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2910.454866][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2910.584624][ T26] audit: type=1800 audit(1561519600.332:238): pid=3230 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=16991 res=0 03:26:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:26:40 executing program 5: r0 = accept$packet(0xffffffffffffff9c, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) getsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000100), &(0x7f0000000140)=0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x200600) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000001c0)=[@in={0x2, 0xae, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e20, @rand_addr=0x7fffffff}, @in={0x2, 0x4e23, @broadcast}, @in={0x2, 0x4e22, @multicast1}, @in6={0xa, 0x4e21, 0x6, @local, 0xaf}, @in={0x2, 0x4e21, @remote}], 0x6c) 03:26:40 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:40 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:40 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x20, 0x4) getsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 03:26:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) 03:26:40 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f0000000000)=0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000440)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000480)={0xfffffffffffffffa, 0x1, r1, 0x0, r2, 0x0, 0x5, 0x1}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000300)='/dev/usbmon#\x00', 0x7b5, 0x200000000801) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f00000004c0)={0xfffffffffffffe00, 0x1f, 0x2}) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f00000000c0)=0x3) getsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100), &(0x7f0000000140)=0x4) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r3) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f00000002c0)={'bridge_slave_1\x00', {0x2, 0x4e21, @local}}) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r4, 0x0, 0x70bd2c, 0x25dfdbfd, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r3, 0x111, 0x1, 0x9ac5, 0x4) 03:26:40 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5, 0x200) ioctl$TCGETX(r0, 0x5432, &(0x7f00000000c0)) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100)='tls\x00', 0x4) 03:26:41 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x280000, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r3, 0xc0305616, &(0x7f0000000040)={0x0, {0x40000000, 0x7}}) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03@\x00'}}}]}, 0x13c}}, 0x0) 03:26:41 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x100, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000180)=0x3, 0x4) modify_ldt$read(0x0, &(0x7f00000000c0)=""/167, 0xa7) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2911.154325][ T3310] binder: 3308:3310 ioctl c0286405 20000480 returned -22 [ 2911.225627][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2911.231450][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:26:41 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2911.323625][ T3322] binder: 3308:3322 ioctl c0286405 20000480 returned -22 03:26:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x400, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000100)={{{@in=@broadcast, @in6=@loopback}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000000200)=0xe8) r2 = dup(0xffffffffffffffff) ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:26:41 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) accept(r0, &(0x7f0000000080)=@un=@abs, &(0x7f0000000100)=0x80) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x400) listen(r0, 0x100000001) write$P9_RWALK(r2, &(0x7f0000000040)={0x30, 0x6f, 0x2, {0x3, [{0x1, 0x4, 0x6}, {0x40, 0x4, 0x8}, {0x50, 0x3}]}}, 0x30) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:41 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) 03:26:41 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) recvfrom$rose(r0, &(0x7f00000000c0)=""/131, 0x83, 0x40, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x2, 0x400000) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000180)={0x0, 0x7}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000200)={r2, 0x7, 0x3, 0x1}, 0x10) 03:26:41 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) ioctl$sock_SIOCDELDLCI(r0, 0x8981, &(0x7f0000000280)={'hwsim0\x00', 0x20}) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0x100000001) r3 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000000)='/dev/capi20\x00', 0x8000, 0x0) ioctl$CAPI_REGISTER(r3, 0x400c4301, &(0x7f0000000040)={0x6d1, 0xbc, 0x6}) recvmmsg(r1, &(0x7f0000005d00)=[{{&(0x7f00000002c0)=@xdp, 0x80, &(0x7f0000000600)=[{&(0x7f0000000340)=""/2, 0x2}, {&(0x7f0000000380)=""/229, 0xe5}, {&(0x7f0000000480)=""/254, 0xfe}, {&(0x7f0000000580)=""/128, 0x80}], 0x4, &(0x7f0000000640)=""/52, 0x34}, 0x3}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000680)=""/75, 0x4b}], 0x1, &(0x7f0000000740)=""/244, 0xf4}, 0x3}, {{&(0x7f0000000840)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000001c40)=[{&(0x7f00000008c0)=""/85, 0x55}, {&(0x7f0000000940)=""/97, 0x61}, {&(0x7f00000009c0)=""/86, 0x56}, {&(0x7f0000000a40)=""/92, 0x5c}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000002600)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/62, 0x3e}, {&(0x7f0000001b00)=""/125, 0x7d}, {&(0x7f0000001b80)=""/167, 0xa7}], 0x9, &(0x7f0000001d00)=""/253, 0xfd}, 0xfff}, {{&(0x7f0000001e00)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f0000002080)=[{&(0x7f0000001e80)=""/144, 0x90}, {&(0x7f0000001f40)=""/109, 0x6d}, {&(0x7f0000001fc0)=""/99, 0x63}, {&(0x7f0000002040)=""/58, 0x3a}], 0x4, &(0x7f0000003600)=""/4096, 0x1000}, 0x6539}, {{&(0x7f00000020c0)=@isdn, 0x80, &(0x7f0000002300)=[{&(0x7f0000002140)}, {&(0x7f0000002180)=""/61, 0x3d}, {&(0x7f00000021c0)=""/11, 0xb}, {&(0x7f0000002200)=""/200, 0xc8}], 0x4}, 0x6}, {{&(0x7f0000002340)=@ax25={{0x3, @netrom}, [@bcast, @rose, @default, @bcast, @netrom, @default, @bcast, @netrom]}, 0x80, &(0x7f00000024c0)=[{&(0x7f00000023c0)=""/206, 0xce}], 0x1, &(0x7f0000002500)=""/48, 0x30}, 0xaf31}, {{&(0x7f0000002540)=@isdn, 0x80, &(0x7f0000004b40)=[{&(0x7f0000004600)=""/110, 0x6e}, {&(0x7f0000004680)=""/142, 0x8e}, {&(0x7f0000004740)=""/108, 0x6c}, {&(0x7f00000047c0)=""/240, 0xf0}, {&(0x7f00000048c0)=""/40, 0x28}, {&(0x7f0000004d00)=""/4096, 0x1000}, {&(0x7f0000004900)=""/255, 0xff}, {&(0x7f0000004a00)=""/252, 0xfc}, {&(0x7f0000004b00)=""/10, 0xa}], 0x9}, 0x1ff}], 0x7, 0x40010100, &(0x7f0000004c00)={0x77359400}) ioctl$SIOCX25SFACILITIES(r4, 0x89e3, &(0x7f0000004c40)={0x67, 0xea1, 0x6, 0x8, 0x7}) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f00000000c0)={0x7, 0x0, 0x10001, 0x1}) ioctl$DRM_IOCTL_SG_ALLOC(r5, 0xc0106438, &(0x7f0000000100)={0x7, r6}) r7 = accept4(r1, 0x0, 0x0, 0x0) ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f0000002140)=0x3) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) getsockname$netrom(r5, &(0x7f00000001c0)={{0x3, @bcast}, [@rose, @netrom, @remote, @bcast, @default, @rose, @netrom]}, &(0x7f0000000240)=0x48) ioctl$SIOCGSTAMPNS(r7, 0x8907, 0x0) recvfrom$inet(r7, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:41 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:41 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = semget$private(0x0, 0x0, 0x608) semctl$SEM_INFO(r1, 0x0, 0x13, &(0x7f0000000100)=""/176) r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x100, 0x0) setsockopt$inet6_IPV6_ADDRFORM(r2, 0x29, 0x1, &(0x7f00000000c0), 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000003c0)={0x101ff, 0x3, 0x2000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) ioctl$VIDIOC_SUBDEV_G_FMT(r2, 0xc0585604, &(0x7f0000000340)={0x0, 0x0, {0x3, 0x4, 0x201b, 0x1, 0xf, 0x1, 0x3, 0x2}}) ioctl$VIDIOC_S_PARM(r2, 0xc0cc5616, &(0x7f0000000640)={0x4, @raw_data="d3b844d7d8ff48a6b770c1b7487950a34cdf0bd7024ef4bdcd94ae71b33e46dd7616c2ccb73607da28e956f82c931efa5b1d6337e788ff4fc46eb37921895199f3c60eadbfa3feefe222da885233c76d3ea71908c98ca3f4ff62503efeaf71d4b7dbc084263a636231fd87548ab5588bee320d5acd55a7674282699080e26c968ac2506eb0419031f0bfb5d29601a685d33bde13465d9d00e3c57621783d9301a728130e30441e34bbe01963cf5d9e8d12054171bf926c6cdeb6e8019fd7e3e76dbaeeffefbf8f5e"}) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f00000001c0)={0x0, 0x80000000, 0x1, [0x9]}, &(0x7f0000000200)=0xa) syz_genetlink_get_family_id$nbd(&(0x7f0000000600)='nbd\x00') getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f0000000240)={r3, @in6={{0xa, 0x4e24, 0x1, @ipv4={[], [], @empty}, 0x60}}, 0x200, 0x7, 0x1, 0x7, 0x2}, &(0x7f0000000300)=0x98) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000440)={'broute\x00', 0x0, 0x0, 0x0, [], 0xa, &(0x7f0000000400)=[{}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x118) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) 03:26:41 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$audion(&(0x7f00000001c0)='/dev/audio#\x00', 0x3, 0xd3d014836b10f7a2) write$P9_RREADLINK(r1, &(0x7f0000000200)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000240)=0xffff, 0x2) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x4880, 0x0) ioctl$CAPI_NCCI_OPENCOUNT(r2, 0x80044326, &(0x7f0000000180)=0x49) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xda}, @in6={0xa, 0x4e23, 0xf41a, @mcast1, 0x1}, @in6={0xa, 0x4e22, 0x6, @ipv4={[], [], @empty}, 0x4}], 0x54) accept4(r2, &(0x7f00000000c0)=@caif=@util, &(0x7f0000000140)=0x80, 0x80000) 03:26:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) 03:26:42 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x727c, 0x1) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f00000000c0)={0x7, {{0xa, 0x4e21, 0x2, @ipv4={[], [], @broadcast}, 0x7}}, {{0xa, 0x4e24, 0x5, @empty, 0xfff}}}, 0x108) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000200)='/proc/capi/capi20ncci\x00', 0x280000, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:42 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x501400, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100)={r1, r2, 0xd, 0x3}, 0x10) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0x40046208, 0x0) r4 = dup(r0) ioctl$SG_GET_TIMEOUT(r4, 0x2202, 0x0) 03:26:42 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000200)=ANY=[@ANYRES32=0x0, @ANYBLOB="540000005f653f2cd72a37a8d7068717153547e2341a957466b8e877f7f3b92c21f30d11518196746745cbb3705725977e1769407d0741db6d2ca801d29c368f2f8fb31238aea769891feff2daf47db38183f3cce65b6d2ef26de64c63508214ff7826e5fddb6559efa251fdb99fb4e48b72708277c85456609379b96737cad6d8e27064fc1e0fe3e73b207e42c541348181cb0d8be76062c4e60a36d61be1ce289267e7355aa4ea6e38ffd73d3a4172822d633c6ccd2d4cce42927cbe1049771d0be1676dd7126fd03c5a81bc0fab5b1cfc6221798f50f8c2348f14e680706561008548b862eb23d5063fbd44480852f9ace54c4fa2ac79547be34ecc498ac6bed9913c6a7060f4c941659e6c1dd922647e735ebe06bd641dd2318133ef1270c65b7c3232efa618bd912171db1ba99748c4"], &(0x7f0000000000)=0x5c) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000140)={r2, 0x200}, 0x8) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x400000, 0x0) ioctl$SIOCRSSL2CALL(r3, 0x89e2, &(0x7f00000001c0)=@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}) write$binfmt_aout(r1, &(0x7f0000000d80)=ANY=[@ANYBLOB="cf011f02c20300008b000000400000002a010000800000000000000000000000d353f0ad2806aebf45585dff830cec9ec7c208c0ab978f3dff8906b8fc7d100557983282f8105e60123fd02f39311ed6e58cb7c43e2c29d5d60ea5de1713f4c222e9d084f422341300754d347149a03cb16406aa701eb8a125b7c1e9c3afe980ae54dff772cc2bfed84e01156daa6bf0b2916e5a51e93a9841c676b619a302b35463f3fca80519b36ccbe4eccd37ef92dbba3e16ed17fdd9aac48673d22b1be2b1f0a061b528e5b19b742d083991dd5ce67e41c9d3fca7cfbd0b17d54f15e38e458b3ae3a31cce1c394530dea782bcbd04acd952868c6c29216d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063e2fff2eca67a9f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f25027314c476fe4e8260a24593ec718e0e6ea6eee07c9064b8c058dbd344a3de29ddf94a12868fffe4307ced33be8ac22eefc6c22dd9516918a3f5e44ebaf1d5f24edd9ea3a92c8f193213dc5c4f36e4596ce47f52febdea76d0f4c63ea4fd2d668476e84d8e8aa3478b3e1361971b44ae1a925df2bffd205"], 0xafa) 03:26:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:26:42 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:42 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x40, 0x0) ioctl$DRM_IOCTL_ADD_BUFS(r1, 0xc0206416, &(0x7f00000000c0)={0x3, 0x6, 0xffffffffffff0c98, 0x3, 0x8, 0x3ff}) 03:26:42 executing program 5: perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000100)='/dev/sg#\x00', 0x5a2f86470000, 0x2003) ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000140)=0x1) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1, 0x0) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f00000000c0)=0x94) 03:26:42 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x0, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40100}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0xf8, r3, 0x0, 0x70bd25, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xff}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x6}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xf9}]}, @IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x3b}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@empty}]}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0xffffffff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@local}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x44, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x17}}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e24}]}]}, 0xf8}}, 0x0) listen(r0, 0x100000001) r4 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f00000002c0)={0x0, 0x3}, &(0x7f0000000300)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000340)={r5, 0x1, "bd"}, &(0x7f0000000380)=0x9) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:42 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x20000, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x8000, 0x0) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f0000000180)) r2 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f00000000c0)=0x10, 0x800) setsockopt$IP_VS_SO_SET_EDIT(r2, 0x0, 0x483, &(0x7f0000000100)={0x87, @multicast2, 0x4e22, 0x0, 'none\x00', 0x1, 0x5, 0x21}, 0x2c) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0x40046208, 0x0) fcntl$setsig(r0, 0xa, 0x3) 03:26:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:26:42 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0xffffffff, 0x20002) ioctl$VIDIOC_S_TUNER(r0, 0x4054561e, &(0x7f0000000140)={0x8, "3763f32786764461aae4f663ecd9c8b8a1197f709a081b531bfa5c50baf69a00", 0x3, 0x8, 0x0, 0x1, 0x8, 0x1, 0x348, 0x81}) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x70000) ioctl$ASHMEM_SET_NAME(r2, 0x41007701, &(0x7f00000000c0)='/dev/binder#\x00') 03:26:42 executing program 1: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:42 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x84000, 0x40) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f00000000c0)=""/179, &(0x7f0000000000)=0xb3) 03:26:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:26:43 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup(r0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x1, 0x95d, &(0x7f00000000c0)="8efe2f3265429df6ea89129f24fbc9d71c9a0634c6c593d0d48121a123b157e85e2836404a67b3d4025dae15d007755b4b4036f4231ef9ebb3ea83eb24573f7f909529dc15bea0c48d3204d4a3fcd84acf8be350c281a89973db8996bafeb34e044feb302d0d47e84e8845bf5b5716a9c36c63dd2462d80797de9c63e82f9fd3ed9c3ddb13fbb99dfbc674b9df680fe6080d3fa907f7da12e929f7b3c5095e87853c9226e8b3e1cdac1cddd23c765bcdb0a22749e124725bc5f606e76dc8934aeaf8cb1fbb62b568007b9d06d7414b7723f999a70da423306fe9dc", &(0x7f00000001c0)="010f93d63e066e205e55729f498993140e1cd386dddbe8210c638bb50c7d2b20b73d7271919f56a420bd02c6a965c710744ea3b44e4dcc18a4b834a472016121e55f6d5c4692ae89fb8001295d0251fa925589ef7d9f5003fe5490fff5b53b644e800f6241e51bc5a8e4085370555b31958e9fb3111386e8abcdd9549d2b7ca9ab12198b506bc60310d73d4ce888856df8049f7f4cc8d20669fe1661cfe60667296f7e14789a694841fc89ee6bc4f7a4de45219137810a522932582e6170a0da1d564dd3df245911ba83fefc233480b48aa05e7b64c9f34727e6916689f2faf0598e0be692bbeb3a5c931f3782e4033c2fcd", 0xdb, 0xf2}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:43 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2000, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r1, &(0x7f00000000c0)="2a0e524898b9e95620a270344c957201e86296443dcc320bda8f09bfd995bfd2a217cf13b9ec18c65e108235613330f2048f5e866a9b65c40befb839bf262e64a0a394eb2ad847fb900844812bc3fd0b99c48a4e2ee4133f790a43698124fd9868e5c36db84aff91bd53e9acab05e7d8ff9e2484fbb7293fb2b7fb7b3938c5a7bf045bb799dd3295710a604b72d5cfda2773bfc5325185fa899b69f2fb8da53b30b1feda18ee8aa328740d6d230989f6e1b5ee5cbf15c11cf8017db572e43d61df86a09c45c4477e43ff064dfb1e52a4a2f113c5bc9bcd6c5c00a3e164719f5a7c9df041ce85151932430fa5b0f6", &(0x7f00000001c0)="cdda4bf0765c5ff6aa7b5b4534c5e115297aa7724cae9c98b266f4cdae41512a4a8d950edaed6bd7ebb0fb1badf736e7f3986c601e9a5b9d41763e1a5e802e0aa1ef0d4dfa5f9bf3c14dee028e7fff35960b1c97b31283cfed562610d196fea1fb2451fbd63463f7f329be107bbcbf4028d870cf9f4a7440ff52fbcc6d48d39fa8a208b6c19df93ea39f394f587e3b54e2edf1cd857de71943f366eb9a2c8fe924a3c8d572009714e5681e522f3aecac58f5f3b445c24c5605ce9ce1a1a562cd5122d9f6c286d3677be14b3d1b223eac77a9dc7fb33a728ab6", 0x4}, 0x20) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:43 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x0, 0x5, 0x0, "0b8f820b28cf9e00b69e9ad19d19624d4ac5a4240f4de13a18913d33b6f6ac94ee2f9316d23c91845401cb2dd34cb5fb9d6c212b96e7f903b79ed24e6927ef6a4637917c1abaa89f594acb170aa53d2c"}, 0xd8) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:43 executing program 1: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:26:43 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x14}]}}}]}, 0x3c}}, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) [ 2913.386037][ T3476] binder: 3467:3476 ioctl 4038ae7a 20000000 returned -22 03:26:43 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") fsetxattr$security_ima(r0, &(0x7f0000000280)='security.ima\x00', &(0x7f00000002c0)=@ng={0x4, 0x10, "cb84"}, 0x4, 0x1) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @local}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e24, 0x40, @loopback, 0x3}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x16}}, @in6={0xa, 0x4e20, 0x6, @empty, 0xa64d}], 0x78) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x48000, 0x0) setsockopt$inet6_udp_int(r4, 0x11, 0x67, &(0x7f0000000200)=0x401, 0x4) write$UHID_DESTROY(r0, &(0x7f0000000240), 0x4) ioctl$SG_GET_COMMAND_Q(r4, 0x2270, &(0x7f0000000040)) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f00000001c0)=0x7, 0x4) ioctl$SG_EMULATED_HOST(r4, 0x2203, &(0x7f0000000300)) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) 03:26:43 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = fcntl$dupfd(r0, 0x406, r0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f0000000000)={0x8000, 0x8, 0xaf, 0x3, 0x0}, &(0x7f00000000c0)=0x10) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000100)={r3, @in6={{0xa, 0x4e24, 0x663, @ipv4={[], [], @rand_addr=0xa612}, 0x2}}, 0x2, 0xfffffffffffffe00, 0x9, 0xfffffffffffff348, 0x8}, &(0x7f00000001c0)=0x98) [ 2913.492838][ T3476] binder: 3467:3476 ioctl 4038ae7a 20000000 returned -22 03:26:43 executing program 1: syz_mount_image$btrfs(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:43 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:43 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syncfs(r0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:43 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x358, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x8000000003a9, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0xd709, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffff7fc, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) dup2(r0, r0) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000000), &(0x7f00000000c0)=0xc) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r1) 03:26:44 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:44 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000040)={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1d}}, {0x307, @dev={[], 0xc}}, 0x40, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}}) 03:26:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:26:44 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000000c0)='/dev/binder#\x00', 0x0, r0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80000, 0x0) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f00000000c0)=0x1) 03:26:44 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0xffffffffffffffff, 0x2) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0xa00469f52719dbaf, 0x0) ioctl$KDGETLED(r1, 0x4b31, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:44 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:44 executing program 4: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x5, 0x2, 'client1\x00', 0x6, "fe4c22d889239614", "0cee0892ac0a3cf498b20b14ae69f57906f9936fd28f299bf704bd4991b47eb6", 0x1, 0xa8}) modify_ldt$read_default(0x2, &(0x7f00000001c0)=""/236, 0xec) set_robust_list(&(0x7f00000003c0)={&(0x7f0000000300)={&(0x7f00000002c0)}, 0x2, &(0x7f0000000380)={&(0x7f0000000340)}}, 0x18) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x800) fcntl$getflags(r1, 0x3) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000000)=""/3, &(0x7f0000000180)=0x3) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 03:26:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:26:44 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000000)=0x0) capget(&(0x7f00000000c0)={0x19980330, r0}, &(0x7f0000000100)={0x9, 0x1, 0x3, 0x2, 0x80000000, 0x80000000}) 03:26:44 executing program 2: r0 = socket$inet(0xa, 0x801, 0x2) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$packet_int(r2, 0x107, 0x0, &(0x7f0000000000)=0x7fff, 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x4802, 0x1) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000200)={0x22c, &(0x7f00000001c0)=[{}, {}, {}, {}, {0x0}, {}, {}, {}]}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f0000000240)={r2, 0x1}) syz_open_dev$sndpcmp(&(0x7f0000000280)='/dev/snd/pcmC#D#p\x00', 0x20, 0x8000) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7fff, 0x10200) accept$netrom(r3, &(0x7f00000000c0)={{0x3, @netrom}, [@netrom, @rose, @remote, @netrom, @netrom, @default, @null, @netrom]}, &(0x7f0000000140)=0x48) [ 2914.585623][ C0] net_ratelimit: 16 callbacks suppressed [ 2914.585633][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2914.597133][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2914.602966][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2914.608809][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2914.614656][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2914.620506][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:26:44 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:26:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:26:44 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x3) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:44 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) ioctl$int_out(r0, 0x51191de10edd122, &(0x7f0000000000)) 03:26:44 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000040)=0x8) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000080)={'icmp\x00'}, &(0x7f00000000c0)=0x1e) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) r4 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x100, 0x200) faccessat(r4, &(0x7f0000001280)='./file1\x00', 0x22, 0x1300) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) write$UHID_INPUT(r4, &(0x7f0000000200)={0x8, "c6d043bbb91040e617b8f8935798d8a731e81ba943408328ed4819b5bf1f4c75989596cc41865b20967ee0785a37e9321ca92ef06ccb881217bf5751644d595f1f7a8999e8b8e3431d9e0a718087b302a4cda76ef49539a40a8e605a55de3cf21b046af1c2b6e548f845def5cdfe14caaed1001f4e38fa8ad284a79d9730e0e2f2fcefd8b7712cc88f2ecfe03b5e4a73b4e47ed31d452e3a21c3c6ff5e8934fe508080ef82c9a68e68775420e881c85eaafb2ace739788e0668c0dda7d9ce20307e03a4552db87d992978df849111482556cf587529a1a23ef74b12b0b6814f6cfae1d57d947b78d1c0142627ff89adbb425d0117d210428dd92b02e8c30a6fb35dafb653a7599a36ac3b8d11acea8f925a1a93315bbb34364382b6fec6fed5ca79081e90eb120d67d7a184b8acaae5070a471e2912ffe2dfbdd22338430c69b355e3ea496d324838da19ab4de18dc4dd0beaf64e215b3effead5e15fc1ae104f4f174bfa2f29e0ac971f8c24b8839ca06e688d276d8c1cc6e10979316d922db819045cb1c74f697f1f09556b05ada1a066fda7baeb21c079bf51fd3891534791a6d3b793b24365a4d305300174157572e28b0f9a114cb3fd86f15c01ee0f208da7548979b2a1e578d66b61d8fc8a6e6ef28f9d923b043c63e2b9c5ac6a20c4f61cf3f6f9e8316a0bd38bdb59b88705ae86c7d69f20157f95d67a272cdfabcedf5fc37fffcf37fd6a687dc066691c1640e578a8c55ef2fca5f351f6f3a129bd6dd473d7f3c64b0fc809ae2bd76226d9a2ec1aaf37fcf4ac9919ebfcd8e649a43ea7621f33c51f6843d2f66ef3c169c60f288c69f1e84821661ecf75275ab12a31e147a687422fbcba7f741b6aed5c113ec109ab800261b8b52e326b7e198fdd2609db3ca59d1f9584b4e88f1ca000b3e84b080b296a5860d564941f9a309b9fa949009c23391f539a5a5669f5b3d18d846c1db300f75c841e9ad8aa8df5334725b991a73b0875dc484b664e2be33aaa1d9da9497cf96b5f1dc34034e4d70aa99e3de00b14a4f79d3f50d0cd8b81016c034dfa25db4ccbe376483371c3fd086c0da685bff339890c071b2878af3955867e81fcbab9685d4e563b46159a24995c944489cdc67ddc9c261ed2e69804e95f042d2cf90195688a07131c6ee258a183d494c18843a375d66cbd4003fc5293f4e68bb879f15417ad316ed5ef320e212d23aeded0014b727ecd919be12201ea43844c7478f2428665f03d3662d259b3168a46ef9a86920fc99066b2eb08290e86e77d18045f957fff5366d820d21919c409dc3541786bb2913aff0fd1f1280578ab943f4ebd8e781f4e704bb62b93c410ccaba807e22ad7f92b2e270d630191e3b59e46c904c7154cbd41c497bbce00e2b311fa6b00bc52da7e1718bb4a8288ab108bd59af64665714c814e195eded89302d7059de81eb270b68b8844e5e9627b5e98b61fd14fed8682f8772a66be69e32dd31b666d5b5dc614b19d1f021492f85f23e21c08daaa308eefd47f50b8d9ef7bf82426d1330f745d82fe7617696e501a9c7b50b859231bace6d46ce398216354ba0ba84929418215bf3f4c585e2472029c47943f043818722f989f924bbf48280824683f4d524e7fae690dd4f9335602a4e617978b3ea8e37c638bd151cd4d3e499c4bd97efdc3c259c5dbe23bdf18ec86362739b08d18a00a64273cb2523769e33ac680ed3b229ec28ba69387b502e1d647280a43e39d275d99a526e2eeb7ed90caec56245ca9f1a5d0d147cc71f93dcb2d13c5692d383f0226b2fbe61221f4111808d4059a0fcb92fb33cd205c5cff109a06853492c10b8f36063a29209834e04fe118571c35c1e936a30d91587770d71c985fd8ba7b9964f681f61cce21264f2f06b10067e9916fad50005214dd2d762dff73ad2685cc80f4b2732fd57bf6905c6e9a41552a26c55f8396492e9fe54164b510a67797bd5bc4c970e1aab8c69c6a1e020ba05e37450620a47baac37544f1360da7c759519c0d5b56768d07fac43d39cb0d51ab6623805fee6556a3c8e6c38d9fe11c3f22a83907da1368f2c7cb664762bc2f5aba4bfb863916f5e683de6c3d1917433b6fc5355e00469e4f49c160ddca1a1d73f3da48a1ce2579c634f5951a81d623a000c9c6a2ea51908bc5631c957f77fa58274ed427eaf15ecdb6335fd5874c14e870175926d79141290897288c316d3dcdff329ca917cc0ce6267bb954b83d93c9778680f2611e741b897b322d54b2a32882a21031047ec7debcfbea154d2671a47adf78fc3ed8f517b43304161e261ddd0144c5daabe5ab2414bcb03dbe77c7d8129dffc631f02c4c7300b7d2106e6c8c494a6ad6ee13da09dca8a862e8bc4c2f4e1bc466e97e5b26cba97bd2690d2c14dc400224b4c4d697a46624e582ee18fe824a9063f80fc8ab6dd48f1cb6d16321ee51f49155fe857b9f1f5f954b9ac4917a52db8dd1f86f1deeb846ab8a6b55b2d9d8d30a5733ac90e43fe8f85908c2f0e0676619f38b72a81fc1416e898f99f5f9d695a8eec96a7d020b8a4645fc909a629b7610da3d38c8b0f109e0b2b27eb3bb0bbdecae9ca422ff4fcf32d0150a551b88d7b39c0683ea76e1680f7904e7857f4867c8bed307b1d6b68f078671eae22ab9551c172690bbefd4f4be2ae7363d476613462c9b35f4385e39895ab0e7296c475b0003cc7dd01454add884cabd99c15930fd578a77ad238f9917aacad9f5e13fcc60e3ac4500490bbf69634095dd8eeb6bc4b90e5b889ce9a8ef8f8f82e8a5d10275448a30cd2800d4bf26e8083fc3e1ce36ad16afbdecc2899fb32e79108da32b757300b74c07f92d6190fbf90be680837ff98cbbe462efee445341b4b74ee7243980d44b97551169b405aaa4292470b7448f5a3f3b8ee34ee14fa5beccae32de7fbc47cc22487852ecf275575ae65e11bf27d013cc971d2e12f805fdee78e069ce233cdbedf4601d894ced990e3f543a95e905dcb8e00c0bf9d5acb4e85f35fb422a4f5edd14e34c0e8f70da02210ee1300d75e456ef4faa7c0a4fdfb644908cfad76db43e9b50da7ae6887ed66bf8f072dc00b2945bcda9560618942520424ba20bdba6011855bcfdca5df36ca80160d0dfab7af1fc2320fc9fd4f510bd07e7aaadbe261fbb90ffb705ad6c942d7bbbae6aefbe4589e83e8336eec02addb3a80026d96312cea4a4aa0e2faac25af88a09895d0a93f4a05c061ddd1b3717aae76cfe54a3779ddec247517f669107510be8fe576be00d89f6fca21ea92663b4d4bf4457f59d001e0ff5c2a2d7ad2e92c4347e41b35b31980dae87c716c1adc1dbf3a796fe0274edc8a87e5dc8c7b74beab0f1dfddb01ded6876820fde8965a57e3e215bbdfc7a217a95797f92becef4deda0b94cc60e89f39820b101b3cada71fcb7d463e9547f9306d3e88f38ac2028d3b877b80b38e5a83ba9fe0ed8a6f33bc8c796ffb2985c3cd226afd9e037d881b0a85138d7cb7a75d436fa5302e25fd1d87f770576ac6e0d14be3d6123c76c04e0435d3a25e6df52a4a77fcd6d8db888bbf7ad8bfc29a27b0b35de47891741eb0ff9aae7686a267bc5f64d8259bf227596db5ce5d539fb419cf46b3ba9a22837fa07b49ed306136be41d6d4681c6209d640632f2493e0e2392de4ba5e7d1831eb81d5f415e26f99adc3143bb355504a184735258dcb446f09ae9a70d2fd522141d580637b60e253321bfa330517aeeb856b854d6732d187916e212638f2fa2ce9fd8850974cdfc902ba3b383c30e1ad649b21d7c704d93b8c2c07526b019abf5647ab9102c5b2760c28632c676c6b2bd0a06853698523abd3d09828ef2cee99d995924618db2581bda2cf1fd5fd3968ca4559e3e0926ff3a5ecb439b7512d073d2afdebd746ba716ceb8bb38c66dd03bb2571fa123dbf486000d2e6d332d1dbfb57b02d7d1b80338dc6cbe219a8e3cfb0cccb30af9eec5f5576ad6844cdad6308390920c05976b0a0a9a44bc467920a2e2d5e9159a8d160fdc3ff437885982db831201174ae7c1f75701ca4d53c30b032125b4916d4871433bbe2cefe1e4dda5391a44fb9826ba065278ba5b7eaa8399e302a23eb194fa4aa839b60c40c68bac473c2f12d74bcd874438cca5cacb7cedc3e457dfda75aefced56d02d55ad3b5d1e2dcd52308ace6da03f31e2418c366b2fddea99377a38b2e7a762be42eb855dcd270461387628c1265e066a254c25cc80af15032930ca027271251cea4e21842d5da2644d9319985a0fcdf7654f84cd2ba612c811f3feade9b647f3e4e795a3f42a102bd908842f30ff1b07132768e5874b7ab56f2df4d65e8b469f58720feca35d058ad57364992c52bdd866acabaeaffa9609b974a580c947fb6784b37e01e63f100ffc79dfbab65b0c61c541e13dd3319efe40ed63cd2c3549536594ae1bfdcb0d1dfb94c3363a884186af045a748096ff1935936857fbbeb364fea7e17ea097a17644c4ffdf68167f37d36164efb37a2e7951e56f5f658fdeb3774dea350b2225b505d4108a2d301206835a4ebfd17186a907767a6857484c60b764a054c33515a0a75dae59718ad8b33930a3dc1621fe778e50ef3fa339c1969ac71ac4a405b889d126c1f5a525f5e92b04256a364ad912b2e04bdb58cf367e101145e847e4b73f233954c1331b7dbeba96a4a0aa7960a87d14c6c238b28e0dd6fdc5023fabad0867c848cf025089a673efffb442419c0eb0d5adc26570ee33ea37207d5e8eb70b75608a73398580c2d554ef305806e133eaf000e0c8e5c83f8ee20097b9d5086fb644253f3aeb57e3e1a290bbe8b0d6060bc1891aa0110d8e608534dd0413a304b1a19e73f13f7afade1e4ac3538aad3b035bd4dc1e5c4d0890553ce801b591796113dcc66130dd317782510b5bc0b493fe76174b495a1ff3eb60ff87d9156d1fd0c27ccce012a3cb0b3bfd83576674c634a2a756932797197ac4dceb184534d6c25bd8337770df8b6216b4dea9fce493ff8022ae4b76534b9666614398039d099d804eeb1b8ab1770a477d74c6327defba5ceb3c6996dabfaa3ff471c8aedb981ea5d5ed203f1db35afbc945b254afd73832cabb40286d73f495732c11e4a6e9a2c96d07d2336754826e044b247056c9ff730d742a817965a96bf8e35a6831bb3c6f2031e0e4eddc67f7c887e3348a779cab1b83ca818bb055f18f3419ed3bab796f5bb66d5de9733a0b34e4d89b1d5c79562168baeda7ffad5d2030036499aab5e3168b382abe134972930f19a0b3d266c4e009fbaa8442c6259e4ed768ddaf27c1ac52d48ae0cff845d4801ed92fa2b23819788a9476a172edb99e1bf8ddb98b34810f6d125f6b7adfb48f6547be85bc31bb3dc3552456d94c4cc001cfb1ea670f0a50de5e7dd6a5e42632b41eada48018e9a63367ea69dbab9b41aadbd2254c68b55dc7414914f04e1b0a92c72569e90ee47926e2d6b77a74c06e4a6bdd81fdf92770e1351198781affa977ebf759caeda5c6d708b17866c7574c2fdbaf7a0254354090a74033fc4e0ba25dbb10aecf033159e36ef2c3d92cf90733903cf240e57a1dd45327fe9f54a6d175b5fcec812631c1265b90d4ab5b8992738fa792bc03ca5bed3baf7c549d8d7937e597849bb6c3de71006a4df54a094ce5210f69178b031bf4538d66e456e186fead6ee870b1dc4d63e11841552c23d993c1dee04351ac0ab7058f55c0bcb00d29c933e1146011a06cbb1bf0c1b7c7b644f7c11f9998f71c6ea0869bd92a57a780b562af607f", 0x1000}, 0x1006) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:26:45 executing program 4: openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0x20000, 0x0) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vfio/vfio\x00', 0x200, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r0, 0x0) exit_group(0x4) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x100, 0x2}) 03:26:45 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:26:45 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)="37ec436a6d5c11d2c47c8e45731b17ff0bd2fc015b81ba07412aa6f66709825fb6f0f77be81d640f7b1e5f0593ce20e9089b4cadb42fc3a5e766aec8b286bc81df40799ab0d8db1cb28efbdc133bc9ee55e30ca6ee23f3b26ea12ddad50eb6613f06cb33df45aa7510992fda6b6c517ab2043bfbd2d7f29a246161473d48576135c1b2c4c223ec5ef335ec78f00b018880af188b3d78329ce9a5b6d9e87a470f184c2b39a20e3c127d98403a46d73fbd2c4d72811731730a2dff60bfcbe2dd80920ff3e731ada11ebd6987aa5818571085309614459d4b04d21745c4c1f2ab1870bb92cbf4f5c05b6fc855421559f8b435b78baad09f6b857ee8c08b4714e9", 0xff, 0xfffffffffffffff8) keyctl$KEYCTL_PKEY_QUERY(0x18, r1, 0x0, &(0x7f0000000200)='cpuset#lo%,userselinuxmd5sum\x00', &(0x7f0000000240)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:45 executing program 0: r0 = socket(0x5, 0x800, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000000)=0x2) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x406, r0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffc) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:26:45 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x80) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:45 executing program 2: r0 = socket$inet(0xa, 0x4000000000000801, 0x88) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:45 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 2915.385639][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2915.391466][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2915.397344][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2915.403128][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:26:45 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x101000, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{0xbf, 0x1, 0x6, 0x7}, 'syz1\x00', 0x25}) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 03:26:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) [ 2915.490247][ T3630] binder: 3625:3630 ioctl 40086602 20000000 returned -22 03:26:45 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x300, 0x0) write$FUSE_LSEEK(r1, &(0x7f0000000140)={0x18, 0x0, 0x2, {0xa9}}, 0x18) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x1, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)={0x1, 0x0, [{0xc0000001, 0x1, 0x2, 0x5, 0x9, 0x1c00000, 0x1d}]}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4040aea0, &(0x7f0000000180)={0x8, 0x1, 0x3, 0x0, 0x100000000, 0x335a, 0x6, 0x35, 0x0, 0x0, 0x5, 0x1, 0x0, 0xfff, 0x7fffffff, 0x9, 0x8, 0x7, 0x6}) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f00000001c0)={0x5, 0xffff, 0x9, 0x4, 0xffffffffffffffc1}) 03:26:45 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_sctp_SIOCINQ(r1, 0x541b, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:45 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 03:26:45 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:45 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$TIOCSSOFTCAR(r2, 0x541a, &(0x7f0000000000)=0x42c) 03:26:45 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f00000000c0)=0xffffffffffffffff) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:26:46 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) syz_emit_ethernet(0xd3, &(0x7f00000000c0)={@remote, @dev={[], 0x29}, [{[], {0x8100, 0x8, 0x10001, 0x1}}], {@llc={0x4, {@snap={0xab, 0xab, "0e4f", "0c7787", 0x88f5, "646246edf3a6fbdfda1012561d1a57bc78a78dc35f4f84a27e7706e5c95ff3eda21d4743cf493cc771c39472f8c0eef9ffb469490a7b7d24c3faed5fc87fb9b7e98ddb466657a45d22a62972f64cf5bf0c8d22b41e8f00f45e5f5ea1e0c906380d69744ee8873009134c222b1e63ac4049315bb6a7a54d0da7f8871ac77d06fd165228895b5dbd68280d9c971a260ce647ebdfdaa7eed2de73b011dcf84e3065ba243f6fd6896b7d34355d7a3b03da36aa022dd92a0b9f51"}}}}}, &(0x7f0000000000)={0x1, 0x1, [0x2a8, 0xff0, 0xb3c, 0x100]}) [ 2916.050710][ T3675] binder: 3664:3675 ioctl 541a 20000000 returned -22 03:26:46 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 03:26:46 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0xffffffffffffff00, 0x200, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x200000, 0x2) ioctl$VIDIOC_ENUMOUTPUT(r0, 0xc0485630, &(0x7f0000000140)={0x6, "2bfb6d224ffd749a67dcadcf7838d99fc446fbd9ed9f708339e1af5172aa12d8", 0x2, 0x4, 0x2, 0x3000000, 0x4}) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x1ffe, 0x0) syz_mount_image$nfs(&(0x7f00000001c0)='nfs\x00', &(0x7f0000000200)='./file0\x00', 0x5, 0x4, &(0x7f0000001440)=[{&(0x7f0000000240)="8b90e497203dbbc3d1dd2d12b99a2e702abc1dd886aed007eb795e3c44c4dc834e3aa4f7e19b9b0b84d8ee5b5598e17dcb762c64ebf68164544e4d440505c72480", 0x41, 0x3}, {&(0x7f00000002c0)="b3291cceadec3a4b9882af2c32325c23cb60d17c8978a876ab506a9a05e1a31744612f487735dd188a7a7a448142dd8fd7abce61b2e3aa492e10867ee72fc4c6747b122f3e685277fb299d7cc640d52fedc01e5faad140d46b3e31ee63b7b4f2dbed9538d5bbd6b5adba98d35e3781468076c47b9be1af9e7b51029c58e376af6c02ca6d2eedb38e1095d43b539b507a681b16077ec21fd6", 0x98}, {&(0x7f0000000380)="d46718f519a5c30a5b04a5d2a1496ec278a17335ad3b233dee50665c32630a20782f9861105055ce71a97c0272f2d084aedc29af15ac34b5b9e74b78b08bdb0ade1d241cfb28cb52ace3b883a6950ce50bba2d2cb217fb6c3b8bb9b1473d7d860095fa69155967d2d5d79af3f61568dd1936f0b588bac28561c83f1e6fbce01f788e84dc38e901011f9523f8ba", 0x8d, 0xccf}, {&(0x7f0000000440)="5bfe2736266dc2ff5d3ffe95e5a8db13bb05a33281d0f5563b18650d742f2f060c299729ec0dd990e22ad385392783a33e1b276404b442b0491be4444780e24aba442a3d00117e44462dff01c5a56fccaff176d60efcf8feb6a558678fc8a3e1f06f23b84f44987e760f752eeff74feda6a4b2436520ee53ebdf3e08fc6f86eb031a55d8cc999e3e0a0aeae6017ad0f91d90af185d5361b6361be651e75e85eabdab1f78f43a4c9194caaab6174e852f6d966839be22c263b97a5d74a7a24048276343c7f83f8f58c4c0cbcaa7605c1e854821d84c5b1eb1e25c977b382ed89af362b96fba31b2d839bb4648aa50b72aed417fa1c5cc40c4cc99d7cac8a1146c503bc38d0593566ed7d7ab66cfd2e830eed12b8c221cee2754ac8c439aea70ff94dabfbe4a81558e0a653533ba616a7a9e8ed8c45c1f6afd5b43fb4f0fb2cffa4e8e86c16ae6575af4aa4b2cbc7d5efbd434be6ebe43ee0d1bf1fc60b3a94fb9fbc078f4bd3ec0be7332b887a5f71b1adc190da07e9019c76c372ed5d9c1372459e5d6a0a61cd4e02ed97476ddb8453c98beb22837031ae4be81ce6581e22a6e756e924c7040ca112239e6547fd51213fb52805acc908ac6fab0e1b135da6e5c3670908e9acedc4f382193538d4c654aa32c08166842ae51d166330078e384990dd5af7d0ab0663e2a11f4f98c8884a70c9cdfbce2ac01368716e5f55d56846ce3d48df75151a84aa3eabef3c6f16c671833f346339ba03b7a9105d818e7ce556b798adcd45f9a7527e9a6f558f45242d56c74b3b460e933a74055eabc7423efdb67cdf63418008a76e9c7d887f8b3d119e4b27e7bcd395718002485336ea0baf9fc6ae5dc81434b4d1a87e1098fbd0abf9ff3f9c5b394fcd7d93f2cb7d4fd27437443faad5820fcf13fbc67fc5d65763f804adb54e9cd1efc131dbbf7c0030080c3fcb239b5476112be82940bf1afd960ec45a148693f80b67aa0751d23b603831e0ad09e640e01d56fdfd1a884c71501e9b4f5af8822c72f772990c213386965f905d5af0680b95cbc4d357b48dda12abded0dd16c669d5a1163dc58117341532b15d4f62e3e960131cdfc44e386f2034c0d4b1a13b561c5005e6596073993ca5cfaec86c2f365fb455cad397506539e8c51d738f2117dd1bf65df24318f46a58fdb2ee4663822eeed89003a739f10315b0893c374dccc244db490799c65040ddd71b811d23c102fc467f4581c9f8e8b25898c02cba897f7d95d22cc798e51e47e5d3e7a1b419f610c0cfa8d214e9cb61c38a01918557c40ed8ecb19cc57b305c541b4c1ac44c2c8483fd93855bbd8353f31baf628c363520e1e363e5aabab9ad8e003df0928b3b36e02466c383e931d91be8960b82b7a380344b893e0a920fad88a5a11846951a1a3ee0648084fd02817223cd8caeb3f3a2b22cf17a5b7520fbc095e4e9b7d89d64065e3b16b256e93d386e16481f43847e2e302d7b240bc6293dba81af663ee835853ebb1fc52ddbfd372622e3514c4cb2f46d490bd0f13284d0a5c889f313c8fc6b9f267a9d89be3854bbddbe69dc039d4e3e757bfe083e5bf5359e56bbe80b6e2417a81e5037e370124a453b20eb6a1349d7fdc26710a0816025dec9c40d0819ecfb6161fbc64bd5931129e644ee8dfb7f7c96fb1112a0483136cb819a3cb6507c516c3cd9d7198b744bd82fa045cc2edcd7348d90fb5d5a0250e3b3973107ed9f028c5fb656a4a8dd2a6b67405ff8cf39bb91b6a608207608b6ce181b51dbaf46b4016f856e8a045b3de43dfa26664be5fe6c74c08d09325ca5cf1202bfdfdbdc02dc1c77f173e555e52c78d1c340477b58206686ea98d9ea324457282caa826b38b879ec742a616898a313dbe9365ace815ffe966b7d7c5a82269aeef70801965c11c6e5e39d0165bdbc8ef3c8b4df2a21103dbeb2bc7f85941ec1a7d9ef206d127caddb1e4cff30b6d6d9acd83801548d781bb79cdda32edab67461709fcfee1d6f5e2790f975aee3a50fe1a118fe67df4e7a66562f399881679d6863dd668b7323c0ec242860c17d7e095e6c71919983fb229d1ab4e096f568fbe0a332129e2258fe7689bda5e2d27d9e4d06beadcfbbda2544d4ae8a8cb4dc1f713660c98ed28da6a07169e4000a58537fdf50b48bf840d6dac5baee2fa748b87a16baea498983b83243d0fc5dfc084b5837e0c1bf3fe886c7219ef1f583e5cf040cfa306be22bb44fb8b3a4c2704dd71edbbcdeddf466c30bfc21a30719b0f9a8e5f3654b3311e4eba8fcef90180ed54ed2a9ca2e87d67d4c16ef6da74a977467813ccb3d5547d29497fff4dd9bdc2e152c480d509a8d90b9a1478aa9b2663d18850dbd401f9d4d39839a14c951be07b0be33943d2729304f6a25da1b677da823aa9d848d8e49dbf4149e73e5763fc1697c012b94f0ef11d92a702d966fc429f159da95a941a25b6a709ac72aec2089d75ac67bea9be4c01f270b2ddbc19c419b45109ba9212dc5eb80aa319ba69b110e0f31e04615cdaeb940b9ab2acb9bf280363fdd15f8352aade4412f29f7c6e8fe463597b18e1714b39f9de35d31bf9f8c60257fc44b8f9edd6bca7c2c60eb261f0ccc23fbfd98c1bc603ecc6b90986928fa7af382ef53ec2195f07cd0fb57ab200f31e963a7b7d261f4eb49956f3a01852eae75ccfa944e6ebffc3542c3c36947a7c8b8136dcbcebd2d71da3721f3045abfaea33619047a04e402b0135cc632264eefdc4e900e33a8a70fe496ffecacfeb8bfc9e05efe0f13dc6b8b87d7e66160e879b7a5adcc089eb0941407f437d79b489c6e3e01aeba201619b0d46d4960f2296b2f13215d59e84813b991d15091fa772aa49949ea1c51089caa1170c17de2b433886ae7ab842c1aba42b303340384db65bd5369e6b9c2e1a17b2898d4fa5f01c7c951011ac23552d4d82492f3b79c3058c3ba1a7c9d9e713580b5cad00ca64b0de53bae60d4637be65730f8706c6c8fd65b0679a4394326543ed6c3e4084879af06fbd3b63eb1dc84102429b3d1b1dae98b62e75fea1642f149459daa824975e06db5a5715b600db1f1c92882d77631e8349a4f220b8770d2344a84f911e0078e8ca7acdc1066368719c9c4467f2819b42b1f5074f9ec95969ffca5c53b7fa872ee51b6cc3a16033a02d61f5c4de2ada3b71cfd7060908ea571bfe4224d03d345ecf8bb92686b6790c3633aaa61f60fe6ab3eb06e96ed825ced0b5fe901403e1b57dbc27a297686d2b8018f18f5187038c116b4c3afa8ba8e9fb8f2c4ad8f85f70abe427bbfd4330f47eaecb2d65429a7710af35c8532d029ffb4551cdb0262ac436faeea8bb499af0142420c6b41c6e6a71669644c551dbd81fddc097e7bae601c70d4186d89fcc17f0a72b6744e7856c50f310e5412f30bbe17eb12a227e772ab0989fc1379b4264e8b053d36e26ef5b4a945445ec73a89de52b45ea1d44265d4323300de7bc64d4dc4d2ee220c6b0b116bfb88fdb666b36805217f768e69f317c2c722e6eed7ef2bff36a75a5a2e1e4fe8f6053afa12388cd6a98893f5bb55c724d8bc3d8e1258ec93b2e88cfcb2868c060d35a74c6e17a410396cc0a0d5ec354b3cf4074ded66e3dce7fce7ba00080ba6c9c19e05e2026a9ff7e089dd9237ee6ed2bd52503cce9693f0da6fe61be4350c5d0c9bc5fdf3d3a5245db50fbf58ba92685d44cd5689bbd114f717522d07458d49cb4b945143b08213cfef2f854f519eb1fd90670f60608531ef9e59e15bc376578deb4f3b77ea17df7d05760641b7c61a0333b6e7db30411b92aee280bb2cc586179a94bf34dc095b01e371f05421630a19b7dabd91bad6d310cb31aaad7c5de66c5404dff52401b8eb26abbb6206f5122a4ada4a76d781b8f3215177e565ff22a14939d01124c9a9b8f0c04a8bc3e56a517548ac13f1a569710ed5ddfff00646e443be6046a3619cc4c8948b3f2e28d22d9bedc377e17866b894da64f0fb85c036e0acd48d6389a2136c803cfe59c272f3e7914ff4e879ec35d337715954dbef335de105be8e7ab63dee433c08ecf0aeb5680366b1571e5f8643c4e65a977af0ff4ac71a33851bba1647456d84d308077331c27719553fab08e86f585656166251964ae5af196359df6f1450ec0a05f217622e5e7352d6daa5c13f1d775cbb22af4613d0e78f856df6a5119ec41adba011cc3433c0772e05b643aa68a76a9ac7566ed5883f8f86d0519c69a1b71e407643f640c65f0fa6b83d299ef2706137f3764d3dd5f89ec2946b1b18c422feeffb361afd601e9c2a06e0ab6fb60f351939b918bfc28a76b6041b45414bb2223317156019fbbe1b864fced1239fac9b29b1dfd3f2912b8d02e7ed36fedd7cc3c2b8a715b89c008c9a310c7d9a9e7cd75fc7bdee09d9ccdb8202802b9e9d387e3d981cc16039f2423163433a90c9c80eea2655f1c62b1ad1908b103729a12ba5d47f083d383e0e107d0891d0474d793bacd9957923d4d1b94d2034d68a9736c538d3c4b1d3198c330a3db9c58b0885f867028ddd5012321887348fa57097d819b508776c9c9d9cc8948c7548d218d4416496eba62d77e4429aedf4e5d8f9ba461c8857bd7e35f8c4c1766ebb8dc5653d75de519321b8b066df13cda33fd0aa468b4b372d35090649ba65434d9bd3e0e884f785caca323c27f73bea62abb3e7624f22e193c6418d5159c6cf4ceffeb810089f6b1a300f2fcfd461766a8c95a691bd43fcaa1e7968bd3606193ebee4337be663f1e0f5d9b0ca265331dcb816626241a13cf69a2dcb6235030166098e8d3eb521dbcb31b6dd53ef062bd7c5dff7e0d107b233c54e0c8348591ffaac2a9ca1660b6fb511b5a197c29075220d45a73bae90c126b918bd5ba572f36c47d3fc02a46c21a5c78197f6f9481bfd0183e576972c6a9144117940680d88549bdb2f530ab4533e86d022b872bac3bab666fbec48d7d8ae2d46dd23fd93d6543e2f4fc0a86e2ea2a31d4f5c2e90d5830c69df6b2f8d307fe1951b973184d50cc0b72d55693a814b0e2c989ba7a10a54dc6feecc9896c3c9fe8ab96a3dad8f94cb431e82399591b71c05c11431ab6338eea70cf8865c95abe08f0ec688019b156d0d06de9523913a7017182b51912121f2d1e323772c8eff411475eac1070e9182c75b8bac0ac9fcc914947176404852a1cbb0b045da81e5c6efd253a3add75f77627b11a2a0eba4c4f0cb1f7b35901ec818ee5f6a0d11184112323bc8cf0e0fc08a2cf6f36c8edaf085e44f5e25ae91f9804229aac13d91efb9d3c95a4c82bcc6c982df9ced2e30bc5ef309cb8844a1f5b770f3d202f18b7c84f09fc1148b1b082f9298b5ee50fc72fef01a44226a50fb74e488946d2ff1bc2f505989d866508b8252367dbd6a908213bd92cbc13a5594a8c0e26de0972dd8aae53d181cf9ec7db0a14353744ce141e2dd44582283588e75892b0a81530fed04da828aa066e0fe53d472c6e7efb764a0f5edda45b4caf617439229cc50c6338650c28094eeccf5e3ca681b0cf759218d3c6d16bb69aa457a299aae8d9e803e4675ee48459d384159dbc95fa0f4c1f4f6afa6c51a1863f51e042865af5afa2e3dae011594644ef30b94d4c35bfe16f1f1ec689efa9bc62632fc6ea8305318f8cbe829426f8bb82086bf074b769c6f58cd0db2cf8614588cceba63e75f10e38ec8e24b52eb72e0dc9268e6ff31c813311e1cb32036469850bf6b413987151a05305a959d479eb224e78798e4c612e783441659a1a5d567d47108f952e84eaeb1fb5", 0x1000, 0x5}], 0x1904050, &(0x7f00000014c0)='\'vboxnet1proc:eth1\\\x00') ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:26:46 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000048912, &(0x7f0000000000)="11dca5059eb6ef2e03f48daf1343b0aead5e0bcfec7be0f5") r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffff9c, 0xae41, 0x1) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f00000001c0)=ANY=[@ANYBLOB="0300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eb49cb2ace646254c7e156f7c927e47aa2f3c7f2e24d2fdd77c4f1b78075705e2f79a4e35d784beb85d82e3c49032c5be4c9d5a48d5c9f7c0e4c591981ff05b20e5c48851af054381c1966ec0c6f87d1640b268d240c12b75bb975adc3bf0c283bf25c675a25e7f951d216d28c4a57e0207f57398ffb529b77a23d3d391e173570b89dc07f12bc163965656f4c7b82f057d93e3693bdf8a3ac756a8c5bb5050ca60515db9afdd689b3445bfb3b0a089d1c999da7f3efdda3f3176fd72515cb12b422b7fe3ec4067dbd63da928e50e320c47ea238fe4500b07026da0f898d8da43b2100aed61d848b1d42da5b01"]) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) bind$vsock_stream(r3, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:46 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/btrfs-control\x00', 0x2, 0x0) ioctl$BLKIOMIN(r0, 0x1278, &(0x7f0000000200)) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) read(r1, &(0x7f00000000c0)=""/214, 0xd6) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:46 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x8000, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = add_key(&(0x7f00000000c0)='rxrpc\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)="719fe6593f1bfce4bc21abd8a1715de9d50e0012355579e0ec9d190064ba34018fd2f2e8ec85c3fe080aea814073f29b3fc9b0171ccda65c0ef023bfffffd95ed3cb2bf1a07f1068f6f708bf54f1088617bc28bdf486cadf42607e6a7eea2f588e24b7b7027c270202d5c7ec2f395833f50301ee836f0efa4916bd4c6636ef89a4b553531523d852071f995b889120776eb9a9abb988480de76e8a3ef41b221d40396de067e0625e57a4e9b55f97cb1d7b4fcfafda7388b44143246fa6859200375da4c0f262ef753324353946", 0xcd, 0xfffffffffffffffe) keyctl$clear(0x7, r1) 03:26:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) 03:26:46 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4000000002, 0x1000000110) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffb000/0x3000)=nil, 0x3000}, &(0x7f0000000140)=0x10) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r1, 0x400c6615, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:46 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000100)) 03:26:46 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) socket$inet_udplite(0x2, 0x2, 0x88) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000000)=""/71, &(0x7f0000000080)=0x47) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r1) ioctl$SIOCGSTAMPNS(r1, 0x8907, 0x0) recvfrom$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:46 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 03:26:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) [ 2916.802975][ T3739] IPVS: length: 71 != 24 03:26:46 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2916.863165][ T3751] binder: 3731:3751 ioctl 400c6615 20000000 returned -22 [ 2916.881116][ T3739] IPVS: length: 71 != 24 03:26:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) 03:26:46 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0) 03:26:46 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0) 03:26:46 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) fcntl$setpipe(r1, 0x407, 0x3) r2 = dup3(r0, r0, 0x80000) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r2, 0x84, 0x74, &(0x7f00000000c0)=""/236, &(0x7f0000000000)=0xec) 03:26:47 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = shmget(0x2, 0x3000, 0x820, &(0x7f0000ffa000/0x3000)=nil) shmat(r1, &(0x7f0000ffb000/0x2000)=nil, 0x6000) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) shutdown(r2, 0x1) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e22, 0x3, @local, 0x8}}, 0x8001, 0x4, 0x400, 0x9, 0x8000}, &(0x7f00000000c0)=0x98) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000100)={r4, 0x1}, &(0x7f00000001c0)=0x8) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) 03:26:47 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) stat(&(0x7f0000001400)='./file1\x00', &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f00000014c0)={{{@in=@multicast2, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f00000015c0)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000001600)={{{@in6=@remote, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@empty}}, &(0x7f0000001700)=0xe8) syz_mount_image$jfs(&(0x7f0000000140)='jfs\x00', &(0x7f0000000180)='./file0\x00', 0x20, 0x3, &(0x7f0000001380)=[{&(0x7f00000001c0)="69c920491897356b00caf78a75faaf72690eafb260c7c8e45bb28391141cd2cedbc1dfe366ffb32def431d982c9ff7af48559a0922a8cdf50f807c9edb4ea96e186fc7cbf2d13c90a0df6a9d7bee1287b3d2e59cfacc14f4923af8be776c3df86006c75bad90960303c58a63603ab8a5e8ae1cce3a0a30f48944c0d7af008f44198d223e0ab899ba876964f55ee468069d058fb7ce7f8a4158bf691e34f28273ae98c049708205408200ec82f4e2c83a3dd32bd01a94a7a5f45858e251c6db135647f24b4cf5f412079723d1ae179f70847a59f543f68d98e274c825a09acfbfb9793beac376b6df93e785bdb3bb394e71f4967515", 0xf5, 0x8000}, {&(0x7f00000002c0)="9b512d2fe0a0d18999ee041c80c27df606dbf471d40bcb590b28064093a7a192c756ce78fed27260c7a1422e7eaf82b59be337d2b9e8a3bbf1bbb307ff45552126c28f8bb61973a193fc4d9da53456ddcbd1701b448fb7210b95c496e26b8bfe5e2181fce8a3e96002047d36ef4c128d90164a682560b73621b77a727e340e1ac301b3cf1ca60d2f255312c97d2eb817e0f1a270310cf36a4f64d702b833a43857f1badf49b42774041d418f1c0ede275571e8e1bdf582b61da1be49c90c148de32f6b2c348e123d3e79b5bb2b6023657aae1156e2d45a9cff29419f7acb36da7efbfd0f6eae73e5fc9797b7245254399c3d3154e230f83d380e34371c00f5d0650b30e75bdf9e2b38c98160e0b5f6f50d16f049009ad5d3d09f066a6df6e598424157a20de32a2d6408019e59c0c912b01241678afd4485263d871889facdd442d258010f9ee4080bc29e4a31128b2d6e6805165cdaf72da520aa1d33aeb56dd3349a91655d27ed8c0c5fbb2058663b71c72f31af496ab1455eb600c70468e55c6bd82a4c8c606a6311fa980aabd406c90c564ed83f4eda2434d38e68597d6185f9616a3c24dd30fbf044429f3321b7bf0bc3a07c43803c6896583a4e947b1c1fb577af3d6b8519b9206649ac2a47cd33cbdd87fa6f984331c7bd7692da60b2a9933c3494ed8cf4568692a594d9b09fe11c018cc63d2dfd27555600d55944d6ac4ad5f19d53b2fe7ebb0e20ba10e2bd0aa2df5cb8757346d02c21da43327cd208645de3944d90c9e5d8362a3b1c0e8509c6bcb19750d9b8c6467dcac4fa5a99d2698b7d514d74fb65b9250dd53db60623b3c7ef77252552cb466990e26e5b267f9b97e5b62e64901baa3c2be0b1a4bb48c7a66e9c30b73216934cf263c2ea2e913f402e0322a93153878c35b04aba03c8933d9112ef4751251718fade60ccfac859980c684ce1e1d772d278c3be364832f614a6f9f445e8c5bf8726ad2b3280d94108ac4365a48240e6cc478660220b326a1e9d10f4a1a7d03493e57dbb440bcee79bfa2d089fbd9644913ba54bf241a44b046d408857dc592e884bd9381107909bfb4a41eeb1311a68e4730fb4809948952b93e72009cfa03d04d72dcf9ec6ec75ce13eacab2b2bf86e84d3b6697f6801aba40b7efe98ff22677b1f672f68c8007d52b5f0b36d64f5dfda11c1933f6d603be6ead4a8bad0999f1420dcb0d1c11549a22ce15505d1b4ca74a45d863693d70e498808b0134302114a922c54ae7fda069b352c75e1b3b1832a6b32dd49b40d3a7ca2c48a7cf6fdaa0162f7d1ffcd620944d30f7f85314c462490d698e3b62cd6ff4e75f79860181900527782c097dcd87790420e2d2f5247ba87f1467a4470872b7f6ae17e9e1f6e7944cee457e770a946a29705e05b8cacc9e9051c10e18253674397ce2c3f16ad3f99422ac773b06b641921eb852cd9d70287ffbf0d113543b788dc12a1ac772a233088bd0a04fbf4569fe6d39c2f00686b102759cd292c9fdc983820ee4797cfd7b279c19408abc4f4f2d44e3401585cc0b8aa611d7a981939c688d085d2ba55ed3fa60f0df41acf55bc160480a6817baac53f08818bef1b05298425c218a3d27ea7cc2ab6ccd9b5379e61055e60c674c4fc5304a53aeba5201042c7f2462b8e2f6a00dc6a705cb50f918a0430d8995e87653e68442b09d100b725549c3997d5444b768900dd7fab326224bf094303ead70b7cc3474d0243c24aabb53f8664117df6a6a42f8e4883776da9fe06a716d2c97de07f10e11b59ca75970c1841dd0c5aafe5d4b8967b0329ec01b5eb936c4e396b7ca6adf6e50adb036d8077d1254c41d54b27bc9131b017edd32446b0194ba29932a96020a6d5c555d9f1409f784ec036c46806bba2dc42ad12240a5280bb7a2c619debe8c8f2a90d785203d6e9ed0a5449caea273a5cbd58a1abe23c610196e877bfa38756d3fdd7bca30e9476defe77bf1b7748e8d059b1d4bf41ba8728a625013b82c8788db0b68cf9f480d831942c2bcbdcb5a83e5b20c3a02ce825f5afe0fd3049cabc33afe43a44d4ca77bd7f541610295974ac0df21c3b2651040c79a1d1bd1ce7dbb9233b2248021b645e8cf3501b331153ad78eec08d78e1098e7ca0c3f0582cc8b5263be816f504511845b15fd03c72fa602cc9e52c4d5487f1ad2148d98ae57d7a51afe3aa15f3bc6c90a0ee3d4e7adf6cab1d118aafca28dfc4332bb56c3d286d3f72df51b2562e8290717d9a90e0d9fd886c5bca5cdd4c4227d542d559991f0a1fea6b4e6320ffb044cc4739119c442d0bdae90d8eedadec750a1346ec1f7ae1d5996b5358696694322f9571b4af8bad63d4ab58d21efcd1ef15d17c44a3e8b57881e2b2f6e98a5edb2ff6a5443e9d6d7094f4c10b5ced98fa3e8d494664dee204e3f15982e74e032555f00b34649a11ffb5f8cafb66461272ae6c979c187479d59217de53ca3372b435cc8879f69d1347844080a8d880395aeff805561eb673cdcbb6b2d3947f38e87d8d2e60b4e1d846b03028ff9e52d87d7429940b3653fb27522e8155e539cc4d23aa49a6fa80afec866efcfd29ee83681d74258a50bea1a746d2411103db96c66ae74b43a4b09fcad970d5f8c938e7f070e08e8bac3a94632f78740c29e996e21daa0b7bd49c48f6219056e1cf6f292bc162f52ff6971f20695b60dea429ffc1b021cfd81ddf82dfa8cda20361b5192d74d905925b8550f33dd5fbe85a5dcd18b38de837f7703b629aa5ed158795047b3ccdd28e1d21466af8e70897e539e7fd3409676070b19c3ab68fd385e3f8e4fb9d05a3828b3887e9bc68f75f6235349a21c9e3e084e8ce3baa416998dae2e9a7c5714f40f2845dc9d48e4501711a145576abc4cb0e5d1194817be3aaf99a1f19e5bdd6f91ce881cc80f514e3675bd23c838442fd7fe261ed338d54d259f1a37e1ed0c73182b3b3eb0ece610861886b76c828b746ee0e379067d44b321a8248479a5b3f681c69e6cbb2f065da59e17e9950512d01761c576e584bb5d8942b86b83ae734e0e95efde8d9cbb64a9e3c0fda0a0eb1600f63323c41f3fb2af773fe22ed758e0cf07b0ef5befa700821e4459a9b1f69e67c590dbd5ef822c9349c85925b98e77146f19015ddd9190e0547e9c0c265ef6ed23a3d1153f665e635c1aef2008af586db628725a609e84cfc782b04811eba431e289c6c95054b165c44245a6bae1e87d94a61401e6d48531329ce09ae6ac57dde5ff4f2be958991ef1a0452e2bff23999e061f595dafecae90cbf6519f0e23b832ed847b54be07b3989ce70a92b205b61f9b7f40511d12f05dca5e93aa75acdce960b382b8f6749989ad34b7ecd7ed60d51cc03472aa7dfa1537ac5c4b8cbe459e4a0a6fbdbe0043d325ee2b2e45c63656133a98cd9919b026078aa62849e3f61993b7457d6c8e03921941d4e3f89022ea10a890e83050f069e4a591a28b932cd9045d86684f3493109e4c67b199b162100cc3d25c3045ca2cb8e934c5704bc0d8ff7c1a624cad86d3e63ab33b795e605f16aa66cc4d51a0025836f13d05313566e423fe3581d49f20595afed96b115c86f2bda3280ed9574295cd7e843d6060804acfbf5fb72cfe827a4fad770f8d2af14cafde9b72d6edbd707486c5a2072eb262b18857960d2c3ddf85c7abd736d641b1884a0bcab52a07e13f04a8d0bb544202562356eaabc01ef846b6a89f84d422c5fefc67090e853bce049f743887d231ef64d7f2ac59169c07d6073abb1e8dcdba121ac10cf57500f6ee27705d1dc45c75e6736d1bbfb8cb5de977b39b620e315844a32b8df2a6894a85c45f57677106631725d49c52f915ed5d4b44990d59cb45bf8d8dc6f5d3abfa33517a82b0132786f1478dbaba8883983b98a7147fe1afb78c18d6c7f59146d087da9e5179549483dac9a67ffdc9dfe5870d4a1ed539e6553f13a63503f3e379020bf478d2d7ed61c7ac2654a2221f9bbb860cfb51d07a81a7ad50f098817d1e86750c6efdb1cdc362ef45fad63308ac917c351d10be5625bd1226db65d4afed2897b35008195f077ad99ebc307a6d4d88f9e5914e4ffa56043df7db1cdd5cff922d62007d69d471f1e7540027002681fd309f97d126d85149c286df5be9e2935875155d74517b513667d9c8bf8d11e80181da76133d60dbb537917f0b1d822af093ec5f784b6fe5dbfc9aa0277b53be01729c4cb83d8dc7978acf52966730c24aa9d803deaba4d5b57c4b8d09c8f89926619740b80726621ebfe1a76be08f0d3f63e18a0b997467fc098464ca87aa88a56ad32f7464653c13c3f9f66f66ad85762999dd4aae3d44dca862dbc914912fe1b4a4a6dae2e3b03424dd6c1fceda09cf80f758bc2acff69c0af9fe776b68b7d2c1ef6ace5dc777292e3c969ad98c3e9ecf82665376a27923f293fa7a862e09ec0102c5ad8f0b1caaa2e87713720f3acb0d3646f1ce99ca1564f424da9e58acad0a3def2a6fb6834f8d5a2beee5719a07c2d2a6c683898adaa058940b98c9685a044d4c34b502049c41328ef3c66f50eda95195ca5540b6ff0c223c402a15c9e0983371339a116de14206a925624a585e76aa231fe92df29e8a362968336e07c98465f691ac66b7ef768941030abfe7c196beb505147c0dd68cdaa05f373d7985f2ff44993df1b80b2897770b54d2304c05c23aa07bc77d62e85f4cf085540bd1bbc3a63715f4fdd1696e58ae740ec5815c3754b90168d5f8c2df97f5a26715a1779577396ce15c0f72d1ef8fbd3cef92701368be63e0a241d0ad3a5f7abe134be8ed579f39cce28cca2897ee5e003014e179d49c9af0d3c9d1f78a9a320ecac1d80988166b50417866548da558bdde22b9783aa1f73219729487305ff69202163ddfe2641ca8469c007bbe69ba86f1ff0e54566694bc7cdd3bfd63086013f84ad23aa0e5c5ac44f3f6e83e1a9d2aa8f64398b0db070b035436432da94ce34788fd0d7c4af83b76b4256992134bc6c77cdfe2d9470cfe9c1ec83f48ce15f2c0689c0cd2f265f03245670ce6bee2612e0c7252778f0922ccb5a6c8bef25f12d3a3e8527a772e425f07323af6b320479eb4a9bfa152dbeaa97a1df77821a70e3527189cef5ce0648794d9694a7784afa6798302a010aed4dd6694d79b773a46e25a65a088cd24a0f3663bc71da10d00353de5c63806dd7da88aefa6f2ab7f8ee2e5b88753b77f4a25f7a73d1658743cdd4bb931c6b3e661ec4b7264cbf80d0f8f9f11234797686f5c47af2b2209eb3430d299a432580796cc3930fbf64497c372f301d301e572b1671fc5b311d5189bdf0581192c6f7f8fc2a8e81bc3dc724ad7b23333c320918b5b90af6231131ae6eb095aa3d300d48315160cba752adcb321ccc92c168e4a119ade5157320f3d65df6aba32d727321cef3f67a44d11d3ab42c740e38511a176040ebb4fee213db770494e0c7164a420e1ea3e5ba32a222811231aa0504eb892da1f035efa82e08fd0cce6cda204d9ed3a146e7ac982b5fd359978c79bdd0266df06fd0be2f0496a92e71da0410395a102dcc587b7a3f518d2f1008bfd4dfada4e12f9485566ba450f3e1c0d4155205442e7d73e33b8c08add55e0316a339442705f1d62f38935fda100b37ae2aa770bb12cf5e98a9dc8fe8018c0f1446c25e9239761c7e95545c7d7536dd66f9cd6457b39164f4d44e3e35db80f093097bfc00828fc75c11b99516c912b6ed4ba52aafdf017dfc127a51dfd29e93d08f0a91a1f1592ca232fb0ceb32f211f92ab4b", 0x1000, 0x3}, {&(0x7f00000012c0)="2335b0b2a55a179cd37610e628a5beeb3b7ca2855ff1be8d1da4cb3b52e9f93a0584406e57ca576a9f1bd40753d06eeef0eaa4f006f3e85d4c55b1a35e4c2c0f74a1f76cd9b8bf08f40c32a2215538abe3e30aa7ebef57a400ce1c86cebcfe41021d0e7b3998187046f5a83417bc3bd8ea94cd7cb0a2ddd838a4546b0a7169fd75ef6c28db0c6921baa8e91c5021b6b7686603", 0x93, 0x100000001}], 0x95b014, &(0x7f0000001740)={[{@quota='quota'}, {@nointegrity='nointegrity'}, {@resize='resize'}, {@integrity='integrity'}, {@integrity='integrity'}, {@errors_remount='errors=remount-ro'}, {@nointegrity='nointegrity'}], [{@euid_lt={'euid<', r1}}, {@uid_eq={'uid', 0x3d, r2}}, {@euid_gt={'euid>', r3}}, {@audit='audit'}]}) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x210401, 0x0) write$P9_RREADDIR(r4, &(0x7f00000000c0)={0x49, 0x29, 0x2, {0x101, [{{0x84, 0x1, 0x1}, 0x7dbd, 0x6b727eee, 0x7, './file0'}, {{0x1, 0x4, 0x2}, 0xffffffff80000001, 0x1000, 0x7, './file0'}]}}, 0x49) 03:26:47 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 03:26:47 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:47 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x105040, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:47 executing program 2: r0 = socket$inet(0xa, 0x801, 0x8b) timer_create(0x7, &(0x7f0000000080)={0x0, 0x18, 0x2, @thr={&(0x7f00000001c0)="4f0fdcc93d8d811b544f64b15584204ee4c449a4d3f69c0d4301c2a65b283d8d3add3aca862acbbc2708bc818158211d9d127513c3b432164a38b03b2e9c72b136679ea1a3960583674919ad88cd5a6a6b0f8f6efcca838a7b2a371b4e48dc6487082b167a96b59ab6db37df544d9a98606412609405656088866bacec0cd2cf6e263e87b7773da5536d7b4ef285fecdf9e691a0e702eda75dff15f4afe13853deca96e30dbd31b47f1089e780123f59669379e9fe84481779ec2ea1be682199057b0273f49e92c6c2988dfd25a6e3c5c60eef134372454281e9ca201fffb0cd566befa794e2ba02f35c409c88ba64b7b83560a633dfad1e84d2c1616d2c00594f4aa1d460b539eefe2616a573b159a792b99c377f439928216a2afeae2c0ed3923fc084afdb93b9a7e0a9b69539cb30a5aab560df523d7fdedf06fa4687d5de8077a40364a7d5f695ec70ae802e4ce3d71176282e313b41a468f8f0ca0d5877ac456b902ea36d2a65d405777673e2e6ab96a7b31fd7e0eb127a8ba380015000f94218faf62b4cbab850290daa63e9501643628be2ed89347276e44d33abd2b6250228f42c1478da2c9761a95f50f657bbca58e3cd7da5a8890a9df52b21a97c884c858b876c2a81c1ae5f0c632f71bd667f604ad30e23b593056487217adbd89fe68181a1bb56a074171f616ded054c27ef75807d6398f5e74c80b260d3d49d172034df3c3dfd51c70ba0d54aea18166fb6cfb894c26cabeed63faad1ddbef2e9e13d025486d2268ae66442b62ab062f0ad894b5e904e98c0b46e117fd64fc35311bf7ed88d1e7180c03a76e46771ba10085dd84cfaccbdd7a7a329647b4b9cf2b3dab4b5b04c8f9008194d74ea5b3c3cf5e93e87cbb0b02c287b60a0b4001dc3e6602edeea9308f3cffc0cfca21fee126e56dcaf284197f2698b57a91c1520b8b4e50522e870f07d8c236d1b8e153dc6b47025bfaf9ef30564b3aff23cb57e5fe6e1d37a82185b84c1eaf142c5b909e19bad1a91eccdb2072c5a4b1835fedfe3a40718c211b477230f53570d1f47d4be308769848e62b49f890cce42a641e316bdd3833eaf181806713401c59f2d3b31900933648454763ef6ac5e3d6c841d917229c45627892f447cd36451b4a38401d8f4807499c9530f5507834166f806cde0551d2e199341f50050f7cbe38e07f8b3b7f35e86aca2444221a8a2e5c0c005b2ddbe8d86e9cae3ee4d16dbbe22dd558feb5af74ed86efaba07c77982beee7cfc7a98191b855891d5df10996be4a5c7794640801b6a72e8fac94394d1819f66b772ba83851fd78362170b86f6ffed312edd14365d291558767ced7a7305c28331459fc92cda04c80bdb2a22d5226114079900aa5b6e2bd60f646af393c5b34bfa96a345dda68503313904af02861523452fea064b4527ee085c8702e0d66dd6e725b37dfc698f4c01326b1f39fefcad6fa1a001e358a123a3665f226e1cb688b61c90a08f0516249d02108daf29ea9df2bdfdd37adc1c34a803f5df2c8d436b8259953ccb393d6b2fb6747047b31ff64260d381c70f7b8d75b3b0cba081a5272c93f4305bd874aee4176b92bafb3077d56a7280fa32d7a122981ef399b00cbe939140e1c97563555efdbdf12ae5af9c0547d92967b4450cffe65ee6e82f38b786f81fce9e8dea322270adaa068c92a8c38fbfb54f42f67e278c7c87d192f2a10ce292c483edb91e72c3f1d8d6b041b86d6fcc6b79dc062d436b7bdf23f2e647753678ea3e6361fad21c600d1281d822a2d645cc877499ee8e88e321c4223eca084a51d2773cc3b311757815181d9c21470de5631cf06ef300b024a7d5b75ee38e421b23193fdc620d95a925dc77fe5235d0ad7d6d410d427fe91b468c8e0c8ea40b7f0e87f2002b88ff111527014b74f3ebde239f80d9c678fef91bb12ac9ddc9c69f8299e015ecc1777850f9dbb2363160f87885d1166b5b4255d817d88ca3a199c1990a2976537487ead3971eb1e4b31405d9aa1d84b95ce13e24ea30b28ff22376f2bca8a9455df7b24274f027eb6f7a56a57a41d12c54cb12926bc7924486811d469e1926e5cb3d673aa9afe8818d66dae19df2e773253a3d7496c42d3e330688e8f0d16ddb0c5405e7c3c9b95f8eb5b79355b04b5bc415b1328eb2e790945c59caec5ef8fc069a0fda20b2536da71c81affb8c95392fffefeb1bdba1cd66e6d6113d20b97acf2bd3f9c936cc657d8fec76914515ecc778883ceb8fc3f8e8d9168b23f3443e7c84981ecca1b152be8f11cb54aee008881002f1eb94d8339aa769da8c2eccdaf9e31e3219aed8387e6ac783da3a03b8522199e66db0636952c100877e9bf6b36d6bd0040101757f609e6d3b76265e1f576a671661da8a343e4950d113e789b46fd15286d70927f5f0c5a43e0137361ff80dc252c31a18547f63aab27defefb644c05ecd8e9c3e67aef802177875bb497dea3101ebb56e7b12cd48a45601474671e22c6759456033850c2ff09c35de6dc26b3bed17fc804058ad8356203fe26ecb71c0b7bf205aaa1f5411a90de2dc20888321e16c1253605039e1059cb5aa08fd21d8c59c5d930e3c335150ee434dfce54b0af6ecaf7e419cf57a2adaf23fe80828869abdc4b165cf2da59d00bce1d3c75fa55d400b6bba9d106188081762f27d00251b0f87b51f407f0a85cbfb22cd8b1e8bf4ea7791677b998de1c2b79d114efc46755e6b02983aff3e6dc98bdd759d89b15d930e901a8ae0adf42e7652e71f697f8e18ac4f7e1f1c6cef51edae02b368ed04b0a1e6f0bb8f473d1e1724f896705ebb2d765049b477dc2f83945a4af9999875a51b3fe00170920c41eec92fd167bdc8209d9a219018a7f2c2dbbaa428b00716980bd55356fcffec98467b3b6474adafde3ee7f0baae53fe98f16c3739de042b7e5165e12c3c9aafc333c7a75defbecb905594e0c62a1b7ff78428d0423a956f8ac99bc614c41b41225b1f5a51eb33cebfa60f0cf75388cfdb254e03feb95b144ca55446c229f891fcf9b9e86ed63ac60f947913d71fbf5d159e5091f26dec41f6b0541c05169047a68475f1f85e18552ab6dd0ef668101e26d8a3648ad63832042264eb72508a62600dca59f935a77efe44614fa99bac01a30e7edbf7215a6a23f0e0e92589f7f91e1dc7a7e5d19b06b288d9655a8212227822cf771a2f57cb6c90dfa20ab5fe5bca7a48c8b6c99e9a771a9aa07e6eab08339f0e219a387e1ea3aad1d96be0e9bada4c8f29767a36de1fbf00c518fa3a0124cf65734927c671caf69366546561d1ed87a8b1f798ac93c7bdb914da2e5413257e7d45928ef1a981ffd1a7ad0fce71803fca9ab36ea2eeb5ebfc21d344b4b77700c9e1c58cd94aca40e768ba7baaa80fbe941a75be701a35a74f749ad3d20574d819416c8fb8a6d863f4c94cb9245c12c0a64db3ca32889e89bf904f57667e8bf4815b3c02550405a8f87a037092ea1065c1ab8c1070f6f6b588341817ee8a1f42e191b99f92e7896afffe5f0b24b5180501fcdb1d3d69f2d9102168300ec3f540ea53c671c5867e44f055fee763d5d915341e7361a5b5376e291aa14923c7e7a8efe551672631a8073524812c63d97f86872d8a19c796cbf229f0f5d7d03ba7884e4292637fe67f06b0bc545f38581848c8fbe4a7e3f3e81a3f48de3094e46548d2a14b900d52ae079dba846c3b9502eeae4ead4f5611461b2161bf5501904c3ae4f24aba843bfa8a3e521dd2314dfef23b2e55733cb789b230a1160e79429a7bf5cef97aeaef6b9a887cb1358395393c8076312a5b49fc6d44bbf468381ce13b90e8884839bd523a50d4556a9888daaa4ed2466fd115aa14b5f0ce8c3f6e105f69bf65e725bd9b4afc4a5d11a9ea83d82b4f68f365a27c037dd71d1f693a536997f369c85f331a46f51637f878b4476b31e3b1dec6f03c5c53e6bd0f0689ae7c7abef4ab93a9d79c599b6a2bab83d5b101e91af8e625760957dec02d2d07e8fe617f4fe584ea87acdb4e7aedd1ee596f3033142e6a326f596b0b3f6781b07be8bfe22b3c734f84c7bc4afddc8b5f5fad10896be92a846c48a81c2930746e35101048862b6efabb17f48c42a90fdbdcdc645a6d8098a4fafb4f564d58d3551d636684551be506ae1d19850777df67ca422ded66a50db2ac24ae62aa0548a813b682120422d3dc48cd14f2cac2d9b95babd544562b37eea84e5b23180a221089a38b145f1fba9b55917d706b78344e2ca579de7dd6025b64ebbf961e2f161ec39c1997df219a3e0670ccca90417c7cfafab74abe9c51febdd9d7446d9e7703a9c9c66ee607e2cb9935d6565650f917ef6f2807cf65a2895f60d072b359b6cbc6b643bb89ade070907508b6eae5e2460ce9fa3d9d8c4f76c397cd437f88b0c62e44c2f6a5d9b4e8765fae6af2a23c5ac5af063243d0f1abbdade25d9420a372074f9261f1921bd38ca26d29488d09f4f4bc3d9a624dc23aece408ea6412e4b7632b1ef7bded6718aaaab7a4b685b0eb9ee55e4a2c380fcd20ed65f7b59c5c45b09de4787d73f7bbb94adf33cee69a4a97c2042f625b331af86a2fd447cb5326f33f9e20fedb663279e6a179f64a582002c4d1e1889bd7434e8633947ee5bbceca2173735968c66df5ed6770cba1c44f5b44124ac13b6a96ab4a2cc032c85d5db78be23f93f759a3380dae2daf062751aef79c0ddeb71c8de04e25a5e296be0a76582e8deff5223dd45baa2e835d4439a3f206acafee505c730e4d25d6532036afa4dd6405fcbf69bdb9ad053cf73df8315f2774d46bcaf145c9466b79f92cead7406dfaded67ac94817494d893fa478240938ad5ad7b791dce3802e567594f2f2563c8c80e63749e6c83382d735003d26945f3325281fd67116b5f60b38352cd35ec78a869f879395dc3863d341fbbbf3c0264f62a7f86404616608634355d05ba70a8a5bd156ef31edf6717d56a7300258990ca0977f612ec83deed1c9a07583684927fd6da18560670b3a0c5e4d8511f70ed918661a7292a44f12751449d806dd56176d9518b364c03cf6830c81b9098dcf396bcbe602f29431c638d116b0f53a0cfb2d9852711f5dbf911e17e5eaaff037ac64f150872893f2c85d9a7b07d6bd89e6cd492c56cd3fd9dd6752cf1b3066ef9b0156fa7c4395fe1aa3b3fbe6c1f8ce0d7bb73763261c209dbb73101c59ff473d608060da291989fda63f0b6b2f67c4c25b3a474807e49a6b1439bba1dcec93d919cf5dfbe0b40bb30b88fb2e82e88a040cda1096361f81a8994892fbdbd9910b5a784b4541773acc8476b4030b852217e17d7a8406728aae956d374a8c99426cd81e0b42d43ad85a83620d0b5b204f57f907af2a0ce56df37482b53f5be2b3755f0c3ac173c65ec1d768a3fd22f5708c4d1022d3bd71d71ef8105fe19a0a0db973a0af101d939483c2d73275f8a8adce15d1fd5fe8930d271190f21875c71b949604dca1f753f13d76d9e6af0c226390142a5f46749003be6a22ead64be9084b2137e0d8a1fa000ba6c5b087a613a683925bfa338af1c2ad21cb04aade5d06acc4974517b24cc10333797d8675888d363282be3535d4470d5aea79ae5d351473b0ab97ba56540a70be34706b45b95198d5d8391bb58eb948ab49802d8ea95c5f70d7cb56607d8bfaa1c6326a3b49d470e1d441935c8bc4c40c29efd90c44337cee990e576887a1e1232a5f2aa0c825c2531067f20b07bdaf9083a0349fba54757f18de2040c1dc782ba9ae889d226d3a15e6a0cf9eab29", &(0x7f00000011c0)="2496be4844d23345752735237a3a624ee0ba88a595698ac98fe1fe130412da6a0734ce92b44e6594322c282582dff0b1067680bfee1902378a3c08038efd9bc45ef7a71bfc7cf72e9df1ebc4a379d2b4fbf0b4a20075e139eb4498ddf18318287eb915764d114e795decc7bbb8fa7f377cfae5eb5933441708647571dddf1a19642c76ad34f127830ae7c8289ca4a8d5f24f6ce71ce1bddd0264fa2f3171c38e4fa1d2355452efd0557db0b3a95dfba62f41255cb7d816a73af272801a466db1e38c69828634f042ae6bace6886a0317941e"}}, &(0x7f00000000c0)=0x0) timer_delete(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000001340)='/dev/vsock\x00', 0x200, 0x0) setsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, &(0x7f0000000100), 0x4) connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) listen(r0, 0x100000001) r4 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) 03:26:47 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001540)={'vcan0\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000001580)={@local, @rand_addr="068d701235ac453773badec69528ca05", @rand_addr="0b55ab1e53bd3df73924ae542e160d05", 0x100000001, 0xfffffffffffffffe, 0x7e1, 0x400, 0x1ff, 0x1a0000, r2}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x0, 0x0, 0x10000, 0x8}) ioctl$DRM_IOCTL_SG_FREE(r1, 0x40106439, &(0x7f0000000140)={0x101, r3}) 03:26:47 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 03:26:47 executing program 0: r0 = accept$netrom(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @bcast}, [@null, @null, @rose, @netrom, @bcast, @netrom, @remote, @netrom]}, &(0x7f0000000000)=0x48) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000003300)=ANY=[@ANYBLOB="00fb15060965eadb852059ff97fb8cb3bd98832770a2267f291571d70963452ac216750a5d681190afda5052fade4f60b9db1a7ddee983c9ba2fe9b148c62f6efdfd60252e87c18a56928294afd427f72466c56eaaeb92ae0258d95ead189b0bef5bd043ca16a97e9e50a1313e8bd14e72e4305da9d63c8e009d7f93a256d87677bde37f3d73bd008d8b12f3f9cadfedeaa868f06e4834031bf7091e547f0ac7cdfa3c12949f5acc19646f1977d7d2b158cb49e16659ccd0d5161f8e9948103bc4aeb3e4a08e8ab8cbc57c4f368e947d1a8b70c5d2607e25b72a38b95a406b303975f9a96b5d69f6159fed1e5cb690ada99cf10460c6fcd2213825afde1e531fd569e9fb52ee2274c0b01dbf8e01e047c3a1eec4e9ef0d15ad18812b21846e3fa0ef18e5ca8e681b0bfaf19ed06aa8cef6adbdb37f4f76497c3dff0680b20d5c29df698a70fa6ab7db9cfa1cb5ac30b479f3b173bd9fd862dd5b3bdc6929c04a469ce054ba0b190be344bd74790b6f1953ffea66714f00959e5492fb357fe8355ab2a1eac9bbc71c6eb5d3fe1160d0dcad118d8532ff9a5f817df9bf76e236f76acf0b8283018896d7e1069b5457b63f73a8ea7c130a1c6e931de6e7456cff2ad3909715ab17cfbbfd9736a6c848e4c3090fb3e3d28dfee8f6793d1ef99a91e4535a51a4c9d7ab2886add4b255122829251f9b1b08c02bbf06517269a45faee7bd686586c4cd63ade587c81fd34a84c52c375aa91077a1142b3e7bf4b967c3c81fde8b755a0cc2d1ef82ee68c4cda8467db45f6602a0549d0ebd0507a93ec3647e74b38f00af8dd48f19c3d715af57bdf8d8fc98cb759afd0e103a523f9a0ca2dc54599c4f43c032627556c78f26c14472b7af05f6e18b4320551cc7d7bf363130c80a48ce82dfaf6feea68dda85dfa210752f7fd44d85824b58671bc540ceceda0d37bb0df38af0f20412a9949dda5a5e303db66d15b08befb03fb4b4ef62a59a44ecb592bd88bbbf354e257217bb710f04ed40ebe8a6cf597d2ad9fca0bf5c80ed8ff1578f8d8b74086d36e8d8877c8cbc4ac0ecfddac61f8fcb29325fd9f524623130ba628c4423766aea40761007b30649cce0919e39c405156168e4854973e01cfb389a306cdaa88eb1824ee5dd5490a35ed5d93279fc273c48a930fde1bb765ecac36c97693dfcdc61be39eb6c0070781356fc82af0cb4c9a2f568ce2c27e2d44f87eeea5aae2cd0c9531fe1cf44ca19438c5d596d4ae4a0784cfe6662338a9c79935ffd963d12f3ec32808d2cdfed7c899744cc5ced6ff52740e8e209827aff9f7a3f04601e46741cc8f5f448c28c81f55ae656674c2de17bd254e820f73e84f8c1872093cfad24b8c02308b6a584aa5d049252270f523184a45b4c1524b0eeb7fcb30515842c7b3c39cd7d6c6e0d72c1f0f1ef0f096dc7e3191fcff24b983ecec27594b1a7262b1f80e89e4c9e0ede443ad7d120620a5db0563fa0e4974a1cf5e3af4d9bd0fbacdea94da78f5827c3ee88368326e617c6874c13323938a5346d358101b826d1d9915ad15923005791678bef2b9dbab06580c16c21a9d466f63de1baaa6736d4d49cec792dfb64828be4c7280215982921893117e800aed03f744f4e2e48f0384d6445f445e41793f09e1ae8fd0b5442199d2af5e40ba0927d7c3925195b75b0460ad697a5dbe17e13cb15143c13715998b4b6d497d19d1c28d1381a18b8dca3f570a293995ad7a6437bd94cca41e8eb74fc77f655387eafcc78e0e442c216b6df0b0a84fd5c8a5330c3048135516deb48407c079c587aa5c980b57ae2e1141b165c81f37a2d22884eace472008362e7dbdf0ee38e39908ac37102c3929055b12fcfc711b1b0e8858b07de897fa618fbd4a97f69a9287ce7181b7e15c1f72e534eae5fd490bef68366206a10482047f1fa0bf034c67d8532874cc918344f14259aa5f7d274d4af1e33d7ce7ff36e6d4c363c8172c3a1dc807dc47ff795ddbe26dba4d717f53c90522e154d81c72b6f2c81f69543d6015a765eb40ab1513b0830a4d7d61662e57b19a6d479bbd425103f533c73a5c4cdbdb5cd9ab9006eea404122ecd498a4db9bb65fb42f9188639d7d1b416f09f6cde5731fd7dad6e30854dcd8a77d05233426fa3964bdac4030310bdd1ff3ec8d7fd789f3ab0209e25497e208103571505ee4fc9a23660be22e0ff597e8b16914716ba7800f330406d03187a09b03179933bd3be7c80454eaa2e28736d42a1326d560d73c87bbe39f03d394370d77fdd51736efa9090c6d25cb64f63768cd2fc6db5735512896ffc2f04772117bf48f80648c6477c1249a38965a71d5f1e498b60b1fcb1316861b1ac469192adf8928021bc9a06f05fa021d7cf584ae27b809512de2c4bf64974f39edfc49bedcc7ee66d658ecddeaa3364f0ceb6db16544f8bf374c7257878e23230bfae4dc40b5a0a1284f499a94c3bc15071461ca5403bc9853abdb2aaf035ed9789beae26036b5ed0e60d5123abfd7e2374b6d79029c6210c4c6a376728ad608b6e17816b4b799c76ffeea5508bf3f1d53ad2f96bfe5cd42ed7a0dcdd33d7fc4bfd204663a7c4ac3ec18af225a5cfe46efbca6831792584f18e38ab4c7ad46160058c29240582870b128919b4109f0340cef1bd4b415135550bcff705e84ef4f39e67b52b85b475ce864a5e1359a978224d72251205e82c811ee50d57984b72b8e488a409d0296489f90aad3f2a005c133bf3dc3aa4933507f03e1bbed1bbcfa4cd043320efb48c847b048e52975df7080dff655af108d6cec09df39a602d78563318512a838b8cd6e557f4925068292905730215db279427da9cc0e198c589ad42eef05a26bf9f929a5daf17830ca8949a51de077a40cb64884bf891deb1112ea68ef455019fe478cdd6d77f02d5ffc19f534b489597b678524cc850f082e2a5d94d01c6a578aa9dea3dac2fd64c6e2613ced46d6437317a8603886fc303f069acb944d001db58c76121cef7274ed77470b36e2862de6a7473b1c3c9e4aeb44cbeef82c0a256572394d5722d66a661e5e2f7e64042170b9c88fe4b5153aa167b4ab77bd5537f8b6864dd518d9cd6e590e157f5e6bb1296ba977cd328ed53f0995c7f74a3aa71f4a876eadebc85b41875e4207ac003dc2231f7c02717c2837cfb7f3f071493e91f1f85080a15e413b6edfd40776f740eec4ec3a6996d0412146fbaa8110aa85b5940b1d19d2081ba9d58f58dc17bdabbd27dcee643f88c76ab8859263faa7650be30e3561a92c533a1dfe571a558a49d83594ff35f40614506af6fdd1746a2afaa4b6cfbf6148cb1e363fbe5f242027f0dd54b9ce89c55b3e3f7e4b1e4e7c8b3181787e727246d4127751084597ea622e795319898f79487ca458bf21ea9920f555a6329024fcde673ff2fb85b712d76752ec471b2a60562f25f06295b8e04ee55cd178b23f12138190245a2f8f50ad86109911019dc520e36fb2d1a8c0b79421db943a120e3b7f0a4cf9b19cab604dfc6f0786de0c6fb7aa7b6eda95bf08489aab87c55e370c13ab5ba7d94510d0cc07a3e04826f926156dc9b66915a4798e898e55960d5b36d6035506396d2c59ddd63498edd807edc515f5a5d38beb13057404d825d48eb46838eb977ce8130b34d2f7ecee6f08ac03d89d4f846ac38d4316478b14495afb88a6e1c1271f2f27e36c774e83ddd8eda165f2642fc40190192119822faa46b990e488e49c2b95f28941790637088f5d58e7fce0414e96b1e9aaba57c09179bcd945969a8d73ab4315877a7a72b79f2d2a08c4d3c217ef0e9d8145f6c709188f26399162dda96cfc54658ebc09feae6f51191b5cb8a730ac053afc22b6007411b3972b7ae8b32fed9e3b6916b077b15927c3d53bf2dda7d0c5bf36bd5ea8b576d6d508aaec3e99e17801633b6c7a7371ad7b60061f979a47c9828ef0b561ffc7956f7cdf35c88155a3f9320522c89b3176df981dfd84a8d378285da345d8a0622e4d7438ac7f8b28d5299381da9650b7eb37efde88ee31519c26cb476c90cd4ae771b87157fb62047c070382f4aa199b1ccfa28c4337cab4dc7778956755e6f49676f54b414681ad4d40fd08e76e330e2448691b4897d3fbfd6c50af68e135e39776e554fa97d8df891f3fba8cb5988d0d433c946c01ded53eba3e4939d3ff6b4c61488333e73816fe7ad6ffc450ce73ce65b8dc802c25f72dd5dd0c2f7b458382c96b24a2509292db7f8d16ac457abd8e58f0ea9cd34d50e2f3e29ca6d5738fc066b6d1c0a9f07f3818ac7dd889090ca6fcc56b40a51fe7c6d5d2dbedab8c86f33d9fba36afe748ceda1c9ff2522720aa04224d87f57f15777e8e6d1831041a3bc2d949b9a8e4f5d0e830e4815148580ca9bb4fcd6b87d3c380b158df11a2636347dfc92399bffe594006146d66b6e2b8b0282187fb75f08d0b5c998f50e1ef9f72d5dbf96f90a78b1110656e6f43ab0a8c1bc8d62c598721521822dc75239b460fe0e6035ba208cef5583f1e708d38bb35c66abfbd251bf6d1aa5303e7b02033ef0463b39b29c141b608c12712c0a0d13fc677473477513718fd05aa0b0a5e57564a5408161eaf39a7dc1515bfd99e6a7ea9ad7238017b3d95d74ea82502540224f37d5e481762d85d6e545345039e98853a78e9afb88d007e0e7387f0182f45375ea314aca2734d5492dcda9b1bdea00f9a5862665ced82cbfdd2a06664dbb8d57f0b00b7e31d51e0943ee4c98a2bde10fdcb276179aab507a58f8c37c81e2d1554a88d674cffd426bb1dd3528350dec34efe61bee18880e731bc756d2d4b5134905eea085118eabf107f622b8158cf378fd260a24309d0e9b4553d0ed172f87fc4c74762552eb0b4d3f3b92d2c0ed336ed68d435ad3f2e993dc5cfebbb75aa74a71d6521c1a222f9539ffe1d83cdf0d67b489a7d500638ba4b70170d065717c68a08bdc8e1c4923521e474dd192ea7c17193ebdc111c1b8a5644f64aa2711450d3a4444a178b9a7d50640340b210973eb85f7f3c1d551c16a7a72853b14f00e0086d5f21c6b607d67dd3c35564e695fd14decf3aa3d0492b61c1581f1f9da80c333ca8f4f9376d10e2a9181b23f234a8c01cde4e07c511337d3b1458584b9294e2bd7517e1b1c261857e1895436e1af380944ead4f13d5a701a8c95fd9768d7e7d84ae4806b0629c87240f9d8ed84f748117536a1dc897782c29b16746bc1ba981497b459714f100cd35a78567dd1bb3ce9233cf3518af610db3045b918f56b20011029333067f35adab2c85cd7326d3952e18da114fad7f93e3efdf0c223fc5b275b82b25dc17491fb9df5ab811e4328e6034174f0216ab58fe599778603d87a774ee8ee4e01274c975b584835ea6daba92626a660d5d44d0534bb461e6ff9ca16cfba8fd5f0c25d8cebae8f4828ec65750a1d773fecf05dc27deceb4bc3ddf521df5eee9dd772540778131bd891c51b9a674aa7036cd445e8bce1b6f261727261f64f5b0df237f88d18117f7f0d1cc0dcb6d2da5e12fd0d50c6f31c589a578969540f0219c686783db44e43e7a8528d6e0ea0a36887b5f6f278a737846aece7f82ce37886fa92cb711f23c9325cd1975a8aaf4ef4d1b96905a6d6fa494f3705c5cfa80cf0a3e6a7fe00588ac7052a4b161cfe31bb3eeb1f1221859d01fa8b63180366af3fc0ebefff60f7137dc5acf981217fb34f6c6cb9f5dc8b0ccb090a8f9d6c28a4600b7ea9e112b86a64c972bf07ca99ccd12794f3a986070f92dd24df71fb3240c8907b1e4ce71cf8251bc7ae43ce94bae36195795f0dbc1400b48dcfb6382e686b9647ed5e341a4995e088843ae66acef6eea5dd0d5fc99a22667cb694b8725baafd7eac08ba6b1afa115a8f0b1debe877304aa0a4993a4b23f134840dfff39eed02860aad5937e5075d500bfa73120932ace85ea54338a743be7b05d552d5285"], 0x1015, 0x3) syz_mount_image$minix(&(0x7f0000000180)='minix\x00', &(0x7f00000001c0)='./file0\x00', 0x47, 0x3, &(0x7f0000000380)=[{&(0x7f0000000200)="bc16fcfe983cf30fdda34d4826fa661d2ee41f01687b10fac573ba089a94d3ae7ef2c2176eef9c670f27c5803811754a94d2243ed77a032d6886b2b18cee43e87d593ae4262361ccdde61d7930431ebc448149ad94815868569a924f8471f4172e682ba3063c824e5ae056f3ce", 0x6d, 0x4}, {&(0x7f0000000280)="282adb446032b4b294d58167178f553bd9d74c54b9c2388f0841aa0db8ed9e383f5fd929451a0fe8f7ead7a4b2d47dd4158e4f5381b520192bf7e9e2613b59f1c77b4418666dd58284ad84dab63a84371d08459b2be5fb0b361b572d7e598562c4b1126ae15e0fddc09d607438eddfef13ad9dbc72c4ddb72b4cdaecf07bfb6bfa84c20847fc2bbc87ee6eb687c48258c1bc35ad7503e160e0a4a32c192d69a1b0f90cd62b9191fe394913bfee4e8cd632e8b27bedc181780890a445e6", 0xbd, 0xfff}, {&(0x7f0000000340)="ee911f96da", 0x5, 0x2}], 0x824404, 0x0) r1 = syz_open_dev$usbmon(&(0x7f00000011c0)='/dev/usbmon#\x00', 0x8, 0x880) ioctl$UI_BEGIN_FF_ERASE(r1, 0xc00c55ca, &(0x7f0000001200)={0xa, 0x0, 0xffffffffffffffa3}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 03:26:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00'}}}]}, 0x13c}}, 0x0) 03:26:48 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x4) setsockopt$inet_udp_int(r1, 0x11, 0xb, &(0x7f0000000280)=0x2, 0x4) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101000, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f00000002c0)=ANY=[]) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0x6e, "457ec618b8271fe8955f313ace28ba2f25af236fd8966d7b5967015f483495c9e7cab7033eb5a544589c420248b6521279309997e1ce35d12c947b70393869c0b79cfbf60c2e61f4caa0a4d1542ae599dd8782f639708e7e551251bd2d5a3fdf368484dc0cb43442b49b50728f0f"}, &(0x7f00000001c0)=0x76) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000200)={r3, 0x9, 0x800, 0xa4ac, 0xfff, 0x2}, 0x14) 03:26:48 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0xf436, 0x2000) ioctl$TCSETSW(r0, 0x5403, &(0x7f00000000c0)={0x0, 0x53ca, 0x8000, 0x6, 0x1b, 0x0, 0x5, 0x400, 0x401, 0x4, 0x2, 0x20}) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x1) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:48 executing program 2: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x400000, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f0000000080)={0x5, 0x0, 0x2, 0xe2}) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000000c0)={0x4, r1, 0x10000}) r2 = socket$inet(0xa, 0x801, 0x84) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) rseq(&(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x4, 0x2, 0x1000, 0x7ff}, 0x2}, 0x20, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x4, 0x110, r3, 0x0) listen(r2, 0x100000001) r4 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000000)) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9e\x00'}}}]}, 0x13c}}, 0x0) 03:26:48 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 03:26:48 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x400000, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) ioctl$VIDIOC_DBG_G_CHIP_INFO(r1, 0xc0c85666, &(0x7f00000001c0)={{0x4, @addr=0x1000}, "59d0b9394d5bbbead09d4faaea41db1c1b49580c332a356878fc132583251e0f", 0x3}) bind(r1, &(0x7f0000000140)=@hci={0x1f, r2, 0x3}, 0x80) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:48 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) getsockopt$inet_mreqn(0xffffffffffffff9c, 0x0, 0x20, &(0x7f0000000040)={@empty, @remote, 0x0}, &(0x7f0000000080)=0xc) bind$packet(r0, &(0x7f00000000c0)={0x11, 0xf7, r1, 0x1, 0x394e20b1, 0x6, @local}, 0x14) r2 = socket$inet(0xa, 0x801, 0x84) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r2, 0x100000001) r4 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:26:48 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00') 03:26:48 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:48 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 03:26:48 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x9) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x3) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:26:48 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:48 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f00000001c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r1}) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x3, 0x400c0) ioctl$BLKBSZGET(r2, 0x80081270, &(0x7f00000000c0)) 03:26:48 executing program 4: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KVM_SET_ONE_REG(r0, 0x4010aeac, &(0x7f00000000c0)={0x8001, 0x5f}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:26:49 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 03:26:49 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") ioperm(0x9, 0x0, 0x7) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) io_setup(0x2, &(0x7f0000000000)=0x0) r3 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x6000, 0x0) io_cancel(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x3, 0x1ff, r1, &(0x7f0000000040)="882f381be60f92cbbc0c3df328e0d3369e109cf4f4886d0b9d85d69890e1734f5d4ebf5e0532033aa2f43a07c43935798c667def88176bd986fe0b151c141ea9936ac73535ff00ee0d44a0102e8e85c66e4a34c60c97a92c99c7378bd57fc931eada8f0241377dddfd46ea69ec1d3b902ae63ea572481bdc3f3c", 0x7a, 0xffffffff, 0x0, 0x1, r3}, &(0x7f00000001c0)) listen(r0, 0x100000001) r4 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:49 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getgroups(0x7, &(0x7f0000000240)=[0xffffffffffffffff, 0xee00, 0xee01, 0x0, 0xee01, 0xee00, 0xffffffffffffffff]) fstat(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0, 0x0}, &(0x7f0000000400)=0xc) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f00000005c0)=[0xee01]) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = syz_open_dev$dmmidi(&(0x7f0000000180)='/dev/dmmidi#\x00', 0x2, 0x12000) ioctl$KVM_SET_NESTED_STATE(r11, 0x4080aebf, &(0x7f0000000900)={0x1, 0x0, 0x2080, {0x0, 0xd000, 0x1}, [], "6e0132328ffffabfe107a04e8aadfda61c580cedd7cd6488120359fe538607c9bbee7c2371d2270a38e86dea86438a278520d766e1b42e53338f4e5abf5f19f4aa19e7c0f2ba791a5da14eb34f20b1471b2db6d846be55e3ef323cd58c604b781f83f689279008861d3abbacda35cbe403b7505e77ccdf14f32e08a9ba76bf219b2b950aef5366063665e59642a5da20f89bd401d6fc4d47e0246a5a9a858ae9eb4da6f4889eae68d52151070ac21b872d60a293bf40f34d6fdd0edba8e20166fc7b380a2de4a1c8e7de64c941013b4cbfa1d832df4e4aec4502e9426d8cf588f22a730a999369b38871e737f051fcca93cdec53059405bcbc318787bbf4d8b8aa5d30f2b70cab56904c478be34ff46486a35f38ab58aaab859c6048d4b19445f2b76ee8c568baf9adc70a381e222f5567db8c1c8f3de2e37928402bd71a27e2e178fd012ae1dc0879c58b5734d6c0e7fba7406ebe9d77fd958d1ba4bee47bcac5852b59e039239208db6f072df03cfc2eff6fd205acd1820cbedff05b1cdd9de2f91b92d3be986a435637424e99eb2dc577d701d511053a83bad6e6b243751179641b13149f365e108ccb487abf8ad41764d0549264dae14f47f2cce1dfe31b34d40468c45bfe65f560aa8b28909e04524391d5c8721f851c18a7ffee614f14185a239e4fbe646d1cac9297eccbaeb98c1e0067181931049d7495d6dfa20aa05a70de3157221ba7f28fd809d2c659bf5a90e0e09ebee356fa5c833f5232aac1b32917019d0586bb00e83b946abe4c8a91ed6c5417fcb8d195cdbd14e5ef7da03233397a215a59c1cc79714f4293674589f626c4fa8c30afcce133a47b58462ee92ed9cf6eb85d590536dca551bb8a9723d273032744c1359662dac28d35b9f8ebab23e0a42db70a6a7aa96633e54463bdb95ffd470211cbfa92b0f6a1688e9647ad38cabc4f2b63dbd26e2507638b903e303d62d1698225914d6257a8c638a9580deef7e59beaf71b0bf3cd02adc4e6d284337c35a36ff293fe096402e7b2392fe84d81282f7855eb02aee9a5c98248b0ec5bf99b9c06449286062c1d76b4990732138806c6820725ee7b9f99fa2a3800fd039d724b6f8b85016a81ebd32c553a929b0dc53f87ca345e25c4418e7e69628b5bf750e8f1cbbdea2aa9205f463eb405f705e880af41437c04ad65e2ba106d1e873e0e271715f254002d441a4c12a2b9e8ded1a6e2c0fb136d16f36fbcccd2496685271963e2f5667fb057e6017d4f91ba386be23d6ffda19bf9e4bc8b20d377c7b21e87103032aba580805bc825dbbabb89de230a8a9186eae4cd6250893d871cf668344dc1f1f7762c0a822e50166a891d9cf5fc8b0100549048e5c367a9c7e0f3a4b71df7b5fbfb4fe9e04aa6dfed17063acd0eb248ca4158feed1577b107ea23922d69fc0fc1e8602d1adafcadcc007099d1fb17d15dce81eca74accfed786a5ede0a8d14e18bb5d7f7c165e0c0566c7f870b065eb2f8c921289d77f99cc676480e4c4a3e2dc5d142691a297c4852aabb5b4550e774f821674cf19d25db56c101f1a844db5d853e450708214814b50de612acf0aa5cb5dd3f39ddaa7a38399869cb4fddd1c7f53c0489e306ff5ea4b048aaed464cb31fae96ea370936bbbe6d13424b4d23cbab580e9625cbd540df2e90d7848ddaaa4fbe713e8a0511b017fb6150ed3d66cc42a653d13913ab817568bafc58d52f8cd9dc7e895195123896eb1615d2b92eddcc2e2c501ddae12cda885205bc188725f612f352d4308603fea5e094c990845f9c1e2c18c835c25e9d1a773be9045cf7ee7f0c4b8aa192cea2fd2da1bf78c6434b577482551a3d9ecce6c41d7d7c4dd42e5bd0a4363e8e33f829b6b67624463f5948e7ac4c30668e64d9093f939b0a591c503dda9da5384207fc547bbf9e7957e7c9f8d29692004703d73d6a221aa3c3177edde7ba8831285e8c22ad0b5540b104c49a720f315393f905ec6237f323b4244944ec70793fb51e19bec7c7a924ff5da1b49b4e2259863c1ce52e465f74f41681b63a373cadbdb4c0011258e3b31abd13f0260fb430a03df515cf8cfceeadadb1ed4fae063831e9c7ea413a882b8787df4aeea1268e2ddc1d9939fcd283388d5a79f5022b126d97fc60c318cf33317dfe28afd531ec31bc9c98213d62a8e2fdd8f451116c1e341df39dbc080813d45aaf172f209c084b608cbc7d6a7f88cb9c4fd5c0b8cfb6abae073235ecf8dbfd892cf9d55ea43d6fa46bd69791aab0ea44e937c903c740e520ae0befdf549718ef1f21db8a687208491189743d2ca4564006947d8f567f88b162b537f7470c2f78ff769f4d9b589784de133db36a18498a35ed37fa08ce1a1a311428bc7620e99576b25f15ecc1925fc974f418bf2e1d10c4eea628740db0573e1e9d6311bcfa225b98ce6b8f4152bbaad2be03033068f7ec5dcdc079ec6a48a7c0659d5ec4e3e9a24bc056ad54dce22272d797873b3b361ec981f7e7e23c8aff5fe477109e3e909bf09fc0d76bf18c38d3f550f36972efff3ca2b4f6e1f42d1ded755ea43efb8951ba2d64bced83acc8ffe6813784fda0d93868b432c4af2676929f26994d54f9b89ff3aba9ec8124001cee4e641ec2107c7fde05d4a83c1594f09028160a4d0870f1f00ec615edff97d9e4f42c4c7587eb5abc7d2d3724f566b348ecf37fffadb488e987bcf54c7f857022a4351b3a8b5993bcdddbcf40b13b849951f9a9719261d23978608722f32360a7c3b6cf3d39c3414ff44e3ec98eb4452482920715e71997853838cb118794a830b806d4d479004343569ca7afeeee47ee1353c4453d825e5cff241dd5702509f858b112e92d2e8ebc49865262f690fa4a70bc7698eceaaa17b4416e1e49701da643fc14b4c056d627cc6e9520b19d4b3cd9040e1686d0153c66e5a72ff942dd7a624d41dcad66a15833acfec75b971a2a7ebcbf0cdcfbb7e99f426090bccfb08f61b9d1daaf63ad921ece17848d94c325bd71959cb0392c550ff21654c8adb62e02d108f825fcd2135c1d0a23e18d53e1ed07f0a7249f0a8b488568a7a1b1e42db875cf0c3f838541b93e589343a1bb6d2b70329467753ef2511b3b73bc97c3263412e3fe5aca3ae5f0c945a7d0ff03300c6acfbe4c6b9ecbb8765677db1828725136e8471c7b8716dbb7b17c743ccc9f77b4365dc3ef9f90deaf343c7df21c0b583b9d4e7b2aba4865bd3e2816845db66e799ab85fdf8da4a90b18b23c6b8502f9aed9975ddb80d28bb1f1c54c580d70b7f0e64710591531a71db150cb945b5e30197d0602e49de5a6434fefd7b9a87ad937212b8ee936f8058879d0f9ce6ea1a1a9e7e52b968dafc1718efb801cb437a00ff8727690036e798abfa3cd518a241916f4758becebd15bf1e63362b62304c231dc9249d02a36c039a0b6fcd173d5197205a1706d07cebe1d249f1e44411ac705cab8b4df7730eb95bf8c93509009c14a424310e74344d6f9475108ad27fb3c3e5fec7f4cba39bc06a7354fbad3f76c58e05799a7281be8efab4bee9e511575d126960b95650ed3c0f430f1e46f70c482fec1b767ac7d6cadffe578029b7df4f1ad3fb05d5432b8ece0314b872c217d3db6d48ba12f81f2d7d4a776719017a500b4b0a0f550c91b46c38959f498c5879cc56f47539c6bde5ebda03f13826ea1f45eaa8861419d09c428c014e1a1f12bfc105e5a1da5708e57fb7071e418ef6e1832c4cfd5ae31f12f9fd86badb2f823b4b4b8c94cc7cfcd0ebb7141189e6328273d8b55911942b6f311df7640208542141e8a08eb385dd3cf00fc4e16fbe281d88ed29d384697112eade16edec3a2d498e07a1c627195ff032a3d2166864d8b66d6f28c3d3c5336ed5e1ffecedb2adc453675e941601656b63a88c2939cc10f6cf004f6a42270a151874cfdd2bc198b34dd661980e71e4d3c6437d2bd519af107275646e659fd98a821ac7d4b28cf80d8e007f9eb3344fbfe94b1205eb7388c4cebf3401a7cd808495fafbfaee3e14e9d47c13c381c2c70ccc347c626840079cdfa995ee6f47b0b028b2ba25b1eda9a4f32d9d542b9a75a37ec4f447298107ab6a4702de7b25e7ba71a27dc06f7128e37bf909050b829f3f2f4dc20791e7ae919fbc501ee8e6eed8e5f77059c66de8ca52d306ff376cf9606e2e9992ebb09cc733fad733fe33de65d900acabcb8ad9c79bdaa691ae80808901a3e0e131673b2cd0b570a1fc0eb20bea6f79ebb9a9f547fec52ef781e98451d20c0c611c39d6ca8d7705613882050077d376a3678a643050e7061fe72e08dd5f0a5814eed731f45ed923590b1d2b40cb9079862b712d5334a383d9a2b30e6eff93a49a536650dd0c55f54b424ef5b9323e47c044623816c9485aa683665c7a3853e4e10b459c275334366a146effd650dc53c35975893788fa1f0fb5451290af7f33e3dc903cc377ef327297562843a7937c670a4155e219b20215d69a526504e80997c1eac1342f86095f129c370c78c5ed0c93ea607be893328ae4a5cbd9b2e9e9a87fb08c2eb5fb591a1807083cec707cb3b1fe6f5dcc199bb18a06195e1ce01eee39c26c5df4e8d80175cd937986885dbb10b3a386775d4a3d1ef9df9dc2fe8003d2eb2c691fb31f3f8bad59b56fca700f6a715b17b22e06b8e715bef50f3bb4e66290a7ec1e7aba8a885840f3bb75f8454e1b21bffb009f4b726b0d5ee49ea7e1ea03289bc35d67579ed521e34fff7f914c012aa3456bea0b4da7ba5961be68808d5459071719b29dcd8e7b75ee08300fa2a4f8e9fdb5cd44dbf841c61acd0728dd0885fbacec6985af8ed094aa7754e56fd49ecbc4f78de6a7e615128fb99968da920524a24db4a9e3561fe86000e2f8d5d5d396b043498a22d9a90341f428554c9b8640247d82a1d19556f48c6d0e9b962854805b525084b48dab8700e1b8a635b9aadaa5cff717d772c18a009aa08d5f62a5e756fdeee384150dc2c74990efa3bf454343c77b32230cd2c59533574670bab67e3d26b257ac850ec8e4085c5cbf06388f128a6105ebc57b98f5bce680703b5743c7c40c690a09e141969b5729ad8a48f1756ca29c592476f8cd5e8a608ae04b2761f154e8412227f3f05b609ccb23ccb81b4acc228e52a7312cd862cf0bf185aaef1e3899cbd56bdb80471c1fe7d39857c3210ed86106390d569354339a0a5cba9e30c50b38bdfdd0284e11a84bc0b2aa21b943cf359da04850d67addca13a9cf6cfdf3380f40d1573b44e1ee3d72fd26cbe6ad5df821b0f9df94b881cbd5d30f3b448d37e7e3250574bf50ea2bd3eccb6f8ec5e7dbddd1531b7c49c2e88b9cc38ca7e4ceb12ad7c6720a3162782196d56d605d007fbb218588b45524d9043b2dd7755160d7eee685ae7edcd7f6fde86b799740cb5fb5c1fb3861bc0d5a2e6405a8ad3bec0b0524987914aa2042dc984b2ca0c681369e8368c9f45767dd5010bf4fbfa9c19639c238f64d615c4cb64a6bda8031e0959ad897be606acb0e263b7fe62202b4384d47b76de1bec460b3dda324aaa9c1f10bc82750788d6b3b08939458626d81446f651dabfe743f36c3a61f17058864e15aa14ccfa8e05ea97663f7150cc49077eff60206b8570732241ac1e81e9ac1c68bb5c0606c548392365bfbdb982b885639e8cac6e6bd958a51d180fca4c93cc6b778cf7dc8a4c0bfca9fb0c3fd746ccef0ef610cb4e52455edaf3e104150c825d11237c6550207384bb74718b7ea7fda28bf627ab10aa2bf604460ab591723f52de372f2", "ff4b7e43bdc91cf5590a3dc2dcf008f2c7040809d4a0c4125fcd8f24321aa20a83e8c4ef491a834a9644614ab15ae4fa2722935487caf1cdce68fe576b4e93d116023587918dd7dd65a362bda01abd2ad147b64d094727ee7ab3e53d7453612effb7f6a5683113b4cad34d5fc3a8a13af583fa0801fbffc6a5ba67327b355fff2082ea07106ceec986094e91a82f44ac81752e7f41e22e52e21f2123da698862f8b7ce09df21b86597326635087d8c3b572a8e1e1dea718c8f8f463f5e1b1957a0e60b6fb0c2b002fac387a11e8f70f0807274c06906cca90a6f3840388792b037ffbc1b3b04796008f6284e7ca74340793572822dc615e2a18a219ef73232d678936f7fa43890fe071b33573242a84545ec17eed182b1f7d32b5d583e26b3f07d63c895b1b96e763c3793022f647c1a2c19be324fa61b0305b8c9e9ff077ebdff62506ac9d92ac8bcb4edacd548258acffe6daf1fd2583693279e9b1f5d281859354c5efa453433f39e4b5f511f74a40b980323452eb24a524d3b17541b0f7e8b06434ac7abbd95ff67f35d7fdc92abb66aedc488414d84635fa00cf213fa53d3bdf414a14496669f29d68e04982de915d65bf3b488e2aa71605ab7ad95e8c744eabfe7818a6bb5fbf4adf23dd35a501a460623753926915d9c105649ffed1966e4698acc2e96449800713ff98f8ec4d452c0a53ad6c640ebbdb689bad02bd577d5304e1b594f6b1c8955e885b4c8bd2749136c236e7557b57febb01fd602670fe49ddaeb46ef80e7c28c6a0d234a08de2ca2d9d6018193474f6e5958326cb465e460d7e93926f52cc41b449a0aa93e1e43c2fcc3e0fc20f69f26df6aefba25d54d422b793bc8b141d0e97b8b274fef1d623f20febf57930083c37e79f329f78dcf874c3ec978498eb398ed71381637a11e5aca14b8788bfdfebf5fac13aea8aeecf27e51601fb227c61c4126b03dcc9a890afd5cc933111a85674be266c72da00c7cc324c73dad7ebfc01d5f4fd0de4b3ff3c0e38050116f622728289cd27ad2044e16906302ad9bab2eb8868eab6f8f9463ab6dfb807863b9244ba882f1877ba35ca0c6f23b5d7352f3be06470c820006f44d388ce6defb63c8b3039f0c68a432b8c32ed3716f1b3d21093f8fc782d984a507e1b8effaef2002c4f29fd382079b48dedd50628989709deb019b73e6ead8678e9dfe1cc77f4d631377cde021d18ec3673554de033b29f6582212340011ec3b14ae2a329bdc9f2928a23e18cd53e5f8f1d96d3694ca9386f2e3f50d56114b01d7f359cc7e02589c98f4eff6159af28924a33f81343febab94a7d19d7da71b9b1151aa97b2d9c6613b9e4ec89702e6e8054291fc27af65e4b86a560bd2c6a42fc1f1d7118ffabad614396fce5be48e8aba6ca016507963c0a605ba4889e4c0c9d658dde7660c3cb820cb81e17e2c83a905ef036120a23a4829e4d66b075ed7961029a89dadbecd09a054ef0f516dc0ed75d7a441e1d3a85506875df026afaa562efc5565ce0c2b946a092da92d66430f723577fc88fa605ffc538063a8d4c84082b4a4914d4740fa58bb2d71eabb1a2682e7ec6a3850d536e9c73f8b076ae4fae6d6aaab948326da152f247944e5afc7265a9dab1a5e690a364bed47f6faf5becef25b007ee439edde254faa733a7222eb10194ef8431e9c37a29e2d15595dee4c05a05f78d366cb158361f673cbe947144c195cd883c342ed63ee3ee5f94207e6c59a24fcaa72e45dac944e98a24df16d8a6a21a04293a7474d4fa76f7a3f589f73e42b144f38c26cbab463f675d63f1b36778f0f2d297dded1084e7b08378105ce23147ba50a852a8fab040b14da9abbd766551b6c7eeb69f024cd5a916081d0f628b5b144fad17ea35ad8c22bfdc1e692ff03007a3ae31af8b59d39c2caee7c6db5f05f421fac077e4508df4b31680674f002049f3aff009fc8b072f0af685f0ecdcb669c19883a88d4a82f3923a729ba471ac6d1a43019a5f7a753c88bb6a8de49979a3a612dfcd51f6f4e9242d39c1f55e48aef8124ef799835944ca101bfea2de1ce46a732130582bffea31cc423a1e4a39ba2cabfed27b862086006fdf53f7eb53978acebe42c7cbb91caf133e153fb2fef903065c853b9ea60e4a425e4c757e824f8df2b9c37446541620363fcdef5196afffacc693e58320a1211e790c6cd2a69d68e651b2d999f5062f03cc496ca4ac4e189c2ef809b7dcab0439c8b93e9f550d5429324d9be80b2e91b1bed700d792e1405a1d639ebe3bc83f5d419c37a66103d325baf9cda33c9bd6bcfde80cfd593998a4890dee94d67b6e24192af129dc0d1a9db53efae191d32de25400350af9f0ff11f109778fa57da9052a47e201626f2660f39474f250e96d7fdeb20dad292fb995d817d38c84416d2c48840b0a22bcae9d9e01ceb82f1af7323e9ac556632a37d90f95390892ae29e039ace4c7827c27cdfef12a1fc47b7272c5892eb9913a283e237d27373b58789c0263c547a13297e0e8a18fe2d25d2068f35fe16502c439517ce3a6459be9e5050699c3e6decd1ca0f50cb35cbfdf4592634aa22a6ad2d197bc9096c7e999369d7015fbbc7f537c6e76e83cf341f18a1b127f6b58938e47c8ae074802efaf141ba8fd19c21c867d6725c8a9ce25993c2100a91538a9339ba112cb8ea553c003e719e01954b7b9d1eb4d73be3f56142509d18f8052d0a3ebc13cb77bc09aa7eb3af1c68b902f49ae070c36a6f3b26549c76e4a482219060d68007eee488e7d885536ba0113a14b1a7a1dbc7861813757fd9397843b54265c9ea79a8cc5d73a018d232b777bb024b2cb718cdfbc0c34e8ac7bde2e8134accf29685e6b9f5c4d36dd00ba12a86d374d07fb75641c105f75b26e07b21de69954e6d88234e9379c6d3c67963dfe496d375a81c50fa63fcda6374f24d40d910b790b737082d3e2c03f24e66b35f5c1f5918fea745c5fe498ac64a2bfd8eab58259c8e3b286e2f18c33d86797edfd981170f19c124d9c190fe553d9984ea0720c33440b0b4bda7f46b7b52d6d8bbbd61229fd63fc5583bb72c3d0308694b592d05600e3573b9ada5a5dedc3102ee55024dd1e1ec8af86ff2c699a02029e2e816fa3bb7a9ae4d2cbe1b29b5395e0a925ec2bc851de122ae4553a863d33a76a4d39efa3880c415edcef5b611884b160386ec411cd927c2ea8f52c658d6826617caf46b3c4f91c8529b53a02f46def80f06b0db2cddd40cc88b9cd059f0e673bd816cd152fdf01f85d8d7bce366901e4ca9536e2f8973a53f42eceabc72cec9128813636ffbadda24469addfe433ec6679b8c9680c9d80475f654304ae1514c72ffa23c4fd01bb87a85d34bec877f77a2d4d63427a73a5693011f5373848fcf0b1d162ede53267d9760e14fbfdad7f2d7d8ebd3840be680ba9c4e91affdf97e69ea7a9d68dfab44f1ce20033e62c4304090f3edcf9105a7d8c6465706d3e68b263a7fd7b2556cb8f36134812971bc4aab4fed6c98424690a7c0802b33478de99ecb18d4e83d07375eae84c546656986f242f253d27463b9772f1f93cf0a8d78204243ff0c9496306d684202e2c190855bb1ab642ea7bfcdefa737ca84d4c8ff886fdc31e31ac15df3a011ef3cfa0120886f290eac1a830932fb58b1f55caa4560b2723de7d756d019e05abf1c73ea8acc5db5cb7c3df76e9e72d1629be02b5211348e231c6783cdc94864243cec0cd71fe7d022f4a612dcbd72e0f92b68a85ee1372343bd4af5cdd05ad5e5cdd7647465df92bf4b2e4e8a7a71c356410c1ab1028e69a30a8d3924acbe8e9cf8635c559ec3027945aea4a98e7c946b2f3cf16f88662d8228f80034bf9c04ccd185b2c00d3d499899d62e2d49f1b7711aad5cc36b6e832e1d4cffed85123bd3020b034a4ac06bee13ae9543ef8beb87ceafb0c2b3f7a30089452d105e1d0efcc5d1f9e37b6d1324eb968d05233302e2220ba3789b55ed630eddf5eb8c0ad0ed04e3df5a5e4b2c614ec53d6fa3474975c37771a6f32769618e713071d828b26a394172adcc4df48f170f9940606ca6b3969fda0155c1c9f21a0e054909f11201a879d83a59c20fba00f1734b596519bd142260c9598cb82320e5c598b5952ec460bc86f50735a652cd31f03410bd4492589ca176fd794201bbf80872d0154fc19980d3814c8f25e96de391ae1a00eed97e49afcf5440ff524960661f2f61c781f2aeb493445e9b5429634f9336dff078516054bedd236c27ecc054c58d2b41764cf1a0349c5741083903cdb989d3a4ebd0fb8a6c35c45ed4cebef287110f8f2aea92e0f153a7e472928eec06d7a57514cfac5d1f1dfa45c579574f806657b42b54df564fc889c285a5546d9cac0d36043491cc7d26761f149f56fd9c1e270d90da2cfd63e8e57a3bd5f12ba8a0f8bc8174c7ba92ef104c0024ad4007a8a36e8974262436b30125f799d9dbf4f140bc97d5717961aa35f3f3d5c24e67ec6b5556b71642e839829a653ea3eef7930d4624200a02e7a87a738e2a23020a156a7d610643266dd4b244bf3eb266a7e5a177eaa2c5d3e4b5dbb24151f0b15bf77f252bc58a21cfb72463f3f85b3d2491105af3e99b0c96cb67a2589e1e301fed0bc4bd4fb6d5ba9d70e3b7563a4acf375182828266a2a3c305fa4b957228797818709c4e2d50282f383da48273688103a67bbe66db02695880290d6b92c2aca2db71469a826c6a5d6793df9ca78599711dc9ced9b1a2c1bd4bb7dfd2a541f3afe7e0381037dc163e916532c33499ec280aafdc408befb05a8ce60481020289c5aff481536daa350003343897b1b3633aab869194189fc08ba06434d58ec567ffc12dc07bb4ccd7add69742b91232f1af35e019cd28bc360fa2e428d76e14c6204577806592b7ce349c0a8a9dc4636276bb1d1301e0457b2e9ea45fcd44fc7099f8a220647a002ca6c595b333c43c0bc0113c3a4d25547a5b704783d8bdf3f2bac0d4baaf709014cb71ba6f898e5340dc329e1d59f02dd233e0719eb05fad1ae486121b0255e7ef32e9ef672f2721437a66f1eee6fefda5692e8a8705e99397e2cb286e6d1a6e47c8f3d45370ba26f88b9253c3a6ee404a8ec98f7f9ff16d13c4b29415c079e63e18fe53f1e39f5fcbc653d3b1349aa412db9c6534f1b6bcabfcb734996e207d42573ffe78926d09d92f3ac4c42db08dc73046c9ad8fe7321abaefd6da70ea67674a4d260a88432a717435c562514732f24ecceb3699b6af5019bcc6ba45ca8ba51c8adeb9190216b5bedcc7ec471f25a7de819d2f37decb0c05e545923a2617f87d54953d39a839edb0558f7891dedcaa619ab96a75812b28761567f450900d8dfdf5d58527c6b5870001e4f4c4b157398e3effe4928b9868ab5993a4617f5d0185789fb051170692bc5b71b4e1d63a9dcae52b4058e08219c29f92b77907cdb4c9cd2282e3420e24a73cbe120a79b03aae6a4c7272a1d913045050a2797ca8ddba7181e5bae9c0a4644635167b631ca944134ae9640b18d7e336ef21de85c3d34a1941e8a75937bf5177769b747189d5c2804c690a551aacb4a1805e469a1bea2fc32566551580a33883beaf8c12ac24b3022df8afca36da59556ed59a2e5e7184b4ffae6b32a2d75bc9980646357ae632028e5fbc1b8cdb64b35d1b5af15526aa13b935e1ea4105b78b76d9aadae7a299e1886bccfe1038afde150a2d5eb58981f9dd727da773da5e572e341c0dc71d30e11eacf43c8dd6cc788149877c808cd599c89da8f6ee0f24c9"}) getresgid(&(0x7f00000006c0), &(0x7f0000000700)=0x0, &(0x7f0000000740)) setgroups(0x9, &(0x7f0000000780)=[r3, r4, r5, r6, r7, r8, r9, r10, r12]) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r13 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r13, 0x84, 0x1a, &(0x7f0000000800)=ANY=[@ANYRES32=0x0, @ANYBLOB="a1000000a534af42a8d1fdf563417446cb8b2f62093aa5de746ea4dbac6ccb21b2d47d8370001c01cf3758767f3f13c93911c9aba6dd202504492d7982ae9edc3b32e771d07bdad52100aca6a4c5309bbd71a8f0cc7c4ce8bb02ec47169dc2453ae35330c89b24204ed8cb9b82c61dde15222f668faea95d22c4032cd6f40d809d9ae9ec23efa743caa390dd1045041d87a135d3a6814b0a64e7a2e582afab06d6b8a3cb37"], &(0x7f00000008c0)=0xa9) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f00000000c0)={r14, 0x3, 0x0, 0x5, 0x80, 0x81, 0x100000001, 0xb, {0x0, @in={{0x2, 0x4e20, @multicast2}}, 0x7, 0x8, 0x8, 0x3, 0x8}}, &(0x7f00000007c0)=0xb0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r13, 0x84, 0x7b, &(0x7f00000001c0)={r15, 0x4}, 0x8) syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x7, 0x8000) [ 2919.178500][ T3911] binder: 3905:3911 ioctl 89e2 200001c0 returned -22 03:26:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\xff\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:26:49 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = socket$bt_hidp(0x1f, 0x3, 0x6) accept4(r1, 0x0, &(0x7f0000000000), 0x800) 03:26:49 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fsetxattr$security_smack_transmute(r0, &(0x7f0000000000)='security.SMACK64TRANSMUTE\x00', &(0x7f00000000c0)='TRUE', 0x4, 0x1) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:49 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0), 0x0, 0x10000}], 0x0, 0x0) 03:26:49 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0xfffffffffffffffe, 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) 03:26:49 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x400000000000) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:49 executing program 5: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x7, 0x2100) ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000000c0)=0x5) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000100)={'security\x00'}, &(0x7f0000000180)=0x54) creat(&(0x7f0000000300)='./file0\x00', 0x1e6) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x3a7aa79c}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r0, 0x5201) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000100000000000040000000000000", @ANYRES32=r0, @ANYBLOB="00000000000000000000000000f0ffff00000000", @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="00000000cfdb7ab51df1f3000000010000000076f3678748ee49a53e4b818d7bd50d374d03401b628c49", @ANYRES32=r0, @ANYBLOB="0000000000200000000000000000000000000100", @ANYRES32=r0, @ANYBLOB="0000000000f0ffffffffffff0020000001000000"]) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000280)={0x3, 0x8000, 0x2e933bc6, 0x800, r0}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000340), &(0x7f0000000380)=0xc) setsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, &(0x7f00000002c0)=0x3f, 0x4) 03:26:49 executing program 4: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x480040) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) [ 2919.785643][ C0] net_ratelimit: 24 callbacks suppressed [ 2919.785651][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2919.797187][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:26:49 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 03:26:50 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x40000, 0x0) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="d8010000", @ANYRES16=r3, @ANYBLOB="110529bd7000fedbdf25020000000c0006000400020004000200200005001c000200080003004d04000008000307ff0f00000800010017000000186204001400010062526f6164636173742d6c696e6b0000cc0005000c000200080003000010000008e70000657468004c00020008000200000000000800010001000000080002000600000008000400d9a50000080003000104000008000300ffff000008000300f700000008000100040000000800125ecd0a6a7c7beb0100756470002c0002000800020005000000080001000900040008000100080000000800030000010b000000080001006574680008000100756470000800010065746800080001006962000114000200080004000000000008000400200000001c0006000400020004000200080001004f61e66e04000200040002001400020008000100010000000800010068490000180002000400040008000100ff03000008000200809b00000c000900080001000300000060000500001c000200080001000a00000008000100020000000800010004000000080001006962000014000200080004000700000008000300010000001c00020008000400040000000800040002000000080001000a000000b0db0eef2f41bd7816998d8c82159a4328ada6bc0cba74b47ba105627566a58870c941a7e47e00000000000000"], 0x1d8}, 0x1, 0x0, 0x0, 0x4}, 0x800) listen(r0, 0x100000001) r4 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) r5 = open(&(0x7f0000000000)='./file0\x00', 0x408040, 0x4) ioctl$VIDIOC_G_AUDIO(r5, 0x80345621, &(0x7f0000000040)) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:50 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f00000000c0)={0x0, 0x0, 0x101, 0x0, {0xc515, 0x7ff, 0x1, 0xccbe}}) 03:26:50 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x1, 0x0) ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000140)) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r2, 0x80045700, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:26:50 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) init_module(&(0x7f0000000000)='\x00', 0x1, &(0x7f00000000c0)='vboxnet0[\x00') r0 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x5, 0x1daaff64352dc2d9) ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f00000003c0)="041e7a2c8ef62aa8b675967816bf5e51d9da21cae7bf70e151951ee4beea12f16ee2f6ead82d8c3f28f8e6d815ff41c91ad8afa5e517927b3ba11949ff95d0dd660771326d633b6122722500e7362c0e49c6af0212ce3f09d7490bbb2a690cbacfac5904449e42f91a06e092d69340e8c3b0b147bbf69724a206e1dfce327ca3cb260673810cc0d9928fa5e4a8d1194113f4ee21b12a942539bb4ddecc6783155362fac92394d5e2e89f831607efecf5d710e93c1d27fad79d5ba61ec0b26086b29c89fe0ce5c939c9d62d2ac644d9e2c378615f50d329990ca1e6370ddfa8fbba63124263577749671c20c6cb73a46aaf4d5fa5fc5a4043c5ab0b269f43528e55b3888faa734f34560b01248913b4e8948b6769753434752a43f16c864d0c6292f53dad13005cea8a20f295d3bdc570cf783c9db4732ca5f7e4f0a52fdadc78d01c19e707b40a45b632bf2f679c0a6b1160cc69d875a7b3d2ba01544ca8e9cc61645f269f07bd97b2f918c15a3aebe3b4da9230d2e232c3e7ae43e1090b8ab879ee4bd709e3dffde5f2d160869d7730bb55c61764c1249a56f5903895ade0b8c4894f6914a66ba1777deadfa5eed9f485f462a261a4f9fef2fb923ecad06d40234d4fa498f0419e14eea5250851f6de130f62bf49adefc1d38924c04c725f748edfcbe3ce5a483d6d7e3b63c429d006c00b33520de4f0ca4903482ec44af30856eeebad0f928e94bd6c48bf875fb2e2092707f9c07bb7a6f619535013e32ab35ef14d1fe53d2e851369fec88073bbdeeaaf1c546e9fce95b4a57f5e07ebc4575140b1911df902743525837d043f5349be91ec12821e182123d1f9996d5dc90e8a8b8c5b5f021e5e2969331813abfac3a6832f47e510e90e2dd0ddd7ac6c2c5ac6abc56b5e5e225bbbce8758e04bd5a591299331ee9b5e1b9efe3cd1f6567ade382d88337b9f23460c7bf5776fc1bb2a7e738b623753af43eb83381448b1a9a8a0def9a740a49d1404d28e68d20ab831f0d4950b9b2f14e4a4f5ce745784f4c1051a82e3cc09868150786ecc9266b472697d007c0e628081f9bb5d07ca483e2369bbd457e6e3c7d86acd1a501eb13fcb19402b08d409692bef648b0872e7e6647f932513df8ab4817c23431995edc6ee2bbf509df30fd73b27f9a00ca7286e7641fcf280ace5e935b1d56b4ad1ac5574a4b0e5adec5e3cc71f414c22c157cda9fd46219786d2526e2c24f582ad22465d9af1f5028f947848a11bd5b966200d8db8e331434742fb742f1f66b09471ddfbd2034979df8b04193fac74b733bdc4a6c2aa119be5f9e1144d5d2ea36d00c28c3f049661a92353f5010ecf4120598e1d8fde9a2b6af4eb623c0444934e34945d83320fcb89736785c348b498745dc3311f3cac9fee7a2cfad676565412cfb5b017cb32e7a5f0a4dd76e0b1047a721f79fcb9e615237a03f8fee39a02f6a33cc317cc5d36fbe0e1b9d4fc0ce5218bf1631868e4c3f916a87e1a9589935968c5f974e1536fc0ce4c870ba0e4908cf56155cef7a21ef83b4c44b9625c6435772f2e82744e00659cb03339fa033095c5b5ac628f5ef4407af2f9336800d382733ad7d10440e2123d78488780750966d8d5a44fe710db40be198cb1a0e3552c21fff83cd5389fe315d7af19ae7e6e9b59c82e3b83946672e1ff393fc32978f687078237aebd93b9fd1a04e647f79c01370e4c18cb60f664c8827c5e3426e3ed1b1c35a1be257f3c540219321adbf0ff7b8e5b09489e6e2aabce22544aa195e34903545ab36d9b3a4c95caf913474cab8cadeddda0ffae87c836b1586b5820c6369d9dec871c1d69d3bdef7b37f7e3b39f4cdca210739dda99f4e58c6265deefd9bce137ae737ff30dfa4d74e809e0174e29cb14f7c51f7947509d00796d76f64168cbd2ce74b18179bc45ff166926ac739a99e957cc35e32c751b00544a21e1d590cfec8e9832feaaa5e25dbe7073ba68d8b96bf7181f6dc7bff46bcb9a0bf62dc60164a08504ea17f9408552ad8a7e9a9840f52f56e485cc4b888485f84f1bf1cd6ddf213181c4afa81f7b8be6ebd0c43004c9594643660c6b4629dccaa4be4794a83e0dcef08bdd11239833ee8c04faa8d518d2026dc137c9313899cb7062dd76615f52c27df92ec40ecec802d452a8f0c6ff6b4e52941c60e22827b7b54d6d18ecf27402a9d1dbbd37bf28ad787a54542d7c86b386125535faf3c0ca461748fccf0fb2dcfc11421fb72e40fad93cb30bdc1ee44d61f91f08d1c3ca3c1bafccfe419646df6a0f1d24c67eb17ee8e915ba6484b8e4972b8471bb289a1860cae937b266468dc815c4e649170d396badd338a937d1529148a628bf77e652cadb80624d9bbe66d8eeb94fca95505b2600588394f906be7d3f375cb3a2e2b6e202adc81ab5432fbb8036ff858388b58d14d19d30fd3d1571fbb7a9dc877b5e685f0a9c0209093b5881df54f3c69fe5317c94ece38f4ee80eaea469c3c47b891aae03f3e5aa5171e58398e7e2e0b60767c92b0cb2e4f4b9345ef96803d1f841f85b592a2775bcff0850ae20462a1fc4b8ec5bba30b8526a667153581b6ce60c9b939689f5eca106f0db156e6815ceb1cac1a6a40618ad2006a8e0657402cfd6de223f07668f8b7f88ad8eea01e40b17e8a85dbadce296f4673246ce7d32d6d2441e86b3a7eca0d64d6ae973ecf3207dccff17c5dac3d9e4686209aa73ab7cec29456ab57057ab51459f42f39ca781c76919054b764560dee0203e574f4402c65268682355636db840f7fc7c5cc90c0963569d47b171817912e8f55100d9ceaa9763a4a08abf9570141ca099069bf8ee19d138c407f92129a81f40d3c0be61aadb5f439650831553d226a8e5ef15720607b54744e8140135f7b2ce216c67d80623589799ebd316757de40719e38eb8e411bd8c5ef481bb006515bbf54a22f4c483ff8103f83e8742f6448377f04f5a7210963c6ca2c7ee0ec828a446a601e03e13a738070358da2b1a356cee343d04a32886120506d1dedd14a40e7112289bc06455c14aac50e440c642ef7d8ea5e04f4c9972b42f2e9f27e8a39fe367acbd679514fce7d48d9fd6f5ab82c1d8b3a65628dc5046d354a40c4a65a714b767e49c77361846e2bc24caeefd4405d501c2ebaf6722cca80e4804e3c568b8a5f6e26dd34c8e4fadf8ff4a8ed7ce3f690d123a576a9b4dd75c1126b8bb446011ededc3ca9933855fc660fa17626e0b69101a88aa33e2d88f5742929309835b88d1cc5509b57d61f92c43bcb62db153a4f41d661af4f6c89629e98870358de4a05fed20431c598e67fdbd13814469afbce908264017eb6493472695f19aad463c6cd9742113892117f339d492600f87275d0947083fb3eaecf7110f8a149d70c02c7efdff82b13a7ac3d1e72dc2c5559c32ed53adc010f203febb4ab21a9a0be974b17be2e32368a0d1349002fd1108f9355e87293cb802ff82ada57ed510f6c4a78a857867e4b6d65ed42cbad94fa9f8c27fcc45d5f0f42979b18bfd34ccc138abd30709361bc9b848e4966fcc3955abc674af6ceb12691287dd68ac988241ebe6fa3c7fc11f0ba582ad57c6fbafe10792b557dccfe5aacac0a4411b56b9be4f6cd76cf01357373cfc0f82898f86df2595da2faca6fc2fd37ba556a4ac7fb12d739eb4c9bf9481872b99fea411ce9480994e06f17ce0608889266633c2182a6d1d94e38584ae3ce7a89af9bc99809c5baf72e029685871351828308661827befff642ca0a0d99fbe036d8ff3912d81fe781090ba8be0a5bb35c337fce9b80f7891f670532ec408308a41b18f35928b5b44e7c2111e4fc52f8edffcb8a744b809d974722f6144bc5bd9adc8daebc44433c94bb20c8b6dea88b53ce8d1c94b61d29383e422071f9c440db977ceedb15a6719fa20a07cea4af7586fcd390eb0a002682e0ac368d2e7f6b15dd3132e5a5af5923c2219d008f260498ff8bc6e106749ec2f2d8df416c867ef8b923e5f5c8fbf125787d412dfff458401f247f2482cd60702ad7c3af5aa28d3c5342e73ebe8bf40adf61f640d6cdd985252b9e971df826d5c18a025014027e9843ec8a2ce823b87a53f17675d3d932a3b2d023ff4096d27047b96a7ca519d79d4df5e38b527700c667e2096686fc9a78bdec48176cee0eb9854ad131948a37949457b669974f980b737873f93574f5720324c3c7bcef734b808d69a3f67b96863725dc72e6b1512217db1e34c30b46ce937dd785b8471b2c64a35bdc6e7ae5a9c6aab961ee793bfe731a432f9239bff586b9168f89bce1995dd03c3e48b1c2ce872cb4a17a9d560f057467c6bd269a457dba924241e027f17b48afd87de5034764ad10b170829c9b974027ee93f41187a88c60b21943a931a60bdefdb98472a1a70be8047f3f24bb76f998fa40831053b72ccb0b4d6ceb97c2cb83e70b2ef8af0194e69cb797237c538e885cfcc00cc2a9f9582601eee12f396526e9f993aa2adc5bd891f199e4857b02193d79ecd42cf798bddeae29a0fc12f3eb418ef9b63a530ef9316f6672ff28ad08d74a2d2cadf7c08949006928d643cbb357b7b00ea50dcccccd9d67e6914e2712e0c757fe299e9d3e0431d6b793fc21d8b830a3421fcdcc90af959fd824381d61663811d7191995463a697788a2f3a5f683b2aadddb0e7a024f354dfb5dba7fc5389131afc28a0190f0220834ad220b98b39c6ab176d31c76d6958e74e322340f7e810948d1c48131d6de99cadaddc7c221b2d4dfb904975786589ae35b4badda83ad3f1b7f7547f6f204a5c21557bd76b769ab98ed84fa0260aaa680adc95fdc031d0fb7e83ac875ed01566a164532dfe4e36bb8b5f69fff11120304599c8a8326de41e3b94f4b805b5f621a1f6d4eb173d00719376feec76c5a9224705e0944b21f588eeb65f1a61729864c34892afd2cd9c8b5708a71ed616cc8e38cc7ba418730ea53c18531cc0d547fe82e5ab8a3b80a9ee54c1f7218807b32ad1f85f5885fa4cb2c000c05e40d9da4596d7f095f05e06fb66b70dffedd8a01730c1b77af2c08a81cd0ffd241bf3eb8898beb1423cba437c7d6e8668487b1833a5c7840306bced33954e4aa922f2da0aae9868e106df966a31f7c8de310501a883de510e7545b62da56622b16e1434a34313b77ec13356ffda2ac29e9618f6aa4c789cf7433de03e106a8173c5450d2980bf6692849f820472c855b89f67fade1f1667d1163e904e3614257421854cb34aa657b784cbb40f39ac537500f9a841d8108f638f1f6e05ad0543aea14d94639f74bd1f05fd1080780804c8e5dbe5d029fc30187e9fce68b5f69e2a7ff405df82ce1ee943b2adb05202d5dc3bda748f5533073e62d94decbdcd4dd50b6aa2c3eb013614717596af57f0f0537436400a3720a77d0a9231d0dae3bfa290f46b2d7c6d7dedf56dc174d2aadcc9fef271549d7b2fe04eb13a2516664166ab66e6927267e40f8611f00f2f711854a37cef5d4d2f6e7e4488fd08fbca4b2c85c97e8bd8be3dba49a0f393dd8d0746a5c2f4ea7eea0f0b08d54e52287b44d2a1b79c407d6d32273109e9f7ab4231efdd1d2d5b5ca3005e7a94330f21badb72258803a78bfb9289ec438b8bde7f899edaab348267058300f258bc6c078d2bc3964a55c99753e8fad929d9fddefda56ab94bb69e3f35717e50d5f98e03248f6399fa4186357c292f66b45b59c71ef68f3c9f254a784a77515628d0e94547badb9231fc1585291e1e7b624be063bbbac39bb58deac9cc96823666fe85") r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000200)='/dev/amidi#\x00', 0x7, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r2, 0x80845663, &(0x7f0000000300)) getsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0xb) 03:26:50 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 03:26:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) [ 2920.345741][ T3997] binder: 3982:3997 ioctl c040563e 200000c0 returned -22 [ 2920.379973][ T3990] QAT: Invalid ioctl 03:26:50 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x8, 0x40000) ioctl$KDGKBLED(r2, 0x4b64, &(0x7f0000000040)) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:50 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x2, 0x0) ioctl$SIOCX25GFACILITIES(r0, 0x89e2, &(0x7f0000000180)) openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f00000000c0)={{0x2, 0x4e23, @multicast1}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x54, {0x2, 0x4e22, @local}, 'vlan0\x00'}) [ 2920.467815][ T4001] QAT: Invalid ioctl 03:26:50 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = dup(r0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f00000000c0)={0x0, 0xa0, 0x9, 0xfffffffffffffffb, 0xff, 0xc2c5, 0xfffffffffffffffd, 0x6, {0x0, @in={{0x2, 0x4e24, @multicast2}}, 0x1, 0x8, 0x7, 0x0, 0x1}}, &(0x7f0000000000)=0xb0) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000180)={0x1f, 0x202, 0x6, 0x101, r3}, &(0x7f00000001c0)=0x10) 03:26:50 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x80000) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:50 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 03:26:50 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400181, 0x0) ioctl$VIDIOC_G_PRIORITY(r1, 0x80045643, 0x0) [ 2920.761236][ T4025] binder: 4019:4025 ioctl 541b 200000c0 returned -22 03:26:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:26:50 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000808912, &(0x7f0000000140)="11dca5055e0bcfec7be070") socket$inet6(0xa, 0x2, 0x0) setxattr$security_capability(&(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000140)=@v2={0x2000000, [{0x20, 0x6}, {0x2}]}, 0x14, 0x2) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r2 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000340)="d1f7977be36243adce5a9b3a5352795df19e8c4e6ae5296aa3f043607b184ed65348cc79bb0eb893c53bb15e163c81d8a4f8d5a2866742bf07d14fed5419556322d161e203b63ca6332607f98e46057d0f097d1c5b273515bf522319c242fdbb8c7b423bef955b96e8337185ba7560e25b4760a1c4363f3d35ba3f9f0ec26165dd729ee9a99788c15bfdb064bf2c807cac2613b799b811843f3c", 0xfc17, 0xffffffffffffffff) add_key$user(0x0, 0x0, &(0x7f0000000480)="0ae4d3db0547d1471076611887dfdad059884913d90261017b56aea58fe107e30afa9637eb29bcdfda86dfd49f570ddfad940e1537257600d392bdfa61c5420cbc33346e0c760d4511a4ae78abf66103f05001dbb6074a61e7f5bf7b89eac8d1fbd88306a6e95b", 0x67, 0xfffffffffffffffb) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_ifreq(r3, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16@\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x00\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00'}) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r4 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1000, 0x41) ioctl$BLKRRPART(r4, 0x125f, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, &(0x7f0000000080)={0x1, &(0x7f0000000500)=[{}]}) sendfile(r1, r2, &(0x7f0000000200), 0x3) listen(r0, 0x7) r5 = accept4(r0, 0x0, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x101200, 0x2) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r5, 0x8907, 0x0) ioctl$KVM_SET_PIT(r6, 0x8048ae66, &(0x7f0000000400)={[{0x7, 0x800, 0x3, 0x179f3f5d, 0x7, 0x7fff, 0x294a, 0x2, 0xe00000000000, 0x1000, 0xfff, 0xafd, 0xea8}, {0x101, 0x80, 0x7f, 0x6, 0x41d800, 0x9, 0x0, 0x1f, 0x2, 0x80, 0x8e, 0x10001}, {0x100000000, 0x1, 0x8, 0x9, 0x6, 0x7, 0x7, 0x8, 0x79babbf4, 0x5, 0x401, 0xdda2, 0xffffffffffffffff}], 0x27}) recvfrom$inet(r5, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) getsockopt$nfc_llcp(r1, 0x118, 0x2, &(0x7f0000000280)=""/43, 0x2b) ioctl$VHOST_SET_VRING_ERR(r4, 0x4008af22, &(0x7f0000000040)) [ 2920.825613][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2920.831451][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2920.837384][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2920.843172][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2920.849073][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2920.854860][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:26:50 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x800) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x60d, 0x80000) ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f00000000c0)={'erspan0\x00', {0x2, 0x4e21, @multicast1}}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') sendmsg$NBD_CMD_CONNECT(r1, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x210000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x80, r2, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x126}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x200}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x81}, @NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x94}, 0x4000) 03:26:50 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x200000, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000200)) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x26a99a17, 0x1) r3 = openat(r2, &(0x7f00000000c0)='./file0\x00', 0x109000, 0x54) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x7, 0x20}, &(0x7f0000000140)=0xc) link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file0\x00') setsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000180)={r4, 0x0, 0x6b9, 0x4}, 0x10) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) readlinkat(r3, &(0x7f0000000340)='./file0\x00', &(0x7f0000000380)=""/129, 0x81) 03:26:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) 03:26:51 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) [ 2921.157200][ T4052] bond0: Error: Device is in use and cannot be enslaved [ 2921.284307][ T4047] bond0: Releasing backup interface bond_slave_1 03:26:51 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f00000001c0)={'syz1', "fabf009b2c430ea6011d35bd7400040000000000009eddec90f4fa24578489e06099554a8cf05d661e67bc1509465efd4453f68fabdea3f6639f1a36a4fdad18678d8c8ce214e1461c96586e8a524fd3904a9be72f16052bd879b0983a53729a8576e872"}, 0x68) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f00000000c0)) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:51 executing program 4: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x10100) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r0, &(0x7f00000000c0)=""/4096, 0x1000) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:51 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000100)='cifs.spneg \xf9\xcda\xa6+\xb06\x82\x9b\x80\x12\x00', &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$negate(0xd, r0, 0x476cad76, r1) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = dup3(r2, r2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3c, @broadcast, 0x4e21, 0x0, 'sed\x00', 0x8, 0x6, 0x26}, 0x2c) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) keyctl$negate(0xd, r1, 0x0, r0) 03:26:51 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) [ 2921.626254][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2921.632884][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:26:51 executing program 0: r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x604001, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r2, 0xc10c5541, &(0x7f00000000c0)={0x111e, 0x8, 0x52f0, 0x0, 0x0, [], [], [], 0x7fffffff, 0x7}) 03:26:51 executing program 5: pipe2(&(0x7f0000000280)={0xffffffffffffffff}, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000380)=0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r1, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x2202, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000180)=@assoc_id=0x0, &(0x7f00000001c0)=0x4) setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000200)=@assoc_id=r4, 0x4) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000000100)={0x40, @tick=0x8e, 0x7fffffff, {0x8, 0x10001}, 0xfffffffffffffffa, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 03:26:51 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) io_setup(0x9, &(0x7f0000000000)=0x0) io_destroy(r1) [ 2922.224215][ T4052] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:26:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:26:52 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000000)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'L+', 0x7f}, 0x28, 0x1) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:52 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 03:26:52 executing program 5: r0 = syz_open_dev$swradio(&(0x7f00000001c0)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet6_opts(r0, 0x29, 0x712a6c37d87810b4, &(0x7f0000000200)=@fragment={0x1d, 0x0, 0x6fc, 0xfffffffffffffeff, 0x0, 0x2, 0x64}, 0x8) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x6000, 0x0) ioctl$TCSETXW(r2, 0x5435, &(0x7f00000000c0)={0x5, 0x4, [0x7, 0x0, 0x7fffffff, 0x9e, 0x6d], 0xfffffffffffff800}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={0xffffffffffffffff, r1, 0x0, 0xb, &(0x7f0000000100)='/dev/audio\x00'}, 0x30) r4 = syz_open_procfs(r3, &(0x7f0000000180)='cpuset\x00') ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000240)={{0xa, 0x4e23, 0xe109, @remote, 0x4}, {0xa, 0x4e22, 0x9, @ipv4={[], [], @empty}, 0x5}, 0x200, [0x0, 0xe305, 0x2, 0x9, 0x1f, 0x9dfb, 0x7f, 0x8]}, 0x5c) 03:26:52 executing program 4: openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nullb0\x00', 0x4000, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x2, 0x4280) ioctl$SIOCRSACCEPT(r1, 0x89e3) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) 03:26:52 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x5, 0x8080) sendto$rose(r2, &(0x7f0000000080)="0be7804523cdc8f5df1dd3cc9788a1a398260ccf3b6c39855ce570b38cf6060bc62cd0730c", 0x25, 0x40010, 0x0, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) getsockname$netrom(r3, &(0x7f00000001c0)={{}, [@netrom, @default, @bcast, @default, @null, @bcast, @netrom, @null]}, &(0x7f0000000100)=0x48) listen(r0, 0x100000001) r4 = accept4(r0, 0x0, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000100)={0x40, 0x1, 0xc5ea}, 0x10) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r7 = syz_genetlink_get_family_id$net_dm(&(0x7f00000014c0)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r4, &(0x7f0000001400)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x14, r7, 0x900, 0x70bd26, 0x25dfdbfe, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001440)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r3, &(0x7f0000001600)={&(0x7f0000001340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000001480)={&(0x7f0000001500)={0xec, r9, 0x12, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x34, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xaf}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xffffffff}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x9}]}, @TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x88a}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_WIN={0x8}]}]}, @TIPC_NLA_MON={0x44, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x96}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x100000001}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x349a}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfffffffffffffffb}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7ff}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x400c1}, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) dup2(r5, r8) dup2(r8, r6) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f00000002c0)=""/4096, &(0x7f0000000240)=0x1000) write(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f00000000c0)=0xfffffffffffff7f0, 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) r10 = getpid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r10, 0x10, &(0x7f00000012c0)={0x9}) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:52 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f00000000c0)) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f0000000100)=0x2) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) sendmsg$tipc(r1, &(0x7f0000000240)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x1, {{0x3}}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)="cc408e8bcb36825ffe6f1717f1e8c612e4ecd65b2c5df7b9e268d13df81b29254df95073d82d0f20b8450b95b8ba6efffb6ddb171a30af30e03e2792ceeb5fa5ae08a49e9066deb831591114f10bb1962e011ebb3d5d621537efc6ac0f076750101ccff2d4f55d65a02c", 0x6a}], 0x1, 0x0, 0x0, 0x880}, 0x80) 03:26:52 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff", 0x3f, 0x10000}], 0x0, 0x0) 03:26:52 executing program 5: 03:26:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000000)={'eql\x00', {0x2, 0x4e24, @broadcast}}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip6_tables_names\x00') ioctl$sock_rose_SIOCRSCLRRT(r2, 0x89e4) write$P9_RUNLINKAT(r2, &(0x7f0000000100)={0x7, 0x4d, 0x2}, 0x7) ioctl$KVM_GET_SREGS(r2, 0x8138ae83, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r2) r3 = shmget$private(0x0, 0x2000, 0x204, &(0x7f0000ffb000/0x2000)=nil) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, &(0x7f0000000040)) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000380)=ANY=[@ANYBLOB="060000000000000002004e22e0000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000300000002004e23ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e22ac1414aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000097a38fbbc6992c1100"/528], 0x210) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x3, 0x5, 0x81, 0x0, 0x0, [{0x1, 0xffffffff, 0x9, [], 0x800}, {0x1, 0xfffffffffffffffd, 0xb59, [], 0x6}, {0xe3, 0x7, 0x4, [], 0x8}, {0x0, 0xffffffffffffff81, 0x2, [], 0xc5}, {0x6, 0xff, 0x7db, [], 0x1}, {0x6, 0x8, 0x6, [], 0x800}, {0x1, 0x0, 0x2, [], 0xef59}, {0x7, 0x5, 0xeec, [], 0x80000000}, {0x10001, 0x3ff, 0x60000, [], 0x2}, {0x6, 0x3, 0x1, [], 0x46}, {0xf6aa, 0x38176e26, 0x20, [], 0x160d}, {0x4, 0x0, 0x5, [], 0xec}, {0x9, 0x7ff, 0x3f, [], 0x80000001}, {0x65, 0x70, 0x9, [], 0x3ff}, {0x6, 0xfffffffffffffff8, 0x800, [], 0x43bfa6cd}, {0x80000001, 0x4, 0x3, [], 0x7}, {0x6, 0x92, 0x8, [], 0x20}, {0x2, 0x100000000, 0xcd9f, [], 0x5}, {0x4, 0xfffffffffffffc00, 0x3f, [], 0x7fffffff}, {0x7, 0x1, 0x401, [], 0x7fffffff}, {0xffffffff, 0x4, 0x6, [], 0x3ff}, {0x8, 0x678, 0xffffffffffffff18, [], 0x7}, {0x80000000, 0x5c, 0x4, [], 0x3}, {0x81, 0x63, 0x67, [], 0xfffffffffffffff9}]}}) shmctl$IPC_RMID(r3, 0x0) 03:26:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:26:52 executing program 2: r0 = socket$inet(0xa, 0x801, 0x10000) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r2, 0x4038564f, &(0x7f0000000080)={{0x0, @name="11965fa752404dbaf556aa0415fe762997613ec6d526579c804afb36d38b2be7"}, 0x8, 0xcdbc, 0x6}) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) ioctl$SIOCX25SCALLUSERDATA(r3, 0x89e5, &(0x7f0000000380)={0x800000000005e, "9b49ebd00ea5c54231ee74c5b32280b31e2f25531ad1cd86b0a518e1dcb8a30a26484437df021c7622f26d859121f3f5442865e48a5f848a5c8387d3d605a80e90ed773f7a2d975e166ac46ee2cc7b134d45d0630e01f35c4c81f3801a4eaa574585a9fafa69f57c5a3a6670eb726eece650344edb65f2990f31ee00"}) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000000)=0x401, 0x4) r4 = syz_open_dev$amidi(&(0x7f0000000300)='/dev/amidi#\x00', 0x200, 0x400000) ioctl$SCSI_IOCTL_GET_PCI(r4, 0x5387, &(0x7f0000000340)) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @empty}], 0x10) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x101005, 0x0) ioctl$RNDCLEARPOOL(r4, 0x5206, &(0x7f00000001c0)=0x3) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$UI_GET_VERSION(r5, 0x8004552d, &(0x7f0000000280)) 03:26:52 executing program 5: setuid(0xee01) r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffe000/0x2000)=nil) shmctl$IPC_STAT(r0, 0x2, 0x0) 03:26:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:26:52 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x1e) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0xfffffffffffffdba, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_nlink(r2, &(0x7f0000000180)='trusted.overlay.nlink\x00', &(0x7f00000001c0)={'L+', 0xffff}, 0x28, 0x1) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) writev(r1, &(0x7f0000000140)=[{&(0x7f00000000c0)="b76bd14202015e6c097f4d55bbdc70f6d42fd023cd00afd81ed418ebd3736f5ae632d0b42a77663a0e6c3c82714179583d83d239f6569050afccacbad27d6ad2a8a124367abd2b8db2930a455bfd3df08b4f14", 0x53}], 0x1) 03:26:52 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x100000000, 0x2200) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f00000000c0)="62d96b4f27c401489131301f9b0d9fea87f583dd32b8aa1666df0cd941ad7c76a9e5bd26a3dcda9768c739287ec58e0833e42d95a9398104b2b5a821779ebd50a42f986608b41d22816998c278ba71a5b4c7fe1bb52a17862cda547b3e5144e5f71c3395b869a9f785bfc4f4242a229946076d0305da108945ed4befa1098f88f1b7ed5b8c7573eb82a67f1e25ae25f81d9ba1c21b37ecd9ad62669445222ecf88a3488344682ef4535729102d73effb95b13d3f24646a1387a2d7a0c6eafcee6812065fe8a4f648900dcf1b0f1ad512c6e52edef5afec4980ba53f3c72bd96eab07d41afb984cc6a12b1ef58053160d14e96a38747860a0f0a1c67be2f9e8d89bbc4fd93fc475be55c85f7bc6e21d8f9a9d5e8c34b7fea1d5e914adfd6ca628a31780ed24be3c505bcb107de08d55d5c57dc4ec978e344fdbe0f864cce81bf2eeadb49e19b723faa1d60b47ebed74e48694e59f3a20127b5d27b2daf4231b2395147d40d1f1992638b3d5a5bdfe82091ef3ea05b219e52be9d3a3cb0b52f0780ae1982145abee6366beb93eeea623bad617ac32dec2c8c8d7c13d2dc7dde1a1f7a964b6be5d9d1f3efc407aa998e9b8e673a333932c5b3bb49320b40c16d42a4309c3c5bba57496fcfee6545d3291467a4f7141b04f4d5150607973f2575618808cb5df1926294986de6d4fdf008a0435b349047581c7fdaf6b8791007093feb9d50e3513192f343d163d3e3e0b388b5c188630c6889ddbbec8898288b90eb3b713c1ec8fb73dc265c9f26c2c5b851bad07cfb584c74df716f4f721219678c310a20c998e15ff959d08b8322ce67073a3796053d2030242d46e27270e320dd7bdf1e40d633c69a4ad8e464de8930ea31818f1aff87b070006458c165239752ceedc198ee28cb04df223fb2191995b245d3776425ac6b0a1180fe030dcacf7c7e96e7db5e7fce549316f83b5e838829668f5c41ae1d5e4caf993777ecbee7ee0d41a085c9d3c23e0fb798745df2eb01a32b00dc99fcb2eba8347ee885eedbb83fe68abfeb6243bcff8cf7f9f22185074b4214fd1160500d7aced73b3720dd013a77d378d6da4751a55d87cb504ef6b28aff71432997e2cb7d614b704293af9a19e63786fd5bcd12de98de3989d5dcbd598e5f1b69c7c00bd7cb9bdba9706ca31238122ca4dd08def2334e9777538a38cad7bdb8011efb6ef3663849b2b14be0c2ff3539f1748c1570b34eaed0a2cc2a7751c7e18c561dd3e8ec13c43ba8ebbb2ba9905156e34cb63cc16c26ca4a80f3aaab3c8b11c16dc8c2eeb87c809ac8c4ad112d690f97ec151772356cb1e51907d5ccf0db8d6fa784271e34a77d9035b17aae636950b7bfc1c7dcf39357c4ef89cd3bf1fba7682670cb39e449298d0a6bafbcad152758d2e95793d85dd2e81a7919aab9a8ac07fec129135fd467c03ba481d18d80d2fb4243ed4ec671c4b5bc6b6864bb1cab9c8e02aad758d88cbd91aae3173bccfd80e1428b6bd691437ba8174f110a428bf230e218e6200d6f0f3764c624ec50addc6c5879ce9089cba220affe56c85984c14cd3c5aabc6e9e809365d61bbb0ef994123f30574a1c2a663a01b25b6231a28b4247f2094b772a718df7abb36080dd003244308812d699f3fa968ba8a4e89ddbb2ce158c338e4031c6b20ddb64c57c71cac7994e71db3ae7a1f30c43265a893fbc095c09f4b65fe2c294e6f40dd71f4409e25d1b731320be7a674309c952e11137c02620ae58c6ef27ae678ed4d014626d05a2fafc0d52cf3f504f2720d2c19252e47a4596e62892649910018608286a6c81e8215eae57fff9a233de233bae3147e1ed24b6a330bca3b9ad18ea74e06dda8dba335bb6cb67bf44c5f3e3c5c9a06c89870a445c801f23e7fdc9c0e5b4dfaf306f10e0222ee40682a6eb11fdc10dd9e71740f9d7aaa8a35b17d1cfaf23cc22f2315d660cad95431e65475ee4a6dc5f8fa08bd79cbfda0053e7e9d26f9d7f9e20e0d032d54d073ee7760adeda589d1c1a0fcc63bc56f6971cceadd549b5a6aaa5016423bae1da6a9199bb9365e477d0ce3dd188248c86d864f2318d27df15553cbc9ab8c5691c1d49e6aee58a3d3d17e2ce60dfbebc0c69a610d36b20363dd77481924768a347e2d249a419e6a1823b3fe45b777ca81b93dc716c80206aada77a66bfa258db319a4a5610dd0377cfee93a01cd8cc4e8da17450974783f35df31fcee0b81e78203660f5af1491dd16eea5c79e7c8533d5d36ef173091b2e9c99b41d6f5827449a983d92b7727cfda3a0d843bee547e26a888864347bf4f90351c725ddc2ce9d67041bcfc2ee6b4bb1cecdd99a25f2ca4f30263591145c65882eeafb772d1b0867e14f64f23c6e51ce51b71700dd91e4846bf50c525b8ca6c4e585d8a0562f6e87a6856387075a0b028a705fbdc2c23b754040ad44ca8d09f6b7112587fdb29ac6889ab064632fa3116d57360801e346f703b8fd473fb29a6f71487ae14769b2b6a2f54eb5bc08fbf90becf0b51097aa7a09e0adbe6996587c59c47e5636b2644a1e902f97b7195016b6f3745b66024badc6814e53e7ec4771a23baf2330097ac8f4f47e19ea28a53b1e29306d497f0d9fceadffca7f39044a1c8190b39bcf44632622862245daad81810409b45580b9a933a84f18bf9ae75a358909926d3d37dc1cbc6697701a2630f54eebec71037b3110b134ba47ced9163f78f12540f16a8983f61a2956de0cd211b5e53fc3ad3a2c4fef0935d7f13e00feb0d7f7330c85eb0712d01e502c8a70ac0cd6d277f0c801d2ce5723362b162e04bbddc5ca70577e93a5880c396169698667acfd14ad8c9b1a708492c4009f41424e2778dd4eea75de89c3dc11885fa6897104de9d9e6059d371a3140f71afa6ae0d5124600262050b93ac41245e0e293a87a6068ab3393cbf00c1acbf862ea553639e2d20df1e68e7bd2023ee25295f6470ac8ed1fc15e46f05c7d93a20667caf9fbb87d5ecc6e062184209b120bb3f79f0ed183033ead84f978f0642a08844fbf7c3bc1d20c253f389b91c1c375ad5ede5a5e26ebbcae9406d43ae1b63781940b42fa3faf923a1a20650494c14d5b7bbf7177dba74d73de885692334857a96963f254d571847c269d2967ba2c5a4ded9427fbd4f15771e737b475c03592fec37d1daa9910557dc2da291459e71dcd4fbde45f3b884bf97a4c936ac58aef9984481deca081d057dea7f62b0f125cef108595f050ab1c3566adaec1f58b85d453c62115b0dfc2606ef3708aa6e0a842a26fdbb13e6ab77a245a8e866ce2e44c54a500f93b91589c1c77f7534cc62a79bfc897b900067c62221e4f45fe688849aa7df51e3f894b2c8e9bdcb83e236196269a054dc1f7066c0d11fc6ab90099d1503f85713ca948e09686f3f461f92c73f48705339be58ce98d531eda10863a90d119d08e5ebe974bfddce773dd6c0ae8632812169130888f24f91d0df72405ef2395cbaa34cfee7fd507ea7bf0de2070baaafe37ace10c17b6aa8fb56068a2fea67e2e4ecfa86f183caea02b766398a252b23be5bbd1c36788d525cd90467981c4dfd0386f5130e339dcef29d8a55811b4e29b1a2773249456ce3a54ab22f26cda1d050821190acda694af93c3be328f9421334895bd60e08d5366a3ec5843898e5f4b375944e2a0b47ddb511d83797db2ce74d243145a094324c0239356bb3f9da23f248eefaed94abe5b115e8362f1e0bbcbdff8258ee863a8cd1cb0581dcb77fbac4c4de818562647d50eaf9ae32c79ca9fed1c703d14d1a3a0beedc4e481aa2d69d7408ccb1b6460555dbc621c30d8dbe2bead201dde3c5a5a7b15e4d3d4e25fe08f755e9e8eb1a81ab81f03d7fd8f31674eae727d73794ef74ea5f863702f36e5bf09b8074b50523c5179d61501dc01dc55398c56041e11e982e2ade52dad95ac7b944e0bdd88eddab98fdea2f5403556ace0bcc50f6c906f2371304fc274a636718babef4b328036f5810570e0010219daf9788af2045a0a70c956bcf60db2cccd58eb3a23bab668c08a0a25934772bf87c0a53d5ded48e8a0dc0d1cfdc5cfbb1554146b38b13a50cf36f045cbc4329290d0ab241587f880519ce358b6b702d17cbeba86fcdbd33274fd599ac03b53adebb704623db1b4ce41f194e737d27ac3db7e750c5a8bc8f6ed84173da44a41e76adebceeee3ab3a553c545acc6aecefa2147f84cac791813989e777bf96fe7aca2877bcaab9fad13d4b9b9d4273c14a3a3f8f75314f96d425948d16b57f7346980a596a1949f6e2c4dd7b366e61aac8f3b13d0d854e00685c7eeec964955c0ac3eab1cdd30d7a6fad1dd95cdc58a0ce08a7cce3c9b16560b5f0192a0096c73dee35398c3a6f6c136975d2303175e2f50e8826991c7a1a48680d362f90fa84897879e1c53c3f9df83f807048cea7217ab2fd9f1897739dc71c046341ed1e061eae28978a9c107eb8efbf2285c20e8ca3ab3aadb78cba9368c440fcf73edd7ea4b66391f9b135042761fcc40e2281f878b062f99a517bb8c06ebc56a129906464c07efd97e507e4cec89444056db468a6675598c9639ac96c504d728368c8279adf347d6e0af544734c3f0bc43f2f51c33f98a9fd2f0f375bcc36f9de54df2dc02c014350b24b89a2b2f1e2d531585610ca90d71b106f5f5cbe9b0f4e33fc2fc6a3d5b31ae14af3a829babc1c179a8364f229c4aab8ed8f15f1ad4b5925df7f15a8ffdf941b6ea0ea5b0576502d0405133e79c5ae313f83212af6d7324df183b848974d96db0d98b26682eb88fa6a554c42bd5a9fadcb0d39912d7a9f9cd20c8c38bec9f01f507a900e3f095f6937817d3768e79c4db413de10f0063095d2201a4342c34ce7d26b4a6559bcbc6809fa3b8a452744255cab802012af1d4299bdf0e4bab6df6925fa32de2f8e168d869c15ba01c5b122f8bcf1c2279890b1b0dd81b36207ea11d322ce762e830deee8f53f56caecdd2bc8287bb311d8b7c7e46a207eafeeddd83a5c1b7ae5856d4b7c8b6b78135209097ecae88b0475cd19d566ccbeb66fc5fecba9b49912e5cbb910dbc1eb235a8dd282dc2d3201226ba306054d8d79d66f64b3cecc518d3a8ddcf719a955386500e3b232d68ed82c3bdfa05aad1d87e3def83812580ea62d45a3f8ca877985a4d2d4eb75e521555c501e56751926f48b2dad182aba477a7a56e84d900533f5a293b174b13080175919f620656fa260e521fba9d77d53e33047a678d73ea279dbdfb6f21ac3479b894db6ec9372b56c0a5373b354db10905b6dc4641470ee83d34e5306fd164731717b2493a53a4e419c51c1a1b19ca0e4bd6aaf4e6488cc51299494b53bf71f6315b1db6d8dab92f8b49e123fef9a68772ffb49c05d1a93784a3059810acac7c196befdbfe14bea75ab3710fe3d838ccf09e371727bde22577fc350c827f9f21b965e93d0bbaaf65881657326f6286c3dd5619b04c944e62777057e9c0f9b034b5b9f6cfab735aa9899274c6d64f5d861ad5d8425b1154de4a3043e4784d0e30de46131c3cf6e5d2ca0861dc8939f9fed6163ea91bb6732fbaf441b2c2e1c6792c3a026676349050399cdf2526f0c460677861e0b3393e9781f16518edb02642b257e493a311fc5f000b6ed4fa48156331473b80c38e630000ba81e80ece6089b2ff83fc0f05d3fa873e2aedd96fb455080dab2b600dca335edda15e58fc29cb725433ccf68b7cb8f9e0166ffff9150cc2f8dcbd5a907e0ca3cd9eabdc01fad17947284f7b141d55a57b36653c3d8e", 0x1000) 03:26:52 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff", 0x3f, 0x10000}], 0x0, 0x0) 03:26:53 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:53 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x8000, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = add_key(&(0x7f00000000c0)='rxrpc\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)="719fe6593f1bfce4bc21abd8a1715de9d50e0012355579e0ec9d190064ba34018fd2f2e8ec85c3fe080aea814073f29b3fc9b0171ccda65c0ef023bfffffd95ed3cb2bf1a07f1068f6f708bf54f1088617bc28bdf486cadf42607e6a7eea2f588e24b7b7027c270202d5c7ec2f395833f50301ee836f0efa4916bd4c6636ef89a4b553531523d852071f995b889120776eb9a9abb988480de76e8a3ef41b221d40396de067e0625e57a4e9b55f97cb1d7b4fcfafda7388b44143246fa6859200375da4c0f262ef753324353946", 0xcd, 0xfffffffffffffffe) keyctl$clear(0x7, r1) 03:26:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:26:53 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff", 0x3f, 0x10000}], 0x0, 0x0) 03:26:53 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x200, 0x82) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f0000000280)={0x0, 0x8001}, &(0x7f00000002c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000300)={r1, 0x3ff}, 0x8) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f00000001c0)=0x96f) getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f00000000c0)=0xc) write$cgroup_pid(r3, &(0x7f0000000100)=r4, 0x12) ioprio_set$uid(0x3, r5, 0xe) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f0000000200)=0xc6e, 0x4) ioctl$KVM_SET_DEVICE_ATTR(r3, 0x4018aee1, &(0x7f0000000180)={0x0, 0x0, 0x7fffffff, &(0x7f0000000140)=0x9}) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) 03:26:53 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x14a) ioctl$VIDIOC_G_AUDOUT(r0, 0x80345631, &(0x7f00000000c0)) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:26:53 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) sendmsg$sock(r0, &(0x7f0000000340)={&(0x7f0000000040)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-serpent-sse2\x00'}, 0x80, &(0x7f0000000100)=[{&(0x7f00000000c0)="64b083846bb12faa8ea6b4112c1833e68cd6ff13fb4565de8b1d1da888addc135a6f08259911c7018293502a", 0x2c}, {&(0x7f00000001c0)="add3cb53ed487f95df745fdee089412df5436467d81126895c7510055ea747c9bfef8010604ce6b9a0634ed865df006be260d9ccf2ebac93dd79aa1a36e29f033f47f3384037af22a69fee6a6df80b4d3ad795a0d50be2c625b5eb180bb67ad23cf1bc74b71fdfe7822912d7dfbe242e8ffe0cd75a7e7be1173e36585509aa50cf8dcd26e9e62cb4ba201f82972feb9f6977b1cb8fe665784edd1fd6e5d8432131f5da82925270d106fe380bff8a74dfd91a6a04bb26c0bbe18f2a60f8d52f0612232413f8c42fbefd41b5781abc752f6b9ef860c77ad5d3cde88360e7252d457cf9ea60289d", 0xe6}], 0x2, &(0x7f00000002c0)=[@timestamping={{0x14, 0x1, 0x25, 0x80000001}}, @timestamping={{0x14, 0x1, 0x25, 0x800}}, @txtime={{0x18, 0x1, 0x3d, 0x33}}], 0x48}, 0x11) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000000)={'yam0\x00', {0x2, 0x4e20, @multicast1}}) 03:26:53 executing program 5: r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x5, 0x2, 'client1\x00', 0x6, "fe4c22d889239614", "0cee0892ac0a3cf498b20b14ae69f57906f9936fd28f299bf704bd4991b47eb6", 0x1, 0xa8}) modify_ldt$read_default(0x2, &(0x7f00000001c0)=""/236, 0xec) set_robust_list(&(0x7f00000003c0)={&(0x7f0000000300)={&(0x7f00000002c0)}, 0x2, &(0x7f0000000380)={&(0x7f0000000340)}}, 0x18) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x800) fcntl$getflags(r1, 0x3) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000000)=""/3, &(0x7f0000000180)=0x3) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) [ 2923.534549][ T4195] binder: 4190:4195 ioctl 4b45 200001c0 returned -22 03:26:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) 03:26:53 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f424852", 0x44, 0x10000}], 0x0, 0x0) [ 2923.590786][ T4195] binder: 4190:4195 ioctl 4018aee1 20000180 returned -22 [ 2923.677669][ T4205] binder: 4190:4205 ioctl 4b45 200001c0 returned -22 [ 2923.728125][ T4195] binder: 4190:4195 ioctl 4018aee1 20000180 returned -22 03:26:53 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) socket$alg(0x26, 0x5, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:53 executing program 4: r0 = getpgrp(0xffffffffffffffff) sched_getaffinity(r0, 0x8, &(0x7f0000000000)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:53 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000140)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000180)=[@in={0x2, 0x4e20, @rand_addr=0x3f}, @in6={0xa, 0x4e22, 0x7ff, @mcast1, 0x400}, @in6={0xa, 0x4e21, 0x281, @empty, 0x5}], 0x48) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:53 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x14}]}}}]}, 0x3c}}, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:26:54 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f424852", 0x44, 0x10000}], 0x0, 0x0) 03:26:54 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, [0x8, 0x2, 0x7ff, 0x1000, 0x7, 0x923c, 0x3, 0x3e, 0x0, 0x7, 0x2, 0xff, 0xffffffffffff7fff, 0xfffffffffffffffe, 0x1]}, &(0x7f00000001c0)=0x100) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000200)=r2, 0x4) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) ioctl$TCSETX(r1, 0x5433, &(0x7f0000000240)={0x0, 0x52be, [0x100000001, 0x2, 0xfffffffffffffffb, 0x6, 0x1], 0x9}) 03:26:54 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) signalfd4(r0, &(0x7f0000000000)={0x9}, 0x8, 0x800) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:54 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000280)={'veth1_to_bridge\x00', &(0x7f00000001c0)=@ethtool_flash={0x33, 0x8, "2ce544ac75502e20ef31f8724670b46147c13abbc0b81fe0c8375f91e27b5a01ccf330ea0d5daa42b065919d87723cc8315022f3d23d6d0952910dfbdc73986f8d6cfeaec96e275ea285ee9be4494092bfd18241cacf50fb09db8ecf0eb4e90c90730fe1b7097129ceabd8177598d9e2bf1d51cfb1f28b391bf9d454f6f65bd4"}}) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11d4a500000b4fec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) bind$tipc(r2, 0x0, 0x0) sendto$inet(r1, &(0x7f0000000000)="916e88fe741d1fad519f0e44987a0bc9416313dacabec3d74eed52329527a757de46a30e67ddab7454f928dcfcc5dd15623c05b3bcfe310ed2edecbb1ac017e4addd81089c342bcfaf9decee4d7d876ebe3e3616360448d5b05ef7b64fde22bd1e903073992c14e6cc487fd6a17f594e822fbc6daa7d8c8ca7e787b1faa510c414650ebb493f7c88978862a130d7356f5137fed9c604a145af2346357b9e6d6d8c3a83242ed943785e8761f60aaf15bbca3f47203191236c6bf78a8c29c9c8c9a01c916606867db1baa2d503", 0xcc, 0x8080, &(0x7f0000000100)={0x2, 0x4e24, @broadcast}, 0x10) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:54 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)="34d8857d973ed62d3b5dd0ecbcc03fe0b21975f550381c3473cda09d66a6f485e73fb1da09d3f98e0a0087568d6a978afc5b8a8aaca536a0b1a6bd10cb7dac413fce9f1f87ff16a90e468700f0a08d7c08069cee646d27aa6013e3", 0x5b, 0x0) r1 = request_key(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)='/dev/binder#\x00', 0xfffffffffffffffd) r2 = syz_open_dev$cec(&(0x7f0000000700)='/dev/cec#\x00', 0x0, 0x2) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000740)=0x1, 0x4) keyctl$negate(0xd, r0, 0x0, r1) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0x40046208, 0x0) prctl$PR_SET_ENDIAN(0x14, 0x1) 03:26:54 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f424852", 0x44, 0x10000}], 0x0, 0x0) 03:26:54 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000600)='/dev/swradio#\x00', 0x0, 0x2) sendmsg$tipc(r2, &(0x7f0000000a40)={&(0x7f0000000640)=@name={0x1e, 0x2, 0x1, {{}, 0x3}}, 0x10, &(0x7f00000009c0)=[{&(0x7f0000000680)="913b17d74c0a13e970b07553959ee021f6c7135702092d80c70b99f20f3b1d074cbf67de3271f72a6815ca4ebbedb5bab7e8f0b09e8439594566a1f0a478e0d531b50992bd9e832e86a7ee0af1774962b40a037fe7d81af97c465fae6c2f5487a8cb913addb64bb350875f593e25d01776628b43", 0x74}, {&(0x7f0000000700)="7ec7ca8d1a986df858940901537d50046c288e059cee5748188fc1497e65caca3ddfb6c47463a5a323997cb463447a5bf5d11ac61523b699fcae6ac622bfa16bbf97b1c6f207d01177c73937a6aadbafbd0397191ca96697f4286dd8a0bd8f4666b938368890bd9c68457f24d35d4b12c1bdc2304ed5949172c3404250c7ae71a26441d1e1be6da037ad597161c617b1068f5d701629431610128f3e6e4cc408fd4738", 0xa3}, {&(0x7f00000007c0)="c6c0c66291cea5d35a2e28e297945d2c23b34f21e581ba0cf4f58651b2e4e42f1434f5848311ed4c0b534b2960d557409c1b81be7322e6da94da2d5d814857c75cb9c34300f15754da0074a6f8c9af61b22126d532c1f1cde068a9ec", 0x5c}, {&(0x7f0000000840)="e43cca6ba020df2a633af4072b2f3a3dda6ca0ee679547bc37a875232f7b7d07a52ef2839cd45c646d7ee862ed7f477d7a86be7d4b335b49e79cea476582085194a3c76fd1c8c0b051acf40641bc06244176aa42cb3fa5a95380e5baa193ff4933981b112e894e2f8002d801a76cb384cdb3fe3f5faee63c90137ff62757bf101311e579c33f4dc6f0490305daab251e85169cc1edc0", 0x96}, {&(0x7f0000000900)="04c3ff5298454a3ca8dc88e3b54a5cc29f7f6054c799c06906fca821e5f7e03692366c851115e67ffa9b9c1bfa3a16ac39f731d0632037332fc5f0ffa805b3b3d7b84304b551f4855610acbcd54b6ef0ed7d4aded3d5ddf5a87db08a5657f460815ac87f3febd9ea7fb96de53d11f463c40ad1beb68d1b8399f6825490d07dae9d943a6ecc1fdeb6bb41d2a47127055abbd7fcca1e866f7fef91a78e9f54443d877765a84c2eb3acce0d6648dd6d39ff324f3acfc5db46", 0xb7}], 0x5, 0x0, 0x0, 0x4000040}, 0x4000) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x800, 0x0) r4 = geteuid() getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xe8) sendmsg$nl_netfilter(r3, &(0x7f00000005c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000240)=ANY=[@ANYBLOB="400300000705020025bd7000fbdbdf250f000000c8000e0008009400", @ANYRES32=r4, @ANYBLOB="d885712bff951788817690150eb8db8b50297d066e41284696954be9f8c44f6cc0c8c3d980e742ade2b75757092b98183c0568cd38bf3316d49aa56b2dcb1dd4a0a5e8fa04f5f3039097dd0e3d48e2ad0949ef45eee8f5b9ebf01af241a4cb90234d2646640e071a44c82d356be1fdb974095a6b530cd093aaacb7099533443ac07b264005d68a7a0e4e3014b62904583a0013bcd274883b35d045e436cfa34c55c233de54ee18e50bb064391d64052d2908c5d1e450e241d7c92cb49b6d3df4537e395acf04006a002fb50d290f3d13c1e5dfc5d40513d07d151b7417f93762d1287a219c467489d704bc1bfcdd415a6c239a91f9a104c57342ca0afe42850300cdafc85d94637199bfbbd39e0041b8bbea2284351f5674c959b679c8ef4021a6bdd7b077c67cef9a2e96df2dcb1235074659f43523b7b34d310b1bb5588d9fb1ec768beb6ac15aec19543c126327b5b79160e3b62abb124d670621e5190aca02f58834c92001febffa917fe39f0362882bb701754014004600fe80000000000000000000", @ANYRES32=r3, @ANYBLOB="c65bdf9beea8509b5198658db62a958f7491752e0bf4430fa8e8bad9addc10df57966c00700008002900", @ANYRES32=r1, @ANYBLOB="0059d9bdf9dd629d3f9c37607b26d5d4c15c8375a6b21dcb3d411e8eab22846d2099178294f0fe5a7f5649cc12c18c71758ffb06fd0271f214fee0df072eed25bd0f97ca50f8398103e084d31e57426fa34c57777672188075610586cf51000008008d00", @ANYRES32=r5, @ANYBLOB="ec00440014009000ff020000000000000000000000000001532dc1838f274ace19e1594740cacb28fd9b6dce12cf1a6eb650f7a2a0e8416cdc48d63ba92ffaa068bd6a4279e14be654d4f22859ad7b834fb345f1d24e8af65f9302b25d38eed8378afea49b88aa7c9e1f4f7b64ac676fafc0d332f60f003dbbe32b241fc353ef0209409b3a83459b1bee181e97b0a090b8062218d92799de94845770ec70b1ed8a7f7f10d5d41955ea2eed529b8225545e4f6fd93054776c71acd60a0ae490673017efb5793a60e056e04448bb40b27b4d452340a3f7696617bd08007900", @ANYRES32=r0, @ANYBLOB="08005f0000000000000014006200fe80000000000000000000000000001a00"], 0x340}, 0x1, 0x0, 0x0, 0x4}, 0x4000) r6 = syz_genetlink_get_family_id$nbd(&(0x7f0000000ac0)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x68, r6, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x6}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x8}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0xc, 0x7, [{0x8, 0x1, r3}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x9}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1ff}]}, 0x68}, 0x1, 0x0, 0x0, 0x40}, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r7, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'ip6gre0\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000180)={0xe, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [], r8}, 0x3c) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r3, 0x111, 0x4, 0x0, 0x4) 03:26:54 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) clock_nanosleep(0x7, 0x0, &(0x7f0000000140)={0x0, 0x1c9c380}, &(0x7f0000000180)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0xffffffff00000000, 0x60300) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000200)={&(0x7f0000fff000/0x1000)=nil, 0x1000}) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40a000, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x200001, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000240)='/dev/cachefiles\x00', 0x28540, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000100)={r2, r3, 0x6, 0x3}, 0x10) 03:26:54 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f4248526653", 0x46, 0x10000}], 0x0, 0x0) 03:26:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) [ 2924.985610][ C0] net_ratelimit: 16 callbacks suppressed [ 2924.985619][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2924.997188][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2925.003054][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2925.008860][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2925.014695][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2925.020504][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:26:55 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x14}]}}}]}, 0x3c}}, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:55 executing program 2: r0 = socket$inet(0xa, 0x200000000000000, 0x82) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") syz_genetlink_get_family_id$nbd(&(0x7f0000000000)='nbd\x00') listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f00000001c0)={"22530cd61de84fa478b97c83e2eec82d152f1df3954170845f66a2c9c10e0bd56e3b58b8af2e41effab13deb5ec1d3eb97b086e8bbb5a0c267c66ac2fabc09eae9b73a5d8a8debd1d3e8fc8bac5b14c0719e261e369e2d960fee21961e3f8fd2bcf9a4e5b2c8b12b05b504faaed794d7129e4096c16828e38b94fbafdbad2f173b2fde362df726b5f270923f7fb3a7f0f92c8cc7692da0ec8a595b9d3326c66e46fed5ef9cc3bf0d9d3812b54e75c16ab1d1010bc064abf608c7ae2da92d13a7b426e709770bd13b396c43b173323793c555f82a99a815f30a70b8394462ad11e88d38ecf6194677dc8ba909264785c69dd9de69b45fd00c42b82eff24a69447c2c89b9d55b5538dea9715f97b73246cf471312e943b797f1711e5916aaf374803b6ae774218712cf10ae32f5568f6938769e0697dc3944faa43f1ba73f64a358cc788bc570cec9f9b2eca0b08aae0501f6555a7cb17c76ef502c140040ae375b67b4d3bda00dd74b6418044038a36195fe6c26daf53e443920b3b82ac68796adb680885657ed2b5424e0543daec7c7c4ddd94ab661e3ae4518546be4c2d0122031f9efc3601fcd99506ba24fd9a44c6b26436c8cdfae1f1b1b0c0bc04a98e764a1ef61da5bca1a725bb4df8648a653f8cf8d25d59a62bc16c32de8a2228947f540010b9e2b988de2a69029ab49f647a0519774549a15cf6dc6e28317b620fb616c0cdb1a62269239d50b30a72bc1621b4c076650b7d14f612d932fa43bc05e33d77b3fbfee437835aa5e1f34654bbc7bb13986580b4413fd8c92259c72f4bb5b0d939925c08fdaf497e97e8b1cfcbc554a2ae7fd0ade04db04cd48dd17ce802a32c3c72901abc40277286a42ecd38f9a4d46fe37d4a843dda590a41530e5fa555b89e729bf042def5cff79a438053101b6250c33b0540397bac110000e3d76633873b1f3951ef0dcd4d11f31a61ed73c0293ed59a63970bc7b79cd9638c6d01c05649e8917e25e7a6b6ab6e949881a1158ab4b886cda02c3c206b28a694a1a16f6a2f0054805b1d31ff715e3ec9188eace1c779e683a51337850735c17b0daa78db08140908affa2eef2376a63dcdc18717cc8d15511971ea4b7d5d388664ca479bcaee70ddb84e63568ba62d7a4fca3835a14ca414d841f412df2556f365a455f3ff8f7fc62b1ecb81d249a14cf5e98f8f42eef12c143f67787ebb8f45168d8df03f0435243acbe4c6454f00f5e8dd73d55bd0ae0999d4520d04f05466153caf534bb2fbee767648be885faa4aa2e70f35211c362f40ed21e7896a918eb5e0d7a31ea7d028a5dc6746b81aaae034f7cb882f063601c0e4108f8e15fefed6a4ef0e6518d678d84e4d48fca0639aa6cde783c3f93c75c2b7f3e23857d70d035d091d1019365883e27b416345152210ee7e0316951e8e65aca378bebe8b40ec1b"}) 03:26:55 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$KVM_SET_XCRS(r1, 0x4188aea7, &(0x7f00000000c0)={0x4, 0x3, [{0x3}, {0x8000}, {0x4, 0x0, 0x8000}, {0x7, 0x0, 0x4}]}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) 03:26:55 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f4248526653", 0x46, 0x10000}], 0x0, 0x0) 03:26:55 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x50c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x407fd) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x40800, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000180)=0x2000000000000, 0x4) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x28041, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000100)=0x80, 0x4) bind$netrom(r2, &(0x7f0000000200)={{0x3, @null, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48) openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:55 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f4248526653", 0x46, 0x10000}], 0x0, 0x0) 03:26:55 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2925.785679][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2925.791612][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2925.797516][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2925.803317][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:26:56 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 03:26:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) 03:26:56 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = syz_open_dev$video(&(0x7f0000000280)='/dev/video#\x00', 0x5, 0x80400) ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f00000002c0)={0x7, 0x101, 0x4, {0x7c2da987, 0x9, 0x80000001, 0x2}}) r3 = accept4(r0, 0x0, 0x0, 0xfffffffffffffffc) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0xfffffffffffffe74, 0x0, &(0x7f00000025c0)={0x2, 0x0, @multicast1}, 0x70d000) getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) r4 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xfff, 0x200) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}, 0x2}) 03:26:56 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001480)='/dev/snapshot\x00', 0x0, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0x0, &(0x7f00000014c0)=0x1, 0x4) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001440)={0xa4, 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="0b63000006630440030000000c63000000634040020000000000000000000000000000000000000001000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="8561646600000000050000000000000002000000000000002f00000000000000852a62730000000002000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f0000000000000001000000000000003700000000000000"], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x008\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0c63000012634840020000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000001280)=ANY=[@ANYBLOB="852a747001000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="0010000000000000010000000000000039000000000000008561646600000000040000000000000000000000000000003700000000000000852a646600000000", @ANYRES32=r1, @ANYBLOB='\x00'/12], @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="4004873400120000"], 0x1b, 0x0, &(0x7f0000001400)="7f3822ab8e32deff74404aa69072101159b6f6344015d3060964ab"}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="08009e282df5fa0000800009f1701be61a0003009044183a8d20913df9ff00a0ff0f737d831a59f797cdf2629d84a29935892a5d1e879d8c4d92bac4fc4e145ec3f6cbc8bb3cdc5f99a53592c7f5de88c340d51859b58a4d402f901cef97e7b3ab0b141afa329fea3cdb64d167fce7908a394207905b9cae8cda8daad4b6f92ac944e7c876d2ee41fa8198ebb470b07cce00"], 0x14) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) 03:26:56 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 03:26:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) 03:26:56 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:56 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x200000, 0x0) write$P9_RRENAME(r1, &(0x7f0000000100)={0x7, 0x15, 0x2}, 0x7) 03:26:56 executing program 2: r0 = socket$inet(0xa, 0x1000000007fe, 0x20000000000000) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2a2c02) ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000040)=0x9a91) ioctl$SIOCX25SCUDMATCHLEN(r2, 0x89e7, &(0x7f0000000080)={0x5f}) ioctl$sock_rose_SIOCADDRT(r2, 0x890b, &(0x7f00000002c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x40, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x0, [@bcast, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null]}) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f0000000280)={0xfffffffffffffffd, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="9c000000", @ANYRES16=r4, @ANYBLOB="02012bbd7000ffdbdf250b0000002c000100080006006f766600080008000e920000080001000a000000080001000a000000080001000a0000004400020008000d000100000008000e004e2000000800040005000000080004008000000008000900ff7f0000080005000000000008000600810000000800070080000000080004000100000008000600000200000800060008000000de01b174c552f94548a7ec445ee454cca5c05a51a7f2acc188ca69d7f61da3bbaa04f6f039613b6dee562ea7370bef85da52d3aa15ebc58250ae354dc400e0e6b3af6c12c2cd5f77c2de760d8777be"], 0x9c}, 0x1, 0x0, 0x0, 0x20008080}, 0x1) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:56 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001480)='/dev/snapshot\x00', 0x0, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0x0, &(0x7f00000014c0)=0x1, 0x4) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001440)={0xa4, 0x0, &(0x7f0000001340)=ANY=[@ANYBLOB="0b63000006630440030000000c63000000634040020000000000000000000000000000000000000001000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="8561646600000000050000000000000002000000000000002f00000000000000852a62730000000002000000000000000000000000000000852a747000000000", @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'/15], @ANYBLOB="0f0000000000000001000000000000003700000000000000"], @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x008\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0c63000012634840020000000000000000000000000000000000000000000000000000000000000060000000000000001800000000000000", @ANYPTR=&(0x7f0000001280)=ANY=[@ANYBLOB="852a747001000000", @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB='\x00'/4096], @ANYBLOB="0010000000000000010000000000000039000000000000008561646600000000040000000000000000000000000000003700000000000000852a646600000000", @ANYRES32=r1, @ANYBLOB='\x00'/12], @ANYPTR=&(0x7f0000001300)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00H\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="4004873400120000"], 0x1b, 0x0, &(0x7f0000001400)="7f3822ab8e32deff74404aa69072101159b6f6344015d3060964ab"}) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r3, 0x84, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="08009e282df5fa0000800009f1701be61a0003009044183a8d20913df9ff00a0ff0f737d831a59f797cdf2629d84a29935892a5d1e879d8c4d92bac4fc4e145ec3f6cbc8bb3cdc5f99a53592c7f5de88c340d51859b58a4d402f901cef97e7b3ab0b141afa329fea3cdb64d167fce7908a394207905b9cae8cda8daad4b6f92ac944e7c876d2ee41fa8198ebb470b07cce00"], 0x14) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x1) 03:26:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:26:56 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 03:26:56 executing program 4: perf_event_open(&(0x7f0000000040)={0xfffffffffffffffd, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x400000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40021014}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="ace5ff20", @ANYRES16=r1, @ANYBLOB="200529bd7000fddbdf2506000000200006000400020004000200040002000400020004000200040002000400020014000600040002000400020008000100810000001c00090008000200060000000800010009000000080001000500000048000700080002000200000008000200030000000c000300080000000000000008000100030000000c00040005000000000000000c0004001f0000000000000008000100ffffff7f"], 0xac}, 0x1, 0x0, 0x0, 0x800}, 0x4004) r2 = syz_open_dev$binder(&(0x7f00000003c0)='/dev/binder#\x00', 0x0, 0x800000000000000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x38, 0x0, &(0x7f0000000100)=[@register_looper, @register_looper, @clear_death, @acquire={0x40046305, 0x3}, @release, @clear_death], 0x54, 0x0, &(0x7f0000000140)="e4d994daba886af4da8151d07c9dda3bda23a100b2866196fc7bb0a4d911e37e9a95953dcd2c1ecbaaca9aebab2a3a14dbbe3951c601e769fda5a89a362c762ffc7bc3b8dad144aeff8ff20dfb6d843bcaf542f3"}) ioctl$BINDER_WRITE_READ(r2, 0x40046208, 0x0) fcntl$F_SET_RW_HINT(r2, 0x40c, &(0x7f0000000000)=0x2) 03:26:56 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) ptrace$poke(0x5, r2, &(0x7f00000000c0), 0x7) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:56 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r1, 0x0, 0x2f, &(0x7f0000000000)={0x1, {{0x2, 0x4e21, @loopback}}, {{0x2, 0x4e24, @multicast1}}}, 0x108) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:26:57 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = socket(0x1, 0x800, 0x6) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x808000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd4, r2, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7ba0}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x729b}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffff}]}, @TIPC_NLA_MEDIA={0x2c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x800) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = msgget(0x2, 0x401) msgctl$IPC_STAT(r3, 0x2, &(0x7f00000000c0)=""/216) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x2, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0xc) 03:26:57 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48}], 0x0, 0x0) 03:26:57 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x4) r1 = socket(0x1, 0x800, 0x6) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x808000}, 0xc, &(0x7f0000000400)={&(0x7f0000000300)={0xd4, r2, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7ba0}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x729b}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffff}]}, @TIPC_NLA_MEDIA={0x2c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}]}]}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x800) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r3 = msgget(0x2, 0x401) msgctl$IPC_STAT(r3, 0x2, &(0x7f00000000c0)=""/216) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20\x00', 0x2, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0xc) 03:26:57 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0xb71c, 0x0, 0x10000000000000, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0xffffffffffff0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xceb, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x100000) r0 = syz_open_dev$binder(&(0x7f0000000140)='/dev/binder#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:26:57 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000280)="30dcff0f000000000000707050fc98081450a1e7ed83445f69a09088ed22eb4814f9ea046285dced05e81c38e64f0e0da12fdd2271dff602005aa4c67d7ed88c8e56ae41c7f67b39a6cb9751c9c2ef878f792a00281169897f462a9ba46a97f925c75f0000000a6f4c8f6b5f978f7c62ea1c7a3518d23e802736085bc864e04d94904942f5000000") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) fsetxattr$trusted_overlay_opaque(r1, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000040)='y\x00', 0x2, 0x3) 03:26:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:26:57 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x220000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000280)={@local, @multicast2, 0x0}, &(0x7f00000002c0)=0xc) sendto$packet(r2, &(0x7f0000000180)="e772779193b45c6e24d5dcf4150281ebb0fc62090dc8fbdf5ca54e4738579fb07ffb296ad62fc406869dc5b2b861ca0b432bf6bd080e674772080aa8994770d7b00f6c0eb70e787afb87cd6e004a28ae2d46046a7339eb740691afe914892963a1c4ec21b8ddbfe2ac870434060dcc4b9ff9366d7f9e2838b508f574e884206f19e2bf1062f9b05faeae0e37fc2550296f8081734a95877256b2429b5648ba1091d8f966acf28b9f23a6f9ff036d222c0cb940e0c8b502614deff0621638b5fb74e8aa1fb0159bb5b478e6f96b1920", 0xcf, 0x1, &(0x7f0000000300)={0x11, 0x1, r3, 0x1, 0x3, 0x6, @local}, 0x14) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x95) 03:26:57 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)=0x0) tkill(r2, 0x34) 03:26:57 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48}], 0x0, 0x0) 03:26:57 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b4000000000961a67c0000000000f4ff9500000000000000"], &(0x7f0000000080)='GPL\x04\x9c5\x14\xbfw-\xa0z\xe8.vY\n6\xf6I>\xc1\xab\x91\xb3\x97\xe4*\xbf\x1e\xa6\xcd\x8c\xd7t\'\xfc\x9a\x9e+qe\xf5+A\a\xbf\bP\xd8\x99\xdcR\xd0\x13\x17]\xdb\x1b/F <*\x05\xb7\"\xe3>Uo\xb2\xe3\xf3\x9a<\xde\x1f\xcaSd\x037\xec\x95aF\xbd\xbf\xcb\x11Pp\x19V1\xde]!\xa5\xea\x9ec\x8c+\xdbx\xa5\x01\xcaKn\xa3\x13\xd8%h\xf98,,?o\xab\xa6\xb4\xeeTy;N\xd2m\xae>R\"P)\xbb*\xc0\x00\x7fwuL?#\xce\xda\x98\t\xb9\xa9hJ\x94\n\xbc\xaa\x8c\xfc\xc7\x13>\xc4\"\xe9\xc88\x881\x8dA\xe9\xa4\x93\xf0\x19_\xe2Y\x96Q\xb8\x95\x04\xf5\xdb\xa1F%\xce#f\xf3=\x95\xdb\xa9/\x86ry\xca\xbfJ\xce\xdd\xc8Z\x8a\xf7\xa0\xfah\xd7g\xceQ6\xb9\xd0\xd1\x96lI\x9c\xb6\xbf4\xc2\x98\x86f\x97\x00'/248}, 0x48) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) fcntl$setlease(r3, 0x400, 0x1) ioctl$SIOCNRDECOBS(r0, 0x89e2) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:57 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vsock\x00', 0xa00, 0x0) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000000c0), &(0x7f0000000100)=0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000280)={0x3c, 0x0, &(0x7f0000000140)=[@increfs={0x40046304, 0x3}, @acquire_done={0x40106309, 0x3}, @register_looper, @enter_looper, @clear_death, @acquire={0x40046305, 0x2}], 0xad, 0x0, &(0x7f00000001c0)="2f53079663f77ec631490238acf9ffa707b8e77fc696673c8e75fd1ec1d0cf0aafd5f992efef8ab58283559083f7ab34036f59f81dbba5a5777a30d54446315dfa46f25096f22a0e6ff747fe54039d51be876c3df65d8f2b6b4dbde97a967ebb3177685fdef5902f04d1a869d6cb04b9a6cd1f3075cebf99e7ed1457a3be27e066f44b159100ea56d98c8d24493ed90d4e0bd05d1def471613f4fbc7ab590a83c201873d3302b004b3e0d3451b"}) fdatasync(r0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) [ 2927.725136][ T4429] binder: 4425:4429 ioctl 540f 200000c0 returned -22 03:26:57 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x220000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000280)={@local, @multicast2, 0x0}, &(0x7f00000002c0)=0xc) sendto$packet(r2, &(0x7f0000000180)="e772779193b45c6e24d5dcf4150281ebb0fc62090dc8fbdf5ca54e4738579fb07ffb296ad62fc406869dc5b2b861ca0b432bf6bd080e674772080aa8994770d7b00f6c0eb70e787afb87cd6e004a28ae2d46046a7339eb740691afe914892963a1c4ec21b8ddbfe2ac870434060dcc4b9ff9366d7f9e2838b508f574e884206f19e2bf1062f9b05faeae0e37fc2550296f8081734a95877256b2429b5648ba1091d8f966acf28b9f23a6f9ff036d222c0cb940e0c8b502614deff0621638b5fb74e8aa1fb0159bb5b478e6f96b1920", 0xcf, 0x1, &(0x7f0000000300)={0x11, 0x1, r3, 0x1, 0x3, 0x6, @local}, 0x14) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x95) 03:26:57 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x4c12, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x78c, 0x100}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000500)='/dev/snd/pcmC#D#c\x00', 0x3, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000540)={{0x4afa, 0x5, 0x2, 0x42, 0x401, 0x9}, 0x4}) r2 = syz_open_dev$adsp(&(0x7f0000000480)='/dev/adsp#\x00', 0x5, 0x40000) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f00000004c0)={0x9, 0x0, 0xcecb2d55b4050527, 0x100}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x3f, 0x111800) execveat(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000100)='/dev/binder#\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='/dev/binder#\x00', &(0x7f00000001c0)='security\'\x00', &(0x7f0000000200)='/dev/binder#\x00'], &(0x7f0000000400)=[&(0x7f0000000280)='mime_type\x00', &(0x7f00000002c0)='-*\x00', &(0x7f0000000300)='{#\x00', &(0x7f0000000340)='/dev/binder#\x00', &(0x7f0000000380)='/dev/binder#\x00', &(0x7f00000003c0)='/dev/binder#\x00'], 0x800) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000440)=0x87e4, 0x4) 03:26:57 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000200)='/dev/full\x00', 0x408002, 0x0) ioctl$BLKRESETZONE(r2, 0x40101283, &(0x7f0000000240)={0x8, 0x5b8}) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e24, @empty}}, 0x2, 0x9, 0x0, 0x401, 0x20}, &(0x7f0000000340)=0x98) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000380)={r3, 0x100, 0x3f, 0x400, 0x20, 0x5b4}, &(0x7f00000003c0)=0x115) r4 = accept4(r0, 0x0, 0x0, 0x0) ioctl$VIDIOC_S_AUDOUT(r2, 0x40345632, &(0x7f0000000400)={0x4, "4a3aee6056ad9aac1c85e81577de68bc8e04b876ff94e5bb5fd6e60b3ba74a3b", 0x2}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={0xffffffffffffffff, r2, 0x0, 0x9, &(0x7f0000000440)=',%&nodev\x00', 0xffffffffffffffff}, 0x30) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f00000004c0)={[], 0x3, 0x737, 0x0, 0x40, 0x924, r5}) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000000)={0x0, 0xffffffffffffffff}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r4, 0x84, 0x1f, &(0x7f0000000080)={r6, @in={{0x2, 0x4e24, @empty}}, 0x741, 0xfffffffffffffffa}, &(0x7f00000001c0)=0x90) ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0) recvfrom$inet(r4, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:58 executing program 1: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48}], 0x0, 0x0) 03:26:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:26:58 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0x1ec7, 0x200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x18, 0x0, &(0x7f0000000140)=[@register_looper, @acquire_done={0x40106309, 0x3}], 0xa3, 0x0, &(0x7f0000000180)="ca649bbd3d3ba50f552c0ab1594fb34b638a1a47c9f4121247bc37a9dcef75d92f1a382197e1a4b7ac5ddbfa7476b96c784215e4387680a6175dfa12d76175e4f94f93492a6a9091e831a8b73ae19e2dffd953593b0abc1f21d3e1a32f42ae90ae3860d99f61c1c03bb2816ecae2b5741ea51559bdd767a0f3a681a7b7ecec6347fe398f8700016647cf8d302f2525ee402633edbfbc22afedce3d20c3df406a06329f"}) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x400, 0x0) write$cgroup_subtree(r1, &(0x7f00000000c0)={[{0x2f, 'memory'}, {0x2d, 'cpu'}, {0x2f, 'memory'}, {0x2b, 'memory'}]}, 0x1d) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:58 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x4c12, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x78c, 0x100}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000500)='/dev/snd/pcmC#D#c\x00', 0x3, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000540)={{0x4afa, 0x5, 0x2, 0x42, 0x401, 0x9}, 0x4}) r2 = syz_open_dev$adsp(&(0x7f0000000480)='/dev/adsp#\x00', 0x5, 0x40000) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f00000004c0)={0x9, 0x0, 0xcecb2d55b4050527, 0x100}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x3f, 0x111800) execveat(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000100)='/dev/binder#\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='/dev/binder#\x00', &(0x7f00000001c0)='security\'\x00', &(0x7f0000000200)='/dev/binder#\x00'], &(0x7f0000000400)=[&(0x7f0000000280)='mime_type\x00', &(0x7f00000002c0)='-*\x00', &(0x7f0000000300)='{#\x00', &(0x7f0000000340)='/dev/binder#\x00', &(0x7f0000000380)='/dev/binder#\x00', &(0x7f00000003c0)='/dev/binder#\x00'], 0x800) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000440)=0x87e4, 0x4) 03:26:58 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0x0, 0x0) r4 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x3, 0x0) setsockopt$CAIFSO_REQ_PARAM(r4, 0x116, 0x80, &(0x7f0000000200)="5b50cad182766f770cd09e41ee81b6e7658fcaaa493c9bb377add0ba4dce095c1b63fd23ad8992248d3418c8bee9a5c0abb27c70e34b8f8a83dd14a12db65167be456d218444511c0a11d2379f17741f0c2d75c4a56b7a566a24", 0x5a) r5 = fcntl$dupfd(r2, 0x0, r3) ioctl$sock_bt_hci(r5, 0x800448d2, 0x0) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r6 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r6, 0x8907, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f00000000c0)=0x0) sched_setscheduler(r7, 0x5, &(0x7f0000000100)=0x6) getsockopt$EBT_SO_GET_INIT_INFO(r0, 0x0, 0x82, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000080)=0x78) recvfrom$inet(r6, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:26:58 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x220000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000280)={@local, @multicast2, 0x0}, &(0x7f00000002c0)=0xc) sendto$packet(r2, &(0x7f0000000180)="e772779193b45c6e24d5dcf4150281ebb0fc62090dc8fbdf5ca54e4738579fb07ffb296ad62fc406869dc5b2b861ca0b432bf6bd080e674772080aa8994770d7b00f6c0eb70e787afb87cd6e004a28ae2d46046a7339eb740691afe914892963a1c4ec21b8ddbfe2ac870434060dcc4b9ff9366d7f9e2838b508f574e884206f19e2bf1062f9b05faeae0e37fc2550296f8081734a95877256b2429b5648ba1091d8f966acf28b9f23a6f9ff036d222c0cb940e0c8b502614deff0621638b5fb74e8aa1fb0159bb5b478e6f96b1920", 0xcf, 0x1, &(0x7f0000000300)={0x11, 0x1, r3, 0x1, 0x3, 0x6, @local}, 0x14) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x95) 03:26:58 executing program 4: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x4002, 0x0) ioctl$EVIOCGPHYS(r0, 0x80404507, &(0x7f00000000c0)=""/4096) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:26:58 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) ioctl$void(r0, 0xc0045c79) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:58 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4, 0x1, [0xffffffff]}, &(0x7f00000000c0)=0xa) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000100)={r3, 0xffffffffffff10a5, 0xaf, "ad609b43152957f71cf862e7a818beec84926ecb4c194682926dbfe142149994e011fbb034877de936fa540016ed4b7ab93cf3d514a412e0842bf72e296401fbb94359ac99bbc7a6d6910b9c85aa9bfe0f1aa86cf6211f622e66251952f9a7d10b0e10358b3efb778d017ad377a97f742ccc980ad8da8cd86a3cdf8aa336d29692275799446b9258a76dbc1187592779d9a6833b7038fc1c3d1d5e294377d46490128da2f0f68af8091bc7f540ab4b"}, 0xb7) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:58 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x4c12, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x78c, 0x100}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000500)='/dev/snd/pcmC#D#c\x00', 0x3, 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r1, 0x400443c9, &(0x7f0000000540)={{0x4afa, 0x5, 0x2, 0x42, 0x401, 0x9}, 0x4}) r2 = syz_open_dev$adsp(&(0x7f0000000480)='/dev/adsp#\x00', 0x5, 0x40000) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f00000004c0)={0x9, 0x0, 0xcecb2d55b4050527, 0x100}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x3f, 0x111800) execveat(r3, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000240)=[&(0x7f0000000100)='/dev/binder#\x00', &(0x7f0000000140)='\x00', &(0x7f0000000180)='/dev/binder#\x00', &(0x7f00000001c0)='security\'\x00', &(0x7f0000000200)='/dev/binder#\x00'], &(0x7f0000000400)=[&(0x7f0000000280)='mime_type\x00', &(0x7f00000002c0)='-*\x00', &(0x7f0000000300)='{#\x00', &(0x7f0000000340)='/dev/binder#\x00', &(0x7f0000000380)='/dev/binder#\x00', &(0x7f00000003c0)='/dev/binder#\x00'], 0x800) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r3, 0x84, 0x1e, &(0x7f0000000440)=0x87e4, 0x4) 03:26:58 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) r2 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x220000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000280)={@local, @multicast2, 0x0}, &(0x7f00000002c0)=0xc) sendto$packet(r2, &(0x7f0000000180)="e772779193b45c6e24d5dcf4150281ebb0fc62090dc8fbdf5ca54e4738579fb07ffb296ad62fc406869dc5b2b861ca0b432bf6bd080e674772080aa8994770d7b00f6c0eb70e787afb87cd6e004a28ae2d46046a7339eb740691afe914892963a1c4ec21b8ddbfe2ac870434060dcc4b9ff9366d7f9e2838b508f574e884206f19e2bf1062f9b05faeae0e37fc2550296f8081734a95877256b2429b5648ba1091d8f966acf28b9f23a6f9ff036d222c0cb940e0c8b502614deff0621638b5fb74e8aa1fb0159bb5b478e6f96b1920", 0xcf, 0x1, &(0x7f0000000300)={0x11, 0x1, r3, 0x1, 0x3, 0x6, @local}, 0x14) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:26:58 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0046209, 0x0) 03:26:59 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4, 0x1, [0xffffffff]}, &(0x7f00000000c0)=0xa) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000100)={r3, 0xffffffffffff10a5, 0xaf, "ad609b43152957f71cf862e7a818beec84926ecb4c194682926dbfe142149994e011fbb034877de936fa540016ed4b7ab93cf3d514a412e0842bf72e296401fbb94359ac99bbc7a6d6910b9c85aa9bfe0f1aa86cf6211f622e66251952f9a7d10b0e10358b3efb778d017ad377a97f742ccc980ad8da8cd86a3cdf8aa336d29692275799446b9258a76dbc1187592779d9a6833b7038fc1c3d1d5e294377d46490128da2f0f68af8091bc7f540ab4b"}, 0xb7) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:26:59 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046205, 0x0) 03:26:59 executing program 2: r0 = open(&(0x7f0000000080)='./file0\x00', 0x420000, 0xc) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f00000000c0)={'IDLETIMER\x00'}, &(0x7f0000000100)=0x1e) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f00000001c0)={0x6, 0x4, [0xf464]}) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0x100000001) r3 = accept4(r1, 0x0, 0x0, 0x0) r4 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0xf5, 0xa0102) ioctl$VIDIOC_S_AUDIO(r4, 0x40345622, &(0x7f0000000040)={0x4, "01f6985d19be4455e5e7d84a70196274ec55a6dab65cfef011ca310c5f8efce7", 0x2, 0x1}) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:26:59 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x220000) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000280)={@local, @multicast2}, &(0x7f00000002c0)=0xc) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) [ 2929.141875][ T4513] binder: 4510:4513 ioctl c0046209 0 returned -22 [ 2929.271874][ T4522] binder: 4516:4522 ioctl 40046205 0 returned -22 03:26:59 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4, 0x1, [0xffffffff]}, &(0x7f00000000c0)=0xa) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000100)={r3, 0xffffffffffff10a5, 0xaf, "ad609b43152957f71cf862e7a818beec84926ecb4c194682926dbfe142149994e011fbb034877de936fa540016ed4b7ab93cf3d514a412e0842bf72e296401fbb94359ac99bbc7a6d6910b9c85aa9bfe0f1aa86cf6211f622e66251952f9a7d10b0e10358b3efb778d017ad377a97f742ccc980ad8da8cd86a3cdf8aa336d29692275799446b9258a76dbc1187592779d9a6833b7038fc1c3d1d5e294377d46490128da2f0f68af8091bc7f540ab4b"}, 0xb7) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:59 executing program 4: r0 = syz_open_dev$adsp(&(0x7f0000000300)='/dev/adsp#\x00', 0xfffffffeffffffff, 0x44000) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffff9c, 0x10, &(0x7f0000000200)={&(0x7f0000000100)=""/242, 0xf2, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={r0, 0x10, &(0x7f0000000280)={&(0x7f00000000c0)=""/10, 0xa, r1}}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_FP_MODE(0x2d, 0x3) r2 = semget$private(0x0, 0x0, 0x10) semctl$GETVAL(r2, 0x1, 0xc, &(0x7f0000000440)=""/237) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r3, 0x40046208, 0x0) 03:26:59 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x58, 0x0, &(0x7f0000000280)=[@free_buffer={0x40086303, r2}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/251, 0xfb, 0x0, 0x28}, @flat=@handle={0x73682a85, 0x1000, 0x2}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}}, @increfs], 0x6f, 0x0, &(0x7f0000000300)="05afb543dd685b1f1d89a509906504d3333ca1a267a077f6177ceb8d92e57ef9aed8f6a6ff29e2c5014e6601ed5cd354cb3fc3565dc796902a71f974a73ceda1b2ff93129eda0310b22fe27293454d8308a5584cf8071e2ae7c930f6b117e177569ae060b6b4b99078fcb9a4dab8a8"}) 03:26:59 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x2, 0x220000) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:26:59 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r1) 03:26:59 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000000000)) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) r2 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x58, 0x0, &(0x7f0000000280)=[@free_buffer={0x40086303, r2}, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000001c0)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/251, 0xfb, 0x0, 0x28}, @flat=@handle={0x73682a85, 0x1000, 0x2}, @fd={0x66642a85, 0x0, r1}}, &(0x7f0000000240)={0x0, 0x28, 0x40}}}, @increfs], 0x6f, 0x0, &(0x7f0000000300)="05afb543dd685b1f1d89a509906504d3333ca1a267a077f6177ceb8d92e57ef9aed8f6a6ff29e2c5014e6601ed5cd354cb3fc3565dc796902a71f974a73ceda1b2ff93129eda0310b22fe27293454d8308a5584cf8071e2ae7c930f6b117e177569ae060b6b4b99078fcb9a4dab8a8"}) 03:26:59 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4, 0x1, [0xffffffff]}, &(0x7f00000000c0)=0xa) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000100)={r3, 0xffffffffffff10a5, 0xaf, "ad609b43152957f71cf862e7a818beec84926ecb4c194682926dbfe142149994e011fbb034877de936fa540016ed4b7ab93cf3d514a412e0842bf72e296401fbb94359ac99bbc7a6d6910b9c85aa9bfe0f1aa86cf6211f622e66251952f9a7d10b0e10358b3efb778d017ad377a97f742ccc980ad8da8cd86a3cdf8aa336d29692275799446b9258a76dbc1187592779d9a6833b7038fc1c3d1d5e294377d46490128da2f0f68af8091bc7f540ab4b"}, 0xb7) 03:26:59 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:26:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:26:59 executing program 4 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2929.884509][ T4565] FAULT_INJECTION: forcing a failure. [ 2929.884509][ T4565] name failslab, interval 1, probability 0, space 0, times 0 03:26:59 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) [ 2929.935812][ T4565] CPU: 1 PID: 4565 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2929.943767][ T4565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2929.953835][ T4565] Call Trace: [ 2929.957248][ T4565] dump_stack+0x172/0x1f0 [ 2929.961631][ T4565] should_fail.cold+0xa/0x15 [ 2929.966271][ T4565] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2929.972137][ T4565] ? ___might_sleep+0x163/0x280 [ 2929.977026][ T4565] __should_failslab+0x121/0x190 03:27:00 executing program 5 (fault-call:1 fault-nth:0): perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:00 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) 03:27:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) [ 2929.981987][ T4565] should_failslab+0x9/0x14 [ 2929.986515][ T4565] __kmalloc+0x2d9/0x740 [ 2929.990792][ T4565] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2929.997057][ T4565] ? fput_many+0x12c/0x1a0 [ 2930.001502][ T4565] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2930.007796][ T4565] ? strnlen_user+0x1ed/0x280 [ 2930.012496][ T4565] ? __x64_sys_memfd_create+0x13c/0x470 [ 2930.018147][ T4565] __x64_sys_memfd_create+0x13c/0x470 [ 2930.023512][ T4565] ? memfd_fcntl+0x1820/0x1820 [ 2930.028288][ T4565] ? do_syscall_64+0x26/0x680 [ 2930.033952][ T4565] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2930.039281][ T4565] ? trace_hardirqs_on+0x67/0x220 [ 2930.044346][ T4565] do_syscall_64+0xfd/0x680 [ 2930.048852][ T4565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2930.054748][ T4565] RIP: 0033:0x459519 [ 2930.058632][ T4565] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:00 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4, 0x1, [0xffffffff]}, &(0x7f00000000c0)=0xa) [ 2930.079021][ T4565] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2930.087614][ T4565] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459519 [ 2930.095605][ T4565] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be40c [ 2930.103590][ T4565] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2930.111744][ T4565] R10: 0000000000010000 R11: 0000000000000246 R12: 00007feed796d6d4 [ 2930.119736][ T4565] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2930.128156][ C1] net_ratelimit: 20 callbacks suppressed 03:27:00 executing program 4 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2930.128169][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2930.139670][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2930.145617][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2930.151402][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2930.185657][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2930.191482][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2930.352171][ T4588] FAULT_INJECTION: forcing a failure. [ 2930.352171][ T4588] name failslab, interval 1, probability 0, space 0, times 0 03:27:00 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:00 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r1}, {r1, 0x8250}, {r1, 0x400}, {r1, 0x8000}, {r1, 0x8641}, {r1, 0x4546}, {r1, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r1, 0x40046208, 0x0) [ 2930.445868][ T4588] CPU: 0 PID: 4588 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2930.453818][ T4588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2930.463894][ T4588] Call Trace: [ 2930.467210][ T4588] dump_stack+0x172/0x1f0 [ 2930.471566][ T4588] should_fail.cold+0xa/0x15 [ 2930.476187][ T4588] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2930.482029][ T4588] ? ___might_sleep+0x163/0x280 [ 2930.486925][ T4588] __should_failslab+0x121/0x190 [ 2930.491879][ T4588] ? shmem_destroy_inode+0x80/0x80 [ 2930.497007][ T4588] should_failslab+0x9/0x14 [ 2930.501533][ T4588] kmem_cache_alloc+0x2af/0x6f0 [ 2930.506399][ T4588] ? find_held_lock+0x35/0x130 [ 2930.511175][ T4588] ? __alloc_fd+0x44d/0x560 [ 2930.511195][ T4588] ? shmem_destroy_inode+0x80/0x80 [ 2930.511216][ T4588] shmem_alloc_inode+0x1c/0x50 [ 2930.525592][ T4588] alloc_inode+0x68/0x1e0 [ 2930.529946][ T4588] new_inode_pseudo+0x19/0xf0 [ 2930.534640][ T4588] new_inode+0x1f/0x40 [ 2930.538724][ T4588] shmem_get_inode+0x84/0x7e0 [ 2930.538748][ T4588] __shmem_file_setup.part.0+0x7e/0x2b0 [ 2930.538768][ T4588] shmem_file_setup+0x66/0x90 [ 2930.538786][ T4588] __x64_sys_memfd_create+0x2a2/0x470 [ 2930.538801][ T4588] ? memfd_fcntl+0x1820/0x1820 [ 2930.538816][ T4588] ? do_syscall_64+0x26/0x680 [ 2930.538832][ T4588] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2930.538848][ T4588] ? trace_hardirqs_on+0x67/0x220 [ 2930.538866][ T4588] do_syscall_64+0xfd/0x680 [ 2930.538892][ T4588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2930.569218][ T4588] RIP: 0033:0x459519 [ 2930.569235][ T4588] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2930.569252][ T4588] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2930.589962][ T4588] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459519 [ 2930.629985][ T4588] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be40c [ 2930.638234][ T4588] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 03:27:00 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) [ 2930.646305][ T4588] R10: 0000000000010000 R11: 0000000000000246 R12: 00007feed796d6d4 [ 2930.654320][ T4588] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:00 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet(0xa, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") ioctl$int_in(r2, 0x5473, &(0x7f0000000000)=0x8) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0xffffffff) flistxattr(r1, &(0x7f0000000040)=""/244, 0xf4) r3 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:00 executing program 4 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:00 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:00 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x17\x00'}}}]}, 0x13c}}, 0x0) 03:27:00 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:00 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x2, &(0x7f0000000100), 0x4) 03:27:01 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x80000) 03:27:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) 03:27:01 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:01 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x20000, 0x0) accept4$ax25(r2, &(0x7f0000000040)={{0x3, @netrom}, [@netrom, @bcast, @remote, @bcast, @rose, @netrom, @remote, @rose]}, &(0x7f00000000c0)=0x48, 0x800) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) bind$rxrpc(r2, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @local}}, 0x24) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:01 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x80000) 03:27:01 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x3, &(0x7f0000000100), 0x4) [ 2931.225644][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2931.231484][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2931.237452][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2931.243262][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:01 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2931.557206][ T4638] FAULT_INJECTION: forcing a failure. [ 2931.557206][ T4638] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2931.570463][ T4638] CPU: 0 PID: 4638 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2931.578373][ T4638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2931.588622][ T4638] Call Trace: [ 2931.591948][ T4638] dump_stack+0x172/0x1f0 [ 2931.596315][ T4638] should_fail.cold+0xa/0x15 [ 2931.600934][ T4638] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2931.606793][ T4638] ? mark_held_locks+0xf0/0xf0 [ 2931.611659][ T4638] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 2931.617217][ T4638] should_fail_alloc_page+0x50/0x60 [ 2931.622443][ T4638] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2931.627843][ T4638] ? rcu_read_unlock+0x16/0x60 [ 2931.632715][ T4638] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2931.638456][ T4638] cache_grow_begin+0x9d/0x650 [ 2931.643418][ T4638] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2931.649657][ T4638] kmem_cache_alloc+0x62a/0x6f0 [ 2931.654500][ T4638] ? find_held_lock+0x35/0x130 [ 2931.659255][ T4638] ? __alloc_fd+0x44d/0x560 [ 2931.663752][ T4638] ? shmem_destroy_inode+0x80/0x80 [ 2931.668972][ T4638] shmem_alloc_inode+0x1c/0x50 [ 2931.673749][ T4638] alloc_inode+0x68/0x1e0 [ 2931.678101][ T4638] new_inode_pseudo+0x19/0xf0 [ 2931.682904][ T4638] new_inode+0x1f/0x40 [ 2931.686999][ T4638] shmem_get_inode+0x84/0x7e0 [ 2931.691715][ T4638] __shmem_file_setup.part.0+0x7e/0x2b0 [ 2931.697263][ T4638] shmem_file_setup+0x66/0x90 [ 2931.701941][ T4638] __x64_sys_memfd_create+0x2a2/0x470 [ 2931.707340][ T4638] ? memfd_fcntl+0x1820/0x1820 [ 2931.712098][ T4638] ? do_syscall_64+0x26/0x680 [ 2931.716774][ T4638] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2931.722058][ T4638] ? trace_hardirqs_on+0x67/0x220 [ 2931.727079][ T4638] do_syscall_64+0xfd/0x680 [ 2931.731584][ T4638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2931.738186][ T4638] RIP: 0033:0x459519 [ 2931.742086][ T4638] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2931.761701][ T4638] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2931.770185][ T4638] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459519 [ 2931.778189][ T4638] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be40c [ 2931.786171][ T4638] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2931.794639][ T4638] R10: 0000000000010000 R11: 0000000000000246 R12: 00007feed796d6d4 [ 2931.802603][ T4638] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:01 executing program 4 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:01 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) 03:27:01 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x80000) 03:27:01 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x4, &(0x7f0000000100), 0x4) 03:27:01 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x8250}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x8641}, {0xffffffffffffffff, 0x4546}, {0xffffffffffffffff, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) 03:27:01 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r1, 0x0, 0x0, 0x20000000000800) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e22, 0x5, @mcast2, 0x10000}, @in6={0xa, 0x4e22, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x8}, @in6={0xa, 0x4e22, 0x8, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x9}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1b}}, @in={0x2, 0x4e23, @empty}], 0x74) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) [ 2932.087068][ T4667] FAULT_INJECTION: forcing a failure. [ 2932.087068][ T4667] name failslab, interval 1, probability 0, space 0, times 0 03:27:02 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x5, &(0x7f0000000100), 0x4) 03:27:02 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f0000000000)=0x8, 0x4) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:02 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x8250}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x8641}, {0xffffffffffffffff, 0x4546}, {0xffffffffffffffff, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) [ 2932.133721][ T4667] CPU: 1 PID: 4667 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2932.141666][ T4667] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2932.151928][ T4667] Call Trace: [ 2932.155253][ T4667] dump_stack+0x172/0x1f0 [ 2932.159699][ T4667] should_fail.cold+0xa/0x15 [ 2932.164325][ T4667] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2932.170150][ T4667] ? ___might_sleep+0x163/0x280 [ 2932.175199][ T4667] __should_failslab+0x121/0x190 [ 2932.180156][ T4667] should_failslab+0x9/0x14 [ 2932.184672][ T4667] kmem_cache_alloc+0x2af/0x6f0 [ 2932.189546][ T4667] __alloc_file+0x27/0x300 [ 2932.194003][ T4667] alloc_empty_file+0x72/0x170 [ 2932.198764][ T4667] alloc_file+0x5e/0x4d0 [ 2932.203201][ T4667] alloc_file_pseudo+0x189/0x280 [ 2932.208129][ T4667] ? alloc_file+0x4d0/0x4d0 [ 2932.212630][ T4667] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 2932.218878][ T4667] __shmem_file_setup.part.0+0x108/0x2b0 [ 2932.224505][ T4667] shmem_file_setup+0x66/0x90 [ 2932.229278][ T4667] __x64_sys_memfd_create+0x2a2/0x470 [ 2932.234637][ T4667] ? memfd_fcntl+0x1820/0x1820 [ 2932.239417][ T4667] ? do_syscall_64+0x26/0x680 [ 2932.244090][ T4667] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2932.249388][ T4667] ? trace_hardirqs_on+0x67/0x220 [ 2932.254425][ T4667] do_syscall_64+0xfd/0x680 [ 2932.258928][ T4667] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2932.264830][ T4667] RIP: 0033:0x459519 [ 2932.268721][ T4667] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2932.288323][ T4667] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2932.296723][ T4667] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459519 [ 2932.304827][ T4667] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be40c [ 2932.313228][ T4667] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2932.321215][ T4667] R10: 0000000000010000 R11: 0000000000000246 R12: 00007feed796d6d4 03:27:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) [ 2932.329180][ T4667] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:02 executing program 4 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) 03:27:02 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x8250}, {0xffffffffffffffff, 0x400}, {0xffffffffffffffff, 0x8000}, {0xffffffffffffffff, 0x8641}, {0xffffffffffffffff, 0x4546}, {0xffffffffffffffff, 0x400}, {r0, 0x20}, {r0, 0x21}, {r0, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) 03:27:02 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:02 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) recvmsg(r0, &(0x7f00000007c0)={&(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000080)=""/165, 0xa5}, {&(0x7f00000001c0)=""/237, 0xed}, {&(0x7f00000002c0)=""/154, 0x9a}, {&(0x7f0000000380)=""/20, 0x14}, {&(0x7f00000003c0)=""/158, 0x9e}, {&(0x7f0000000480)=""/65, 0x41}, {&(0x7f0000000500)=""/114, 0x72}, {&(0x7f0000000580)=""/209, 0xd1}], 0x8, &(0x7f0000000700)=""/148, 0x94}, 0x100) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) recvfrom$packet(r2, &(0x7f0000000800)=""/188, 0xbc, 0x100, 0x0, 0x0) [ 2932.614928][ T4688] FAULT_INJECTION: forcing a failure. [ 2932.614928][ T4688] name failslab, interval 1, probability 0, space 0, times 0 [ 2932.628606][ T4688] CPU: 1 PID: 4688 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2932.636784][ T4688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2932.646853][ T4688] Call Trace: [ 2932.646888][ T4688] dump_stack+0x172/0x1f0 [ 2932.646911][ T4688] should_fail.cold+0xa/0x15 [ 2932.646932][ T4688] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2932.646953][ T4688] ? ___might_sleep+0x163/0x280 [ 2932.646977][ T4688] __should_failslab+0x121/0x190 [ 2932.646999][ T4688] should_failslab+0x9/0x14 [ 2932.647015][ T4688] kmem_cache_alloc+0x2af/0x6f0 [ 2932.647033][ T4688] ? rcu_read_lock_sched_held+0x110/0x130 [ 2932.647049][ T4688] ? kmem_cache_alloc+0x32b/0x6f0 [ 2932.647069][ T4688] security_file_alloc+0x39/0x170 [ 2932.647094][ T4688] __alloc_file+0xac/0x300 [ 2932.669953][ T4688] alloc_empty_file+0x72/0x170 [ 2932.669973][ T4688] alloc_file+0x5e/0x4d0 [ 2932.669995][ T4688] alloc_file_pseudo+0x189/0x280 [ 2932.718560][ T4688] ? alloc_file+0x4d0/0x4d0 [ 2932.723340][ T4688] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 2932.729643][ T4688] __shmem_file_setup.part.0+0x108/0x2b0 [ 2932.735312][ T4688] shmem_file_setup+0x66/0x90 [ 2932.740023][ T4688] __x64_sys_memfd_create+0x2a2/0x470 [ 2932.745447][ T4688] ? memfd_fcntl+0x1820/0x1820 [ 2932.750257][ T4688] ? do_syscall_64+0x26/0x680 [ 2932.754938][ T4688] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2932.760224][ T4688] ? trace_hardirqs_on+0x67/0x220 [ 2932.765271][ T4688] do_syscall_64+0xfd/0x680 [ 2932.769770][ T4688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2932.775674][ T4688] RIP: 0033:0x459519 [ 2932.779584][ T4688] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2932.799295][ T4688] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 2932.807819][ T4688] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 0000000000459519 [ 2932.815816][ T4688] RDX: 0000000020000228 RSI: 0000000000000000 RDI: 00000000004be40c [ 2932.825406][ T4688] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2932.833373][ T4688] R10: 0000000000010000 R11: 0000000000000246 R12: 00007feed796d6d4 [ 2932.841339][ T4688] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:02 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x6, &(0x7f0000000100), 0x4) 03:27:02 executing program 4 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) 03:27:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:03 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}, {0xffffffffffffffff, 0x20}, {0xffffffffffffffff, 0x21}, {0xffffffffffffffff, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:03 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e24, @broadcast}, 0x389) listen(r0, 0x100000002) r2 = syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0x6, 0x200) ioctl$SIOCX25SCALLUSERDATA(r2, 0x89e5, &(0x7f0000000240)={0x19, "81021d3ff60c08582615c484135b1c906e90e35549ca115ecdf3f2af3cd2de267ef5f8cded8fbb570bcb0e76774f51d3830431681c66b05f7c29c7612f996bf8b573fb8c969c164381a5ac601a7628b10f09cd97b9ec924becca4413d77c963dd8dce874b1ffe77db3807745e1443fc9e4e6b0d7d53c113556fc2b2e0b9fc9df"}) write$P9_ROPEN(r2, &(0x7f0000000040)={0x18, 0x71, 0x1, {{0x52, 0x4, 0x2}, 0x1}}, 0x18) r3 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) socket(0x800000000010, 0xa, 0x8) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:03 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2933.191231][ T4715] FAULT_INJECTION: forcing a failure. [ 2933.191231][ T4715] name failslab, interval 1, probability 0, space 0, times 0 [ 2933.245822][ T4715] CPU: 0 PID: 4715 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2933.253757][ T4715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2933.263830][ T4715] Call Trace: [ 2933.267147][ T4715] dump_stack+0x172/0x1f0 [ 2933.271693][ T4715] should_fail.cold+0xa/0x15 [ 2933.276296][ T4715] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2933.282121][ T4715] ? ___might_sleep+0x163/0x280 [ 2933.286988][ T4715] __should_failslab+0x121/0x190 [ 2933.291964][ T4715] should_failslab+0x9/0x14 [ 2933.296481][ T4715] __kmalloc+0x2d9/0x740 [ 2933.300735][ T4715] ? tomoyo_realpath_from_path+0xc0/0x7a0 [ 2933.306467][ T4715] ? rcu_read_lock_sched_held+0x110/0x130 [ 2933.312210][ T4715] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2933.317951][ T4715] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2933.323598][ T4715] ? tomoyo_path_perm+0x1cb/0x430 [ 2933.328662][ T4715] tomoyo_path_perm+0x230/0x430 [ 2933.333513][ T4715] ? tomoyo_path_perm+0x1cb/0x430 [ 2933.338547][ T4715] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 2933.344616][ T4715] ? find_held_lock+0x35/0x130 [ 2933.349400][ T4715] ? lock_downgrade+0x880/0x880 [ 2933.354351][ T4715] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2933.360672][ T4715] tomoyo_path_truncate+0x1d/0x30 [ 2933.365893][ T4715] security_path_truncate+0xf2/0x150 [ 2933.371298][ T4715] do_sys_ftruncate+0x3d9/0x550 [ 2933.376174][ T4715] __x64_sys_ftruncate+0x59/0x80 [ 2933.381105][ T4715] do_syscall_64+0xfd/0x680 [ 2933.385599][ T4715] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2933.391475][ T4715] RIP: 0033:0x4594e7 [ 2933.395370][ T4715] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2933.414983][ T4715] RSP: 002b:00007feed796ca88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 2933.423397][ T4715] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004594e7 [ 2933.431415][ T4715] RDX: 0000000020000228 RSI: 0000000000020000 RDI: 0000000000000004 03:27:03 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}, {0xffffffffffffffff, 0x20}, {0xffffffffffffffff, 0x21}, {0xffffffffffffffff, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x03\x00'}}}]}, 0x13c}}, 0x0) [ 2933.439392][ T4715] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2933.447367][ T4715] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 2933.455325][ T4715] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2933.466262][ T4715] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:03 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x7, &(0x7f0000000100), 0x4) 03:27:03 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:03 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1a, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB="06020700000042c57b5b"], &(0x7f0000000080)=0xe) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f00000001c0)={r3, @in6={{0xa, 0x4e21, 0x7fffffff, @rand_addr="e622908ce020ab4a7188a29685eccbd9", 0x8000}}, 0xffffffffffffff56, 0x5}, 0x90) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0x589, @remote, 0x5a0000}], 0x1c) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x408a01, 0x0) lsetxattr$security_smack_transmute(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='security.SMACK64TRANSMUTE\x00', &(0x7f00000002c0)='TRUE', 0x4, 0x1) ioctl$NBD_SET_SIZE(r4, 0xab02, 0x3ff) 03:27:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03@\x00'}}}]}, 0x13c}}, 0x0) 03:27:03 executing program 4 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:03 executing program 1: r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:03 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:03 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x8, &(0x7f0000000100), 0x4) [ 2933.876534][ T4753] FAULT_INJECTION: forcing a failure. [ 2933.876534][ T4753] name failslab, interval 1, probability 0, space 0, times 0 [ 2933.936428][ T4753] CPU: 0 PID: 4753 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2933.944389][ T4753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2933.954460][ T4753] Call Trace: [ 2933.957783][ T4753] dump_stack+0x172/0x1f0 [ 2933.962157][ T4753] should_fail.cold+0xa/0x15 [ 2933.966963][ T4753] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2933.972807][ T4753] ? ___might_sleep+0x163/0x280 [ 2933.977776][ T4753] __should_failslab+0x121/0x190 [ 2933.982761][ T4753] should_failslab+0x9/0x14 [ 2933.987296][ T4753] __kmalloc+0x2d9/0x740 [ 2933.991561][ T4753] ? tomoyo_realpath_from_path+0xc0/0x7a0 [ 2933.997303][ T4753] ? rcu_read_lock_sched_held+0x110/0x130 [ 2934.003054][ T4753] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2934.008891][ T4753] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2934.014508][ T4753] ? tomoyo_path_perm+0x1cb/0x430 [ 2934.019576][ T4753] tomoyo_path_perm+0x230/0x430 [ 2934.024465][ T4753] ? tomoyo_path_perm+0x1cb/0x430 [ 2934.029513][ T4753] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 2934.029529][ T4753] ? find_held_lock+0x35/0x130 [ 2934.029555][ T4753] ? lock_downgrade+0x880/0x880 [ 2934.029570][ T4753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2934.029616][ T4753] tomoyo_path_truncate+0x1d/0x30 [ 2934.029634][ T4753] security_path_truncate+0xf2/0x150 [ 2934.029660][ T4753] do_sys_ftruncate+0x3d9/0x550 [ 2934.066907][ T4753] __x64_sys_ftruncate+0x59/0x80 [ 2934.071868][ T4753] do_syscall_64+0xfd/0x680 [ 2934.076405][ T4753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2934.082315][ T4753] RIP: 0033:0x4594e7 [ 2934.086224][ T4753] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2934.105929][ T4753] RSP: 002b:00007feed796ca88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 2934.114349][ T4753] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004594e7 [ 2934.122336][ T4753] RDX: 0000000020000228 RSI: 0000000000020000 RDI: 0000000000000004 03:27:03 executing program 2: r0 = socket$inet(0xa, 0x1000000000000003, 0x800) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:03 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2934.130320][ T4753] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2934.138300][ T4753] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 2934.146372][ T4753] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2934.157409][ T4753] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:04 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}, {0xffffffffffffffff, 0x20}, {0xffffffffffffffff, 0x21}, {0xffffffffffffffff, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:04 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x103400, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r2, 0x84, 0x16, &(0x7f0000000100)={0x2, [0x3, 0x0]}, 0x8) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) symlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) sendmmsg$sock(r1, &(0x7f00000001c0), 0x0, 0x4) setsockopt$ax25_int(r3, 0x101, 0x4, &(0x7f0000000080)=0x20, 0x4) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:04 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:04 executing program 4 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) 03:27:04 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x9, &(0x7f0000000100), 0x4) 03:27:04 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) [ 2934.524138][ T4784] FAULT_INJECTION: forcing a failure. [ 2934.524138][ T4784] name failslab, interval 1, probability 0, space 0, times 0 03:27:04 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:04 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080)=0x7, 0x4) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) [ 2934.583708][ T4784] CPU: 1 PID: 4784 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2934.591631][ T4784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2934.601689][ T4784] Call Trace: [ 2934.605013][ T4784] dump_stack+0x172/0x1f0 [ 2934.609386][ T4784] should_fail.cold+0xa/0x15 [ 2934.614003][ T4784] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2934.619845][ T4784] ? ___might_sleep+0x163/0x280 [ 2934.624819][ T4784] __should_failslab+0x121/0x190 [ 2934.629781][ T4784] should_failslab+0x9/0x14 [ 2934.634343][ T4784] __kmalloc+0x2d9/0x740 [ 2934.638609][ T4784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2934.644850][ T4784] ? simple_dname+0xd1/0x1f0 [ 2934.649438][ T4784] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2934.654811][ T4784] tomoyo_encode2.part.0+0xf5/0x400 [ 2934.660128][ T4784] tomoyo_encode+0x2b/0x50 [ 2934.664582][ T4784] tomoyo_realpath_from_path+0x1d3/0x7a0 [ 2934.670256][ T4784] ? tomoyo_path_perm+0x1cb/0x430 [ 2934.675283][ T4784] tomoyo_path_perm+0x230/0x430 [ 2934.680125][ T4784] ? tomoyo_path_perm+0x1cb/0x430 [ 2934.685145][ T4784] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 2934.691246][ T4784] ? find_held_lock+0x35/0x130 [ 2934.696029][ T4784] ? lock_downgrade+0x880/0x880 [ 2934.700883][ T4784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2934.707166][ T4784] tomoyo_path_truncate+0x1d/0x30 [ 2934.712196][ T4784] security_path_truncate+0xf2/0x150 [ 2934.717493][ T4784] do_sys_ftruncate+0x3d9/0x550 [ 2934.722385][ T4784] __x64_sys_ftruncate+0x59/0x80 [ 2934.727380][ T4784] do_syscall_64+0xfd/0x680 [ 2934.731888][ T4784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2934.737783][ T4784] RIP: 0033:0x4594e7 [ 2934.741677][ T4784] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2934.761274][ T4784] RSP: 002b:00007feed796ca88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 2934.769766][ T4784] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 00000000004594e7 [ 2934.777836][ T4784] RDX: 0000000020000228 RSI: 0000000000020000 RDI: 0000000000000004 [ 2934.785810][ T4784] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2934.793914][ T4784] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 2934.801885][ T4784] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2934.811648][ T4784] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:05 executing program 4 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:05 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2935.170338][ T4818] FAULT_INJECTION: forcing a failure. [ 2935.170338][ T4818] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2935.220100][ T4818] CPU: 0 PID: 4818 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2935.228036][ T4818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2935.238124][ T4818] Call Trace: [ 2935.241434][ T4818] dump_stack+0x172/0x1f0 [ 2935.245789][ T4818] should_fail.cold+0xa/0x15 [ 2935.250391][ T4818] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2935.256200][ T4818] ? ___might_sleep+0x163/0x280 [ 2935.261064][ T4818] should_fail_alloc_page+0x50/0x60 [ 2935.266266][ T4818] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2935.271650][ T4818] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2935.278002][ T4818] ? mark_held_locks+0xf0/0xf0 [ 2935.278047][ T4818] ? mark_held_locks+0xf0/0xf0 [ 2935.278062][ T4818] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2935.278075][ T4818] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 2935.278099][ T4818] alloc_pages_vma+0xdd/0x540 [ 2935.293986][ T4818] shmem_alloc_page+0xc0/0x180 [ 2935.294004][ T4818] ? shmem_swapin+0x1a0/0x1a0 [ 2935.294049][ T4818] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2935.304979][ T4818] ? __vm_enough_memory+0x17e/0x3a0 [ 2935.305008][ T4818] shmem_alloc_and_acct_page+0x165/0x970 [ 2935.305037][ T4818] shmem_getpage_gfp+0x43b/0x2500 [ 2935.305067][ T4818] ? shmem_unuse_inode+0x1010/0x1010 [ 2935.305082][ T4818] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2935.305097][ T4818] ? current_time+0x6b/0x140 [ 2935.305110][ T4818] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2935.305137][ T4818] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2935.363923][ T4818] ? iov_iter_fault_in_readable+0x22c/0x450 [ 2935.369888][ T4818] shmem_write_begin+0x105/0x1e0 [ 2935.374830][ T4818] generic_perform_write+0x22a/0x520 [ 2935.380239][ T4818] ? page_endio+0x780/0x780 [ 2935.384757][ T4818] ? current_time+0x140/0x140 [ 2935.389456][ T4818] ? lock_acquire+0x16f/0x3f0 [ 2935.394153][ T4818] __generic_file_write_iter+0x25e/0x630 [ 2935.399789][ T4818] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2935.405509][ T4818] generic_file_write_iter+0x360/0x610 [ 2935.410973][ T4818] ? __generic_file_write_iter+0x630/0x630 [ 2935.416766][ T4818] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2935.422993][ T4818] ? iov_iter_init+0xee/0x220 [ 2935.427672][ T4818] new_sync_write+0x4d3/0x770 [ 2935.432452][ T4818] ? new_sync_read+0x800/0x800 [ 2935.437407][ T4818] ? lock_downgrade+0x880/0x880 [ 2935.442441][ T4818] __vfs_write+0xe1/0x110 [ 2935.446759][ T4818] vfs_write+0x20c/0x580 [ 2935.450997][ T4818] ksys_pwrite64+0x183/0x1c0 [ 2935.455582][ T4818] ? __ia32_sys_pread64+0xf0/0xf0 [ 2935.460593][ T4818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2935.466080][ T4818] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2935.471538][ T4818] ? do_syscall_64+0x26/0x680 [ 2935.476213][ T4818] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2935.482401][ T4818] ? do_syscall_64+0x26/0x680 [ 2935.487171][ T4818] __x64_sys_pwrite64+0x97/0xf0 [ 2935.492022][ T4818] do_syscall_64+0xfd/0x680 [ 2935.496540][ T4818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2935.502422][ T4818] RIP: 0033:0x413467 [ 2935.506324][ T4818] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2935.525918][ T4818] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 2935.535738][ T4818] RAX: ffffffffffffffda RBX: 0000000020000210 RCX: 0000000000413467 [ 2935.543910][ T4818] RDX: 0000000000000048 RSI: 00000000200008c0 RDI: 0000000000000004 [ 2935.551875][ T4818] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2935.559849][ T4818] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 03:27:05 executing program 0: r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}, {0xffffffffffffffff, 0x20}, {0xffffffffffffffff, 0x21}, {0xffffffffffffffff, 0x2}], 0xa, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:05 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xa, &(0x7f0000000100), 0x4) 03:27:05 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) openat$userio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/userio\x00', 0x2000, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu\x00', 0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@dev}}, &(0x7f00000003c0)=0xe8) r4 = getegid() write$P9_RGETATTR(r2, &(0x7f0000000200)={0xa0, 0x19, 0x1, {0x2241, {0x8, 0x4, 0x6}, 0x103, r3, r4, 0x1, 0x401, 0x8, 0x9, 0x8001, 0xfff, 0x6, 0x6, 0x7c00000000000, 0x7, 0x2, 0x100, 0xfffffffffffffffd, 0xff, 0x5}}, 0xa0) listen(r2, 0x100000001) r5 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r5, 0x8907, 0x0) recvfrom$inet(r1, 0x0, 0x0, 0x1, &(0x7f00000025c0)={0x2, 0xfffffffffffffffd, @remote}, 0x10) 03:27:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:27:05 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2935.567815][ T4818] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2935.576216][ C0] net_ratelimit: 19 callbacks suppressed [ 2935.576230][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2935.587739][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2935.593611][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2935.599479][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2935.605366][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2935.611255][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:05 executing program 4 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:27:05 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2935.934600][ T4845] FAULT_INJECTION: forcing a failure. [ 2935.934600][ T4845] name failslab, interval 1, probability 0, space 0, times 0 [ 2935.948250][ T4845] CPU: 0 PID: 4845 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2935.956166][ T4845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2935.966261][ T4845] Call Trace: [ 2935.969586][ T4845] dump_stack+0x172/0x1f0 [ 2935.973941][ T4845] should_fail.cold+0xa/0x15 [ 2935.978551][ T4845] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2935.984381][ T4845] ? __lock_acquire+0x54f/0x5490 [ 2935.989339][ T4845] __should_failslab+0x121/0x190 [ 2935.994334][ T4845] should_failslab+0x9/0x14 [ 2935.998861][ T4845] kmem_cache_alloc+0x47/0x6f0 [ 2936.003734][ T4845] xas_alloc+0x2dc/0x3d0 [ 2936.008007][ T4845] xas_create+0x2cd/0x1040 [ 2936.012459][ T4845] xas_create_range+0x198/0x5d0 [ 2936.017342][ T4845] shmem_add_to_page_cache+0x6a4/0x1130 [ 2936.022928][ T4845] ? shmem_writepage+0xe90/0xe90 [ 2936.027948][ T4845] shmem_getpage_gfp+0x6db/0x2500 [ 2936.033006][ T4845] ? shmem_unuse_inode+0x1010/0x1010 [ 2936.038317][ T4845] ? current_time+0x6b/0x140 [ 2936.042918][ T4845] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2936.048740][ T4845] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2936.048761][ T4845] ? iov_iter_fault_in_readable+0x22c/0x450 [ 2936.048787][ T4845] shmem_write_begin+0x105/0x1e0 [ 2936.048808][ T4845] generic_perform_write+0x22a/0x520 [ 2936.048831][ T4845] ? page_endio+0x780/0x780 [ 2936.075726][ T4845] ? current_time+0x140/0x140 [ 2936.080433][ T4845] ? lock_acquire+0x16f/0x3f0 [ 2936.085150][ T4845] __generic_file_write_iter+0x25e/0x630 [ 2936.090802][ T4845] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2936.090824][ T4845] generic_file_write_iter+0x360/0x610 [ 2936.090849][ T4845] ? __generic_file_write_iter+0x630/0x630 [ 2936.108995][ T4845] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2936.115353][ T4845] ? iov_iter_init+0xee/0x220 [ 2936.120058][ T4845] new_sync_write+0x4d3/0x770 [ 2936.124764][ T4845] ? new_sync_read+0x800/0x800 [ 2936.129554][ T4845] ? lock_downgrade+0x880/0x880 [ 2936.134554][ T4845] __vfs_write+0xe1/0x110 [ 2936.138907][ T4845] vfs_write+0x20c/0x580 [ 2936.143169][ T4845] ksys_pwrite64+0x183/0x1c0 [ 2936.147768][ T4845] ? __ia32_sys_pread64+0xf0/0xf0 [ 2936.152800][ T4845] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2936.158267][ T4845] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2936.163755][ T4845] ? do_syscall_64+0x26/0x680 [ 2936.168441][ T4845] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2936.174518][ T4845] ? do_syscall_64+0x26/0x680 [ 2936.179216][ T4845] __x64_sys_pwrite64+0x97/0xf0 [ 2936.184091][ T4845] do_syscall_64+0xfd/0x680 [ 2936.188613][ T4845] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2936.194526][ T4845] RIP: 0033:0x413467 [ 2936.198459][ T4845] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2936.218078][ T4845] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 2936.226595][ T4845] RAX: ffffffffffffffda RBX: 0000000020000210 RCX: 0000000000413467 03:27:05 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xc, &(0x7f0000000100), 0x4) 03:27:05 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) [ 2936.234594][ T4845] RDX: 0000000000000048 RSI: 00000000200008c0 RDI: 0000000000000004 [ 2936.242578][ T4845] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2936.250664][ T4845] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 2936.258644][ T4845] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:06 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) [ 2936.425644][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2936.425683][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2936.431479][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2936.443166][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:27:06 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:06 executing program 4 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:06 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x200, 0x0) getsockopt$bt_BT_SNDMTU(r2, 0x112, 0xc, &(0x7f00000000c0), &(0x7f0000000100)=0x2) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:06 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xd, &(0x7f0000000100), 0x4) 03:27:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:27:06 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2936.687272][ T4871] FAULT_INJECTION: forcing a failure. [ 2936.687272][ T4871] name failslab, interval 1, probability 0, space 0, times 0 [ 2936.700351][ T4871] CPU: 0 PID: 4871 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2936.708273][ T4871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2936.718597][ T4871] Call Trace: [ 2936.721911][ T4871] dump_stack+0x172/0x1f0 [ 2936.726278][ T4871] should_fail.cold+0xa/0x15 [ 2936.731775][ T4871] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2936.737643][ T4871] ? __lock_acquire+0x54f/0x5490 [ 2936.742867][ T4871] __should_failslab+0x121/0x190 [ 2936.747917][ T4871] should_failslab+0x9/0x14 [ 2936.752433][ T4871] kmem_cache_alloc+0x47/0x6f0 [ 2936.757213][ T4871] xas_alloc+0x2dc/0x3d0 [ 2936.761469][ T4871] xas_create+0x2cd/0x1040 [ 2936.765911][ T4871] xas_create_range+0x198/0x5d0 [ 2936.770792][ T4871] shmem_add_to_page_cache+0x6a4/0x1130 [ 2936.776369][ T4871] ? shmem_writepage+0xe90/0xe90 [ 2936.781340][ T4871] shmem_getpage_gfp+0x6db/0x2500 [ 2936.786403][ T4871] ? shmem_unuse_inode+0x1010/0x1010 [ 2936.791704][ T4871] ? current_time+0x6b/0x140 [ 2936.796313][ T4871] ? ktime_get_coarse_real_ts64+0xf0/0x2b0 [ 2936.802149][ T4871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2936.808413][ T4871] ? iov_iter_fault_in_readable+0x22c/0x450 [ 2936.814340][ T4871] shmem_write_begin+0x105/0x1e0 [ 2936.819300][ T4871] generic_perform_write+0x22a/0x520 [ 2936.826122][ T4871] ? page_endio+0x780/0x780 [ 2936.830647][ T4871] ? current_time+0x140/0x140 [ 2936.835350][ T4871] ? lock_acquire+0x16f/0x3f0 [ 2936.840062][ T4871] __generic_file_write_iter+0x25e/0x630 [ 2936.845801][ T4871] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2936.851571][ T4871] generic_file_write_iter+0x360/0x610 [ 2936.857075][ T4871] ? __generic_file_write_iter+0x630/0x630 [ 2936.862905][ T4871] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2936.869171][ T4871] ? iov_iter_init+0xee/0x220 [ 2936.873959][ T4871] new_sync_write+0x4d3/0x770 [ 2936.878674][ T4871] ? new_sync_read+0x800/0x800 [ 2936.883534][ T4871] ? lock_downgrade+0x880/0x880 [ 2936.888429][ T4871] __vfs_write+0xe1/0x110 [ 2936.892799][ T4871] vfs_write+0x20c/0x580 [ 2936.897066][ T4871] ksys_pwrite64+0x183/0x1c0 [ 2936.901680][ T4871] ? __ia32_sys_pread64+0xf0/0xf0 [ 2936.906725][ T4871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2936.912208][ T4871] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2936.917684][ T4871] ? do_syscall_64+0x26/0x680 [ 2936.922377][ T4871] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2936.928465][ T4871] ? do_syscall_64+0x26/0x680 [ 2936.935360][ T4871] __x64_sys_pwrite64+0x97/0xf0 [ 2936.940241][ T4871] do_syscall_64+0xfd/0x680 [ 2936.944783][ T4871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2936.950689][ T4871] RIP: 0033:0x413467 [ 2936.954592][ T4871] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2936.974213][ T4871] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 03:27:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:27:06 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") r2 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x7f, 0x400000) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000040)=0x7, 0x4) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r3 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r3, 0x8907, 0x0) recvfrom$inet(r3, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) ioctl$KVM_ASSIGN_PCI_DEVICE(r2, 0x8040ae69, &(0x7f0000000080)={0x200, 0x800, 0x3c2fe0c2, 0x7, 0x599cad8b}) 03:27:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:27:06 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:27:07 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1f}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) [ 2936.982652][ T4871] RAX: ffffffffffffffda RBX: 0000000020000210 RCX: 0000000000413467 [ 2936.990647][ T4871] RDX: 0000000000000048 RSI: 00000000200008c0 RDI: 0000000000000004 [ 2936.998638][ T4871] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 2937.006732][ T4871] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 2937.014720][ T4871] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:27:07 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x2000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r1, 0x8907, 0x0) recvfrom$inet(r1, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:07 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:07 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xe, &(0x7f0000000100), 0x4) 03:27:07 executing program 4 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:07 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:07 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) 03:27:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) [ 2938.022154][ T4930] FAULT_INJECTION: forcing a failure. [ 2938.022154][ T4930] name failslab, interval 1, probability 0, space 0, times 0 [ 2938.052038][ T4930] CPU: 0 PID: 4930 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2938.059979][ T4930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2938.070068][ T4930] Call Trace: [ 2938.073390][ T4930] dump_stack+0x172/0x1f0 [ 2938.077763][ T4930] should_fail.cold+0xa/0x15 [ 2938.082386][ T4930] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2938.088235][ T4930] ? ___might_sleep+0x163/0x280 [ 2938.093105][ T4930] __should_failslab+0x121/0x190 [ 2938.098095][ T4930] should_failslab+0x9/0x14 [ 2938.102629][ T4930] kmem_cache_alloc+0x2af/0x6f0 [ 2938.107498][ T4930] ? lock_downgrade+0x880/0x880 [ 2938.107520][ T4930] getname_flags+0xd6/0x5b0 [ 2938.107538][ T4930] getname+0x1a/0x20 [ 2938.107564][ T4930] do_sys_open+0x2c9/0x5d0 [ 2938.117175][ T4930] ? filp_open+0x80/0x80 [ 2938.117196][ T4930] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2938.117209][ T4930] ? do_syscall_64+0x26/0x680 [ 2938.117224][ T4930] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2938.117236][ T4930] ? do_syscall_64+0x26/0x680 [ 2938.117258][ T4930] __x64_sys_open+0x7e/0xc0 [ 2938.117276][ T4930] do_syscall_64+0xfd/0x680 [ 2938.117296][ T4930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2938.117308][ T4930] RIP: 0033:0x413401 [ 2938.117324][ T4930] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2938.117332][ T4930] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2938.117345][ T4930] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413401 03:27:08 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x80800) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:27:08 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2938.117353][ T4930] RDX: 00007feed796cb0a RSI: 0000000000000002 RDI: 00007feed796cb00 [ 2938.117361][ T4930] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2938.117370][ T4930] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2938.117387][ T4930] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:08 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xf, &(0x7f0000000100), 0x4) 03:27:08 executing program 4 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) [ 2938.530065][ T4958] FAULT_INJECTION: forcing a failure. [ 2938.530065][ T4958] name failslab, interval 1, probability 0, space 0, times 0 [ 2938.555832][ T4958] CPU: 1 PID: 4958 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2938.563769][ T4958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2938.573933][ T4958] Call Trace: [ 2938.577266][ T4958] dump_stack+0x172/0x1f0 [ 2938.581639][ T4958] should_fail.cold+0xa/0x15 [ 2938.586372][ T4958] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2938.592224][ T4958] ? ___might_sleep+0x163/0x280 [ 2938.597100][ T4958] __should_failslab+0x121/0x190 [ 2938.602168][ T4958] should_failslab+0x9/0x14 [ 2938.606912][ T4958] __kmalloc+0x2d9/0x740 [ 2938.611184][ T4958] ? tomoyo_realpath_from_path+0xc0/0x7a0 [ 2938.616937][ T4958] ? rcu_read_lock_sched_held+0x110/0x130 [ 2938.622673][ T4958] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2938.628408][ T4958] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2938.633966][ T4958] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2938.640211][ T4958] tomoyo_check_open_permission+0x2a8/0x3f0 [ 2938.646120][ T4958] ? tomoyo_path_number_perm+0x520/0x520 [ 2938.651767][ T4958] ? mark_held_locks+0xf0/0xf0 [ 2938.656583][ T4958] ? lock_downgrade+0x880/0x880 [ 2938.661461][ T4958] tomoyo_file_open+0xa9/0xd0 [ 2938.666159][ T4958] security_file_open+0x71/0x300 [ 2938.671115][ T4958] do_dentry_open+0x373/0x1250 [ 2938.675887][ T4958] ? kasan_check_read+0x11/0x20 [ 2938.680865][ T4958] ? chown_common+0x5c0/0x5c0 [ 2938.685828][ T4958] ? inode_permission+0xb4/0x560 [ 2938.690816][ T4958] vfs_open+0xa0/0xd0 [ 2938.694799][ T4958] path_openat+0x10e9/0x46d0 [ 2938.699385][ T4958] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2938.705280][ T4958] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2938.710655][ T4958] ? __alloc_fd+0x44d/0x560 [ 2938.715148][ T4958] do_filp_open+0x1a1/0x280 [ 2938.719643][ T4958] ? may_open_dev+0x100/0x100 [ 2938.724336][ T4958] ? kasan_check_read+0x11/0x20 [ 2938.729182][ T4958] ? do_raw_spin_unlock+0x57/0x270 [ 2938.734296][ T4958] ? _raw_spin_unlock+0x2d/0x50 [ 2938.739147][ T4958] ? __alloc_fd+0x44d/0x560 [ 2938.743667][ T4958] do_sys_open+0x3fe/0x5d0 [ 2938.748105][ T4958] ? filp_open+0x80/0x80 [ 2938.752366][ T4958] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2938.757998][ T4958] ? do_syscall_64+0x26/0x680 [ 2938.762677][ T4958] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2938.768746][ T4958] ? do_syscall_64+0x26/0x680 [ 2938.773432][ T4958] __x64_sys_open+0x7e/0xc0 [ 2938.778057][ T4958] do_syscall_64+0xfd/0x680 [ 2938.782576][ T4958] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2938.788469][ T4958] RIP: 0033:0x413401 [ 2938.792387][ T4958] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2938.813851][ T4958] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 03:27:08 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(0x0, 0x0, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:08 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:08 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e24, 0x8baf, @empty, 0x5}}, 0x4, 0x80, 0x7ff, 0x4a06, 0x8}, &(0x7f0000000100)=0x98) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f00000001c0)={r2, 0x3ff}, 0x8) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @dev, 0x9}], 0x1c) listen(r3, 0x9) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r5, 0xc0585605, &(0x7f0000000340)={0x1, 0x0, {0x6, 0x90, 0x300f, 0x3, 0x6, 0x7, 0x1, 0x6}}) connect$rds(r5, &(0x7f0000000300)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) listen(r0, 0x100000001) r6 = accept4(r0, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000200)={0xffffffffffffffff}, 0x111, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r5, &(0x7f0000000280)={0xf, 0x8, 0xfa00, {r7}}, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$sock_inet_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000000)={'team0\x00', {0x2, 0x4e20, @broadcast}}) ioctl$SIOCGSTAMPNS(r6, 0x8907, 0x0) recvfrom$inet(r6, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:08 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) [ 2938.825541][ T4958] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413401 [ 2938.833532][ T4958] RDX: 00007feed796cb0a RSI: 0000000000000002 RDI: 00007feed796cb00 [ 2938.841621][ T4958] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2938.850430][ T4958] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2938.858416][ T4958] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2938.880494][ T4958] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:09 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:09 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x10, &(0x7f0000000100), 0x4) 03:27:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) 03:27:09 executing program 4 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:09 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) 03:27:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) 03:27:09 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x11, &(0x7f0000000100), 0x4) [ 2939.324119][ T4989] FAULT_INJECTION: forcing a failure. [ 2939.324119][ T4989] name failslab, interval 1, probability 0, space 0, times 0 [ 2939.446227][ T4989] CPU: 1 PID: 4989 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2939.454174][ T4989] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2939.464341][ T4989] Call Trace: [ 2939.467670][ T4989] dump_stack+0x172/0x1f0 [ 2939.472042][ T4989] should_fail.cold+0xa/0x15 [ 2939.476680][ T4989] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2939.482515][ T4989] ? ___might_sleep+0x163/0x280 [ 2939.487416][ T4989] __should_failslab+0x121/0x190 [ 2939.492379][ T4989] should_failslab+0x9/0x14 [ 2939.496989][ T4989] kmem_cache_alloc+0x2af/0x6f0 [ 2939.501860][ T4989] ? rcu_read_lock_sched_held+0x110/0x130 [ 2939.507601][ T4989] ? kmem_cache_alloc+0x32b/0x6f0 [ 2939.512643][ T4989] security_file_alloc+0x39/0x170 [ 2939.517691][ T4989] __alloc_file+0xac/0x300 [ 2939.522128][ T4989] alloc_empty_file+0x72/0x170 [ 2939.526974][ T4989] path_openat+0xef/0x46d0 [ 2939.531404][ T4989] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2939.537227][ T4989] ? __lock_acquire+0x54f/0x5490 [ 2939.542271][ T4989] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2939.548357][ T4989] ? mark_held_locks+0xf0/0xf0 [ 2939.553408][ T4989] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2939.558808][ T4989] ? cache_grow_end+0xa4/0x190 [ 2939.563597][ T4989] ? __alloc_fd+0x44d/0x560 [ 2939.568116][ T4989] do_filp_open+0x1a1/0x280 [ 2939.572646][ T4989] ? may_open_dev+0x100/0x100 [ 2939.577343][ T4989] ? lock_downgrade+0x880/0x880 [ 2939.582370][ T4989] ? kasan_check_read+0x11/0x20 [ 2939.587229][ T4989] ? do_raw_spin_unlock+0x57/0x270 [ 2939.592353][ T4989] ? _raw_spin_unlock+0x2d/0x50 [ 2939.597222][ T4989] ? __alloc_fd+0x44d/0x560 [ 2939.601745][ T4989] do_sys_open+0x3fe/0x5d0 [ 2939.606175][ T4989] ? filp_open+0x80/0x80 [ 2939.610436][ T4989] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2939.615917][ T4989] ? do_syscall_64+0x26/0x680 [ 2939.620601][ T4989] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2939.626678][ T4989] ? do_syscall_64+0x26/0x680 [ 2939.631375][ T4989] __x64_sys_open+0x7e/0xc0 [ 2939.635892][ T4989] do_syscall_64+0xfd/0x680 [ 2939.640408][ T4989] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2939.646317][ T4989] RIP: 0033:0x413401 [ 2939.650238][ T4989] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2939.671004][ T4989] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2939.679566][ T4989] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413401 [ 2939.687722][ T4989] RDX: 00007feed796cb0a RSI: 0000000000000002 RDI: 00007feed796cb00 03:27:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) [ 2939.695725][ T4989] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2939.703811][ T4989] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2939.712405][ T4989] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:09 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}, {0xffffffffffffffff, 0x20}, {0xffffffffffffffff, 0x21}], 0x9, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:09 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) 03:27:09 executing program 4 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:09 executing program 2: r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) socket$xdp(0x2c, 0x3, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:09 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9e\x00'}}}]}, 0x13c}}, 0x0) 03:27:09 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x12, &(0x7f0000000100), 0x4) [ 2939.996084][ T5015] FAULT_INJECTION: forcing a failure. [ 2939.996084][ T5015] name failslab, interval 1, probability 0, space 0, times 0 03:27:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2940.066997][ T5015] CPU: 1 PID: 5015 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2940.074942][ T5015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2940.085101][ T5015] Call Trace: [ 2940.088418][ T5015] dump_stack+0x172/0x1f0 [ 2940.092773][ T5015] should_fail.cold+0xa/0x15 [ 2940.097388][ T5015] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2940.103227][ T5015] ? ___might_sleep+0x163/0x280 [ 2940.108099][ T5015] __should_failslab+0x121/0x190 03:27:10 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r0, 0x80000) [ 2940.113245][ T5015] should_failslab+0x9/0x14 [ 2940.117940][ T5015] __kmalloc+0x2d9/0x740 [ 2940.122205][ T5015] ? tomoyo_realpath_from_path+0xc0/0x7a0 [ 2940.127945][ T5015] ? rcu_read_lock_sched_held+0x110/0x130 [ 2940.133671][ T5015] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2940.139419][ T5015] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2940.144966][ T5015] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2940.151210][ T5015] tomoyo_check_open_permission+0x2a8/0x3f0 [ 2940.157100][ T5015] ? tomoyo_path_number_perm+0x520/0x520 [ 2940.162936][ T5015] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2940.168263][ T5015] ? lock_downgrade+0x880/0x880 [ 2940.173161][ T5015] tomoyo_file_open+0xa9/0xd0 [ 2940.177846][ T5015] security_file_open+0x71/0x300 [ 2940.182794][ T5015] do_dentry_open+0x373/0x1250 [ 2940.187573][ T5015] ? kasan_check_read+0x11/0x20 [ 2940.192461][ T5015] ? chown_common+0x5c0/0x5c0 [ 2940.197167][ T5015] ? inode_permission+0xb4/0x560 [ 2940.202108][ T5015] vfs_open+0xa0/0xd0 [ 2940.206092][ T5015] path_openat+0x10e9/0x46d0 [ 2940.210696][ T5015] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2940.216536][ T5015] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2940.221953][ T5015] ? __alloc_fd+0x44d/0x560 [ 2940.226580][ T5015] do_filp_open+0x1a1/0x280 [ 2940.231085][ T5015] ? may_open_dev+0x100/0x100 [ 2940.235768][ T5015] ? kasan_check_read+0x11/0x20 [ 2940.240800][ T5015] ? do_raw_spin_unlock+0x57/0x270 [ 2940.246017][ T5015] ? _raw_spin_unlock+0x2d/0x50 [ 2940.250884][ T5015] ? __alloc_fd+0x44d/0x560 [ 2940.255424][ T5015] do_sys_open+0x3fe/0x5d0 [ 2940.259950][ T5015] ? filp_open+0x80/0x80 [ 2940.264201][ T5015] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2940.269659][ T5015] ? do_syscall_64+0x26/0x680 [ 2940.274345][ T5015] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2940.280501][ T5015] ? do_syscall_64+0x26/0x680 [ 2940.285198][ T5015] __x64_sys_open+0x7e/0xc0 [ 2940.289708][ T5015] do_syscall_64+0xfd/0x680 [ 2940.294234][ T5015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2940.300154][ T5015] RIP: 0033:0x413401 [ 2940.304044][ T5015] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2940.323739][ T5015] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2940.332263][ T5015] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413401 [ 2940.340249][ T5015] RDX: 00007feed796cb0a RSI: 0000000000000002 RDI: 00007feed796cb00 [ 2940.348935][ T5015] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2940.357010][ T5015] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2940.364995][ T5015] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2940.373474][ T5015] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}, {0xffffffffffffffff, 0x20}], 0x8, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:10 executing program 2: r0 = socket$inet(0xa, 0x801, 0x3f) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca5055e0bcfec7be070") connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000001) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xef}, 0xb) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x81) ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000040)) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvfrom$inet(r2, 0x0, 0x0, 0x0, &(0x7f00000025c0)={0x2, 0x0, @remote}, 0x70d000) 03:27:10 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:10 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x13, &(0x7f0000000100), 0x4) 03:27:10 executing program 4 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2940.585656][ C0] net_ratelimit: 19 callbacks suppressed [ 2940.585666][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2940.586284][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2940.591427][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2940.597674][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2940.615326][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2940.621753][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:10 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x80000) 03:27:10 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}, {r0, 0x400}], 0x7, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2940.872774][ T5052] FAULT_INJECTION: forcing a failure. [ 2940.872774][ T5052] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2940.886113][ T5052] CPU: 1 PID: 5052 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2940.894017][ T5052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2940.904221][ T5052] Call Trace: [ 2940.907553][ T5052] dump_stack+0x172/0x1f0 [ 2940.911927][ T5052] should_fail.cold+0xa/0x15 [ 2940.916553][ T5052] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2940.922387][ T5052] ? is_bpf_text_address+0xac/0x170 [ 2940.927749][ T5052] ? find_held_lock+0x35/0x130 [ 2940.934575][ T5052] should_fail_alloc_page+0x50/0x60 [ 2940.939888][ T5052] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2940.945290][ T5052] ? __lock_acquire+0x54f/0x5490 [ 2940.950254][ T5052] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2940.956009][ T5052] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2940.961842][ T5052] cache_grow_begin+0x9d/0x650 [ 2940.966632][ T5052] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2940.972986][ T5052] __kmalloc+0x67c/0x740 [ 2940.977255][ T5052] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2940.983025][ T5052] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2940.988771][ T5052] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2940.995043][ T5052] tomoyo_check_open_permission+0x2a8/0x3f0 [ 2941.000959][ T5052] ? tomoyo_path_number_perm+0x520/0x520 [ 2941.006622][ T5052] ? mark_held_locks+0xf0/0xf0 [ 2941.011412][ T5052] ? lock_downgrade+0x880/0x880 [ 2941.016287][ T5052] tomoyo_file_open+0xa9/0xd0 [ 2941.020988][ T5052] security_file_open+0x71/0x300 [ 2941.026037][ T5052] do_dentry_open+0x373/0x1250 [ 2941.030815][ T5052] ? kasan_check_read+0x11/0x20 [ 2941.035706][ T5052] ? chown_common+0x5c0/0x5c0 [ 2941.040407][ T5052] ? inode_permission+0xb4/0x560 [ 2941.045385][ T5052] vfs_open+0xa0/0xd0 [ 2941.049384][ T5052] path_openat+0x10e9/0x46d0 [ 2941.053985][ T5052] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2941.059939][ T5052] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2941.065346][ T5052] ? __alloc_fd+0x44d/0x560 [ 2941.069850][ T5052] do_filp_open+0x1a1/0x280 [ 2941.074358][ T5052] ? may_open_dev+0x100/0x100 [ 2941.079090][ T5052] ? kasan_check_read+0x11/0x20 [ 2941.083976][ T5052] ? do_raw_spin_unlock+0x57/0x270 [ 2941.089099][ T5052] ? _raw_spin_unlock+0x2d/0x50 [ 2941.093950][ T5052] ? __alloc_fd+0x44d/0x560 [ 2941.098468][ T5052] do_sys_open+0x3fe/0x5d0 [ 2941.102898][ T5052] ? filp_open+0x80/0x80 [ 2941.107183][ T5052] ? blkcg_exit_queue+0x30/0x30 [ 2941.112320][ T5052] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2941.117795][ T5052] ? do_syscall_64+0x26/0x680 [ 2941.122488][ T5052] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2941.128559][ T5052] ? do_syscall_64+0x26/0x680 [ 2941.133263][ T5052] __x64_sys_open+0x7e/0xc0 [ 2941.137773][ T5052] do_syscall_64+0xfd/0x680 [ 2941.142550][ T5052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2941.148461][ T5052] RIP: 0033:0x413401 [ 2941.152383][ T5052] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 03:27:11 executing program 2: getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f00000000c0)=ANY=[@ANYBLOB="4b38fdd11ddb02581200a08069ded729e2dd52f7eb696c7465720000002000e750b2ac8915521700e8fe00000028cb0bdd9216c89f"], 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_ifreq(r0, 0x220000890b, &(0x7f00000000c0)={'ifb0\x02\x00\x00\x00\x00?\x00@\x00', @ifru_settings={0x0, 0x2, @raw_hdlc=&(0x7f00000001c0)}}) 03:27:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x00'}}}]}, 0x13c}}, 0x0) [ 2941.171983][ T5052] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2941.181565][ T5052] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413401 [ 2941.189555][ T5052] RDX: 00007feed796cb0a RSI: 0000000000000002 RDI: 00007feed796cb00 [ 2941.197534][ T5052] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2941.205517][ T5052] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2941.213496][ T5052] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x14, &(0x7f0000000100), 0x4) 03:27:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}, {r0, 0x4546}], 0x6, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:11 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x80000) 03:27:11 executing program 4 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:11 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x15, &(0x7f0000000100), 0x4) 03:27:11 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:27:11 executing program 2: 03:27:11 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0, 0x8641}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2941.681101][ T5086] FAULT_INJECTION: forcing a failure. [ 2941.681101][ T5086] name failslab, interval 1, probability 0, space 0, times 0 03:27:11 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, 0xffffffffffffffff, 0x80000) [ 2941.771133][ T5086] CPU: 0 PID: 5086 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2941.779072][ T5086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2941.789146][ T5086] Call Trace: [ 2941.792456][ T5086] dump_stack+0x172/0x1f0 [ 2941.796817][ T5086] should_fail.cold+0xa/0x15 [ 2941.801441][ T5086] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2941.807279][ T5086] ? ___might_sleep+0x163/0x280 [ 2941.812178][ T5086] __should_failslab+0x121/0x190 [ 2941.817141][ T5086] should_failslab+0x9/0x14 [ 2941.821660][ T5086] __kmalloc+0x2d9/0x740 [ 2941.826353][ T5086] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2941.832612][ T5086] ? d_absolute_path+0x11b/0x170 [ 2941.837574][ T5086] ? __d_path+0x140/0x140 [ 2941.841935][ T5086] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2941.847325][ T5086] tomoyo_encode2.part.0+0xf5/0x400 [ 2941.852546][ T5086] tomoyo_encode+0x2b/0x50 [ 2941.857076][ T5086] tomoyo_realpath_from_path+0x1d3/0x7a0 [ 2941.862824][ T5086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2941.869098][ T5086] tomoyo_check_open_permission+0x2a8/0x3f0 [ 2941.875025][ T5086] ? tomoyo_path_number_perm+0x520/0x520 [ 2941.880703][ T5086] ? mark_held_locks+0xf0/0xf0 [ 2941.885622][ T5086] ? lock_downgrade+0x880/0x880 [ 2941.890508][ T5086] tomoyo_file_open+0xa9/0xd0 [ 2941.895212][ T5086] security_file_open+0x71/0x300 [ 2941.900179][ T5086] do_dentry_open+0x373/0x1250 [ 2941.905004][ T5086] ? kasan_check_read+0x11/0x20 [ 2941.909881][ T5086] ? chown_common+0x5c0/0x5c0 [ 2941.914585][ T5086] ? inode_permission+0xb4/0x560 [ 2941.919556][ T5086] vfs_open+0xa0/0xd0 [ 2941.923556][ T5086] path_openat+0x10e9/0x46d0 [ 2941.928163][ T5086] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 2941.934003][ T5086] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 2941.939590][ T5086] ? __alloc_fd+0x44d/0x560 [ 2941.944113][ T5086] do_filp_open+0x1a1/0x280 [ 2941.948642][ T5086] ? may_open_dev+0x100/0x100 [ 2941.953347][ T5086] ? kasan_check_read+0x11/0x20 [ 2941.958211][ T5086] ? do_raw_spin_unlock+0x57/0x270 [ 2941.963370][ T5086] ? _raw_spin_unlock+0x2d/0x50 [ 2941.968228][ T5086] ? __alloc_fd+0x44d/0x560 [ 2941.972765][ T5086] do_sys_open+0x3fe/0x5d0 [ 2941.977215][ T5086] ? filp_open+0x80/0x80 [ 2941.981468][ T5086] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2941.986962][ T5086] ? do_syscall_64+0x26/0x680 [ 2941.986978][ T5086] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2941.986990][ T5086] ? do_syscall_64+0x26/0x680 [ 2941.987010][ T5086] __x64_sys_open+0x7e/0xc0 [ 2941.987034][ T5086] do_syscall_64+0xfd/0x680 [ 2941.987056][ T5086] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2942.017339][ T5086] RIP: 0033:0x413401 03:27:11 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) [ 2942.021250][ T5086] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 2942.041220][ T5086] RSP: 002b:00007feed796ca80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 2942.049646][ T5086] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000413401 [ 2942.057647][ T5086] RDX: 00007feed796cb0a RSI: 0000000000000002 RDI: 00007feed796cb00 03:27:12 executing program 2: 03:27:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9e\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) [ 2942.065639][ T5086] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2942.073628][ T5086] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 2942.081664][ T5086] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2942.090101][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2942.095988][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2942.101949][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2942.107829][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:12 executing program 1: [ 2942.120387][ T5086] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:12 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:12 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0x16, &(0x7f0000000100), 0x4) 03:27:12 executing program 4 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:12 executing program 2: 03:27:12 executing program 1: 03:27:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:27:12 executing program 2: [ 2942.488605][ T5123] FAULT_INJECTION: forcing a failure. [ 2942.488605][ T5123] name failslab, interval 1, probability 0, space 0, times 0 [ 2942.525117][ T5123] CPU: 0 PID: 5123 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 03:27:12 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @dev}, 0x6c) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000240)={0x2, 0x4e23, @local}, 0x10) close(r0) [ 2942.533061][ T5123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2942.543307][ T5123] Call Trace: [ 2942.546616][ T5123] dump_stack+0x172/0x1f0 [ 2942.550968][ T5123] should_fail.cold+0xa/0x15 [ 2942.555586][ T5123] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2942.561422][ T5123] ? ___might_sleep+0x163/0x280 [ 2942.566286][ T5123] __should_failslab+0x121/0x190 [ 2942.571236][ T5123] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2942.576703][ T5123] should_failslab+0x9/0x14 [ 2942.581223][ T5123] kmem_cache_alloc_trace+0x2ce/0x750 03:27:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) [ 2942.586595][ T5123] ? lockdep_init_map+0x1be/0x6d0 [ 2942.591979][ T5123] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2942.597507][ T5123] __kthread_create_on_node+0xf2/0x460 [ 2942.602959][ T5123] ? lock_acquire+0x16f/0x3f0 [ 2942.607645][ T5123] ? kthread_parkme+0xb0/0xb0 [ 2942.612340][ T5123] ? mutex_trylock+0x1e0/0x1e0 [ 2942.617106][ T5123] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2942.622568][ T5123] kthread_create_on_node+0xbb/0xf0 [ 2942.627781][ T5123] ? __kthread_create_on_node+0x460/0x460 [ 2942.633519][ T5123] ? lockdep_init_map+0x1be/0x6d0 [ 2942.638831][ T5123] ? lockdep_init_map+0x1be/0x6d0 [ 2942.643891][ T5123] loop_set_fd+0x342/0x10b0 [ 2942.648525][ T5123] ? find_held_lock+0x35/0x130 [ 2942.653297][ T5123] lo_ioctl+0x1a3/0x1460 [ 2942.657534][ T5123] ? lock_downgrade+0x880/0x880 [ 2942.662380][ T5123] ? loop_set_fd+0x10b0/0x10b0 [ 2942.667133][ T5123] blkdev_ioctl+0xece/0x1c10 [ 2942.671716][ T5123] ? blkpg_ioctl+0xa90/0xa90 [ 2942.676327][ T5123] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2942.682145][ T5123] ? __fget+0x35a/0x550 [ 2942.686294][ T5123] block_ioctl+0xee/0x130 [ 2942.690636][ T5123] ? blkdev_fallocate+0x410/0x410 [ 2942.695651][ T5123] do_vfs_ioctl+0xd5f/0x1380 [ 2942.700255][ T5123] ? ioctl_preallocate+0x210/0x210 [ 2942.705366][ T5123] ? __fget+0x381/0x550 [ 2942.709552][ T5123] ? ksys_dup3+0x3e0/0x3e0 [ 2942.713967][ T5123] ? do_sys_open+0x31d/0x5d0 [ 2942.718693][ T5123] ? tomoyo_file_ioctl+0x23/0x30 [ 2942.723626][ T5123] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2942.729855][ T5123] ? security_file_ioctl+0x8d/0xc0 [ 2942.734955][ T5123] ksys_ioctl+0xab/0xd0 [ 2942.739102][ T5123] __x64_sys_ioctl+0x73/0xb0 [ 2942.744034][ T5123] do_syscall_64+0xfd/0x680 [ 2942.748530][ T5123] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2942.754408][ T5123] RIP: 0033:0x459387 [ 2942.758287][ T5123] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2942.777902][ T5123] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:27:12 executing program 4 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2942.786317][ T5123] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2942.794282][ T5123] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2942.802247][ T5123] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2942.810235][ T5123] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2942.818206][ T5123] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:12 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03@\x00'}}}]}, 0x13c}}, 0x0) 03:27:12 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)=0x1000000, 0x4) [ 2943.026970][ T5137] FAULT_INJECTION: forcing a failure. [ 2943.026970][ T5137] name failslab, interval 1, probability 0, space 0, times 0 [ 2943.085657][ T5137] CPU: 1 PID: 5137 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2943.093599][ T5137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2943.103669][ T5137] Call Trace: [ 2943.107166][ T5137] dump_stack+0x172/0x1f0 [ 2943.111507][ T5137] should_fail.cold+0xa/0x15 [ 2943.116109][ T5137] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2943.122025][ T5137] ? ___might_sleep+0x163/0x280 [ 2943.126987][ T5137] __should_failslab+0x121/0x190 [ 2943.131983][ T5137] should_failslab+0x9/0x14 [ 2943.136504][ T5137] kmem_cache_alloc+0x2af/0x6f0 [ 2943.141384][ T5137] ? __lock_acquire+0x54f/0x5490 [ 2943.146441][ T5137] __kernfs_new_node+0xf0/0x6c0 [ 2943.151349][ T5137] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2943.156840][ T5137] ? __lock_acquire+0x54f/0x5490 [ 2943.161808][ T5137] kernfs_new_node+0x96/0x120 [ 2943.166491][ T5137] kernfs_create_dir_ns+0x52/0x160 [ 2943.171598][ T5137] internal_create_group+0x7f4/0xc40 [ 2943.176893][ T5137] ? remove_files.isra.0+0x190/0x190 03:27:13 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:13 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r0, r1}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f00000001c0)={'crct10dif-generic\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x8d\x00'}}) 03:27:13 executing program 2: mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xffffffffffffffff) [ 2943.182187][ T5137] ? bd_set_size+0x3f/0xb0 [ 2943.186620][ T5137] ? kasan_check_write+0x14/0x20 [ 2943.191572][ T5137] ? up_write+0xbe/0x1e0 [ 2943.195829][ T5137] sysfs_create_group+0x20/0x30 [ 2943.200707][ T5137] loop_set_fd+0xb11/0x10b0 [ 2943.205235][ T5137] lo_ioctl+0x1a3/0x1460 [ 2943.209484][ T5137] ? lock_downgrade+0x880/0x880 [ 2943.214329][ T5137] ? loop_set_fd+0x10b0/0x10b0 [ 2943.219102][ T5137] blkdev_ioctl+0xece/0x1c10 [ 2943.223867][ T5137] ? blkpg_ioctl+0xa90/0xa90 [ 2943.228468][ T5137] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2943.234304][ T5137] ? __fget+0x35a/0x550 [ 2943.238462][ T5137] block_ioctl+0xee/0x130 [ 2943.242792][ T5137] ? blkdev_fallocate+0x410/0x410 [ 2943.247817][ T5137] do_vfs_ioctl+0xd5f/0x1380 [ 2943.252409][ T5137] ? ioctl_preallocate+0x210/0x210 [ 2943.257519][ T5137] ? __fget+0x381/0x550 [ 2943.261679][ T5137] ? ksys_dup3+0x3e0/0x3e0 [ 2943.266102][ T5137] ? do_sys_open+0x31d/0x5d0 [ 2943.270701][ T5137] ? tomoyo_file_ioctl+0x23/0x30 [ 2943.275636][ T5137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2943.281877][ T5137] ? security_file_ioctl+0x8d/0xc0 [ 2943.286990][ T5137] ksys_ioctl+0xab/0xd0 [ 2943.291147][ T5137] __x64_sys_ioctl+0x73/0xb0 [ 2943.295738][ T5137] do_syscall_64+0xfd/0x680 [ 2943.300250][ T5137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2943.306139][ T5137] RIP: 0033:0x459387 [ 2943.310056][ T5137] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2943.329852][ T5137] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2943.338265][ T5137] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2943.346243][ T5137] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2943.354492][ T5137] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2943.362493][ T5137] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2943.370494][ T5137] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)=0x7ffffffe, 0x4) 03:27:13 executing program 4 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:13 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @dev}, 0x6c) sendto$inet(r0, 0x0, 0x0, 0x20400800, &(0x7f0000000140)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000340)='veth0_to_bond\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffffb5, 0x240, 0x0, 0xfeffffff00000000) 03:27:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) 03:27:13 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r0, r1}, &(0x7f0000000440)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f00000001c0)={'crct10dif-generic\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x8d\x00'}}) 03:27:13 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)=0xfeffff7f, 0x4) [ 2943.821011][ T5173] FAULT_INJECTION: forcing a failure. [ 2943.821011][ T5173] name failslab, interval 1, probability 0, space 0, times 0 [ 2943.877612][ T5173] CPU: 0 PID: 5173 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2943.885544][ T5173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2943.895737][ T5173] Call Trace: [ 2943.895773][ T5173] dump_stack+0x172/0x1f0 [ 2943.895797][ T5173] should_fail.cold+0xa/0x15 [ 2943.895823][ T5173] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2943.913884][ T5173] ? ___might_sleep+0x163/0x280 [ 2943.918844][ T5173] __should_failslab+0x121/0x190 [ 2943.923807][ T5173] should_failslab+0x9/0x14 [ 2943.928322][ T5173] __kmalloc+0x2d9/0x740 [ 2943.928343][ T5173] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2943.928359][ T5173] ? d_absolute_path+0x11b/0x170 [ 2943.928373][ T5173] ? __d_path+0x140/0x140 [ 2943.928395][ T5173] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2943.953492][ T5173] tomoyo_encode2.part.0+0xf5/0x400 [ 2943.958713][ T5173] tomoyo_encode+0x2b/0x50 [ 2943.963151][ T5173] tomoyo_realpath_from_path+0x1d3/0x7a0 [ 2943.968909][ T5173] tomoyo_path_number_perm+0x1dd/0x520 [ 2943.974375][ T5173] ? tomoyo_path_number_perm+0x193/0x520 [ 2943.980026][ T5173] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2943.985868][ T5173] ? debug_check_no_obj_freed+0x200/0x464 [ 2943.991609][ T5173] ? __fget+0x35a/0x550 [ 2943.995787][ T5173] ? __fget+0x381/0x550 [ 2943.999964][ T5173] ? ksys_dup3+0x3e0/0x3e0 [ 2944.004396][ T5173] ? do_sys_open+0x31d/0x5d0 [ 2944.009007][ T5173] tomoyo_file_ioctl+0x23/0x30 [ 2944.013789][ T5173] security_file_ioctl+0x77/0xc0 [ 2944.018766][ T5173] ksys_ioctl+0x57/0xd0 [ 2944.022953][ T5173] __x64_sys_ioctl+0x73/0xb0 [ 2944.027550][ T5173] do_syscall_64+0xfd/0x680 [ 2944.032084][ T5173] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2944.038098][ T5173] RIP: 0033:0x459387 [ 2944.042353][ T5173] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2944.062065][ T5173] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2944.070497][ T5173] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 03:27:13 executing program 2: unshare(0x4020400) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000006a40)='/dev/btrfs-control\x00', 0x224002, 0x0) readahead(r0, 0x0, 0x0) 03:27:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) [ 2944.078481][ T5173] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2944.086476][ T5173] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2944.094478][ T5173] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2944.102639][ T5173] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2944.141921][ T5173] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:14 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:14 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:14 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)={0x0, 0x4, 0x1, [0xffffffff]}, &(0x7f00000000c0)=0xa) setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f0000000100)={r3, 0xffffffffffff10a5, 0xaf, "ad609b43152957f71cf862e7a818beec84926ecb4c194682926dbfe142149994e011fbb034877de936fa540016ed4b7ab93cf3d514a412e0842bf72e296401fbb94359ac99bbc7a6d6910b9c85aa9bfe0f1aa86cf6211f622e66251952f9a7d10b0e10358b3efb778d017ad377a97f742ccc980ad8da8cd86a3cdf8aa336d29692275799446b9258a76dbc1187592779d9a6833b7038fc1c3d1d5e294377d46490128da2f0f68af8091bc7f540ab4b"}, 0xb7) 03:27:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:14 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)=0x100000000000000, 0x4) 03:27:14 executing program 4 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:14 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:14 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:27:14 executing program 1 (fault-call:2 fault-nth:0): r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) [ 2944.529767][ T5209] FAULT_INJECTION: forcing a failure. [ 2944.529767][ T5209] name failslab, interval 1, probability 0, space 0, times 0 [ 2944.554513][ T5209] CPU: 0 PID: 5209 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2944.562453][ T5209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2944.572522][ T5209] Call Trace: [ 2944.575859][ T5209] dump_stack+0x172/0x1f0 03:27:14 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)=0xfeffff7f00000000, 0x4) [ 2944.580211][ T5209] should_fail.cold+0xa/0x15 [ 2944.584912][ T5209] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2944.590753][ T5209] ? ___might_sleep+0x163/0x280 [ 2944.595632][ T5209] __should_failslab+0x121/0x190 [ 2944.600589][ T5209] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2944.606097][ T5209] should_failslab+0x9/0x14 [ 2944.610622][ T5209] kmem_cache_alloc_trace+0x2ce/0x750 [ 2944.616010][ T5209] ? lockdep_init_map+0x1be/0x6d0 [ 2944.621041][ T5209] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2944.626504][ T5209] __kthread_create_on_node+0xf2/0x460 [ 2944.631978][ T5209] ? lock_acquire+0x16f/0x3f0 [ 2944.636664][ T5209] ? kthread_parkme+0xb0/0xb0 [ 2944.641366][ T5209] ? mutex_trylock+0x1e0/0x1e0 [ 2944.646121][ T5209] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2944.651582][ T5209] kthread_create_on_node+0xbb/0xf0 [ 2944.656775][ T5209] ? __kthread_create_on_node+0x460/0x460 [ 2944.662492][ T5209] ? lockdep_init_map+0x1be/0x6d0 [ 2944.667514][ T5209] ? lockdep_init_map+0x1be/0x6d0 [ 2944.672541][ T5209] loop_set_fd+0x342/0x10b0 [ 2944.677068][ T5209] ? find_held_lock+0x35/0x130 [ 2944.681831][ T5209] lo_ioctl+0x1a3/0x1460 [ 2944.686085][ T5209] ? lock_downgrade+0x880/0x880 [ 2944.690977][ T5209] ? loop_set_fd+0x10b0/0x10b0 [ 2944.695787][ T5209] blkdev_ioctl+0xece/0x1c10 [ 2944.700383][ T5209] ? blkpg_ioctl+0xa90/0xa90 [ 2944.704965][ T5209] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2944.710768][ T5209] ? __fget+0x35a/0x550 [ 2944.715019][ T5209] block_ioctl+0xee/0x130 [ 2944.730258][ T5209] ? blkdev_fallocate+0x410/0x410 [ 2944.735411][ T5209] do_vfs_ioctl+0xd5f/0x1380 [ 2944.740091][ T5209] ? ioctl_preallocate+0x210/0x210 [ 2944.745222][ T5209] ? __fget+0x381/0x550 [ 2944.749393][ T5209] ? ksys_dup3+0x3e0/0x3e0 [ 2944.753811][ T5209] ? do_sys_open+0x31d/0x5d0 [ 2944.758406][ T5209] ? tomoyo_file_ioctl+0x23/0x30 [ 2944.763714][ T5209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2944.770006][ T5209] ? security_file_ioctl+0x8d/0xc0 [ 2944.775124][ T5209] ksys_ioctl+0xab/0xd0 [ 2944.779386][ T5209] __x64_sys_ioctl+0x73/0xb0 [ 2944.784000][ T5209] do_syscall_64+0xfd/0x680 [ 2944.788555][ T5209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2944.794443][ T5209] RIP: 0033:0x459387 [ 2944.798328][ T5209] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2944.817934][ T5209] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2944.826468][ T5209] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2944.834450][ T5209] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2944.842412][ T5209] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2944.850377][ T5209] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2944.858334][ T5209] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:14 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) 03:27:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:27:15 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {0xffffffffffffffff, 0x8641}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:15 executing program 4 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x70) 03:27:15 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) 03:27:15 executing program 2 (fault-call:4 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:27:15 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) [ 2945.459660][ T5247] FAULT_INJECTION: forcing a failure. [ 2945.459660][ T5247] name failslab, interval 1, probability 0, space 0, times 0 [ 2945.488116][ T5247] CPU: 1 PID: 5247 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2945.496260][ T5247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2945.506332][ T5247] Call Trace: [ 2945.509663][ T5247] dump_stack+0x172/0x1f0 [ 2945.513996][ T5247] should_fail.cold+0xa/0x15 [ 2945.518583][ T5247] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2945.524386][ T5247] ? ___might_sleep+0x163/0x280 [ 2945.529298][ T5247] __should_failslab+0x121/0x190 [ 2945.534251][ T5247] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2945.539715][ T5247] should_failslab+0x9/0x14 [ 2945.544275][ T5247] kmem_cache_alloc_trace+0x2ce/0x750 [ 2945.549674][ T5247] ? lockdep_init_map+0x1be/0x6d0 [ 2945.554712][ T5247] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2945.560163][ T5247] __kthread_create_on_node+0xf2/0x460 [ 2945.565628][ T5247] ? lock_acquire+0x16f/0x3f0 [ 2945.570312][ T5247] ? kthread_parkme+0xb0/0xb0 [ 2945.574993][ T5247] ? mutex_trylock+0x1e0/0x1e0 [ 2945.579772][ T5247] ? loop_info64_to_compat+0x6d0/0x6d0 [ 2945.585244][ T5247] kthread_create_on_node+0xbb/0xf0 [ 2945.590561][ T5247] ? __kthread_create_on_node+0x460/0x460 [ 2945.596280][ T5247] ? lockdep_init_map+0x1be/0x6d0 [ 2945.601331][ T5247] ? lockdep_init_map+0x1be/0x6d0 [ 2945.606355][ T5247] loop_set_fd+0x342/0x10b0 [ 2945.610868][ T5247] ? find_held_lock+0x35/0x130 [ 2945.615648][ T5247] lo_ioctl+0x1a3/0x1460 [ 2945.619996][ T5247] ? lock_downgrade+0x880/0x880 [ 2945.624843][ T5247] ? loop_set_fd+0x10b0/0x10b0 [ 2945.629701][ T5247] blkdev_ioctl+0xece/0x1c10 [ 2945.634286][ T5247] ? blkpg_ioctl+0xa90/0xa90 [ 2945.639651][ T5247] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2945.645513][ T5247] ? __fget+0x35a/0x550 [ 2945.649729][ T5247] block_ioctl+0xee/0x130 [ 2945.654223][ T5247] ? blkdev_fallocate+0x410/0x410 [ 2945.659412][ T5247] do_vfs_ioctl+0xd5f/0x1380 [ 2945.664004][ T5247] ? ioctl_preallocate+0x210/0x210 [ 2945.669111][ T5247] ? __fget+0x381/0x550 [ 2945.673290][ T5247] ? ksys_dup3+0x3e0/0x3e0 [ 2945.677976][ T5247] ? do_sys_open+0x31d/0x5d0 [ 2945.682603][ T5247] ? tomoyo_file_ioctl+0x23/0x30 [ 2945.687660][ T5247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2945.694014][ T5247] ? security_file_ioctl+0x8d/0xc0 [ 2945.699130][ T5247] ksys_ioctl+0xab/0xd0 [ 2945.703298][ T5247] __x64_sys_ioctl+0x73/0xb0 [ 2945.707975][ T5247] do_syscall_64+0xfd/0x680 [ 2945.712487][ T5247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2945.718368][ T5247] RIP: 0033:0x459387 [ 2945.722254][ T5247] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2945.741876][ T5247] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2945.750301][ T5247] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 03:27:15 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x2) 03:27:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2945.758267][ T5247] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2945.766430][ T5247] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2945.774416][ T5247] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2945.783779][ T5247] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:15 executing program 4 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:15 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x20000104) 03:27:16 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x1a0) [ 2946.004693][ T5262] FAULT_INJECTION: forcing a failure. [ 2946.004693][ T5262] name failslab, interval 1, probability 0, space 0, times 0 [ 2946.045166][ T5262] CPU: 0 PID: 5262 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2946.053110][ T5262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2946.063196][ T5262] Call Trace: [ 2946.066517][ T5262] dump_stack+0x172/0x1f0 [ 2946.070872][ T5262] should_fail.cold+0xa/0x15 [ 2946.075500][ T5262] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2946.081691][ T5262] ? ___might_sleep+0x163/0x280 [ 2946.086561][ T5262] __should_failslab+0x121/0x190 [ 2946.091524][ T5262] should_failslab+0x9/0x14 [ 2946.096083][ T5262] kmem_cache_alloc+0x2af/0x6f0 [ 2946.100940][ T5262] ? find_held_lock+0x35/0x130 [ 2946.105726][ T5262] ? kernfs_activate+0x192/0x1f0 [ 2946.110852][ T5262] __kernfs_new_node+0xf0/0x6c0 [ 2946.115729][ T5262] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2946.121200][ T5262] ? lock_downgrade+0x880/0x880 [ 2946.126164][ T5262] ? kasan_check_write+0x14/0x20 [ 2946.131117][ T5262] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 2946.136692][ T5262] ? wait_for_completion+0x440/0x440 [ 2946.142000][ T5262] kernfs_new_node+0x96/0x120 [ 2946.146785][ T5262] __kernfs_create_file+0x51/0x340 [ 2946.151916][ T5262] sysfs_add_file_mode_ns+0x222/0x560 [ 2946.157305][ T5262] internal_create_group+0x359/0xc40 [ 2946.162611][ T5262] ? remove_files.isra.0+0x190/0x190 [ 2946.167898][ T5262] ? bd_set_size+0x3f/0xb0 [ 2946.172326][ T5262] ? kasan_check_write+0x14/0x20 [ 2946.177267][ T5262] ? up_write+0xbe/0x1e0 [ 2946.181611][ T5262] sysfs_create_group+0x20/0x30 [ 2946.186478][ T5262] loop_set_fd+0xb11/0x10b0 [ 2946.191015][ T5262] lo_ioctl+0x1a3/0x1460 [ 2946.195270][ T5262] ? lock_downgrade+0x880/0x880 [ 2946.200232][ T5262] ? loop_set_fd+0x10b0/0x10b0 [ 2946.205012][ T5262] blkdev_ioctl+0xece/0x1c10 [ 2946.209708][ T5262] ? blkpg_ioctl+0xa90/0xa90 [ 2946.214306][ T5262] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2946.220226][ T5262] ? __fget+0x35a/0x550 [ 2946.224421][ T5262] block_ioctl+0xee/0x130 [ 2946.228765][ T5262] ? blkdev_fallocate+0x410/0x410 [ 2946.234173][ T5262] do_vfs_ioctl+0xd5f/0x1380 [ 2946.238787][ T5262] ? ioctl_preallocate+0x210/0x210 [ 2946.243907][ T5262] ? __fget+0x381/0x550 [ 2946.248428][ T5262] ? ksys_dup3+0x3e0/0x3e0 [ 2946.252851][ T5262] ? do_sys_open+0x31d/0x5d0 [ 2946.257543][ T5262] ? tomoyo_file_ioctl+0x23/0x30 [ 2946.262512][ T5262] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2946.268776][ T5262] ? security_file_ioctl+0x8d/0xc0 [ 2946.273905][ T5262] ksys_ioctl+0xab/0xd0 [ 2946.278076][ T5262] __x64_sys_ioctl+0x73/0xb0 [ 2946.282676][ T5262] do_syscall_64+0xfd/0x680 [ 2946.287193][ T5262] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2946.293088][ T5262] RIP: 0033:0x459387 [ 2946.296986][ T5262] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2946.316705][ T5262] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2946.325146][ T5262] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2946.333132][ T5262] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2946.341120][ T5262] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2946.349191][ T5262] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2946.357172][ T5262] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2946.365751][ C0] net_ratelimit: 19 callbacks suppressed [ 2946.365765][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2946.377513][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2946.383494][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2946.389480][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:16 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {0xffffffffffffffff, 0x8641}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:27:16 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x9, 0x10000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r3, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f00000000c0), 0x3, {0xa, 0x4e20, 0x4, @empty}, r4}}, 0x38) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x10400, 0x0) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r6 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x800, 0x240) ioctl$KDSIGACCEPT(r6, 0x4b4e, 0x21) prctl$PR_GET_CHILD_SUBREAPER(0x25) fstat(0xffffffffffffffff, 0x0) [ 2946.395339][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2946.401273][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:16 executing program 4 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:16 executing program 5: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x0, 0x0) ioctl$EVIOCGBITKEY(r0, 0x80404521, &(0x7f0000000040)=""/52) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)) 03:27:16 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:27:16 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x3f00) [ 2946.845451][ T5291] FAULT_INJECTION: forcing a failure. [ 2946.845451][ T5291] name failslab, interval 1, probability 0, space 0, times 0 [ 2946.871851][ T5291] CPU: 0 PID: 5291 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2946.879793][ T5291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2946.889881][ T5291] Call Trace: [ 2946.893194][ T5291] dump_stack+0x172/0x1f0 [ 2946.897550][ T5291] should_fail.cold+0xa/0x15 [ 2946.902160][ T5291] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2946.907991][ T5291] ? ___might_sleep+0x163/0x280 [ 2946.912865][ T5291] __should_failslab+0x121/0x190 [ 2946.917825][ T5291] should_failslab+0x9/0x14 [ 2946.922333][ T5291] kmem_cache_alloc+0x2af/0x6f0 [ 2946.927190][ T5291] ? lock_downgrade+0x880/0x880 [ 2946.934055][ T5291] ? kasan_check_read+0x11/0x20 [ 2946.938964][ T5291] __kernfs_new_node+0xf0/0x6c0 [ 2946.943835][ T5291] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2946.950337][ T5291] ? wait_for_completion+0x440/0x440 [ 2946.955666][ T5291] ? mutex_unlock+0xd/0x10 [ 2946.960087][ T5291] ? kernfs_activate+0x192/0x1f0 [ 2946.965037][ T5291] kernfs_new_node+0x96/0x120 [ 2946.969726][ T5291] __kernfs_create_file+0x51/0x340 [ 2946.974850][ T5291] sysfs_add_file_mode_ns+0x222/0x560 [ 2946.980256][ T5291] internal_create_group+0x359/0xc40 [ 2946.985555][ T5291] ? remove_files.isra.0+0x190/0x190 [ 2946.990942][ T5291] ? bd_set_size+0x3f/0xb0 [ 2946.995368][ T5291] ? kasan_check_write+0x14/0x20 [ 2947.000310][ T5291] ? up_write+0xbe/0x1e0 [ 2947.004567][ T5291] sysfs_create_group+0x20/0x30 [ 2947.009426][ T5291] loop_set_fd+0xb11/0x10b0 [ 2947.013951][ T5291] lo_ioctl+0x1a3/0x1460 [ 2947.018198][ T5291] ? lock_downgrade+0x880/0x880 [ 2947.023315][ T5291] ? loop_set_fd+0x10b0/0x10b0 [ 2947.028364][ T5291] blkdev_ioctl+0xece/0x1c10 [ 2947.032969][ T5291] ? blkpg_ioctl+0xa90/0xa90 [ 2947.037569][ T5291] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2947.043400][ T5291] ? __fget+0x35a/0x550 [ 2947.047656][ T5291] block_ioctl+0xee/0x130 [ 2947.052070][ T5291] ? blkdev_fallocate+0x410/0x410 [ 2947.057104][ T5291] do_vfs_ioctl+0xd5f/0x1380 [ 2947.061812][ T5291] ? ioctl_preallocate+0x210/0x210 [ 2947.066931][ T5291] ? __fget+0x381/0x550 [ 2947.071098][ T5291] ? ksys_dup3+0x3e0/0x3e0 [ 2947.075611][ T5291] ? tomoyo_file_ioctl+0x23/0x30 [ 2947.080655][ T5291] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2947.086901][ T5291] ? security_file_ioctl+0x8d/0xc0 [ 2947.092125][ T5291] ksys_ioctl+0xab/0xd0 [ 2947.096473][ T5291] __x64_sys_ioctl+0x73/0xb0 [ 2947.101072][ T5291] do_syscall_64+0xfd/0x680 [ 2947.105614][ T5291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.111538][ T5291] RIP: 0033:0x459387 [ 2947.115446][ T5291] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2947.135070][ T5291] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2947.143508][ T5291] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2947.151491][ T5291] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2947.159465][ T5291] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2947.167552][ T5291] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2947.175529][ T5291] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2947.185753][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2947.185888][ C0] protocol 88fb is buggy, dev hsr_slave_0 03:27:17 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) [ 2947.191623][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2947.197339][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x18f) 03:27:17 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x4000) 03:27:17 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:27:17 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {0xffffffffffffffff, 0x8641}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x101000, 0x0) read$rfkill(r3, &(0x7f0000000080), 0x8) fstat(0xffffffffffffffff, 0x0) 03:27:17 executing program 4 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:17 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:27:17 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0x100000001, &(0x7f00000000c0)=0x2) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x6, 0x43ffe) ioctl$PIO_UNISCRNMAP(r1, 0x4b6a, &(0x7f00000001c0)="d929f47e6d84e63bfcdf1839dcf39c82dabae0b81444e96e291baae676de22480688d787d92c82e9a691fdb0ac6cdcbd9bf16e6ad2552deaf5b57f9e0cedd88b046c5275ef460d60107b0468e6292bffd8c9ef1ac2e818d94ff250657e31966f5647395fbaf5b950f0bc7a3dd5b2715e8064cab6d579800000") ioctl$TIOCGPKT(r1, 0x80045438, &(0x7f0000000040)) ioctl$TCXONC(r1, 0x540a, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:17 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x2000000) [ 2947.711596][ T5326] FAULT_INJECTION: forcing a failure. [ 2947.711596][ T5326] name failslab, interval 1, probability 0, space 0, times 0 [ 2947.730715][ T5326] CPU: 0 PID: 5326 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2947.738648][ T5326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2947.748738][ T5326] Call Trace: [ 2947.752053][ T5326] dump_stack+0x172/0x1f0 [ 2947.756439][ T5326] should_fail.cold+0xa/0x15 [ 2947.761049][ T5326] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2947.767163][ T5326] ? ___might_sleep+0x163/0x280 [ 2947.772203][ T5326] __should_failslab+0x121/0x190 [ 2947.777138][ T5326] should_failslab+0x9/0x14 [ 2947.781628][ T5326] kmem_cache_alloc+0x2af/0x6f0 [ 2947.786562][ T5326] ? lock_downgrade+0x880/0x880 [ 2947.791434][ T5326] ? kasan_check_read+0x11/0x20 [ 2947.796731][ T5326] __kernfs_new_node+0xf0/0x6c0 [ 2947.801691][ T5326] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2947.807160][ T5326] ? wait_for_completion+0x440/0x440 [ 2947.812451][ T5326] ? mutex_unlock+0xd/0x10 [ 2947.816853][ T5326] ? kernfs_activate+0x192/0x1f0 [ 2947.821781][ T5326] kernfs_new_node+0x96/0x120 [ 2947.826449][ T5326] __kernfs_create_file+0x51/0x340 [ 2947.831557][ T5326] sysfs_add_file_mode_ns+0x222/0x560 [ 2947.837009][ T5326] internal_create_group+0x359/0xc40 [ 2947.842397][ T5326] ? remove_files.isra.0+0x190/0x190 [ 2947.847676][ T5326] ? bd_set_size+0x3f/0xb0 [ 2947.852097][ T5326] ? kasan_check_write+0x14/0x20 [ 2947.857074][ T5326] ? up_write+0xbe/0x1e0 [ 2947.861599][ T5326] sysfs_create_group+0x20/0x30 [ 2947.866442][ T5326] loop_set_fd+0xb11/0x10b0 [ 2947.870944][ T5326] lo_ioctl+0x1a3/0x1460 [ 2947.875181][ T5326] ? lock_downgrade+0x880/0x880 [ 2947.880052][ T5326] ? loop_set_fd+0x10b0/0x10b0 [ 2947.884849][ T5326] blkdev_ioctl+0xece/0x1c10 [ 2947.889468][ T5326] ? blkpg_ioctl+0xa90/0xa90 [ 2947.894088][ T5326] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2947.899999][ T5326] ? __fget+0x35a/0x550 [ 2947.904234][ T5326] block_ioctl+0xee/0x130 [ 2947.908564][ T5326] ? blkdev_fallocate+0x410/0x410 [ 2947.913584][ T5326] do_vfs_ioctl+0xd5f/0x1380 [ 2947.918200][ T5326] ? ioctl_preallocate+0x210/0x210 [ 2947.923339][ T5326] ? __fget+0x381/0x550 [ 2947.927491][ T5326] ? ksys_dup3+0x3e0/0x3e0 [ 2947.931905][ T5326] ? tomoyo_file_ioctl+0x23/0x30 [ 2947.936874][ T5326] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2947.943118][ T5326] ? security_file_ioctl+0x8d/0xc0 [ 2947.948223][ T5326] ksys_ioctl+0xab/0xd0 [ 2947.952377][ T5326] __x64_sys_ioctl+0x73/0xb0 [ 2947.956965][ T5326] do_syscall_64+0xfd/0x680 [ 2947.961462][ T5326] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2947.967341][ T5326] RIP: 0033:0x459387 [ 2947.971227][ T5326] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2947.991018][ T5326] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2947.999446][ T5326] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2948.007408][ T5326] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2948.015390][ T5326] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2948.023374][ T5326] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2948.031371][ T5326] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:18 executing program 2: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x0, 0x0) ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000040)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$TCSBRK(r0, 0x5409, 0x25) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) r4 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x3ff, 0x0) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000c00)={{{@in=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000d00)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000d40)={'team0\x00', r5}) fstat(r4, 0x0) 03:27:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) 03:27:18 executing program 4 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:18 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x3f000000) 03:27:18 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffff9c, 0x84, 0x6f, &(0x7f00000001c0)={0x0, 0x70, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x80, @ipv4={[], [], @empty}, 0x7}, @in6={0xa, 0x4e20, 0x9, @local, 0x8}, @in6={0xa, 0x4e23, 0xf1ad, @loopback, 0x4e}, @in6={0xa, 0x4e22, 0x151e66e6, @empty, 0x5}]}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000240)={r2, 0x8, 0x0, 0x3, 0xb96}, &(0x7f0000000280)=0x18) socket$inet6(0xa, 0x5, 0x401) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000000)={0x6, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 03:27:18 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000480)={r2, 0xff, 0x5, 0x3, 0x8, 0x7fffffff, 0x80000000}) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x101000, 0x0) ioctl$VIDIOC_S_PARM(r4, 0xc0cc5616, &(0x7f00000004c0)={0x0, @capture={0x1000, 0x1, {0x7, 0x1f95}, 0x6, 0x7}}) getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, &(0x7f0000000180), &(0x7f00000001c0)=0x4) ioctl$NBD_SET_TIMEOUT(r3, 0xab09, 0x0) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x200000, 0x0) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r5, 0xc0845658, &(0x7f00000000c0)={0x0, @reserved}) fstat(0xffffffffffffffff, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000040)={0x2}) [ 2948.508020][ T5357] FAULT_INJECTION: forcing a failure. [ 2948.508020][ T5357] name failslab, interval 1, probability 0, space 0, times 0 [ 2948.527924][ T5357] CPU: 0 PID: 5357 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2948.535833][ T5357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2948.545904][ T5357] Call Trace: [ 2948.549223][ T5357] dump_stack+0x172/0x1f0 [ 2948.553578][ T5357] should_fail.cold+0xa/0x15 [ 2948.558214][ T5357] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2948.564118][ T5357] ? ___might_sleep+0x163/0x280 [ 2948.569002][ T5357] __should_failslab+0x121/0x190 [ 2948.573979][ T5357] should_failslab+0x9/0x14 [ 2948.578855][ T5357] kmem_cache_alloc+0x2af/0x6f0 [ 2948.583722][ T5357] ? lock_downgrade+0x880/0x880 [ 2948.588591][ T5357] ? kasan_check_read+0x11/0x20 [ 2948.593462][ T5357] __kernfs_new_node+0xf0/0x6c0 [ 2948.598345][ T5357] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2948.603825][ T5357] ? wait_for_completion+0x440/0x440 [ 2948.609237][ T5357] ? mutex_unlock+0xd/0x10 [ 2948.613847][ T5357] ? kernfs_activate+0x192/0x1f0 [ 2948.618906][ T5357] kernfs_new_node+0x96/0x120 [ 2948.623616][ T5357] __kernfs_create_file+0x51/0x340 [ 2948.628757][ T5357] sysfs_add_file_mode_ns+0x222/0x560 [ 2948.634165][ T5357] internal_create_group+0x359/0xc40 [ 2948.639495][ T5357] ? remove_files.isra.0+0x190/0x190 [ 2948.644797][ T5357] ? bd_set_size+0x3f/0xb0 [ 2948.649326][ T5357] ? kasan_check_write+0x14/0x20 [ 2948.654363][ T5357] ? up_write+0xbe/0x1e0 [ 2948.658643][ T5357] sysfs_create_group+0x20/0x30 [ 2948.663513][ T5357] loop_set_fd+0xb11/0x10b0 [ 2948.668055][ T5357] lo_ioctl+0x1a3/0x1460 [ 2948.672313][ T5357] ? lock_downgrade+0x880/0x880 [ 2948.677181][ T5357] ? loop_set_fd+0x10b0/0x10b0 [ 2948.682139][ T5357] blkdev_ioctl+0xece/0x1c10 [ 2948.686742][ T5357] ? blkpg_ioctl+0xa90/0xa90 [ 2948.691346][ T5357] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2948.697358][ T5357] ? __fget+0x35a/0x550 [ 2948.701551][ T5357] block_ioctl+0xee/0x130 [ 2948.705892][ T5357] ? blkdev_fallocate+0x410/0x410 [ 2948.710929][ T5357] do_vfs_ioctl+0xd5f/0x1380 [ 2948.715539][ T5357] ? ioctl_preallocate+0x210/0x210 [ 2948.721798][ T5357] ? __fget+0x381/0x550 [ 2948.726760][ T5357] ? ksys_dup3+0x3e0/0x3e0 [ 2948.732527][ T5357] ? do_sys_open+0x31d/0x5d0 [ 2948.737138][ T5357] ? tomoyo_file_ioctl+0x23/0x30 [ 2948.742099][ T5357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2948.748354][ T5357] ? security_file_ioctl+0x8d/0xc0 [ 2948.753581][ T5357] ksys_ioctl+0xab/0xd0 [ 2948.757765][ T5357] __x64_sys_ioctl+0x73/0xb0 [ 2948.763000][ T5357] do_syscall_64+0xfd/0x680 [ 2948.767527][ T5357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2948.773432][ T5357] RIP: 0033:0x459387 [ 2948.777336][ T5357] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2948.797321][ T5357] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 03:27:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) [ 2948.805839][ T5357] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2948.813920][ T5357] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2948.821914][ T5357] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2948.831557][ T5357] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2948.839561][ T5357] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:18 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x40000000) 03:27:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:27:19 executing program 4 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:19 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x20000, 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000040)={{0xffffffffffffffff, 0x6d51bbce0705c526, 0x3, 0x3, 0x1}, 0x6e, 0x9}) 03:27:19 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0xa0010000) [ 2949.290511][ T5391] FAULT_INJECTION: forcing a failure. [ 2949.290511][ T5391] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2949.303851][ T5391] CPU: 1 PID: 5391 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2949.311871][ T5391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2949.322287][ T5391] Call Trace: [ 2949.325605][ T5391] dump_stack+0x172/0x1f0 [ 2949.330049][ T5391] should_fail.cold+0xa/0x15 [ 2949.334650][ T5391] ? console_unlock+0x781/0xec0 [ 2949.339524][ T5391] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2949.345365][ T5391] should_fail_alloc_page+0x50/0x60 [ 2949.350662][ T5391] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2949.356076][ T5391] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2949.361744][ T5391] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2949.367472][ T5391] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2949.373216][ T5391] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2949.379043][ T5391] cache_grow_begin+0x9d/0x650 [ 2949.383827][ T5391] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2949.390085][ T5391] kmem_cache_alloc_trace+0x67c/0x750 [ 2949.395582][ T5391] kobject_uevent_env+0x387/0x101d [ 2949.400809][ T5391] ? kasan_check_write+0x14/0x20 [ 2949.405751][ T5391] ? up_write+0xbe/0x1e0 [ 2949.410013][ T5391] kobject_uevent+0x20/0x26 [ 2949.414614][ T5391] loop_set_fd+0xba2/0x10b0 [ 2949.419136][ T5391] lo_ioctl+0x1a3/0x1460 [ 2949.423403][ T5391] ? lock_downgrade+0x880/0x880 [ 2949.428379][ T5391] ? loop_set_fd+0x10b0/0x10b0 [ 2949.433159][ T5391] blkdev_ioctl+0xece/0x1c10 [ 2949.437766][ T5391] ? blkpg_ioctl+0xa90/0xa90 [ 2949.442377][ T5391] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2949.448231][ T5391] ? __fget+0x35a/0x550 [ 2949.452421][ T5391] block_ioctl+0xee/0x130 [ 2949.456769][ T5391] ? blkdev_fallocate+0x410/0x410 [ 2949.461813][ T5391] do_vfs_ioctl+0xd5f/0x1380 [ 2949.466444][ T5391] ? ioctl_preallocate+0x210/0x210 [ 2949.471572][ T5391] ? __fget+0x381/0x550 [ 2949.475760][ T5391] ? ksys_dup3+0x3e0/0x3e0 [ 2949.480194][ T5391] ? do_sys_open+0x31d/0x5d0 [ 2949.484800][ T5391] ? tomoyo_file_ioctl+0x23/0x30 [ 2949.489759][ T5391] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2949.496111][ T5391] ? security_file_ioctl+0x8d/0xc0 [ 2949.501241][ T5391] ksys_ioctl+0xab/0xd0 [ 2949.505511][ T5391] __x64_sys_ioctl+0x73/0xb0 [ 2949.510134][ T5391] do_syscall_64+0xfd/0x680 [ 2949.514833][ T5391] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2949.520739][ T5391] RIP: 0033:0x459387 [ 2949.524640][ T5391] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2949.544608][ T5391] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2949.553045][ T5391] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2949.561299][ T5391] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2949.569406][ T5391] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2949.577411][ T5391] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 03:27:19 executing program 2: r0 = request_key(&(0x7f0000000100)='cifs.idmap\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='/dev/nbd#\x00', 0xfffffffffffffff8) r1 = request_key(&(0x7f0000000080)='user\x00', 0xffffffffffffffff, &(0x7f00000000c0)='/dev/nbd#\x00', r0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcs\x00', 0x800, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f00000003c0)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r2, 0x40086424, &(0x7f0000000440)={r3, 0x1}) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = getpid() ptrace$getregs(0xc, r5, 0x5, &(0x7f0000000480)=""/40) r6 = socket(0x11, 0x2, 0x0) r7 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r8 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r8, 0xab00, r6) request_key(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000340)='syz', r1) ioctl$NBD_CLEAR_SOCK(r7, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) splice(r4, &(0x7f0000000000), r7, &(0x7f0000000040)=0x3c, 0xfff, 0x5) fstat(0xffffffffffffffff, 0x0) [ 2949.585401][ T5391] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) 03:27:19 executing program 5: r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x7, 0x103200) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x8008000) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:19 executing program 4 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:19 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:19 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0xffffff7f) 03:27:19 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) 03:27:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x11, 0x2, 0x0) r0 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x40800, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r1, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r2, 0x0, 0x0, @in6={0xa, 0x4e21, 0x8, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x80000001}}}, 0x90) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r0, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) eventfd(0x1d) fstat(0xffffffffffffffff, 0x0) r4 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x90280) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000200)=""/63) write$P9_RWRITE(r4, &(0x7f0000000040)={0xb, 0x77, 0x2, 0x5}, 0xb) [ 2950.063897][ T5419] FAULT_INJECTION: forcing a failure. [ 2950.063897][ T5419] name failslab, interval 1, probability 0, space 0, times 0 [ 2950.105232][ T5419] CPU: 0 PID: 5419 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2950.113165][ T5419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2950.123240][ T5419] Call Trace: [ 2950.126586][ T5419] dump_stack+0x172/0x1f0 [ 2950.130946][ T5419] should_fail.cold+0xa/0x15 [ 2950.135613][ T5419] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2950.141439][ T5419] ? ___might_sleep+0x163/0x280 [ 2950.146314][ T5419] __should_failslab+0x121/0x190 03:27:20 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x1a0ffffffff) [ 2950.151363][ T5419] should_failslab+0x9/0x14 [ 2950.155881][ T5419] kmem_cache_alloc+0x2af/0x6f0 [ 2950.160747][ T5419] ? lock_downgrade+0x880/0x880 [ 2950.165722][ T5419] ? kasan_check_read+0x11/0x20 [ 2950.170595][ T5419] __kernfs_new_node+0xf0/0x6c0 [ 2950.175484][ T5419] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2950.180962][ T5419] ? wait_for_completion+0x440/0x440 [ 2950.186277][ T5419] ? mutex_unlock+0xd/0x10 [ 2950.190722][ T5419] ? kernfs_activate+0x192/0x1f0 [ 2950.195646][ T5419] kernfs_new_node+0x96/0x120 [ 2950.200313][ T5419] __kernfs_create_file+0x51/0x340 [ 2950.205417][ T5419] sysfs_add_file_mode_ns+0x222/0x560 [ 2950.210786][ T5419] internal_create_group+0x359/0xc40 [ 2950.216084][ T5419] ? remove_files.isra.0+0x190/0x190 [ 2950.221380][ T5419] ? bd_set_size+0x3f/0xb0 [ 2950.225786][ T5419] ? kasan_check_write+0x14/0x20 [ 2950.230712][ T5419] ? up_write+0xbe/0x1e0 [ 2950.235091][ T5419] sysfs_create_group+0x20/0x30 [ 2950.239956][ T5419] loop_set_fd+0xb11/0x10b0 [ 2950.244463][ T5419] lo_ioctl+0x1a3/0x1460 [ 2950.248690][ T5419] ? lock_downgrade+0x880/0x880 [ 2950.253554][ T5419] ? loop_set_fd+0x10b0/0x10b0 [ 2950.258486][ T5419] blkdev_ioctl+0xece/0x1c10 [ 2950.263098][ T5419] ? blkpg_ioctl+0xa90/0xa90 [ 2950.267694][ T5419] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2950.273490][ T5419] ? __fget+0x35a/0x550 [ 2950.277650][ T5419] block_ioctl+0xee/0x130 [ 2950.281985][ T5419] ? blkdev_fallocate+0x410/0x410 [ 2950.287073][ T5419] do_vfs_ioctl+0xd5f/0x1380 [ 2950.291655][ T5419] ? ioctl_preallocate+0x210/0x210 [ 2950.296759][ T5419] ? __fget+0x381/0x550 [ 2950.301019][ T5419] ? ksys_dup3+0x3e0/0x3e0 [ 2950.305444][ T5419] ? do_sys_open+0x31d/0x5d0 [ 2950.310067][ T5419] ? tomoyo_file_ioctl+0x23/0x30 [ 2950.315011][ T5419] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2950.321245][ T5419] ? security_file_ioctl+0x8d/0xc0 [ 2950.326562][ T5419] ksys_ioctl+0xab/0xd0 [ 2950.330712][ T5419] __x64_sys_ioctl+0x73/0xb0 [ 2950.335493][ T5419] do_syscall_64+0xfd/0x680 [ 2950.340060][ T5419] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2950.345975][ T5419] RIP: 0033:0x459387 [ 2950.349873][ T5419] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2950.369483][ T5419] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2950.377883][ T5419] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2950.385839][ T5419] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2950.393795][ T5419] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 03:27:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) [ 2950.401762][ T5419] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2950.409725][ T5419] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:20 executing program 4 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:20 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x680, 0x0) sendto$rxrpc(r0, &(0x7f0000000040)="585757afb7e571752e698b820f51d299b8fc62a776a5218f96738c88fbb1e7737be1a298b26a958b4b6e10618a", 0x2d, 0x50, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @remote}}, 0x24) 03:27:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) 03:27:20 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0x0, 0x4000) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) connect$pptp(r1, &(0x7f0000000180)={0x18, 0x2, {0x1, @remote}}, 0x1e) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x7e, 0x0}) ioctl$DRM_IOCTL_ADD_BUFS(r4, 0xc0206416, &(0x7f0000000200)={0x6, 0x6c6, 0x24, 0x8, 0xa, 0x5}) ioctl$DRM_IOCTL_AGP_BIND(r4, 0x40106436, &(0x7f0000000140)={r5, 0x200}) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r4, 0x80845663, &(0x7f0000000040)={0x0, @reserved}) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) ioctl$sock_netdev_private(r0, 0x89f6, &(0x7f00000001c0)="df6e46a144823483e8efbec56b8872ccd1b285571a7a4f2017c13e7cdc40aa753eba60558e5aa88c82") 03:27:20 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x1000000000000) [ 2950.767444][ T5446] FAULT_INJECTION: forcing a failure. [ 2950.767444][ T5446] name failslab, interval 1, probability 0, space 0, times 0 [ 2950.782507][ T5446] CPU: 1 PID: 5446 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2950.790470][ T5446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2950.800844][ T5446] Call Trace: [ 2950.804158][ T5446] dump_stack+0x172/0x1f0 [ 2950.808523][ T5446] should_fail.cold+0xa/0x15 03:27:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8000}, {r0}], 0x5, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2950.813139][ T5446] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2950.818958][ T5446] ? ___might_sleep+0x163/0x280 [ 2950.825555][ T5446] __should_failslab+0x121/0x190 [ 2950.830520][ T5446] should_failslab+0x9/0x14 [ 2950.835045][ T5446] kmem_cache_alloc+0x2af/0x6f0 [ 2950.839930][ T5446] ? lock_downgrade+0x880/0x880 [ 2950.844813][ T5446] ? kasan_check_read+0x11/0x20 [ 2950.849764][ T5446] __kernfs_new_node+0xf0/0x6c0 [ 2950.854620][ T5446] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2950.860072][ T5446] ? wait_for_completion+0x440/0x440 [ 2950.865465][ T5446] ? mutex_unlock+0xd/0x10 [ 2950.869920][ T5446] ? kernfs_activate+0x192/0x1f0 [ 2950.874871][ T5446] kernfs_new_node+0x96/0x120 [ 2950.879562][ T5446] __kernfs_create_file+0x51/0x340 [ 2950.884690][ T5446] sysfs_add_file_mode_ns+0x222/0x560 [ 2950.890077][ T5446] internal_create_group+0x359/0xc40 [ 2950.895356][ T5446] ? remove_files.isra.0+0x190/0x190 [ 2950.900655][ T5446] ? bd_set_size+0x3f/0xb0 [ 2950.905081][ T5446] ? kasan_check_write+0x14/0x20 [ 2950.910079][ T5446] ? up_write+0xbe/0x1e0 [ 2950.914347][ T5446] sysfs_create_group+0x20/0x30 [ 2950.919208][ T5446] loop_set_fd+0xb11/0x10b0 [ 2950.923720][ T5446] lo_ioctl+0x1a3/0x1460 [ 2950.927990][ T5446] ? lock_downgrade+0x880/0x880 [ 2950.932849][ T5446] ? loop_set_fd+0x10b0/0x10b0 [ 2950.937637][ T5446] blkdev_ioctl+0xece/0x1c10 [ 2950.942575][ T5446] ? blkpg_ioctl+0xa90/0xa90 [ 2950.947186][ T5446] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2950.953021][ T5446] ? __fget+0x35a/0x550 [ 2950.957188][ T5446] block_ioctl+0xee/0x130 [ 2950.961715][ T5446] ? blkdev_fallocate+0x410/0x410 [ 2950.966828][ T5446] do_vfs_ioctl+0xd5f/0x1380 [ 2950.972097][ T5446] ? ioctl_preallocate+0x210/0x210 [ 2950.977211][ T5446] ? __fget+0x381/0x550 [ 2950.981373][ T5446] ? ksys_dup3+0x3e0/0x3e0 [ 2950.985790][ T5446] ? do_sys_open+0x31d/0x5d0 [ 2950.990405][ T5446] ? tomoyo_file_ioctl+0x23/0x30 [ 2950.995346][ T5446] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2951.001670][ T5446] ? security_file_ioctl+0x8d/0xc0 [ 2951.006787][ T5446] ksys_ioctl+0xab/0xd0 [ 2951.010965][ T5446] __x64_sys_ioctl+0x73/0xb0 [ 2951.016946][ T5446] do_syscall_64+0xfd/0x680 [ 2951.021453][ T5446] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2951.027346][ T5446] RIP: 0033:0x459387 [ 2951.031245][ T5446] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2951.050944][ T5446] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2951.062060][ T5446] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2951.070056][ T5446] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2951.078044][ T5446] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2951.086036][ T5446] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2951.094016][ T5446] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) 03:27:21 executing program 4 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:21 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f0000000080)=@v1={0x1000000, [{0xfffffffffffffffe, 0x8001}]}, 0xc, 0x2) 03:27:21 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x200000000000000) 03:27:21 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00'}}}]}, 0x13c}}, 0x0) 03:27:21 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x40000000) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x10000, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0x40505331, &(0x7f0000000100)={{0x3fc, 0x2}, {0x3}, 0x7ff, 0x4, 0x9}) fstat(0xffffffffffffffff, 0x0) [ 2951.555261][ T5480] FAULT_INJECTION: forcing a failure. [ 2951.555261][ T5480] name failslab, interval 1, probability 0, space 0, times 0 [ 2951.569462][ T5480] CPU: 1 PID: 5480 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2951.577386][ T5480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2951.587653][ T5480] Call Trace: [ 2951.591005][ T5480] dump_stack+0x172/0x1f0 [ 2951.595424][ T5480] should_fail.cold+0xa/0x15 [ 2951.600135][ T5480] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2951.605975][ T5480] ? ___might_sleep+0x163/0x280 [ 2951.610942][ T5480] __should_failslab+0x121/0x190 [ 2951.615987][ T5480] should_failslab+0x9/0x14 [ 2951.620498][ T5480] kmem_cache_alloc+0x2af/0x6f0 [ 2951.625363][ T5480] ? lock_downgrade+0x880/0x880 [ 2951.630224][ T5480] ? kasan_check_read+0x11/0x20 [ 2951.635099][ T5480] __kernfs_new_node+0xf0/0x6c0 [ 2951.640059][ T5480] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 2951.645573][ T5480] ? wait_for_completion+0x440/0x440 [ 2951.650890][ T5480] ? mutex_unlock+0xd/0x10 [ 2951.655319][ T5480] ? kernfs_activate+0x192/0x1f0 [ 2951.660279][ T5480] kernfs_new_node+0x96/0x120 [ 2951.664978][ T5480] __kernfs_create_file+0x51/0x340 [ 2951.670135][ T5480] sysfs_add_file_mode_ns+0x222/0x560 [ 2951.675539][ T5480] internal_create_group+0x359/0xc40 [ 2951.680856][ T5480] ? remove_files.isra.0+0x190/0x190 [ 2951.686158][ T5480] ? bd_set_size+0x3f/0xb0 [ 2951.690598][ T5480] ? kasan_check_write+0x14/0x20 [ 2951.695547][ T5480] ? up_write+0xbe/0x1e0 [ 2951.700355][ T5480] sysfs_create_group+0x20/0x30 [ 2951.705580][ T5480] loop_set_fd+0xb11/0x10b0 [ 2951.712737][ T5480] lo_ioctl+0x1a3/0x1460 [ 2951.717980][ T5480] ? lock_downgrade+0x880/0x880 [ 2951.722878][ T5480] ? loop_set_fd+0x10b0/0x10b0 [ 2951.727843][ T5480] blkdev_ioctl+0xece/0x1c10 [ 2951.732450][ T5480] ? blkpg_ioctl+0xa90/0xa90 [ 2951.737057][ T5480] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2951.742902][ T5480] ? __fget+0x35a/0x550 [ 2951.747076][ T5480] block_ioctl+0xee/0x130 [ 2951.751434][ T5480] ? blkdev_fallocate+0x410/0x410 [ 2951.756506][ T5480] do_vfs_ioctl+0xd5f/0x1380 [ 2951.761149][ T5480] ? ioctl_preallocate+0x210/0x210 [ 2951.766275][ T5480] ? __fget+0x381/0x550 [ 2951.770456][ T5480] ? ksys_dup3+0x3e0/0x3e0 [ 2951.774989][ T5480] ? do_sys_open+0x31d/0x5d0 [ 2951.779601][ T5480] ? tomoyo_file_ioctl+0x23/0x30 [ 2951.784736][ T5480] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2951.791000][ T5480] ? security_file_ioctl+0x8d/0xc0 [ 2951.796305][ T5480] ksys_ioctl+0xab/0xd0 [ 2951.800587][ T5480] __x64_sys_ioctl+0x73/0xb0 [ 2951.805207][ T5480] do_syscall_64+0xfd/0x680 [ 2951.809755][ T5480] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2951.815678][ T5480] RIP: 0033:0x459387 [ 2951.819587][ T5480] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2951.839206][ T5480] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2951.847635][ T5480] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 03:27:21 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x3f00000000000000) [ 2951.855617][ T5480] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2951.863602][ T5480] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2951.871586][ T5480] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2951.879668][ T5480] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:22 executing program 4 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0, 0x8641}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9e\x00'}}}]}, 0x13c}}, 0x0) 03:27:22 executing program 2: r0 = getpgid(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) recvfrom$llc(r1, &(0x7f0000000000)=""/118, 0x76, 0x100, &(0x7f0000000080)={0x1a, 0x11b, 0xddf, 0x100000001, 0x80, 0xffffffff}, 0x10) 03:27:22 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x4000000000000000) [ 2952.292194][ T5507] FAULT_INJECTION: forcing a failure. [ 2952.292194][ T5507] name failslab, interval 1, probability 0, space 0, times 0 [ 2952.322633][ T5507] CPU: 0 PID: 5507 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2952.330593][ T5507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2952.340662][ T5507] Call Trace: [ 2952.343980][ T5507] dump_stack+0x172/0x1f0 [ 2952.348331][ T5507] should_fail.cold+0xa/0x15 [ 2952.352948][ T5507] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2952.358810][ T5507] ? ___might_sleep+0x163/0x280 [ 2952.363689][ T5507] __should_failslab+0x121/0x190 [ 2952.368667][ T5507] should_failslab+0x9/0x14 [ 2952.373188][ T5507] kmem_cache_alloc_node+0x261/0x710 [ 2952.378499][ T5507] ? find_held_lock+0x35/0x130 [ 2952.383294][ T5507] __alloc_skb+0xd5/0x5e0 [ 2952.387648][ T5507] ? skb_trim+0x190/0x190 03:27:22 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0xffffff7f00000000) [ 2952.391990][ T5507] ? kasan_check_read+0x11/0x20 [ 2952.396874][ T5507] alloc_uevent_skb+0x83/0x1e2 [ 2952.401652][ T5507] kobject_uevent_env+0xaa3/0x101d [ 2952.406786][ T5507] kobject_uevent+0x20/0x26 [ 2952.411300][ T5507] loop_set_fd+0xba2/0x10b0 [ 2952.415828][ T5507] lo_ioctl+0x1a3/0x1460 [ 2952.420186][ T5507] ? lock_downgrade+0x880/0x880 [ 2952.425153][ T5507] ? loop_set_fd+0x10b0/0x10b0 [ 2952.429931][ T5507] blkdev_ioctl+0xece/0x1c10 [ 2952.434612][ T5507] ? blkpg_ioctl+0xa90/0xa90 [ 2952.439206][ T5507] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2952.445063][ T5507] ? __fget+0x35a/0x550 [ 2952.449228][ T5507] block_ioctl+0xee/0x130 [ 2952.453563][ T5507] ? blkdev_fallocate+0x410/0x410 [ 2952.458579][ T5507] do_vfs_ioctl+0xd5f/0x1380 [ 2952.463159][ T5507] ? ioctl_preallocate+0x210/0x210 [ 2952.468257][ T5507] ? __fget+0x381/0x550 [ 2952.472401][ T5507] ? ksys_dup3+0x3e0/0x3e0 [ 2952.476815][ T5507] ? do_sys_open+0x31d/0x5d0 [ 2952.481425][ T5507] ? tomoyo_file_ioctl+0x23/0x30 [ 2952.486352][ T5507] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2952.492579][ T5507] ? security_file_ioctl+0x8d/0xc0 [ 2952.497700][ T5507] ksys_ioctl+0xab/0xd0 [ 2952.501859][ T5507] __x64_sys_ioctl+0x73/0xb0 [ 2952.506470][ T5507] do_syscall_64+0xfd/0x680 [ 2952.510991][ T5507] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2952.516892][ T5507] RIP: 0033:0x459387 [ 2952.520773][ T5507] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2952.540549][ T5507] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2952.548968][ T5507] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2952.556925][ T5507] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2952.564909][ T5507] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2952.572888][ T5507] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2952.580844][ T5507] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:22 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {0xffffffffffffffff, 0x8641}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2952.589319][ C0] net_ratelimit: 25 callbacks suppressed [ 2952.589327][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2952.600831][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2952.606751][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2952.612563][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2952.618511][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2952.624276][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:22 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x2000, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x1, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:22 executing program 4 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:22 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:22 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) getsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:22 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0xffffffffa0010000) 03:27:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) [ 2953.004825][ T5542] FAULT_INJECTION: forcing a failure. [ 2953.004825][ T5542] name failslab, interval 1, probability 0, space 0, times 0 [ 2953.018641][ T5542] CPU: 0 PID: 5542 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2953.026591][ T5542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2953.036661][ T5542] Call Trace: [ 2953.040071][ T5542] dump_stack+0x172/0x1f0 [ 2953.044432][ T5542] should_fail.cold+0xa/0x15 [ 2953.049082][ T5542] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2953.054894][ T5542] ? ___might_sleep+0x163/0x280 [ 2953.059753][ T5542] __should_failslab+0x121/0x190 [ 2953.064714][ T5542] should_failslab+0x9/0x14 [ 2953.069207][ T5542] kmem_cache_alloc_node+0x261/0x710 [ 2953.074546][ T5542] ? find_held_lock+0x35/0x130 [ 2953.079315][ T5542] __alloc_skb+0xd5/0x5e0 [ 2953.083739][ T5542] ? skb_trim+0x190/0x190 [ 2953.088072][ T5542] ? kasan_check_read+0x11/0x20 [ 2953.092931][ T5542] alloc_uevent_skb+0x83/0x1e2 [ 2953.097802][ T5542] kobject_uevent_env+0xaa3/0x101d [ 2953.102909][ T5542] kobject_uevent+0x20/0x26 [ 2953.107418][ T5542] loop_set_fd+0xba2/0x10b0 [ 2953.111937][ T5542] lo_ioctl+0x1a3/0x1460 [ 2953.116176][ T5542] ? lock_downgrade+0x880/0x880 [ 2953.121025][ T5542] ? loop_set_fd+0x10b0/0x10b0 [ 2953.125818][ T5542] blkdev_ioctl+0xece/0x1c10 [ 2953.130398][ T5542] ? blkpg_ioctl+0xa90/0xa90 [ 2953.134974][ T5542] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2953.140773][ T5542] ? __fget+0x35a/0x550 [ 2953.144915][ T5542] block_ioctl+0xee/0x130 [ 2953.149239][ T5542] ? blkdev_fallocate+0x410/0x410 [ 2953.154283][ T5542] do_vfs_ioctl+0xd5f/0x1380 [ 2953.158861][ T5542] ? ioctl_preallocate+0x210/0x210 [ 2953.163973][ T5542] ? __fget+0x381/0x550 [ 2953.168139][ T5542] ? ksys_dup3+0x3e0/0x3e0 [ 2953.172545][ T5542] ? do_sys_open+0x31d/0x5d0 [ 2953.177131][ T5542] ? tomoyo_file_ioctl+0x23/0x30 [ 2953.182080][ T5542] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2953.188414][ T5542] ? security_file_ioctl+0x8d/0xc0 [ 2953.193529][ T5542] ksys_ioctl+0xab/0xd0 [ 2953.197683][ T5542] __x64_sys_ioctl+0x73/0xb0 [ 2953.202263][ T5542] do_syscall_64+0xfd/0x680 [ 2953.206757][ T5542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2953.212633][ T5542] RIP: 0033:0x459387 [ 2953.216529][ T5542] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2953.236167][ T5542] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2953.244580][ T5542] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2953.252543][ T5542] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2953.260523][ T5542] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2953.268487][ T5542] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2953.276446][ T5542] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:23 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x7, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x400, 0x0) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000080)={0x2, r1}) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0xfed7) [ 2953.385632][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2953.385670][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2953.391548][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2953.403142][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:27:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\xff\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:27:23 executing program 4 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:23 executing program 1: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000001200)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, r0, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000001140)='/dev/vbi#\x00', 0x3, 0x2) ioctl$CAPI_GET_PROFILE(r2, 0xc0404309, &(0x7f0000001180)=0x9ef) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x400, 0x0) io_setup(0x85, &(0x7f0000001280)=0x0) io_cancel(r4, &(0x7f0000001300)={0x0, 0x0, 0x0, 0xb, 0x1, r2, &(0x7f00000012c0)="0e6bf16d39ca52bbca0274cc5e66b43087230506348ff4652a75e02036f3295906ecc3446dedae409d8a86a68b", 0x2d, 0x1, 0x0, 0x3, r0}, &(0x7f0000001340)) ioctl$TCSETS(r3, 0x5402, &(0x7f0000001100)={0x2, 0x1, 0x100000000, 0x9, 0x4, 0x2, 0xffffffffffff26ce, 0x20, 0x5, 0x3f, 0x4, 0xffffffff}) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000001380)=ANY=[@ANYBLOB="0100000006004ddf937790bc8d0cd04a139419e48ba3e9c62292b5825526bccd572de558aa9ff8685e9dca674e87a21cba9222ed08f79d80d56e031e2b38308046a4ac7c13ea8e68f7ba8f71f8754fbe703ca83fdbe1e2a89ffefa2e922d120537fa56547e9db06d3cdaa9c810af60007110698b8595"], 0x6) r5 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r6 = dup3(r1, r5, 0x0) write$P9_RREAD(r6, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b10000075020000100000c6728395672677a584bc76f475eaa42101f0a8e5cc4ca636b618678910fdc2949155c3aacc2e48abb866c4db92431d30aef9665033e5a820e245944d057b47ec305dd3271c2266b5ebac94cdf6c2a54a643fbd8612a7c15cf1a32070e6b03e6c576d6e6f3587a903740b0a9164d064001029c25475b2f81ac348193970eabe5537fd0c2b2b72fe27334aa60f12832815080766fe0344e55e84e197d181ad213e1a9f813b88a00b97f221daf4aeb31045f46649be343ac5ee8df727e09ade626e3abcd7398ed5f5c7784573abba2274a6e17953612da5aed742713bfac55016103168c3246ffb05f8736f001ba4fd3938e3f31bceb1dfdba87551e25f602c992c53a6171119eb56eae10219c5296d5bd15a0eee0c3c7200c9428dbb5496929cd35beabad58c1604e5835b58f7bc966ab26227b33d50018f0a5b277ee94d2b0073c41d048ba441c40ba82978ceb393456fd820021a5801198bfa32d76020ecc21033b797495dfc89f873796f163cef875bd2b211c93dfd6ac982c4b1b1db7480684162d5618e8a4e3175112e9199be5297d6611aee2ec6bae97b2564b40330c36355f5cd422d71f1a03cbef615711308cb1a17db6f96afd1a08f0e331cf1a105c3bb1d5970af9e5af5973546f0acd03107d05bec4f2af252aef6894a61ee6a0b685895f8483b2ac25f57fb0920ec56fc9940e2c75e98945a41c3e307aab153113ad45d7c8fd5788d8c824f3bfd12b47d210fe1c81b5bb37326ddc067ab9cd23646b0ebdb60c863a98f6edb79b224271578302a2466ac59aa156b88697d184e69107c010fcb4d48bdf88f31130bf998ab89bcaf863f659ea8dcd7ce4302b8818e0ce25cb66941d0a69d4770264d4ac40dc300db9c639503323f11db027f13fe8319b1955cdef886a8222f469f43f5f8a52f61a8b2084637aa31760a5e340de1ab82f5a9893611957ca5950ff35a77a87a28a2137ce0eaeecee3435d2eddc6af805f38898711f640b345ac999f97ed56a216ed7d72ce22a8b91e3eb06fb7da6a266904dc8718c1281a86f89c995de4177f1470bf93fc8c20894640eecc8bcd0e941638c11d50ffa42b4c629ed7b55dc19906a11d1cb0c99b661b83aa2fd6dc7522b7dee71a56f0507aec6c506c21ce117818c0044d0906773bec01aad63f033b3846e1f34f9461b2521e856ca40d7a51864d0498cfc0aa29f0324a7291733793c5fe2fd4c09f2abc8889def0946c701352e91ad068f2dc419ae92b03c4bddfe79769adbab1297a9ae9b59b69d2bf167eb1e64064d3addf8791034aae2fed6ef66c6a4c663357490b42535befd912c7535084a3f7c4e2382a2176d86d70144639b8addf3a5cd9dc74e7415cb3736acd4d0b52124953c50e610935095d4b7b0c6dbee378c2df005871d92f2f6c4109752c02fcca1fcab5de7b1195ab5d519c8da87bd50a3d02c06d7ec0c50537043e9ed6d9af2e1431b400d044bb5a96bac95663855523fa8ecb4f2490fd50ca9adba60e7cf213cb36444943ff7076b7b25b8cda79d1adb84c8833c8d692e80bcbc396ffd47829a952e828bbf315018c1655618c8b5baa8027a53838b673828570a427b5b5d5dff8ef1b529ee36549469c313fa65a03d5f630315686d008c4a5b6e8e5f45fc794d2215d8325b0543d04e6ea0d808f2de8502f21f69c8021355db929861a7f2819d2a599f5f1e71a219ef19293565f33e0596105b3dec868e6ffbabbd954fdb9897c9df2dd0eb4f81c5f3287695067bce86f284b4bb683397ca9a04074b29d1f8c2bcb253803a34f398da04fea21aff8a65456db4a5a21a7a59fb7c84508d01ee9861eedaf3b6104233414caed1f361139b52627f4b315f154f92ea71ff87973d296c8b1730942ceaec0817446cc7780ce9ae3f76c64c9f80d0f1596720ceee99140b4d8a9bc0f1681b59699d12b160d3a46f9518c540756b4d9427317fb922d79c631f1409f533a1db15c4c194a6d93bcfa4fe06ccd8a4fb6b6676a42b7be1b0722ff36a89272d2b39ae5b9241e3b41bbe366820fd54335c0e212613b94cd93c6b710d94ae6cfcb93c6d1f1bc4c18aefdd972d0557e7bc60bb60b61a6e6407904494b3d464dc8f36caabd99a271beab743aa6188cc6c35062ef1e49051a37a820bc1c07d3ddbacee7ab970f36e01ce985c08215307a57ff3e13a068a23ba552ef6a378e066bd1fa1515b3fe02fdb6b058455ffa62977dbeb7969ee118f871495b8c7a3488fee81f4f9f753b15dddcf135b29721224c38713bf0c9f7a148c9429f994fc1727df975555eaca23feee1f827930122566a82144e85f3356faada44226bfaf921d10f62ed6ea298d79d50b62707928115d19ca404b88d025a953c805ef23e99236b3e00076811f445bc896bd453ab32ff7f245bde7e5d7bb8f89764ea0ecc8e3d03eb44c2d63774edc7ef7813ed5d4812005a5151046af9a67121f8a7ecf4c56e39e3c50ca7e74a0801e9156f347ba2c317568c992293a28e0239527d9597293d3c1a015448d92bc994471ff850dd12a353feef2ca1d51e29b50935bc2b5978061895789d30a533bf016e86ac5170ea6dced4b7f9cfd18d53ffb73f2df5383d0816909a1dea1e07327fb55ab883d7c6ea0c3865c9f0dfe9eeb2fd691c00d7cf25c69c72ffdc3fb31851416f96f5759a1c94259f140d26f1ab100cca7e4581b15eb86ea5486250e154a6bb13fa4893efac37c3635b1c16c1915010234cefb8058a58a04a64862dd4cfd1150b1a41e9abfdec644b0f1cff840033a61bac892c55ef0e96a61074172fa6ce06d1abe35f59e3455a9f1e044a4f6f80f4693e44df9de8653b7803ad5084431305ddf2f6cc6192f9899a7b74122902c61cf1386e6b243436ea09277edbb7c1c944f436e417a7fe8072dbe367a915c097270dd7082a28f9731f92b6fd92916a4264060f2ffbaff682dea02fa8924b1aff7b72d0f78fb73835c24162b76973fe11aa2b7ad30ec403cc66f2893b3423226927d616d48aaaa4a5db201061ff16c90a9c82299f16084a7cc5db859f45e1eebda331dace847b05ee8e3ab4c80c29ef61c06410de40e349db76263ce74468dac6ef16a0757d1cee95571202d1582b9f6e4146d5e311db52c3c9dc3a2d7dce1c9813b5a46a035c29f662b9a9bcbf3e72e22bcdafadab82bf7223e42c04aa87d98113293da6dc812bf2a7470ec09d21ecc0361b70d0c6f46f84093f3090b0ab19809464d0318ff0cdd0f990028c6957e58b32f045e4a16ba35991c88885fa94b0582e2e03027255aaeac534b11bdc97ddb00f3bfb34513c2953c4709621f738038b3b0bf203f469e9da47eb4716f39b4d0415eba74b9952cf8ec25b63f55af876376328c011fc4b011ecdbb3b6367fdb869891f26f3e72efea29407c2e67f28ccd24058ad83171c20dff5630c2bd304e35d4350824bb9f14adaa5880985565f28a6a1ed5a481b49fad97593105aef77e88f20a899773c672927fa2102e2ba46de9cd75e47adb236a2ee35c9b879e0961f5d08aaab190420f04e9577c7cfad6a4e7eada913305f093a2d186b477ce5fe2e94950e72d19589b9ee55036424822f71fce3830b29d6504d0fcf6dc65d647f7c2f8caea6b9dc8cdd311b09ac02106a8a8ca6df79713991793affa23da0b4a163b729d911625c559a0589e339fc6a4b17d1194e80dad239a264cbc71de6a53b4c08692d02bf6587627274c25f5a3ff56169f54e5a136fce89b998eada3fad1bc2ba2c990cd7b9fbcc73f9b123e5792794e0776027511ce0a11d344b055477ea6b30d84f87a8330e9fff7f240c9e77ed045ecf14471102f1260d1b073f73f95470d3d11bc0680d1e1560ccffcf447e11e10f65367d2422e00c04470b8301f883507a1e01fe5db5fcb367cabb68fd5bcf54c38ee3792f950a0e7f884a40d3f89dcc0fe2be875414a8e4b15354528ce5bfc41eab3583efed841f110158d4bc50219eb342b8661d05281317eb0a9b442b811890e53118a91605833febc4c56b40824cb65a558d25f4f8039c1e2ba6e7278d2277e0677feee48748424d97a3d71d560b4eed8a1f46cf41beaba3fc58cd92bfbbe16c395f91af32575c02774ec9b22581945a3b32fc7e13271b82206fd4d45d73f0e92f9c7f2c64e691a8abccff7d56d7a41b7394798e4534668eca6dfc8d7b75a63ccb537c121ce8e6eac73aff39c4f11a49775fe164d27fe9697ffd9a6b708bd4fc922dbdb40e3de31c08633642367b6a2e8c2a64522182a10c09f1022ac55691d3cc84167ad6dca8cbd6e63c023e2c9813112e3220dfe4b40792d0963221436dfc3c07a29d0e825a4464af4203cd4ee4c645adc05716ab1a33033b8e032fbd751289651954a71749e0a4847cda4bdf213b904a1dca065319b6b29473d68f00fa5f6d86ec2e2f251b0866a88be55522b885523815789e769e45b1bc26068f52efd1f9b4f5971d518d196a59bd4d0eee488f12f33b1e8c637366af795e333db12874d4ac6b8df74d26bdc0c0247538149dc9fb92f9d5c7696f75e2a7364b9527f0f29c4e67b230a9ff2dacb11337da84dfd43e8ab803758e5da84a217af49b2ee768a48aceb0ed8c17d343bfaab52d2bb86e0869e6b9808236943feedc5dd717f2cb56dd4645f43fb7ed115e69ec96f62fe05b75b72519d55bcdd7755e29079dfcac5b23312347ed00bb4706caeaa3f51589bda514c1b36f4e5913a92e53e5dcb41b4369d0a0641bf325b605341254a9dc7611e61b16070fe10449a2df4b2e0f6e04b4bfe027d986dc64f6868d10a29ee3b9e7c29a9513e079705bf28d4baa74ceee0941269997b077f61a6e0d47a44395a83816b91eab343d98b4ae853f659fd379a8bc0941a1cc4f382c1abae07ff30b7e01f9a16390946c5264a7e8b298aff50449e977811d09b60719b9c48c57e3157b11e31ea970db4dfb867a43d2f3bbf01833d03aea5bd191d5f613d4a0763088229aa008e2d7080e3843189308281e14e70b88964a9f122ae1603f6b32357b326660cf6b8b795acd815a0eebe5623c32fa33d787d30dffc02208d7af221b21e6730b3d8703a231567fb9e1723b7677f2a7b67b5923fe968b57bd4aec65ce500b4045a7bcf1230628fc17b82ff969e57da9fb2760f1f2b0dab7eb85a41e78c6238032e6e0c00c8d8d6f358cb9af54109a1fc08a5fa8176d25de209df55a998e3a139cca993d44b2e37a32a9713c041a551f0e516a6135f414e21c3088d11f86db64c4c6871095ba8317cd9ff049e17a537904ed28d189ac9cd2faf08d3ed45135473c5e6215f7bb4f67c43fc054df46b40e2f067a3bfafef5b75544c752c13b4b030b6feec74ece37404e554611529ea45dce052d002ffec6cef9678ecb1dc6e80f7a045d5eb30f870c88978a005a266dcfb4c7829c35798879336e45c56941117185ebdbfd626ba80a4482cb4b5002898bfddaed758fba04993e64979f662ee6fa119d35d9a5352bcb4599a7c37cc11b621e8cecb130daf3395b81a5c5ef99c5d91eb24c7ac74d7db22c49afacbb74727fa3640a28ad0c49d57500775ca5699958c5d44b131866c739884ef0db364eaa7e7d6c6afd5837d7998066bcc6e5e19166062968727116f95d84fc7cb7e08d8b9024a4ed6096711f79885baf93e7c4333a3c9f823bb1031cf7c4873b38b2a23f3f8963f8fac56fb269d6d186659775eeec24e924256f3896aa65da832df295b4f3c015b090939d07635b0936c6045e1ca5567068be949b502a76e119277b12ca31f9f1857b676917a0c64d23e1e36fa17eb3"], 0x100b) syz_open_dev$sndpcmp(&(0x7f00000011c0)='/dev/snd/pcmC#D#p\x00', 0xffffffffffffaec5, 0x10000004100) 03:27:23 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {0xffffffffffffffff, 0x8641}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:23 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0) openat$cgroup(r3, &(0x7f0000000040)='syz0\x00', 0x200002, 0x0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:23 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)=0x7, 0xfffffc7f) prctl$PR_GET_SECUREBITS(0x1b) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x2, 0x0) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f0000000480)=""/220) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000001c0)={{{@in6=@ipv4={[], [], @remote}, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@dev}}, &(0x7f0000000040)=0xe8) gettid() r3 = getegid() getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@remote}}, &(0x7f0000000080)=0xe8) write$P9_RSTATu(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="8f0000007d010000000000000000000088002000000000800000080000000000000011006e6f646576656d3176626f786e6574305c01002107005d656d315e255b2c00292165746831766d6e6574316d696d655f7479706576626f786e65743173656c696e7578657468307070703002003a29", @ANYRES32=r2, @ANYRES32=r3, @ANYRES32=r4], 0x8f) write$RDMA_USER_CM_CMD_JOIN_MCAST(r1, &(0x7f0000000580)={0x16, 0x98, 0xfa00, {&(0x7f0000000440)={0xffffffffffffffff}, 0x2, 0xffffffffffffffff, 0x10, 0x1, @in={0x2, 0x4e24, @empty}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000640)={0x11, 0x10, 0xfa00, {&(0x7f00000000c0), r5}}, 0x18) [ 2953.719678][ T5570] FAULT_INJECTION: forcing a failure. [ 2953.719678][ T5570] name failslab, interval 1, probability 0, space 0, times 0 [ 2953.751015][ T5570] CPU: 0 PID: 5570 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2953.758967][ T5570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 03:27:23 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) [ 2953.769153][ T5570] Call Trace: [ 2953.772480][ T5570] dump_stack+0x172/0x1f0 [ 2953.776843][ T5570] should_fail.cold+0xa/0x15 [ 2953.781463][ T5570] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2953.787290][ T5570] ? ___might_sleep+0x163/0x280 [ 2953.792165][ T5570] __should_failslab+0x121/0x190 [ 2953.797124][ T5570] should_failslab+0x9/0x14 [ 2953.801651][ T5570] kmem_cache_alloc+0x2af/0x6f0 [ 2953.806518][ T5570] ? __fget+0x381/0x550 [ 2953.810700][ T5570] getname_flags+0xd6/0x5b0 [ 2953.815221][ T5570] do_mkdirat+0xa0/0x2a0 [ 2953.819486][ T5570] ? __ia32_sys_mknod+0xb0/0xb0 [ 2953.824351][ T5570] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2953.829831][ T5570] ? do_syscall_64+0x26/0x680 [ 2953.834558][ T5570] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2953.840644][ T5570] ? do_syscall_64+0x26/0x680 [ 2953.845336][ T5570] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2953.850665][ T5570] __x64_sys_mkdir+0x5c/0x80 [ 2953.855275][ T5570] do_syscall_64+0xfd/0x680 [ 2953.859797][ T5570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2953.865786][ T5570] RIP: 0033:0x458937 [ 2953.869875][ T5570] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2953.889506][ T5570] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2953.897944][ T5570] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2953.905931][ T5570] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2953.914013][ T5570] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2953.922005][ T5570] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2953.929996][ T5570] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:24 executing program 4 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:24 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x2) ioctl$KVM_GET_LAPIC(r2, 0x8400ae8e, &(0x7f00000000c0)={"d3563cd290b8f0e46a8856ccede920a7ac66eb38781684a1baaa537da488179fa5d6e9bc9729c01e7b65c01bc00c6a8f982b2c2ed4fdc68c6492179a88146fe4cec867189d51d784817b5b6e05fb14a3ed47769594a52c32afb3a79ecf54a26c07fdc68d2aa458d6dab9c272dd07c1b1ce2b97a295f27b59eb156f1e965ba64f9cd40f451e32ab14cad5dee36d976279b4e90877dfa8c2d6379479f68cc44602d6d70078715269ed4fc6365b6a192588d59a5da278506f40db8a2e8716913ab13d8f6b71477e8daec7c05b5903bef694de3f45c15ab261916da6022479a973941aaaf3b956f79de202420123083df8c5c7c94c23903dfdd52282a096e197be97673bb782bcbf6856b008b063cad7c3beecb42b03bf4794fa070bc50275d7ce32efb9f26b250c13c33105036e01be3bf28d51789d8a90a17a66a1aa0b325fe26ddaeb426d86ac1e5a0ba58482ccf56089e8eeb6e0c9f85867e089f99225d7d6f4298e4a9d2d1276b15fbd1f990b091ff527d1ff3a59880b0d0762ddc7791196b616f8a178c2cbe6a5b2f1023362044854903a5e95eba9c3a1f5d071c2574a37850e650f0b255e84058a5de1598a0454038fe3a84b8c056c4d79f2affc7dfcce2ddefc572bfaa535c8ea7b8296e5b45ca100c432882cd9a07ab7bf5ddb2f72c114bf1670c608fe5fdda457346a1b3439e58c90f9b22a929fddbee424a9c3073727589c9fb41413ee1f564f94a6cedbee121505eb24bf976930675f69b1d5db404f4481cd4e742a7add6e28043986b8421900fdac5f7c79a73a6932c17381e35dea4a33dda8dce8aebf210e5e6275c2861221b9251ee218c0de70c5987a08f52833df24c14798badcc3ef3656e77c457f835b15c7c2b4b2b3305cb33ac32123a9c5cb108e97641aa78672c87d9ed4e3a02fe14227757588584a38ca8c8a47d1e8171df853fbe6c22d451d503e77be6bed25cd84fba4b1519033b932fbb1ad2c705c005570d2f0e4dc47073b658d033fad9d58759eed1d76ff20dd5a9919f28b04f8750f0950bbd8ee6b5095a3ca7391ec75fec88e4f6ecad496721e4ec12f613610bc8d086b059480eea3f43f8ec2e88f0dc2b63f17048354caaa85d6ab38088c2ba2817733a34c4630f1c2b96d6fcb701e8e89422701d5bbe783714c7ee3fa4c5cc3f4b702561a5caa7c6a55c9b17aa925b396576ee6d9bdd041c2a53ffa335aee4dd83ce2de4a6f71e721296351ccb314e80b28808e2db4e4ceb439cbbf4a776f3c4d80edcfc875e4355f213c825c15371643ae192705940d281dd3b0feb6517b1a24b0ae2193e364efbd4c5880a75bd006d3d81df33f2a0ece17e2634f955f17b4172228b62703f0f1d8cb07bbcd21982e0090ca5bfbf1e3a9e503de9e9af6c495faee61b9031bb111df8efc1d3be09432d4a4f5f97e7ae43bc258fa15ab17fa"}) dup3(r0, r1, 0x0) 03:27:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x580, 0x0) ioctl$SG_GET_RESERVED_SIZE(r0, 0x2272, &(0x7f0000000040)) [ 2954.219449][ T5595] FAULT_INJECTION: forcing a failure. [ 2954.219449][ T5595] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2954.232682][ T5595] CPU: 1 PID: 5595 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2954.240587][ T5595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2954.250665][ T5595] Call Trace: [ 2954.253985][ T5595] dump_stack+0x172/0x1f0 [ 2954.258350][ T5595] should_fail.cold+0xa/0x15 [ 2954.263000][ T5595] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2954.268850][ T5595] should_fail_alloc_page+0x50/0x60 [ 2954.274070][ T5595] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2954.279469][ T5595] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2954.285132][ T5595] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2954.290874][ T5595] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2954.296575][ T5595] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2954.302860][ T5595] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2954.308695][ T5595] cache_grow_begin+0x9d/0x650 [ 2954.313489][ T5595] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2954.319760][ T5595] kmem_cache_alloc+0x62a/0x6f0 [ 2954.324621][ T5595] ? __fget+0x381/0x550 [ 2954.328826][ T5595] getname_flags+0xd6/0x5b0 [ 2954.333359][ T5595] do_mkdirat+0xa0/0x2a0 [ 2954.337624][ T5595] ? __ia32_sys_mknod+0xb0/0xb0 [ 2954.342499][ T5595] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2954.347981][ T5595] ? do_syscall_64+0x26/0x680 [ 2954.352693][ T5595] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2954.358788][ T5595] ? do_syscall_64+0x26/0x680 [ 2954.363483][ T5595] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2954.368792][ T5595] __x64_sys_mkdir+0x5c/0x80 [ 2954.373401][ T5595] do_syscall_64+0xfd/0x680 [ 2954.377954][ T5595] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2954.383863][ T5595] RIP: 0033:0x458937 [ 2954.387932][ T5595] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2954.407552][ T5595] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 03:27:24 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x2, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8800) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2954.415997][ T5595] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2954.423976][ T5595] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2954.431968][ T5595] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2954.439940][ T5595] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2954.447915][ T5595] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:24 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:27:24 executing program 1: r0 = pkey_alloc(0x0, 0x1) pkey_free(r0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r1, r2, 0x0) 03:27:24 executing program 4 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:24 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {0xffffffffffffffff, 0x8641}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:24 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x20, 0x3ff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:24 executing program 2: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfcb0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000080)={0x7, 0x1, @start={0x7ff}}) [ 2954.866250][ T5625] FAULT_INJECTION: forcing a failure. [ 2954.866250][ T5625] name failslab, interval 1, probability 0, space 0, times 0 [ 2954.885766][ T5625] CPU: 0 PID: 5625 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2954.893712][ T5625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2954.903782][ T5625] Call Trace: [ 2954.907115][ T5625] dump_stack+0x172/0x1f0 [ 2954.911466][ T5625] should_fail.cold+0xa/0x15 [ 2954.916077][ T5625] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2954.921910][ T5625] ? ___might_sleep+0x163/0x280 [ 2954.926781][ T5625] __should_failslab+0x121/0x190 [ 2954.933378][ T5625] should_failslab+0x9/0x14 [ 2954.937900][ T5625] kmem_cache_alloc_node_trace+0x26d/0x720 [ 2954.944126][ T5625] __kmalloc_node_track_caller+0x3d/0x70 [ 2954.949782][ T5625] __kmalloc_reserve.isra.0+0x40/0xf0 [ 2954.955178][ T5625] __alloc_skb+0x10b/0x5e0 [ 2954.959620][ T5625] ? skb_trim+0x190/0x190 [ 2954.963972][ T5625] ? kasan_check_read+0x11/0x20 [ 2954.968840][ T5625] alloc_uevent_skb+0x83/0x1e2 [ 2954.973619][ T5625] kobject_uevent_env+0xaa3/0x101d [ 2954.978757][ T5625] kobject_uevent+0x20/0x26 [ 2954.983272][ T5625] loop_set_fd+0xba2/0x10b0 [ 2954.987795][ T5625] lo_ioctl+0x1a3/0x1460 [ 2954.992069][ T5625] ? lock_downgrade+0x880/0x880 [ 2954.996936][ T5625] ? loop_set_fd+0x10b0/0x10b0 [ 2955.001731][ T5625] blkdev_ioctl+0xece/0x1c10 [ 2955.006340][ T5625] ? blkpg_ioctl+0xa90/0xa90 [ 2955.010949][ T5625] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2955.016786][ T5625] ? __fget+0x35a/0x550 [ 2955.020956][ T5625] block_ioctl+0xee/0x130 [ 2955.025314][ T5625] ? blkdev_fallocate+0x410/0x410 [ 2955.030350][ T5625] do_vfs_ioctl+0xd5f/0x1380 [ 2955.034950][ T5625] ? ioctl_preallocate+0x210/0x210 [ 2955.040082][ T5625] ? __fget+0x381/0x550 [ 2955.044258][ T5625] ? ksys_dup3+0x3e0/0x3e0 [ 2955.048707][ T5625] ? do_sys_open+0x31d/0x5d0 [ 2955.053312][ T5625] ? tomoyo_file_ioctl+0x23/0x30 [ 2955.058259][ T5625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2955.064597][ T5625] ? security_file_ioctl+0x8d/0xc0 [ 2955.069720][ T5625] ksys_ioctl+0xab/0xd0 [ 2955.073912][ T5625] __x64_sys_ioctl+0x73/0xb0 [ 2955.078523][ T5625] do_syscall_64+0xfd/0x680 [ 2955.083069][ T5625] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2955.088972][ T5625] RIP: 0033:0x459387 [ 2955.092874][ T5625] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:25 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:27:25 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x0) dup3(r0, r1, 0x0) [ 2955.112499][ T5625] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2955.121022][ T5625] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000459387 [ 2955.129450][ T5625] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 2955.137439][ T5625] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2955.145432][ T5625] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2955.153443][ T5625] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:25 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:27:25 executing program 5: perf_event_open(&(0x7f0000000140)={0x5, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040), 0x6f6) 03:27:25 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x100000001, 0x101000) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f00000000c0)={0x20, 0x4, 0x5, 0x81}) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r2, 0x0) 03:27:25 executing program 4 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2955.649467][ T5660] FAULT_INJECTION: forcing a failure. [ 2955.649467][ T5660] name failslab, interval 1, probability 0, space 0, times 0 [ 2955.669365][ T5660] CPU: 1 PID: 5660 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2955.677302][ T5660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2955.687370][ T5660] Call Trace: [ 2955.690690][ T5660] dump_stack+0x172/0x1f0 [ 2955.695048][ T5660] should_fail.cold+0xa/0x15 [ 2955.699664][ T5660] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2955.705510][ T5660] ? ___might_sleep+0x163/0x280 [ 2955.710432][ T5660] __should_failslab+0x121/0x190 [ 2955.715389][ T5660] should_failslab+0x9/0x14 [ 2955.719911][ T5660] kmem_cache_alloc+0x2af/0x6f0 [ 2955.724797][ T5660] ? __fget+0x381/0x550 [ 2955.728980][ T5660] getname_flags+0xd6/0x5b0 [ 2955.733672][ T5660] do_mkdirat+0xa0/0x2a0 [ 2955.737932][ T5660] ? __ia32_sys_mknod+0xb0/0xb0 [ 2955.742813][ T5660] ? trace_hardirqs_on_thunk+0x1a/0x1c 03:27:25 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0x0, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x210200, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f0000000340)={0x0, {0x31b, 0x9}}) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vcan0\x00'}) r4 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x0, 0x800) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000180)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) fdatasync(r4) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$SIOCX25GDTEFACILITIES(r0, 0x89ea, &(0x7f0000000040)) ioctl$CAPI_GET_FLAGS(r0, 0x80044323, &(0x7f0000000000)) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x400000, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x4000000000000000, @raw_data="8547ef7e6215d4955f109cbf6762889764260944a6b544843b3b1d5ebb2df8409a878b51a7118e6ee45e5ca6ae0f1f221562de756fbc6430650286d2e4c273ab19f3f71e450762ea78b682f379b2e03130e869e8ba4ecede490e6d7b53a926b0fab8f46dd999385cb076612990d573938b603019bc9e529eda447d5031c893cb588f420d4c27bb7d7dd93dd572ad110a31392fd5847b756985ae06264608255bbaa1b57d490fd7d1e25eaa997147cc9d991ecd50ecd91cd37680e620c506bec4a084c09e6ce2ff55"}) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000100)={0x2b, @broadcast, 0x4e21, 0x1, 'wlc\x00', 0x2, 0x6, 0x43}, 0x2c) openat$vcs(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vcs\x00', 0xbffe, 0x0) fstat(0xffffffffffffffff, 0x0) [ 2955.748291][ T5660] ? do_syscall_64+0x26/0x680 [ 2955.753006][ T5660] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2955.759098][ T5660] ? do_syscall_64+0x26/0x680 [ 2955.763818][ T5660] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2955.769131][ T5660] __x64_sys_mkdir+0x5c/0x80 [ 2955.773827][ T5660] do_syscall_64+0xfd/0x680 [ 2955.778358][ T5660] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2955.784254][ T5660] RIP: 0033:0x458937 [ 2955.788138][ T5660] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2955.816981][ T5660] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2955.825439][ T5660] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2955.833454][ T5660] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2955.841562][ T5660] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 03:27:25 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x5, 0x2) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000000100)={0x0, {0x3, 0x4}}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x100000000, 0x103000) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x6) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) r4 = dup3(r1, r2, 0x0) ioctl$RTC_UIE_ON(r4, 0x7003) [ 2955.849542][ T5660] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2955.857525][ T5660] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:26 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) 03:27:26 executing program 5: r0 = syz_open_dev$mouse(&(0x7f0000000480)='/dev/input/mouse#\x00', 0x3294970c, 0x200001) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000004c0)={0x0, 0x29, "f6e7300bb3506b04fcbd88d3ce302af5156fdee2300b07fc723c3414c93c15de5de1ac82b0bda51e6e"}, &(0x7f0000000500)=0x31) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000540)={0x9, 0x8006, 0x0, 0x20000000000000ff, r1}, &(0x7f0000000580)=0x10) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) ioctl$VIDIOC_TRY_DECODER_CMD(r2, 0xc0485661, &(0x7f0000000000)={0x1, 0x2, @raw_data=[0x6, 0x7fffffff, 0xfff, 0x3, 0x5, 0x3, 0x25c, 0x4, 0x9, 0x2, 0x6, 0x3000000000, 0x3, 0x9, 0x40, 0x2]}) 03:27:26 executing program 4 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:26 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x2) dup3(r1, r0, 0x0) [ 2956.230375][ T5682] FAULT_INJECTION: forcing a failure. [ 2956.230375][ T5682] name failslab, interval 1, probability 0, space 0, times 0 [ 2956.255805][ T5682] CPU: 1 PID: 5682 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2956.263839][ T5682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2956.273911][ T5682] Call Trace: 03:27:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(0xffffffffffffffff, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2956.277486][ T5682] dump_stack+0x172/0x1f0 [ 2956.281854][ T5682] should_fail.cold+0xa/0x15 [ 2956.286472][ T5682] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2956.292304][ T5682] ? ___might_sleep+0x163/0x280 [ 2956.297202][ T5682] __should_failslab+0x121/0x190 [ 2956.302152][ T5682] should_failslab+0x9/0x14 [ 2956.306674][ T5682] kmem_cache_alloc+0x2af/0x6f0 [ 2956.311543][ T5682] ? __fget+0x381/0x550 [ 2956.315723][ T5682] getname_flags+0xd6/0x5b0 [ 2956.320244][ T5682] do_mkdirat+0xa0/0x2a0 [ 2956.324498][ T5682] ? __ia32_sys_mknod+0xb0/0xb0 [ 2956.329348][ T5682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2956.334821][ T5682] ? do_syscall_64+0x26/0x680 [ 2956.339526][ T5682] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2956.345830][ T5682] ? do_syscall_64+0x26/0x680 [ 2956.350720][ T5682] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2956.356298][ T5682] __x64_sys_mkdir+0x5c/0x80 [ 2956.360919][ T5682] do_syscall_64+0xfd/0x680 [ 2956.365427][ T5682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2956.371311][ T5682] RIP: 0033:0x458937 [ 2956.375193][ T5682] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2956.394819][ T5682] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2956.403232][ T5682] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2956.411203][ T5682] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2956.419165][ T5682] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 03:27:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) [ 2956.427135][ T5682] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2956.435121][ T5682] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:26 executing program 5: prctl$PR_SET_TSC(0x1a, 0x2) r0 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x2c, 0x101000) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000d62fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000001c0)={0xb, @pix_mp={0x1, 0x8, 0x30364d54, 0xb, 0xf, [{0x3, 0x1}, {0x7f51, 0x8}, {0x5, 0x4bcf}, {0x100000000, 0x3}, {0x1000, 0x80000000}, {0x4b5, 0x10000}, {0x7f, 0x7}, {0xf9, 0x9}], 0x4d, 0x4, 0x6, 0x2, 0x5}}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000012000/0x1000)=nil, &(0x7f0000014000/0xa000)=nil, 0x20015000}) getsockopt$inet_dccp_buf(r0, 0x21, 0xd, &(0x7f00000003c0)=""/38, &(0x7f00000000c0)=0x26) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvfrom$llc(r2, &(0x7f00000002c0)=""/229, 0xe5, 0x40000000, &(0x7f0000000040)={0x1a, 0xffff, 0x8f4d, 0x4, 0x41, 0x9, @random="66a85d78837e"}, 0x10) 03:27:26 executing program 4 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:26 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x3, 0x80000) ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x430182, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r2, 0xc06855c8, &(0x7f00000000c0)={0xf, 0x8, {0x52, 0x4, 0x8, {0x3, 0x40}, {0xa5f, 0x5}, @cond=[{0x5, 0x7, 0x7f, 0x0, 0x8, 0xfffffffffffffffd}, {0x1, 0xbc1a, 0x7, 0x9, 0x9, 0x120000000}]}, {0x57, 0xffffffffffffffff, 0x0, {0x4, 0x1f}, {0x1, 0x40}, @cond=[{0x1, 0x5, 0x400, 0x41, 0x80000000}, {0x8, 0x4c, 0x9, 0x9, 0x101, 0x5}]}}) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r0, 0x80000) 03:27:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:27:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r3, 0x200, 0x70bd28, 0x25dfdbfe, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x0, @link='syz0\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0xc000}, 0x40) [ 2956.746025][ T5710] FAULT_INJECTION: forcing a failure. [ 2956.746025][ T5710] name failslab, interval 1, probability 0, space 0, times 0 [ 2956.828907][ T5710] CPU: 1 PID: 5710 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2956.836852][ T5710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2956.846926][ T5710] Call Trace: [ 2956.850258][ T5710] dump_stack+0x172/0x1f0 [ 2956.854626][ T5710] should_fail.cold+0xa/0x15 [ 2956.859252][ T5710] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2956.865091][ T5710] ? ___might_sleep+0x163/0x280 [ 2956.869968][ T5710] __should_failslab+0x121/0x190 [ 2956.874932][ T5710] should_failslab+0x9/0x14 [ 2956.879478][ T5710] kmem_cache_alloc+0x2af/0x6f0 [ 2956.884348][ T5710] ? __d_lookup+0x433/0x760 [ 2956.888951][ T5710] ? lookup_dcache+0x23/0x140 [ 2956.893670][ T5710] ? d_lookup+0xf9/0x260 [ 2956.897935][ T5710] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2956.903341][ T5710] __d_alloc+0x2e/0x8c0 [ 2956.907519][ T5710] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 2956.913353][ T5710] d_alloc+0x4d/0x280 [ 2956.917520][ T5710] __lookup_hash+0xcd/0x190 [ 2956.922046][ T5710] ? kasan_check_write+0x14/0x20 [ 2956.927034][ T5710] filename_create+0x1a7/0x4f0 [ 2956.933929][ T5710] ? kern_path_mountpoint+0x40/0x40 [ 2956.939152][ T5710] ? strncpy_from_user+0x2ac/0x380 [ 2956.944284][ T5710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2956.950546][ T5710] ? getname_flags+0x277/0x5b0 [ 2956.955331][ T5710] do_mkdirat+0xb5/0x2a0 [ 2956.959591][ T5710] ? __ia32_sys_mknod+0xb0/0xb0 [ 2956.964457][ T5710] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2956.969921][ T5710] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2956.975975][ T5710] ? do_syscall_64+0x26/0x680 [ 2956.980660][ T5710] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2956.985946][ T5710] __x64_sys_mkdir+0x5c/0x80 [ 2956.990586][ T5710] do_syscall_64+0xfd/0x680 [ 2956.995084][ T5710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2957.000989][ T5710] RIP: 0033:0x458937 [ 2957.004999][ T5710] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2957.024616][ T5710] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2957.033024][ T5710] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2957.040990][ T5710] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2957.048951][ T5710] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2957.056937][ T5710] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2957.064905][ T5710] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:27 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:27 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x8, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) 03:27:27 executing program 4 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:27 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000000)='./file0\x00') r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x800, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080)=0xdb2, 0x4) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:27:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', r0}, 0x10) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2957.379624][ T5740] FAULT_INJECTION: forcing a failure. [ 2957.379624][ T5740] name failslab, interval 1, probability 0, space 0, times 0 [ 2957.393798][ T5740] CPU: 0 PID: 5740 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2957.401716][ T5740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2957.411785][ T5740] Call Trace: [ 2957.415097][ T5740] dump_stack+0x172/0x1f0 [ 2957.419458][ T5740] should_fail.cold+0xa/0x15 [ 2957.424071][ T5740] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2957.429901][ T5740] ? mark_held_locks+0xf0/0xf0 [ 2957.434678][ T5740] ? __es_tree_search.isra.0+0x1bf/0x230 [ 2957.440309][ T5740] ? save_stack+0x5c/0x90 [ 2957.444652][ T5740] __should_failslab+0x121/0x190 [ 2957.449704][ T5740] should_failslab+0x9/0x14 [ 2957.454346][ T5740] kmem_cache_alloc+0x47/0x6f0 [ 2957.459128][ T5740] ? ext4_es_scan+0x730/0x730 [ 2957.463822][ T5740] ? do_raw_write_lock+0x124/0x290 [ 2957.468960][ T5740] __es_insert_extent+0x2cc/0xf20 [ 2957.474016][ T5740] ext4_es_insert_extent+0x2b7/0xa30 [ 2957.479513][ T5740] ? ext4_es_scan_clu+0x50/0x50 [ 2957.484388][ T5740] ? rcu_read_lock_sched_held+0x110/0x130 [ 2957.490118][ T5740] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2957.496359][ T5740] ? ext4_es_find_extent_range+0xff/0x600 [ 2957.502103][ T5740] ext4_ext_put_gap_in_cache+0xfe/0x150 [ 2957.507665][ T5740] ? ext4_rereserve_cluster+0x240/0x240 [ 2957.513223][ T5740] ? ext4_find_extent+0x76e/0x9d0 [ 2957.518267][ T5740] ? ext4_find_extent+0x6a6/0x9d0 [ 2957.523321][ T5740] ext4_ext_map_blocks+0x20a1/0x5250 [ 2957.528744][ T5740] ? mark_held_locks+0xf0/0xf0 [ 2957.533556][ T5740] ? ext4_ext_release+0x10/0x10 [ 2957.538439][ T5740] ? lock_acquire+0x16f/0x3f0 [ 2957.538456][ T5740] ? ext4_map_blocks+0x3fd/0x18e0 [ 2957.538478][ T5740] ? kasan_check_write+0x14/0x20 [ 2957.538498][ T5740] ext4_map_blocks+0xec7/0x18e0 [ 2957.557978][ T5740] ? ext4_issue_zeroout+0x190/0x190 [ 2957.563209][ T5740] ? kasan_check_write+0x14/0x20 [ 2957.568174][ T5740] ext4_getblk+0xc4/0x510 [ 2957.572523][ T5740] ? ext4_iomap_begin+0xfe0/0xfe0 [ 2957.577585][ T5740] ext4_bread+0x8f/0x230 [ 2957.581850][ T5740] ? ext4_getblk+0x510/0x510 [ 2957.586522][ T5740] ext4_append+0x155/0x370 [ 2957.590967][ T5740] ext4_mkdir+0x61b/0xdf0 [ 2957.595335][ T5740] ? ext4_init_dot_dotdot+0x520/0x520 [ 2957.600729][ T5740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2957.606988][ T5740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2957.613246][ T5740] ? security_inode_permission+0xcb/0x100 [ 2957.618991][ T5740] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2957.625341][ T5740] ? security_inode_mkdir+0xe4/0x120 [ 2957.631260][ T5740] vfs_mkdir+0x42e/0x670 [ 2957.635527][ T5740] do_mkdirat+0x234/0x2a0 [ 2957.639879][ T5740] ? __ia32_sys_mknod+0xb0/0xb0 [ 2957.644930][ T5740] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2957.650404][ T5740] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2957.656486][ T5740] ? do_syscall_64+0x26/0x680 [ 2957.661180][ T5740] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2957.666585][ T5740] __x64_sys_mkdir+0x5c/0x80 [ 2957.671188][ T5740] do_syscall_64+0xfd/0x680 [ 2957.675702][ T5740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2957.675715][ T5740] RIP: 0033:0x458937 [ 2957.675730][ T5740] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2957.675736][ T5740] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2957.675749][ T5740] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2957.675757][ T5740] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 03:27:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:27:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:27:27 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) write$nbd(r2, &(0x7f00000000c0)={0x67446698, 0x0, 0x4, 0x2, 0x2, "0ac002cb6e6b0927da634b29f8bff441ef1f42f6dfebdaeb8d2fbd91c782ebcd77fdb2e558e979f565408f2faf2001408a991e570fc6efff8bbc6816cd017e993b28893b15e4d0b6b3e035263404bef90e79e50fbf67bb39739d74aae0e6aad22401bb26c72f4671c203ef99ab4be5130580f90dddb0215f85906ec0cbc84e412de5a85ed4c6dce035e061c33c664f486c9d68580e25ab48522b1b3dfa5378a0bbf2b2a9b0c1a3bd3d74bf0d98ab3cb6a9d021a1306683936a88fe90a0079d1de2d895bf2e2d3100c84a065785f0233e49"}, 0xe1) dup3(r0, r1, 0x0) [ 2957.675764][ T5740] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2957.675773][ T5740] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2957.675788][ T5740] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2957.723104][ C0] net_ratelimit: 19 callbacks suppressed [ 2957.723112][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2957.730053][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2957.737855][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2957.746068][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2957.783233][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2957.789088][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:27 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) 03:27:27 executing program 5: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x463, 0x81}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:27 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000000)={0x1, {{0xa, 0x4e23, 0x6, @empty, 0x5}}}, 0x88) bind$llc(r0, &(0x7f00000000c0)={0x1a, 0x337, 0x5, 0xba5, 0x1, 0x8, @remote}, 0x10) fstat(0xffffffffffffffff, 0x0) 03:27:28 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x400}, {r0}], 0x4, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:28 executing program 4 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:28 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000300)='/dev/bus/usb/00#/00#\x00', 0x2, 0x1) setsockopt$inet6_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000280)=@gcm_256={{0x307}, "fee4be8a75942753", "ee6a1a88d9aaf99039fbb14c45bdc07c8cec1d3612410dc07b95dea9ec7e5136", "2583cab9", "48016ebd5e81b187"}, 0x38) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x8, 0x4000) finit_module(r2, &(0x7f00000000c0)='/dev/binder#\x00', 0x3) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r4 = dup3(r0, r3, 0x0) getsockopt$inet6_dccp_buf(r4, 0x21, 0x2, &(0x7f0000000100)=""/218, &(0x7f0000000200)=0xda) 03:27:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:27:28 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)=0x64, 0x2) 03:27:28 executing program 2: r0 = getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2958.728449][ T5788] FAULT_INJECTION: forcing a failure. [ 2958.728449][ T5788] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2958.742458][ T5788] CPU: 0 PID: 5788 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2958.750375][ T5788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2958.760467][ T5788] Call Trace: [ 2958.763790][ T5788] dump_stack+0x172/0x1f0 [ 2958.768145][ T5788] should_fail.cold+0xa/0x15 [ 2958.772748][ T5788] ? is_bpf_text_address+0xac/0x170 [ 2958.777965][ T5788] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2958.783881][ T5788] ? is_bpf_text_address+0xac/0x170 [ 2958.789111][ T5788] should_fail_alloc_page+0x50/0x60 [ 2958.794369][ T5788] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2958.799776][ T5788] ? __lock_acquire+0x54f/0x5490 [ 2958.804741][ T5788] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2958.810487][ T5788] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2958.810544][ T5788] cache_grow_begin+0x9d/0x650 [ 2958.810569][ T5788] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2958.829921][ T5788] __kmalloc+0x67c/0x740 [ 2958.834227][ T5788] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2958.839975][ T5788] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2958.845543][ T5788] ? tomoyo_path_number_perm+0x193/0x520 [ 2958.845566][ T5788] tomoyo_path_number_perm+0x1dd/0x520 [ 2958.845580][ T5788] ? tomoyo_path_number_perm+0x193/0x520 [ 2958.845598][ T5788] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2958.845617][ T5788] ? debug_check_no_obj_freed+0x200/0x464 [ 2958.845639][ T5788] ? kasan_check_write+0x14/0x20 [ 2958.845677][ T5788] ? putname+0xef/0x130 [ 2958.845691][ T5788] ? putname+0xef/0x130 [ 2958.845702][ T5788] ? putname+0xef/0x130 [ 2958.845718][ T5788] ? rcu_read_lock_sched_held+0x110/0x130 [ 2958.845731][ T5788] ? kmem_cache_free+0x222/0x260 [ 2958.845752][ T5788] tomoyo_path_mkdir+0xaa/0xf0 [ 2958.845766][ T5788] ? tomoyo_file_ioctl+0x30/0x30 [ 2958.845783][ T5788] ? kern_path_mountpoint+0x40/0x40 [ 2958.845801][ T5788] ? strncpy_from_user+0x2ac/0x380 [ 2958.845830][ T5788] security_path_mkdir+0x113/0x170 [ 2958.891652][ T5788] do_mkdirat+0x160/0x2a0 [ 2958.891673][ T5788] ? __ia32_sys_mknod+0xb0/0xb0 [ 2958.891690][ T5788] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2958.891709][ T5788] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2958.891724][ T5788] ? do_syscall_64+0x26/0x680 [ 2958.891741][ T5788] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2958.891762][ T5788] __x64_sys_mkdir+0x5c/0x80 [ 2958.891783][ T5788] do_syscall_64+0xfd/0x680 [ 2958.922600][ T5788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2958.922615][ T5788] RIP: 0033:0x458937 [ 2958.922632][ T5788] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2958.922640][ T5788] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2958.922655][ T5788] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2958.922664][ T5788] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 03:27:28 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:27:28 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000000)={0xffffffffffffffff}, 0x2, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r2, &(0x7f0000000100)={0x8, 0x120, 0xfa00, {0x4, {0x7b1c, 0x0, "266ac7c396f3b1d13e454f1cabea6a977606499dcbf8a76c20a796188af46980162b2190299bad1d9361c32e43d0a1bd9b8ca6f0505c61d59ef9793bc6bced682bc2478d30b1ff5d7bd23ff9f9ebe88796897c983d2c449daeb94d1272e75806ff876df2d246cf410d90467efa77b3ccce6f183a107c324f817cf35bee82b5459ab7534f6ed69e7910253c813b11ee030180557f023f8804097f319d74a621f7431f539ac63b22010cbb9b3d3753cca7dfd2a4a598eb0a0e9f9dbe67a31c06e21b59d12cd125703fb6d7bb796b26e135cec31d4781e22307ffc7bcb3924e5056b75520d27eb6ddf77f91f1681918d5a7b3ce70f442db58d387491eccd9d8f7e5", 0x78, 0x2, 0x5d7, 0x8, 0xb9b, 0x7ff, 0x658f3a2e, 0x1}, r3}}, 0x128) 03:27:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) [ 2958.922680][ T5788] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2959.031406][ T5788] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2959.031424][ T5788] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2959.047694][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2959.053502][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2959.059442][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2959.059490][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x20, 0x9, 0x1, 0x29, 0x1, 0x8000, 0x80000001, 0x800, 0x0}, &(0x7f00000000c0)=0x20) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r1, 0x9}, 0xc) write$P9_RCREATE(r0, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x20}, 0x3}}, 0x18) r2 = socket(0x11, 0x2, 0x0) r3 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r4 = syz_open_dev$ndb(0x0, 0x0, 0x4) ioctl$NBD_SET_SOCK(r4, 0xab00, r2) ioctl$NBD_CLEAR_SOCK(r3, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) ioctl$KVM_S390_INTERRUPT_CPU(r3, 0x4010ae94, &(0x7f0000000140)={0xffff, 0x5, 0x5}) fstat(0xffffffffffffffff, 0x0) 03:27:29 executing program 5: r0 = socket$bt_bnep(0x1f, 0x3, 0x4) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f00000000c0)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f00000006c0)=[{&(0x7f00000001c0)="f067d939da1a47331f63be9a48d33f0a7d0eca81a6dc75d35db45160e88ab97062e8b9a8aa0757484d1b799901ba341a6667b96e67d5460cb1cf5fcc4d713c1f81a0149c7422dc9f", 0x48}, {&(0x7f0000000240)="60a1c78185aa1eae0ab94f6669f6508335649090ffefc52d6299cb7e9b881583f4abf1b92e2b85dc39233a5072003bce00398952185ef6e8867b448f81b57bf7ccdd9b33e0b04218d50bff976309449ae8c28dadf2771f9e00e41fc740202880a7d30e1157650857465ae2b8fef2ce68b683ac9e5fb6c3dcdb0cb22e5375a9b3613551a1ff65a528dc7e3b8df4fcf385c34bf018e764adf74ba771db7a30255ab48c262493dae02939440dcd517ba502ec6c00d88f55aeab8f91f1e5681d4066c6", 0xc1}, {&(0x7f0000000340)="9a689d9ae088ca44474e2bdf964fecfdbf7358450b7c5934f80ae8c611bc0a82fb431e8c6fd38b5dd386f401b7", 0x2d}, {&(0x7f0000000380)="7b394cdcae1a13b37bfb6c3e5508f1a60e21491d2b63eb4ec14018aef2c0da2a3833a89966a871b7978152eb8b60abffb9a53e60814daf8a05a6b37b2b522374385cd1460a1805b21ba8d7a10f32a5bb8827fdac838e4c7b554dffade16c33394a9248be3227abb9d208e1c87ef511bfcd006bae17fba75eb329", 0x7a}, {&(0x7f0000000400)="dd752099db0a1aed210b0b7673fdc0a25fac6acc0914c4b4ca654b8de0df3d206954690d7056baf455740d1b684dd90763c0db4c15770eb1a016f61b819dbfc61a7be3c7b9f0232ad8a33a2cbd76c1c71f9d3964144fc4ad727922599602c8aa01ac2366654e51f0d4dd7b3cbb40c4cc0f0ff317f490f53ecfffe571cc6cda409f52e7ca7c98ac4620312366746e2b9962d1681ef2bc77ef7998f88e4092c83c1501399676fa83f745aa1f6e25feb2f6c5ffe4a847fd2a3f431d45144cd3b2d4", 0xc0}, {&(0x7f00000004c0)="61a25ee70b89a4f7d7211f4c7de5863edba0163faedf5e1264ea07", 0x1b}, {&(0x7f0000000500)="6fc53c283c9921a56bece3450e5f4ea8eeb8e468415377828d14b0238c172c0f8610af932dcd48e27a43e6c8accba6b197a34c1eb7443e27717e0bb141fef92cb2c5c8c2f29a3ff95ae70008d8ac1abb9d34194f882cc6f4ecd8176003359b9411b3526bb377f2d167571744014592d42bd248cf11367e0c90a12dfa252d4474", 0x80}, {&(0x7f0000000580)="28f12ad05fa1cc98024a64fefca2ab890c8d2bd02c61d17830410410bd27f658c4ecdb9cb0ab7a169726216667c4e6c2aaa6d1f154ee839e0b765a979a3a61becd9e4c09e05e0015cfa759d4ae439ca23311db0bc28af16d99059402e3c2bf58008c09a698771650fc12e56fde98155f802ecdba96e6777ecb22d71247600277287cc45ac192da0dd0285cace0267ee7864667fd0df42d2cfcf3002028d326ec8c01a7fbe9392596020e1878d70e3fb5edf4af1bf76d7fe99a44d81dca26cfff1d65c25c43da8c26e35250309fe73aedc66f75288c74af3400b5b9184ef5e7c7620ebb5372aebee1f928822bad54df", 0xef}, {&(0x7f0000000680)="ca739a2f1a80ee3fc22207f5c5ad53eafe588a1706152abac78d", 0x1a}], 0x9}, 0x10) io_setup(0x5, &(0x7f0000000000)) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000080)={@rand_addr=0x9, @loopback, @loopback}, 0xc) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) 03:27:29 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0, 0x8641}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:29 executing program 4 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:29 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000000)={0x25}, 0x4) 03:27:29 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) 03:27:29 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x8000) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(r0, 0x0) 03:27:29 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x5e, 0x400002) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000040)={0x1, 0x80, 0xffff, 'queue1\x00', 0x2}) [ 2960.004287][ T5842] FAULT_INJECTION: forcing a failure. [ 2960.004287][ T5842] name failslab, interval 1, probability 0, space 0, times 0 [ 2960.067125][ T5842] CPU: 1 PID: 5842 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2960.075071][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2960.085140][ T5842] Call Trace: [ 2960.088455][ T5842] dump_stack+0x172/0x1f0 [ 2960.092807][ T5842] should_fail.cold+0xa/0x15 [ 2960.097781][ T5842] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2960.103612][ T5842] ? ___might_sleep+0x163/0x280 [ 2960.108493][ T5842] __should_failslab+0x121/0x190 [ 2960.113457][ T5842] should_failslab+0x9/0x14 [ 2960.118070][ T5842] __kmalloc+0x2d9/0x740 [ 2960.122318][ T5842] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2960.128738][ T5842] ? d_absolute_path+0x11b/0x170 [ 2960.133666][ T5842] ? __d_path+0x140/0x140 [ 2960.138085][ T5842] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2960.143671][ T5842] tomoyo_encode2.part.0+0xf5/0x400 [ 2960.148926][ T5842] tomoyo_encode+0x2b/0x50 [ 2960.153380][ T5842] tomoyo_realpath_from_path+0x1d3/0x7a0 [ 2960.159041][ T5842] tomoyo_path_number_perm+0x1dd/0x520 [ 2960.164580][ T5842] ? tomoyo_path_number_perm+0x193/0x520 [ 2960.170234][ T5842] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2960.176050][ T5842] ? debug_check_no_obj_freed+0x200/0x464 [ 2960.181780][ T5842] ? kasan_check_write+0x14/0x20 [ 2960.186769][ T5842] ? putname+0xef/0x130 [ 2960.190945][ T5842] ? putname+0xef/0x130 [ 2960.198349][ T5842] ? putname+0xef/0x130 [ 2960.202521][ T5842] ? rcu_read_lock_sched_held+0x110/0x130 [ 2960.208467][ T5842] ? kmem_cache_free+0x222/0x260 [ 2960.213397][ T5842] tomoyo_path_mkdir+0xaa/0xf0 [ 2960.218172][ T5842] ? tomoyo_file_ioctl+0x30/0x30 [ 2960.223113][ T5842] ? kern_path_mountpoint+0x40/0x40 [ 2960.228307][ T5842] ? strncpy_from_user+0x2ac/0x380 [ 2960.233411][ T5842] security_path_mkdir+0x113/0x170 [ 2960.238532][ T5842] do_mkdirat+0x160/0x2a0 [ 2960.242875][ T5842] ? __ia32_sys_mknod+0xb0/0xb0 [ 2960.248060][ T5842] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2960.253526][ T5842] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2960.259612][ T5842] ? do_syscall_64+0x26/0x680 [ 2960.264308][ T5842] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2960.269586][ T5842] __x64_sys_mkdir+0x5c/0x80 [ 2960.274183][ T5842] do_syscall_64+0xfd/0x680 [ 2960.278699][ T5842] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2960.284717][ T5842] RIP: 0033:0x458937 [ 2960.288609][ T5842] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2960.308226][ T5842] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2960.316638][ T5842] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2960.324638][ T5842] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2960.332602][ T5842] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2960.340593][ T5842] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2960.356735][ T5842] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:30 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200, 0x0) 03:27:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x15, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2960.368079][ T5842] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:30 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {0xffffffffffffffff, 0x8641}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:30 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000), 0x4) socket$isdn(0x22, 0x3, 0x31) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x101801, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x7ff, 0x0, 0xff, 0x5, 0x1a, 0x3, 0x4, 0x9, 0x46, 0x5}) 03:27:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:30 executing program 4 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:30 executing program 1: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$vivid(&(0x7f0000000100)='/dev/video#\x00', 0x2, 0x2) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x4, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x2) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = dup3(r1, r2, 0x0) ioctl$sock_inet_SIOCSIFNETMASK(r3, 0x891c, &(0x7f00000000c0)={'bridge0\x00', {0x2, 0x4e20, @remote}}) 03:27:30 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) socket$bt_rfcomm(0x1f, 0x0, 0x3) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) r4 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x2, 0x40000) ioctl$TIOCGPTPEER(r4, 0x5441, 0x7) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(r0, 0x0) 03:27:30 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) [ 2960.795710][ T5878] FAULT_INJECTION: forcing a failure. [ 2960.795710][ T5878] name failslab, interval 1, probability 0, space 0, times 0 [ 2960.881770][ T5878] CPU: 1 PID: 5878 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2960.889708][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2960.899786][ T5878] Call Trace: [ 2960.903123][ T5878] dump_stack+0x172/0x1f0 [ 2960.907601][ T5878] should_fail.cold+0xa/0x15 [ 2960.912212][ T5878] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2960.918051][ T5878] ? ___might_sleep+0x163/0x280 [ 2960.922926][ T5878] __should_failslab+0x121/0x190 [ 2960.927879][ T5878] ? ratelimit_state_init+0xb0/0xb0 [ 2960.935325][ T5878] should_failslab+0x9/0x14 [ 2960.939848][ T5878] kmem_cache_alloc+0x2af/0x6f0 [ 2960.944716][ T5878] ? tomoyo_path_number_perm+0x214/0x520 [ 2960.950472][ T5878] ? kfree+0x170/0x220 [ 2960.954570][ T5878] ? ratelimit_state_init+0xb0/0xb0 [ 2960.959788][ T5878] ext4_alloc_inode+0x1f/0x640 [ 2960.964586][ T5878] ? ratelimit_state_init+0xb0/0xb0 [ 2960.969811][ T5878] alloc_inode+0x68/0x1e0 [ 2960.974167][ T5878] new_inode_pseudo+0x19/0xf0 03:27:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:27:31 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) accept$alg(r2, 0x0, 0x0) [ 2960.978863][ T5878] new_inode+0x1f/0x40 [ 2960.982946][ T5878] __ext4_new_inode+0x377/0x5440 [ 2960.987898][ T5878] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2960.993854][ T5878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.000205][ T5878] ? __dquot_initialize+0x525/0xd80 [ 2961.005425][ T5878] ? ext4_free_inode+0x1450/0x1450 [ 2961.010576][ T5878] ? dqget+0x10c0/0x10c0 [ 2961.014853][ T5878] ext4_mkdir+0x3d5/0xdf0 [ 2961.019222][ T5878] ? ext4_init_dot_dotdot+0x520/0x520 [ 2961.024621][ T5878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.030882][ T5878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.037147][ T5878] ? security_inode_permission+0xcb/0x100 [ 2961.042899][ T5878] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.049157][ T5878] ? security_inode_mkdir+0xe4/0x120 [ 2961.054448][ T5878] vfs_mkdir+0x42e/0x670 [ 2961.058932][ T5878] do_mkdirat+0x234/0x2a0 [ 2961.063285][ T5878] ? __ia32_sys_mknod+0xb0/0xb0 [ 2961.068144][ T5878] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2961.073612][ T5878] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2961.079705][ T5878] ? do_syscall_64+0x26/0x680 [ 2961.084403][ T5878] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2961.089701][ T5878] __x64_sys_mkdir+0x5c/0x80 [ 2961.094314][ T5878] do_syscall_64+0xfd/0x680 [ 2961.098843][ T5878] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2961.104761][ T5878] RIP: 0033:0x458937 [ 2961.108665][ T5878] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:31 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/snd/pcmC#D#c\x00', 0x401, 0x4000) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f00000001c0)={0x0, 0x7}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={r1, 0x0, 0x10}, 0xc) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2961.128869][ T5878] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2961.137302][ T5878] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2961.145296][ T5878] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2961.153353][ T5878] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2961.161373][ T5878] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2961.169393][ T5878] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:31 executing program 4 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x80000000, @capture={0x1000, 0x1, {0xaf0, 0xfff}, 0x6, 0x6}}) fstat(0xffffffffffffffff, 0x0) [ 2961.386125][ T5906] FAULT_INJECTION: forcing a failure. [ 2961.386125][ T5906] name failslab, interval 1, probability 0, space 0, times 0 [ 2961.405086][ T5906] CPU: 0 PID: 5906 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2961.413041][ T5906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2961.423122][ T5906] Call Trace: [ 2961.426448][ T5906] dump_stack+0x172/0x1f0 [ 2961.430817][ T5906] should_fail.cold+0xa/0x15 [ 2961.435435][ T5906] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2961.441322][ T5906] __should_failslab+0x121/0x190 [ 2961.446301][ T5906] should_failslab+0x9/0x14 [ 2961.450999][ T5906] kmem_cache_alloc+0x47/0x6f0 [ 2961.455788][ T5906] ? ___might_sleep+0x163/0x280 [ 2961.460665][ T5906] ? mempool_alloc+0x380/0x380 [ 2961.465448][ T5906] mempool_alloc_slab+0x47/0x60 [ 2961.470351][ T5906] mempool_alloc+0x169/0x380 [ 2961.474966][ T5906] ? mempool_destroy+0x40/0x40 [ 2961.479750][ T5906] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2961.485082][ T5906] ? trace_hardirqs_on+0x67/0x220 [ 2961.490122][ T5906] ? kasan_check_read+0x11/0x20 [ 2961.495004][ T5906] ? __unlock_page_memcg+0x53/0x100 [ 2961.500228][ T5906] ? find_held_lock+0x35/0x130 [ 2961.505020][ T5906] bio_alloc_bioset+0x3b9/0x680 [ 2961.509921][ T5906] ? bvec_alloc+0x2f0/0x2f0 [ 2961.514448][ T5906] ? kasan_check_read+0x11/0x20 [ 2961.519594][ T5906] submit_bh_wbc+0x133/0x7f0 [ 2961.524231][ T5906] __sync_dirty_buffer+0x111/0x2e0 [ 2961.529371][ T5906] sync_dirty_buffer+0x1b/0x20 [ 2961.534156][ T5906] __ext4_handle_dirty_metadata+0x237/0x570 [ 2961.540088][ T5906] ext4_handle_dirty_dirent_node+0x3ae/0x4c0 [ 2961.546095][ T5906] ? ext4_rename_dir_prepare+0x460/0x460 [ 2961.551754][ T5906] ? memcpy+0x46/0x50 [ 2961.555756][ T5906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.562044][ T5906] ? ext4_init_dot_dotdot+0x39c/0x520 [ 2961.567445][ T5906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.573716][ T5906] ext4_mkdir+0x6c9/0xdf0 [ 2961.578130][ T5906] ? ext4_init_dot_dotdot+0x520/0x520 [ 2961.583561][ T5906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.590093][ T5906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.596360][ T5906] ? security_inode_permission+0xcb/0x100 [ 2961.602141][ T5906] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2961.608421][ T5906] ? security_inode_mkdir+0xe4/0x120 [ 2961.613738][ T5906] vfs_mkdir+0x42e/0x670 [ 2961.618015][ T5906] do_mkdirat+0x234/0x2a0 [ 2961.622369][ T5906] ? __ia32_sys_mknod+0xb0/0xb0 [ 2961.627233][ T5906] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2961.632714][ T5906] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2961.638800][ T5906] ? do_syscall_64+0x26/0x680 [ 2961.643497][ T5906] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2961.648805][ T5906] __x64_sys_mkdir+0x5c/0x80 [ 2961.653411][ T5906] do_syscall_64+0xfd/0x680 [ 2961.657933][ T5906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2961.663840][ T5906] RIP: 0033:0x458937 [ 2961.667739][ T5906] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2961.687471][ T5906] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2961.695903][ T5906] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2961.703893][ T5906] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2961.711878][ T5906] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2961.719863][ T5906] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2961.727844][ T5906] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:31 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {0xffffffffffffffff, 0x8641}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:31 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:27:31 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r2, 0x84, 0x4, &(0x7f0000000000), &(0x7f00000000c0)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000100)={{0x5, 0x1}, {0x3, 0x437b}, 0x8, 0x0, 0x9d}) 03:27:31 executing program 4 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x12200, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000000440)) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKBSZGET(r2, 0x80081270, &(0x7f0000000180)) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:31 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x10000000000, 0x240402) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x41000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xffffffffffffff0c, r1, 0x500, 0x70bd2a, 0x25dfdbf7, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x24000040) 03:27:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:27:32 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x282001, 0x0) ioctl$VIDIOC_S_EDID(r2, 0xc0285629, &(0x7f0000000140)={0x0, 0x40, 0x6, [], &(0x7f0000000100)=0x3}) dup3(r0, r1, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) [ 2962.169666][ T5938] FAULT_INJECTION: forcing a failure. [ 2962.169666][ T5938] name failslab, interval 1, probability 0, space 0, times 0 [ 2962.213056][ T5938] CPU: 0 PID: 5938 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2962.221005][ T5938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2962.231111][ T5938] Call Trace: [ 2962.234463][ T5938] dump_stack+0x172/0x1f0 [ 2962.238816][ T5938] should_fail.cold+0xa/0x15 [ 2962.243424][ T5938] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2962.249417][ T5938] ? ext4_mkdir+0x61b/0xdf0 [ 2962.253942][ T5938] ? vfs_mkdir+0x42e/0x670 [ 2962.258480][ T5938] ? do_mkdirat+0x234/0x2a0 [ 2962.258494][ T5938] ? __x64_sys_mkdir+0x5c/0x80 [ 2962.258508][ T5938] ? do_syscall_64+0xfd/0x680 [ 2962.258521][ T5938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2962.258544][ T5938] __should_failslab+0x121/0x190 [ 2962.258564][ T5938] should_failslab+0x9/0x14 [ 2962.258584][ T5938] kmem_cache_alloc_node+0x56/0x710 [ 2962.293270][ T5938] ? lock_downgrade+0x880/0x880 [ 2962.298525][ T5938] create_task_io_context+0x33/0x450 [ 2962.303829][ T5938] generic_make_request_checks+0x1a33/0x2070 [ 2962.309834][ T5938] ? trace_event_raw_event_block_rq_requeue+0x640/0x640 [ 2962.316789][ T5938] ? ___might_sleep+0x163/0x280 [ 2962.321679][ T5938] generic_make_request+0x8f/0xb40 [ 2962.326828][ T5938] ? blk_queue_enter+0xe90/0xe90 [ 2962.331790][ T5938] ? find_held_lock+0x35/0x130 [ 2962.336932][ T5938] ? guard_bio_eod+0x1ce/0x6c0 [ 2962.341745][ T5938] submit_bio+0xba/0x480 [ 2962.346005][ T5938] ? submit_bio+0xba/0x480 [ 2962.350439][ T5938] ? generic_make_request+0xb40/0xb40 [ 2962.356043][ T5938] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 2962.361769][ T5938] ? guard_bio_eod+0x295/0x6c0 [ 2962.366538][ T5938] submit_bh_wbc+0x5f7/0x7f0 [ 2962.371175][ T5938] __sync_dirty_buffer+0x111/0x2e0 [ 2962.376292][ T5938] sync_dirty_buffer+0x1b/0x20 [ 2962.381066][ T5938] __ext4_handle_dirty_metadata+0x237/0x570 [ 2962.386995][ T5938] ext4_getblk+0x32b/0x510 [ 2962.391436][ T5938] ? ext4_iomap_begin+0xfe0/0xfe0 [ 2962.396485][ T5938] ext4_bread+0x8f/0x230 [ 2962.400743][ T5938] ? ext4_getblk+0x510/0x510 [ 2962.405357][ T5938] ext4_append+0x155/0x370 [ 2962.409791][ T5938] ext4_mkdir+0x61b/0xdf0 [ 2962.414147][ T5938] ? ext4_init_dot_dotdot+0x520/0x520 [ 2962.419711][ T5938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2962.425986][ T5938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2962.432344][ T5938] ? security_inode_permission+0xcb/0x100 [ 2962.438142][ T5938] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2962.444406][ T5938] ? security_inode_mkdir+0xe4/0x120 [ 2962.449726][ T5938] vfs_mkdir+0x42e/0x670 [ 2962.453984][ T5938] do_mkdirat+0x234/0x2a0 [ 2962.458325][ T5938] ? __ia32_sys_mknod+0xb0/0xb0 03:27:32 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f00000000c0)={{0x2f, @empty, 0x4e22, 0x1, 'nq\x00', 0x1, 0xfffffffffffffffb, 0x64}, {@loopback, 0x4e21, 0x2000, 0x46, 0x1, 0x9}}, 0x44) ioctl$DRM_IOCTL_AGP_RELEASE(r2, 0x6431) 03:27:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) [ 2962.463216][ T5938] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2962.468695][ T5938] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2962.474864][ T5938] ? do_syscall_64+0x26/0x680 [ 2962.479560][ T5938] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2962.484872][ T5938] __x64_sys_mkdir+0x5c/0x80 [ 2962.489486][ T5938] do_syscall_64+0xfd/0x680 [ 2962.494098][ T5938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2962.500013][ T5938] RIP: 0033:0x458937 [ 2962.503929][ T5938] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2962.523704][ T5938] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2962.532146][ T5938] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2962.540140][ T5938] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2962.548142][ T5938] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2962.556229][ T5938] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 03:27:32 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x204000, 0x0) ioctl$TUNSETLINK(r2, 0x400454cd, 0x9354e3b82e451b03) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x100, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000140)=0xffffffffffffffff, 0x4) ioctl$VIDIOC_LOG_STATUS(r3, 0x5646, 0x0) dup3(r0, r1, 0x0) 03:27:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) ioctl$NBD_CLEAR_SOCK(r2, 0xab04) [ 2962.564223][ T5938] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2962.566481][ T5958] binder: 5952:5958 ioctl 6431 0 returned -22 03:27:32 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:27:32 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {0xffffffffffffffff, 0x8641}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:32 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x3, 0x800) ioctl$PIO_FONT(r0, 0x4b61, &(0x7f0000000040)="3862ab604e9bbbe07c964efd2b5bb68f1c552e12bab6f6eeb26f8fcb082f9ea0c3927b841f94800ade3dba48a8890e38c91dc9dc70585962478e5774456e4c9280a84c9cf2cff1c1f96d14b54abcf106bd140037999afc58c0b0cd87df657cfaf35cd963307f4b") 03:27:32 executing program 4 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2962.913862][ T5978] FAULT_INJECTION: forcing a failure. [ 2962.913862][ T5978] name failslab, interval 1, probability 0, space 0, times 0 [ 2962.957688][ T5978] CPU: 0 PID: 5978 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2962.965631][ T5978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2962.975807][ T5978] Call Trace: [ 2962.979126][ T5978] dump_stack+0x172/0x1f0 [ 2962.983487][ T5978] should_fail.cold+0xa/0x15 [ 2962.988100][ T5978] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2962.993935][ T5978] ? ___might_sleep+0x163/0x280 [ 2962.998898][ T5978] __should_failslab+0x121/0x190 [ 2963.003969][ T5978] should_failslab+0x9/0x14 [ 2963.009104][ T5978] kmem_cache_alloc+0x2af/0x6f0 [ 2963.013986][ T5978] ? rcu_read_lock_sched_held+0x110/0x130 [ 2963.019721][ T5978] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 2963.025999][ T5978] ? __mark_inode_dirty+0x241/0x1280 [ 2963.031349][ T5978] ext4_mb_new_blocks+0x5a0/0x3c10 [ 2963.036516][ T5978] ? ext4_find_extent+0x76e/0x9d0 [ 2963.036546][ T5978] ext4_ext_map_blocks+0x2b83/0x5250 [ 2963.036569][ T5978] ? ext4_ext_release+0x10/0x10 [ 2963.036612][ T5978] ext4_map_blocks+0x8c5/0x18e0 03:27:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:27:33 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0x0, 0x0) dup3(r0, r1, 0x0) ioctl$BINDER_THREAD_EXIT(r1, 0x40046208, 0x0) [ 2963.036636][ T5978] ? ext4_issue_zeroout+0x190/0x190 [ 2963.036659][ T5978] ? kasan_check_write+0x14/0x20 [ 2963.066890][ T5978] ext4_getblk+0xc4/0x510 [ 2963.071244][ T5978] ? ext4_iomap_begin+0xfe0/0xfe0 [ 2963.076322][ T5978] ext4_bread+0x8f/0x230 [ 2963.080610][ T5978] ? ext4_getblk+0x510/0x510 [ 2963.085249][ T5978] ext4_append+0x155/0x370 [ 2963.089707][ T5978] ext4_mkdir+0x61b/0xdf0 [ 2963.094077][ T5978] ? ext4_init_dot_dotdot+0x520/0x520 [ 2963.099469][ T5978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2963.105722][ T5978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2963.111998][ T5978] ? security_inode_permission+0xcb/0x100 [ 2963.117903][ T5978] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2963.124197][ T5978] ? security_inode_mkdir+0xe4/0x120 [ 2963.129495][ T5978] vfs_mkdir+0x42e/0x670 [ 2963.133762][ T5978] do_mkdirat+0x234/0x2a0 [ 2963.138108][ T5978] ? __ia32_sys_mknod+0xb0/0xb0 [ 2963.143016][ T5978] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2963.149053][ T5978] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2963.155135][ T5978] ? do_syscall_64+0x26/0x680 [ 2963.159828][ T5978] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2963.165141][ T5978] __x64_sys_mkdir+0x5c/0x80 [ 2963.169757][ T5978] do_syscall_64+0xfd/0x680 [ 2963.174289][ T5978] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2963.180198][ T5978] RIP: 0033:0x458937 [ 2963.184107][ T5978] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:33 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x2) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r0, 0x80000) [ 2963.203721][ T5978] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2963.212192][ T5978] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2963.220181][ T5978] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2963.228601][ T5978] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2963.236607][ T5978] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2963.244587][ T5978] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2963.253011][ C0] net_ratelimit: 18 callbacks suppressed 03:27:33 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) flistxattr(r0, &(0x7f0000000440)=""/4096, 0x1000) syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) getsockopt$bt_l2cap_L2CAP_OPTIONS(r1, 0x6, 0x1, &(0x7f0000000100), &(0x7f0000000140)=0xc) ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000040)={0x0, 0x0, [], {0x0, @bt={0x3f, 0x7, 0x1, 0x3, 0x4, 0xe5e, 0x3, 0x8000, 0x7ff, 0x6, 0x100000001, 0x1, 0x9dd, 0x1, 0x1c, 0x4}}}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2963.253019][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2963.264555][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2963.270466][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2963.276641][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2963.282488][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2963.288311][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:27:33 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x6, 0x40000) ioctl$VIDIOC_ENUMAUDOUT(r0, 0xc0345642, &(0x7f0000000040)={0x5, "94630f9f8b3322f81d4baaaa905d9d0fc2a554e743802c352df36651b0b17077", 0x3, 0x1}) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:33 executing program 4 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:27:33 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r0, 0x0) [ 2963.590694][ T6012] FAULT_INJECTION: forcing a failure. [ 2963.590694][ T6012] name failslab, interval 1, probability 0, space 0, times 0 [ 2963.621185][ T6012] CPU: 0 PID: 6012 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2963.629152][ T6012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2963.639215][ T6012] Call Trace: [ 2963.639243][ T6012] dump_stack+0x172/0x1f0 [ 2963.639271][ T6012] should_fail.cold+0xa/0x15 [ 2963.639295][ T6012] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2963.651525][ T6012] ? ___might_sleep+0x163/0x280 [ 2963.651548][ T6012] __should_failslab+0x121/0x190 [ 2963.651574][ T6012] should_failslab+0x9/0x14 [ 2963.672176][ T6012] __kmalloc_track_caller+0x2d5/0x740 [ 2963.677569][ T6012] ? setup_sigcontext+0x7d0/0x7d0 [ 2963.682621][ T6012] ? __bad_area_nosemaphore+0xb3/0x420 [ 2963.688094][ T6012] ? strndup_user+0x77/0xd0 [ 2963.692621][ T6012] memdup_user+0x26/0xb0 [ 2963.696888][ T6012] strndup_user+0x77/0xd0 [ 2963.701246][ T6012] ksys_mount+0x3c/0x150 [ 2963.705506][ T6012] __x64_sys_mount+0xbe/0x150 [ 2963.710203][ T6012] do_syscall_64+0xfd/0x680 [ 2963.714729][ T6012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2963.720667][ T6012] RIP: 0033:0x45bf6a [ 2963.724571][ T6012] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2963.744191][ T6012] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2963.752634][ T6012] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2963.760621][ T6012] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2963.768696][ T6012] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2963.776700][ T6012] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2963.776708][ T6012] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:33 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:33 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) 03:27:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r3 = syz_open_dev$usb(&(0x7f0000000200)='/dev/bus/usb/00#/00#\x00', 0x0, 0x20400) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000100)={0x100000, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:33 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) 03:27:33 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x40c000, 0x0) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r1, 0x2) modify_ldt$read(0x0, &(0x7f0000000280)=""/176, 0x1009199eda9f7a93) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r2 = dup3(r0, r0, 0x80000) openat$cgroup(r2, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) ioctl$SG_GET_ACCESS_COUNT(r1, 0x2289, &(0x7f0000000040)) [ 2963.945645][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2963.945665][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2963.951453][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2963.957230][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:34 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x0) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000)=0x7fb, 0x4) 03:27:34 executing program 4 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8000, 0x0, 0x0, 0x100000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x88001, 0x0) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1136) r1 = socket(0x11, 0x2, 0x0) prctl$PR_SET_TSC(0x1a, 0x1) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) setsockopt$rose(r1, 0x104, 0x7, &(0x7f0000000000)=0x4, 0x4) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:34 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) [ 2964.183297][ T6046] FAULT_INJECTION: forcing a failure. [ 2964.183297][ T6046] name failslab, interval 1, probability 0, space 0, times 0 [ 2964.221180][ T6046] CPU: 0 PID: 6046 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2964.229126][ T6046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2964.239200][ T6046] Call Trace: [ 2964.242530][ T6046] dump_stack+0x172/0x1f0 [ 2964.246892][ T6046] should_fail.cold+0xa/0x15 [ 2964.251502][ T6046] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2964.257327][ T6046] ? ___might_sleep+0x163/0x280 [ 2964.262200][ T6046] __should_failslab+0x121/0x190 [ 2964.267153][ T6046] should_failslab+0x9/0x14 [ 2964.267167][ T6046] __kmalloc_track_caller+0x2d5/0x740 [ 2964.267182][ T6046] ? setup_sigcontext+0x7d0/0x7d0 [ 2964.267204][ T6046] ? __bad_area_nosemaphore+0xb3/0x420 [ 2964.277192][ T6046] ? strndup_user+0x77/0xd0 [ 2964.292301][ T6046] memdup_user+0x26/0xb0 [ 2964.296601][ T6046] strndup_user+0x77/0xd0 [ 2964.300986][ T6046] ksys_mount+0x3c/0x150 [ 2964.305242][ T6046] __x64_sys_mount+0xbe/0x150 [ 2964.309941][ T6046] do_syscall_64+0xfd/0x680 [ 2964.314514][ T6046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2964.320512][ T6046] RIP: 0033:0x45bf6a 03:27:34 executing program 1: setxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@v2={0x5, 0x1, 0x5, 0x0, 0x6f, "11a3d7a6bff03838f6aa626e18bcb0be81f0fb17e448321232f0f5c27f4443f63e9f3f7f9bb789f2fec63a55ef6ed7a77287388258a70f2cd644aadf83c1597afb9dedfb68c804f14592ce871aaed6351fb83f39e176aff73fb9bc75e59d71b5465d7037caea78270fa5e6a0f1653b"}, 0x79, 0x1) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$TIOCLINUX5(r1, 0x541c, &(0x7f0000000180)={0x5, 0x7, 0x3, 0x29, 0x2}) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r1, r2, 0x0) [ 2964.324398][ T6046] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2964.344107][ T6046] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2964.352555][ T6046] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2964.360541][ T6046] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2964.360550][ T6046] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2964.360558][ T6046] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2964.360565][ T6046] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:34 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:27:34 executing program 4 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2964.684846][ T6072] FAULT_INJECTION: forcing a failure. [ 2964.684846][ T6072] name failslab, interval 1, probability 0, space 0, times 0 [ 2964.717298][ T6072] CPU: 0 PID: 6072 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2964.725674][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2964.735743][ T6072] Call Trace: [ 2964.739070][ T6072] dump_stack+0x172/0x1f0 [ 2964.743414][ T6072] should_fail.cold+0xa/0x15 [ 2964.748022][ T6072] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2964.753849][ T6072] __should_failslab+0x121/0x190 [ 2964.758779][ T6072] should_failslab+0x9/0x14 [ 2964.763271][ T6072] kmem_cache_alloc+0x47/0x6f0 [ 2964.768062][ T6072] ? ___might_sleep+0x163/0x280 [ 2964.772930][ T6072] ? mempool_alloc+0x380/0x380 [ 2964.777684][ T6072] mempool_alloc_slab+0x47/0x60 [ 2964.782522][ T6072] mempool_alloc+0x169/0x380 [ 2964.787110][ T6072] ? mempool_destroy+0x40/0x40 [ 2964.791902][ T6072] ? mark_held_locks+0xf0/0xf0 [ 2964.796658][ T6072] ? __unlock_page_memcg+0x53/0x100 [ 2964.801851][ T6072] ? find_held_lock+0x35/0x130 [ 2964.806726][ T6072] bio_alloc_bioset+0x3b9/0x680 [ 2964.811871][ T6072] ? mark_buffer_dirty_inode+0x305/0x410 [ 2964.817498][ T6072] ? bvec_alloc+0x2f0/0x2f0 [ 2964.821996][ T6072] submit_bh_wbc+0x133/0x7f0 [ 2964.828860][ T6072] __sync_dirty_buffer+0x111/0x2e0 [ 2964.833999][ T6072] sync_dirty_buffer+0x1b/0x20 [ 2964.838967][ T6072] __ext4_handle_dirty_metadata+0x237/0x570 [ 2964.844990][ T6072] ext4_getblk+0x32b/0x510 [ 2964.849661][ T6072] ? ext4_iomap_begin+0xfe0/0xfe0 [ 2964.854790][ T6072] ext4_bread+0x8f/0x230 [ 2964.859082][ T6072] ? ext4_getblk+0x510/0x510 [ 2964.863699][ T6072] ext4_append+0x155/0x370 [ 2964.868125][ T6072] ext4_mkdir+0x61b/0xdf0 [ 2964.872483][ T6072] ? ext4_init_dot_dotdot+0x520/0x520 [ 2964.877861][ T6072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2964.884112][ T6072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2964.890364][ T6072] ? security_inode_permission+0xcb/0x100 [ 2964.896089][ T6072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2964.902339][ T6072] ? security_inode_mkdir+0xe4/0x120 [ 2964.907618][ T6072] vfs_mkdir+0x42e/0x670 [ 2964.912557][ T6072] do_mkdirat+0x234/0x2a0 [ 2964.916897][ T6072] ? __ia32_sys_mknod+0xb0/0xb0 [ 2964.921745][ T6072] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2964.927200][ T6072] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2964.935044][ T6072] ? do_syscall_64+0x26/0x680 [ 2964.939744][ T6072] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2964.945030][ T6072] __x64_sys_mkdir+0x5c/0x80 [ 2964.950308][ T6072] do_syscall_64+0xfd/0x680 [ 2964.954836][ T6072] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2964.960750][ T6072] RIP: 0033:0x458937 [ 2964.964633][ T6072] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:27:35 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mincore(&(0x7f0000ffc000/0x3000)=nil, 0x3000, &(0x7f0000000300)=""/219) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:35 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x800) r2 = dup3(r0, r1, 0x0) ioctl$SIOCX25SCUDMATCHLEN(r2, 0x89e7, &(0x7f0000000000)={0x14}) sendto$inet6(r2, &(0x7f0000000100)="f35574cc52f8de5d018583510794ddffad71a329f8ee8a589a3c789832729e41aadf986d83e3bf1976e877afcfcc22cfccc9247116362549aca97b08d9f7b0e690fc6a36ee33a1397934e0eb8f32c22d1f36841cb6a90f30faab92a7450fecdec31d114e4e63a4380689dfe6af8a46ff4f7cf066532630", 0x77, 0x0, &(0x7f0000000180)={0xa, 0x4e23, 0x1, @mcast2}, 0x1c) 03:27:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x17\x00'}}}]}, 0x13c}}, 0x0) [ 2964.984232][ T6072] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2964.992661][ T6072] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2965.000630][ T6072] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2965.008598][ T6072] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2965.016683][ T6072] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2965.024651][ T6072] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:35 executing program 5: bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$EVIOCGID(r0, 0x80084502, &(0x7f0000000080)=""/59) 03:27:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) 03:27:35 executing program 4 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:35 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x40000, 0x0) ioctl$VHOST_GET_VRING_BASE(r1, 0xc008af12, &(0x7f0000000180)) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L+', 0x3f}, 0x28, 0x0) dup3(r0, r2, 0x0) 03:27:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) 03:27:35 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x3d2b2470, 0x0) fcntl$notify(r0, 0x402, 0x22) ioctl$RTC_PIE_OFF(r0, 0x7006) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000040)=[@timestamp, @window={0x3, 0x2, 0x3}], 0x2) 03:27:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r3, 0x4008af23, &(0x7f0000000040)={0x1, 0x80}) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2965.518402][ T6107] FAULT_INJECTION: forcing a failure. [ 2965.518402][ T6107] name failslab, interval 1, probability 0, space 0, times 0 [ 2965.531268][ T6107] CPU: 1 PID: 6107 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2965.539240][ T6107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2965.549434][ T6107] Call Trace: [ 2965.552766][ T6107] dump_stack+0x172/0x1f0 [ 2965.557125][ T6107] should_fail.cold+0xa/0x15 [ 2965.561779][ T6107] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2965.567630][ T6107] ? __sigqueue_alloc+0x173/0x4d0 [ 2965.572681][ T6107] ? find_held_lock+0x35/0x130 [ 2965.577478][ T6107] __should_failslab+0x121/0x190 [ 2965.582438][ T6107] should_failslab+0x9/0x14 [ 2965.587066][ T6107] kmem_cache_alloc+0x47/0x6f0 [ 2965.591888][ T6107] ? kasan_check_read+0x11/0x20 [ 2965.597072][ T6107] __sigqueue_alloc+0x268/0x4d0 [ 2965.601999][ T6107] __send_signal+0xda0/0x1580 [ 2965.606804][ T6107] send_signal+0x49/0xd0 [ 2965.613159][ T6107] force_sig_info+0x251/0x310 [ 2965.617850][ T6107] force_sig_fault+0xbb/0xf0 [ 2965.622484][ T6107] ? force_sigsegv+0x120/0x120 [ 2965.627247][ T6107] ? trace_hardirqs_on+0x67/0x220 [ 2965.632286][ T6107] __bad_area_nosemaphore+0x332/0x420 [ 2965.637718][ T6107] bad_area+0x69/0x80 [ 2965.641735][ T6107] __do_page_fault+0x996/0xda0 [ 2965.646516][ T6107] do_page_fault+0x71/0x57d [ 2965.651073][ T6107] ? page_fault+0x8/0x30 [ 2965.655321][ T6107] page_fault+0x1e/0x30 [ 2965.659510][ T6107] RIP: 0033:0x45311f [ 2965.663420][ T6107] Code: bc d1 f3 0f 7f 27 f3 0f 7f 6f 10 f3 0f 7f 77 20 f3 0f 7f 7f 30 49 83 c0 0f 49 29 d0 48 8d 7c 17 31 e9 95 0b 00 00 66 0f ef c0 0f 6f 0e f3 0f 6f 56 10 66 0f 74 c1 66 0f d7 d0 49 83 f8 11 0f [ 2965.683063][ T6107] RSP: 002b:00007feed796ca88 EFLAGS: 00010283 [ 2965.689224][ T6107] RAX: 00007feed796cb40 RBX: 0000000020000228 RCX: 0000000000000000 [ 2965.697319][ T6107] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007feed796cb40 [ 2965.706165][ T6107] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 03:27:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) [ 2965.714168][ T6107] R10: 0000000000000075 R11: 00000000004e48c0 R12: 0000000000000004 [ 2965.722139][ T6107] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8250}, {r0}], 0x3, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x2, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dsp\x00', 0x80, 0x0) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000440)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000000000)="1e877e4c02539b9e82a11860ac350f22a3c3d7c463f6a39600d6c2b4ff109db84a87e025df000f7f83052b7ee4753572549fac82a13ce0d28e54488bc504fb9f87204849cd606b2761db219f9dffd75cac3a1638c7b379dc4a5864fd335ff6e42231388346195958811db1ad745bb8b965a12cfecaf390b273288d931a7915149a3179a2f1bb345e9f9665a4383e8f59f5a2a1fa12f7b6c7b18c3f04badcb0f9c115d2cc936b07d4da64feb33debc79031c7585bf6b39a9d96b8764bfd7dfbcd041097fbd8ba9d9e0d0866a52b5feae0d4ef88cf7139859c", 0xd8, r1}, 0x68) fstat(0xffffffffffffffff, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0xc0000, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f00000001c0), &(0x7f0000000200)=0x4) 03:27:36 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = semget$private(0x0, 0x4, 0x3b2) semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000000)=""/45) 03:27:36 executing program 4 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:36 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x400000, 0x0) fcntl$setflags(r0, 0x2, 0xc4759b413c15a4f3) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) signalfd4(r1, &(0x7f0000000000)={0xffffffffffffff00}, 0x8, 0x800) r2 = syz_open_dev$binder(&(0x7f0000000240)='/dev/binder#\x00', 0x0, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f00000002c0)={0xb90000, 0xfffffffffffff289, 0x0, [], &(0x7f0000000280)={0x9909c9, 0x9, [], @value64=0x20}}) r3 = openat(r0, &(0x7f00000000c0)='./file0\x00', 0x581800, 0x41) getdents64(r3, &(0x7f0000000100)=""/207, 0xcf) dup3(r1, r2, 0x0) 03:27:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2966.183856][ T6137] FAULT_INJECTION: forcing a failure. [ 2966.183856][ T6137] name failslab, interval 1, probability 0, space 0, times 0 03:27:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2966.235676][ T6137] CPU: 1 PID: 6137 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2966.243619][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2966.253722][ T6137] Call Trace: [ 2966.257126][ T6137] dump_stack+0x172/0x1f0 [ 2966.261506][ T6137] should_fail.cold+0xa/0x15 [ 2966.266128][ T6137] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2966.271982][ T6137] ? __schedule+0x7d3/0x1560 [ 2966.276749][ T6137] __should_failslab+0x121/0x190 03:27:36 executing program 1: sysfs$2(0x2, 0x2, &(0x7f00000000c0)=""/232) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x800, 0x0) write$P9_RSETATTR(r0, &(0x7f00000001c0)={0x7, 0x1b, 0x2}, 0x7) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000200)) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r1, r1, 0x0) [ 2966.281818][ T6137] should_failslab+0x9/0x14 [ 2966.286337][ T6137] kmem_cache_alloc+0x47/0x6f0 [ 2966.291122][ T6137] ? ___might_sleep+0x163/0x280 [ 2966.295994][ T6137] ? mempool_alloc+0x380/0x380 [ 2966.300882][ T6137] mempool_alloc_slab+0x47/0x60 [ 2966.305835][ T6137] mempool_alloc+0x169/0x380 [ 2966.310548][ T6137] ? mempool_destroy+0x40/0x40 [ 2966.315418][ T6137] ? out_of_line_wait_on_bit+0xd8/0x110 [ 2966.320985][ T6137] ? __wait_on_bit+0x170/0x170 [ 2966.325761][ T6137] ? __unlock_page_memcg+0x53/0x100 [ 2966.331138][ T6137] ? find_held_lock+0x35/0x130 [ 2966.336125][ T6137] bio_alloc_bioset+0x3b9/0x680 [ 2966.340995][ T6137] ? bvec_alloc+0x2f0/0x2f0 [ 2966.345623][ T6137] ? kasan_check_read+0x11/0x20 [ 2966.350479][ T6137] submit_bh_wbc+0x133/0x7f0 [ 2966.355071][ T6137] __sync_dirty_buffer+0x111/0x2e0 [ 2966.360373][ T6137] sync_dirty_buffer+0x1b/0x20 [ 2966.365142][ T6137] __ext4_handle_dirty_metadata+0x237/0x570 [ 2966.371062][ T6137] ext4_handle_dirty_dirent_node+0x3ae/0x4c0 [ 2966.377130][ T6137] ? ext4_rename_dir_prepare+0x460/0x460 [ 2966.382875][ T6137] ? memcpy+0x46/0x50 [ 2966.386867][ T6137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2966.393228][ T6137] ? ext4_init_dot_dotdot+0x39c/0x520 [ 2966.398866][ T6137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2966.405138][ T6137] ext4_mkdir+0x6c9/0xdf0 [ 2966.409468][ T6137] ? ext4_init_dot_dotdot+0x520/0x520 [ 2966.414828][ T6137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2966.421242][ T6137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2966.427607][ T6137] ? security_inode_permission+0xcb/0x100 [ 2966.433332][ T6137] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2966.439582][ T6137] ? security_inode_mkdir+0xe4/0x120 [ 2966.444896][ T6137] vfs_mkdir+0x42e/0x670 [ 2966.449173][ T6137] do_mkdirat+0x234/0x2a0 [ 2966.453499][ T6137] ? __ia32_sys_mknod+0xb0/0xb0 [ 2966.458344][ T6137] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2966.463827][ T6137] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2966.469900][ T6137] ? do_syscall_64+0x26/0x680 [ 2966.474619][ T6137] ? lockdep_hardirqs_on+0x418/0x5d0 [ 2966.479957][ T6137] __x64_sys_mkdir+0x5c/0x80 [ 2966.484701][ T6137] do_syscall_64+0xfd/0x680 [ 2966.489235][ T6137] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2966.495135][ T6137] RIP: 0033:0x458937 [ 2966.499044][ T6137] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2966.518667][ T6137] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 2966.527656][ T6137] RAX: ffffffffffffffda RBX: 0000000020000228 RCX: 0000000000458937 [ 2966.535720][ T6137] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 2966.544389][ T6137] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 2966.552383][ T6137] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 2966.560385][ T6137] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:36 executing program 5: bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = accept4$llc(0xffffffffffffff9c, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000040)=0x10, 0x80000) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x4000) socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000140)=@assoc_value, &(0x7f0000000180)=0x8) setsockopt$llc_int(r0, 0x10c, 0xf, &(0x7f0000000080)=0xffffffffffffff7f, 0x4) 03:27:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fcntl$setsig(r2, 0xa, 0x35) fstat(0xffffffffffffffff, 0x0) 03:27:36 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:36 executing program 4 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0, 0x8641}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:37 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r0, r0, 0x80000) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15) 03:27:37 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x40, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, &(0x7f0000000040), 0x1) 03:27:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03@\x00'}}}]}, 0x13c}}, 0x0) 03:27:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000000)) fcntl$notify(r1, 0x402, 0x4) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) fstat(0xffffffffffffffff, 0x0) [ 2967.020333][ T6172] FAULT_INJECTION: forcing a failure. [ 2967.020333][ T6172] name failslab, interval 1, probability 0, space 0, times 0 [ 2967.079431][ T6172] CPU: 0 PID: 6172 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2967.087551][ T6172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2967.098072][ T6172] Call Trace: [ 2967.101393][ T6172] dump_stack+0x172/0x1f0 [ 2967.105759][ T6172] should_fail.cold+0xa/0x15 [ 2967.110400][ T6172] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2967.116234][ T6172] ? ___might_sleep+0x163/0x280 [ 2967.121103][ T6172] __should_failslab+0x121/0x190 [ 2967.126069][ T6172] should_failslab+0x9/0x14 [ 2967.130587][ T6172] __kmalloc_track_caller+0x2d5/0x740 [ 2967.135985][ T6172] ? setup_sigcontext+0x7d0/0x7d0 [ 2967.141026][ T6172] ? __bad_area_nosemaphore+0xb3/0x420 [ 2967.146530][ T6172] ? strndup_user+0x77/0xd0 [ 2967.151053][ T6172] memdup_user+0x26/0xb0 [ 2967.155319][ T6172] strndup_user+0x77/0xd0 [ 2967.159667][ T6172] ksys_mount+0x3c/0x150 [ 2967.163918][ T6172] __x64_sys_mount+0xbe/0x150 [ 2967.168603][ T6172] do_syscall_64+0xfd/0x680 [ 2967.173321][ T6172] entry_SYSCALL_64_after_hwframe+0x49/0xbe 03:27:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2967.179225][ T6172] RIP: 0033:0x45bf6a [ 2967.183137][ T6172] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2967.202743][ T6172] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2967.202758][ T6172] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2967.202766][ T6172] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2967.202774][ T6172] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2967.202781][ T6172] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2967.202789][ T6172] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:37 executing program 4 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) 03:27:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x200000000000000) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000140)={0x400000, @capture={0x1000, 0x1, {0x4, 0x7}, 0x1f, 0x9}}) link(0x0, &(0x7f0000000040)='./file0\x00') fstat(r1, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000000)=0x7, 0x4) 03:27:37 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0xb09a877a093e0205, 0x0) ioctl$TIOCGPTPEER(r0, 0x5441, 0x9) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, 0xffffffffffffffff, 0xfffffffffffffffe) 03:27:37 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {0xffffffffffffffff, 0x8641}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:37 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x80000, 0x0) setsockopt$inet_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000040)={0x9}, 0x4) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) ioctl$sock_FIOSETOWN(r1, 0x8901, &(0x7f00000000c0)=r2) ioctl$VIDIOC_G_PARM(r1, 0xc0cc5615, &(0x7f00000001c0)={0xb, @raw_data="cc367fb8f4f534fbcab930cbd400341104425121eccc1e1a60911c8f113873143a4eadeda9c685a295d88f2226ea2d3572a3b69d5e4770fd1618b32bf9a718ebc8e8749f646f6d91b4a091809f2d96d07a6bfefb1e11fbd63c947ac47301e26a56fdea9eb86fd3b290f1e1213ac5e49c7531fd42244f6de9c070721603a9885e2aea981dd6c1dad98c1dd772a35df40949041546a3e6fdf0e488f1ca842631aaddb75116066406bd40e2cd5f475958ec72dad662101d054968d8fd8a5fa4ca9e2c99bf7b0baeb2c2"}) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0xffffffffffffffc) [ 2967.581703][ T6206] FAULT_INJECTION: forcing a failure. [ 2967.581703][ T6206] name failslab, interval 1, probability 0, space 0, times 0 03:27:37 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) [ 2967.685069][ T6206] CPU: 1 PID: 6206 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2967.693009][ T6206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2967.703082][ T6206] Call Trace: [ 2967.706408][ T6206] dump_stack+0x172/0x1f0 [ 2967.711342][ T6206] should_fail.cold+0xa/0x15 [ 2967.715965][ T6206] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2967.721818][ T6206] ? ___might_sleep+0x163/0x280 [ 2967.726698][ T6206] __should_failslab+0x121/0x190 [ 2967.731850][ T6206] should_failslab+0x9/0x14 [ 2967.736812][ T6206] __kmalloc_track_caller+0x2d5/0x740 [ 2967.742215][ T6206] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2967.748487][ T6206] ? strndup_user+0x77/0xd0 [ 2967.753010][ T6206] memdup_user+0x26/0xb0 [ 2967.757272][ T6206] strndup_user+0x77/0xd0 [ 2967.761604][ T6206] ksys_mount+0x7b/0x150 [ 2967.765934][ T6206] __x64_sys_mount+0xbe/0x150 [ 2967.770631][ T6206] do_syscall_64+0xfd/0x680 [ 2967.775342][ T6206] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2967.781454][ T6206] RIP: 0033:0x45bf6a [ 2967.785366][ T6206] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2967.810161][ T6206] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2967.821691][ T6206] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a 03:27:37 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) 03:27:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x4040, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000000c0)={0xffffffffffffffff}, 0x23004468a69e4a8f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x1, @local, 0x1}, {0xa, 0x4e21, 0x6, @remote, 0x80000000}, r4, 0x1}}, 0x48) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) io_setup(0x7ffffffc, &(0x7f0000000200)) io_setup(0x7, &(0x7f0000000000)) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000001c0)) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2967.829675][ T6206] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2967.837653][ T6206] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2967.845666][ T6206] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2967.853642][ T6206] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:38 executing program 4 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000), 0xffffffffffffff74) 03:27:38 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x2ae, 0xfffffffffffffffd, 0x0, 0x0, 0x80000000000000, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x843a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f00000000c0)) ioctl$VIDIOC_S_AUDOUT(r2, 0x40345632, &(0x7f0000000000)={0x3, "4e73366b304a37b718ec5276c79d9b8c8f0f9cee1522ae9a414947c28700dcec", 0x3, 0x1}) io_uring_register$IORING_UNREGISTER_BUFFERS(r2, 0x1, 0x0, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r2, 0x3) 03:27:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:27:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x1) [ 2968.262768][ T6247] FAULT_INJECTION: forcing a failure. [ 2968.262768][ T6247] name failslab, interval 1, probability 0, space 0, times 0 [ 2968.327517][ T6247] CPU: 0 PID: 6247 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2968.335634][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2968.345707][ T6247] Call Trace: [ 2968.349035][ T6247] dump_stack+0x172/0x1f0 [ 2968.353404][ T6247] should_fail.cold+0xa/0x15 [ 2968.358018][ T6247] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2968.363857][ T6247] ? ___might_sleep+0x163/0x280 [ 2968.368735][ T6247] __should_failslab+0x121/0x190 03:27:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x7, 0x200) ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000040)=0x7f) [ 2968.373700][ T6247] should_failslab+0x9/0x14 [ 2968.378222][ T6247] __kmalloc_track_caller+0x2d5/0x740 [ 2968.383655][ T6247] ? setup_sigcontext+0x7d0/0x7d0 [ 2968.388700][ T6247] ? __bad_area_nosemaphore+0xb3/0x420 [ 2968.394178][ T6247] ? strndup_user+0x77/0xd0 [ 2968.398704][ T6247] memdup_user+0x26/0xb0 [ 2968.398725][ T6247] strndup_user+0x77/0xd0 [ 2968.398748][ T6247] ksys_mount+0x3c/0x150 [ 2968.411578][ T6247] __x64_sys_mount+0xbe/0x150 [ 2968.416272][ T6247] do_syscall_64+0xfd/0x680 [ 2968.416296][ T6247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2968.416309][ T6247] RIP: 0033:0x45bf6a [ 2968.416323][ T6247] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2968.416330][ T6247] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2968.416344][ T6247] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2968.416352][ T6247] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2968.416360][ T6247] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2968.416368][ T6247] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2968.416376][ T6247] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:38 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {0xffffffffffffffff, 0x8641}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:38 executing program 4 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:38 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) r3 = getuid() r4 = getegid() getgroups(0x2, &(0x7f0000000240)=[0x0, 0x0]) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/dlm_plock\x00', 0x10000, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r6, 0xc0585604, &(0x7f0000000580)={0x0, 0x0, {0xceca, 0x0, 0x1016, 0x6, 0x7, 0x5, 0x3, 0x7}}) getresgid(&(0x7f0000000280), &(0x7f00000002c0)=0x0, &(0x7f0000000300)) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/hwrng\x00', 0x8001, 0x0) epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r1, &(0x7f0000000500)={0xc000201e}) stat(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f0000000400)=[0xffffffffffffffff]) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000440)={{}, {}, [{0x2, 0x2, r2}, {0x2, 0x7, r3}], {0x4, 0x4}, [{0x8, 0x0, r4}, {0x8, 0x5, r5}, {0x8, 0x1, r7}, {0x8, 0x6, r9}, {0x8, 0x3, r10}], {0x10, 0x2}, {0x20, 0x2}}, 0x5c, 0x3) r11 = dup3(r0, r1, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r11, 0xc0a85352, &(0x7f00000000c0)={{0x1, 0x9}, 'port1\x00', 0x0, 0x1004, 0x0, 0x6f2b0a5d, 0x0, 0x2, 0xc0, 0x0, 0x1, 0x28d}) 03:27:38 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:27:38 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x3, 0xffffffffffffffff, 0x0) r1 = socket(0x4, 0xa, 0x0) syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0xffffffffffffffc9, @loopback, 0x5927b91e}, @in6={0xa, 0x4e23, 0x35, @loopback, 0x1}], 0x38) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x23e3, 0x9, 0x20, 0x0, 0x0, 0xb564, 0x8000, 0x2, 0x0, 0x9, 0x1, 0x40, 0x2a, 0x4b902c92, 0x8, 0x3f, 0x1, 0x2, 0x4, 0x3, 0x3, 0x8, 0x2, 0x6, 0x101, 0xfffffffeffffffff, 0x9, 0x4, 0x7ff, 0x7, 0x401, 0x3, 0x6, 0x3, 0x1, 0x9, 0x0, 0x3f, 0x3, @perf_bp={&(0x7f0000000040), 0x8}, 0x8844, 0x77, 0x8, 0x9, 0x4, 0xe4, 0xb}, r3, 0x9, r0, 0x2) fstat(0xffffffffffffffff, 0x0) 03:27:38 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x3, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="807a86a415a4dbbd2afdcfa400a8", 0xe, 0xfffffffffffffff9) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f00000000c0)={r0, 0x25, 0xac}, 0x0, &(0x7f0000000380)="d7fbef80bb9c69580816b5b5209b162f6eab53c36190fb692c70172687ca2b6da1baa264bb", &(0x7f0000000200)=""/172) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20ncci\x00', 0x2002, 0x0) getpeername$inet6(r1, &(0x7f0000000300), &(0x7f0000000340)=0x1c) [ 2968.737632][ T6272] FAULT_INJECTION: forcing a failure. [ 2968.737632][ T6272] name failslab, interval 1, probability 0, space 0, times 0 [ 2968.755721][ T6272] CPU: 1 PID: 6272 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2968.763657][ T6272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2968.773737][ T6272] Call Trace: [ 2968.777061][ T6272] dump_stack+0x172/0x1f0 [ 2968.781423][ T6272] should_fail.cold+0xa/0x15 [ 2968.786043][ T6272] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2968.791880][ T6272] ? ___might_sleep+0x163/0x280 [ 2968.796794][ T6272] __should_failslab+0x121/0x190 [ 2968.801753][ T6272] should_failslab+0x9/0x14 [ 2968.806274][ T6272] __kmalloc_track_caller+0x2d5/0x740 [ 2968.811669][ T6272] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2968.817931][ T6272] ? strndup_user+0x77/0xd0 [ 2968.822467][ T6272] memdup_user+0x26/0xb0 [ 2968.828232][ T6272] strndup_user+0x77/0xd0 [ 2968.832621][ T6272] ksys_mount+0x7b/0x150 [ 2968.836892][ T6272] __x64_sys_mount+0xbe/0x150 [ 2968.841587][ T6272] do_syscall_64+0xfd/0x680 [ 2968.846107][ T6272] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2968.852016][ T6272] RIP: 0033:0x45bf6a [ 2968.855927][ T6272] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2968.875573][ T6272] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2968.884011][ T6272] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2968.892968][ T6272] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2968.900962][ T6272] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2968.908954][ T6272] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2968.916943][ T6272] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:27:39 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup(r0) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f00000000c0)=""/237) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)=0x0) sched_rr_get_interval(r3, &(0x7f00000001c0)) dup3(r0, r1, 0x0) 03:27:39 executing program 4 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000000)={0xc5b, 0x200, 0x0, 0x0, 0x0, 0x9, 0x3, 0xfffffffffffffffc, 0x0}, &(0x7f0000000040)=0x20) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f0000000080)={r3, 0xc6, "1f9d99c54e064144ad3bf84b1f465bc4545c519de8d9a2ea52330bf876f57530bc1fff3df6b8e804ff655a141168826192f99201bfaecbb10b2b091ae2415d578ffe9b010cccced7d5284474ed391e0bd0047ace75908b9eef0676387f2043db30029e3d0f7774c499b47b94d5e509c876fe4aa988c210899baaba2a1bd37cfbaf6991153bd132cc32bcad5a7b9be57c6fb3b6af1795302510c8ccde798814c4de27393f5c3ff3852b24c86813f653967eedc24f360aaf646b578c0f6e7b86cfc324c0c1ed3a"}, &(0x7f0000000180)=0xce) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:39 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x2ea7ad37be6e2609) write$UHID_INPUT2(r0, &(0x7f0000000040)={0xc, 0x48, "ab4cc69f78701d587ddfe89c7faacef68db41ca821739848f6567663cfb452311fcf723e6235d3bdb1b6c926785e4df380005609941417dd1a91aaf1e6a21f42285270ea58d77f1a"}, 0x4e) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2969.285907][ T6311] FAULT_INJECTION: forcing a failure. [ 2969.285907][ T6311] name failslab, interval 1, probability 0, space 0, times 0 [ 2969.332566][ T6311] CPU: 1 PID: 6311 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2969.340544][ T6311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2969.350674][ T6311] Call Trace: [ 2969.353993][ T6311] dump_stack+0x172/0x1f0 [ 2969.358348][ T6311] should_fail.cold+0xa/0x15 [ 2969.362954][ T6311] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2969.368940][ T6311] ? ___might_sleep+0x163/0x280 [ 2969.373800][ T6311] __should_failslab+0x121/0x190 [ 2969.378737][ T6311] should_failslab+0x9/0x14 [ 2969.383241][ T6311] __kmalloc_track_caller+0x2d5/0x740 [ 2969.388621][ T6311] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2969.394865][ T6311] ? strndup_user+0x77/0xd0 [ 2969.399372][ T6311] memdup_user+0x26/0xb0 [ 2969.403623][ T6311] strndup_user+0x77/0xd0 [ 2969.407954][ T6311] ksys_mount+0x7b/0x150 [ 2969.412196][ T6311] __x64_sys_mount+0xbe/0x150 [ 2969.416876][ T6311] do_syscall_64+0xfd/0x680 [ 2969.421381][ T6311] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2969.427273][ T6311] RIP: 0033:0x45bf6a [ 2969.431170][ T6311] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2969.450968][ T6311] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2969.459391][ T6311] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2969.465771][ C0] net_ratelimit: 24 callbacks suppressed [ 2969.465781][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2969.467497][ T6311] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2969.473226][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2969.478875][ T6311] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2969.478884][ T6311] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2969.478891][ T6311] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2969.517324][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2969.523142][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) 03:27:39 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {0xffffffffffffffff, 0x8641}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:39 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000400)='/dev/dsp#\x00', 0x2000000000006, 0x600080) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000300)={{0xffffffffffffffff, 0x0, 0x1, 0x1, 0x1c}, 0x1, 0x3}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r3 = dup3(r1, r2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r3, 0x0, 0xd, &(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff}, 0x30) munlockall() ioctl$CAPI_GET_FLAGS(r0, 0x80044323, &(0x7f0000000380)) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000180)={{0x7, 0x5, 0x5, 0x10000, 'syz1\x00', 0x2}, 0x5, 0x42, 0x9, r4, 0x6, 0x7, 'syz0\x00', &(0x7f0000000100)=['/dev/binder#\x00', '%securitysecurity\x00', 'h$*eth0-\x87!(\x00', '/dev/binder#\x00', '\x00', '/dev/binder#\x00'], 0x46, [], [0x1a, 0x9, 0x6e9b, 0x7]}) [ 2969.529016][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2969.534782][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:39 executing program 5: unshare(0x600) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8020001) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080), 0x0) prctl$PR_SET_KEEPCAPS(0x8, 0x0) 03:27:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:39 executing program 4 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:39 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:27:39 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = socket$inet(0x2, 0x4, 0x1) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000000)={{{@in6=@local, @in=@broadcast}}, {{@in6=@loopback}}}, &(0x7f00000001c0)=0xe8) 03:27:39 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) dup3(r0, r1, 0x0) [ 2969.942414][ T6344] FAULT_INJECTION: forcing a failure. [ 2969.942414][ T6344] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2969.955659][ T6344] CPU: 1 PID: 6344 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2969.963566][ T6344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2969.973633][ T6344] Call Trace: [ 2969.976952][ T6344] dump_stack+0x172/0x1f0 [ 2969.981317][ T6344] should_fail.cold+0xa/0x15 [ 2969.985929][ T6344] ? mark_held_locks+0xf0/0xf0 [ 2969.990712][ T6344] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2969.996632][ T6344] ? mark_held_locks+0xf0/0xf0 [ 2970.001771][ T6344] should_fail_alloc_page+0x50/0x60 [ 2970.006991][ T6344] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2970.012395][ T6344] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2970.018042][ T6344] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2970.023801][ T6344] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2970.029449][ T6344] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2970.036071][ T6344] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2970.042367][ T6344] cache_grow_begin+0x9d/0x650 [ 2970.047157][ T6344] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2970.053419][ T6344] kmem_cache_alloc_trace+0x67c/0x750 [ 2970.058822][ T6344] copy_mount_options+0x5c/0x3a0 [ 2970.063866][ T6344] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2970.070129][ T6344] ksys_mount+0xa7/0x150 [ 2970.074400][ T6344] __x64_sys_mount+0xbe/0x150 [ 2970.079094][ T6344] do_syscall_64+0xfd/0x680 [ 2970.083619][ T6344] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2970.089954][ T6344] RIP: 0033:0x45bf6a [ 2970.093844][ T6344] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2970.113451][ T6344] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2970.121943][ T6344] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2970.130041][ T6344] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 03:27:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) [ 2970.138033][ T6344] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2970.146041][ T6344] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2970.154037][ T6344] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2970.185623][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2970.191548][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2970.195882][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2970.203067][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:40 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) socket$pptp(0x18, 0x1, 0x2) lookup_dcookie(0x3, &(0x7f0000000140)=""/7, 0x7) r4 = fcntl$dupfd(r0, 0x406, r2) r5 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x40000) ioctl$UI_END_FF_ERASE(r4, 0x400c55cb, &(0x7f00000000c0)={0x9, 0x10001, 0x80000000}) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000040)={'veth0_to_bridge\x00', 0xe6c6}) ioctl$RTC_PLL_GET(r5, 0x80207011, &(0x7f0000000100)) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000080)={0x262e5012}, 0x4) 03:27:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:27:40 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x400000000800) dup3(r0, r1, 0x0) 03:27:40 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:40 executing program 4 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20c) r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000200)={0x12, 0x10, 0xfa00, {&(0x7f0000000040), r1, r2}}, 0x18) 03:27:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) 03:27:40 executing program 2: r0 = syz_open_dev$adsp(&(0x7f0000000180)='/dev/adsp#\x00', 0x4, 0x800) accept4$inet6(r0, 0x0, &(0x7f00000001c0), 0x80000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000440)={0x0, @capture={0x1000, 0x1, {0x1, 0x7}, 0x4, 0x3}}) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000000)=0x100000001, 0x4) r4 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_GET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100021}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x18, r4, 0x400, 0x70bd27, 0x25dfdbff, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x80) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:40 executing program 1: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x5, 0x1) accept4$bt_l2cap(r0, &(0x7f00000001c0), &(0x7f0000000200)=0x38b, 0x80000) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0x1, 0x2) sendmsg$alg(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000240)="a081f84edb146d13f13ce350bad9040279add3fde93286d6712e03f52d71f0fe7a8f512ec5eebb4d21296500d8374fcf54181040c8ef600dad96cccf37d082f5b34dd53be2d7f6ea602051a61f54deeb0f941a42a7e818f3fa566e1ec8912df889680c510ab285523c51291948ec322e60bdb3f5cc03842b9e199d740c51b46ba625187772b2f9579ff1f3ca6b583f97732b285d042814f9d032a2118bbae23aa79dd130c7b9", 0xa6}, {&(0x7f00000000c0)="496fb822cc1ab0d7e6e08cb0d646a0bcfcafec399d74d1921e1546ffebac0e00faa8a683c533ef68a587c501656e50d1b591d05c", 0x34}, {&(0x7f0000000140)="021d60256fd26071aae9cdbefe79deab6862648f9a1a4ac51501a1", 0x1b}, {&(0x7f0000000300)="49c950cef59804e3ac4bf7e3023bfe18f13a0299679744629bf89db6083a46a7a3bf064d2f74dd8498cc294ca6e744b746d8cc2c45bc4c1a964ae59a6b250d7cc6d3458cd85828499b51617a1c5b5e843c0cfb7be66ae7743164db9fe5c506abf2b55d0c28f85b5b9d5d271f11b16befd6c0d1ef4638b2f8c0cea5ee4cc11361db694b7427a4400cce99128e1e9e9876d684ddd6ff31c9a395fc7783", 0x9c}, {&(0x7f00000003c0)="229c9e6896b43091092eee5a88faab3fac444d4ae20f96cd1aeea902bf6ff46fb205be38a9330e685bf8cdc2df11c76cc0dcb8ac55a4b66102521c0629d5258f8a5bfd93c62f9ae83236098b793feb2639d77b2b467fe9ec5d8b06528d1a9674f4de297b95c96a751a8ce8b551e99f07c317198ebd00dae488617862b5949434c3fd6f7007a16463833f6b3f823fd8b1c30d407ffac9359442a7d25f0e6bbee043893d1294f234ba01713b6258f9935a9c0bc208b280dc38b31d2cbf72b186c0fb", 0xc1}, {&(0x7f00000004c0)="f3c9c17e558722a0bfefa09e0bad6c63300a112ae1310e8c2a153e235ced5150221d0c276e46e2f70bee24f963302f825cb5ef93a11a7c30de5d566f1a6c89d2b212e108bf8df61dc82978bf9f0dac3383d85b18a9fd2944c8a6c23d6ca4cdb657331949526c2bfb2bd8b7e1a2e0667ceb9f0011ec8796e760541e18202b83ddc4cd17685b59f10df9f3407dce22", 0x8e}], 0x6, 0x0, 0x0, 0x4040040}, 0x4014) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r3, r1, 0x0) [ 2970.714936][ T6384] FAULT_INJECTION: forcing a failure. [ 2970.714936][ T6384] name failslab, interval 1, probability 0, space 0, times 0 03:27:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:27:40 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x200002, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x80000, 0x0) syz_open_dev$audion(&(0x7f0000000340)='/dev/audio#\x00', 0x7f, 0x40) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={r0, r1, 0x5}, 0x10) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f00000002c0)={0x0, 0x0, {0x9, 0x29, 0x200c, 0x8, 0x5, 0x7, 0x1, 0x3}}) clone(0x20000000, &(0x7f00000001c0)="fbfba181c0bc41d651f7e72c8b5e86bf9e349521ee64bb4eed038ddbe4bb44a913fbb7897af2ee5a435e8e5e100c6c1a6331016e7232f39b9fd276e6656ce676148aad454cef6375ec8084b5c645382def9266c3e25500ef", &(0x7f00000000c0), &(0x7f0000000240), &(0x7f0000000280)="208bab5d80c3c2da22e6b215e4b8a3cd964c57fa89e198c7be7a5aada805") [ 2970.829104][ T6384] CPU: 1 PID: 6384 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2970.837054][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2970.847308][ T6384] Call Trace: [ 2970.850636][ T6384] dump_stack+0x172/0x1f0 [ 2970.854993][ T6384] should_fail.cold+0xa/0x15 [ 2970.859879][ T6384] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2970.865747][ T6384] ? ___might_sleep+0x163/0x280 [ 2970.870638][ T6384] __should_failslab+0x121/0x190 [ 2970.875644][ T6384] should_failslab+0x9/0x14 [ 2970.880166][ T6384] __kmalloc+0x2d9/0x740 [ 2970.884435][ T6384] ? save_stack+0x5c/0x90 [ 2970.888800][ T6384] ? save_stack+0x23/0x90 [ 2970.893246][ T6384] ? tomoyo_encode2.part.0+0xf5/0x400 [ 2970.898621][ T6384] tomoyo_encode2.part.0+0xf5/0x400 [ 2970.904266][ T6384] ? do_syscall_64+0xfd/0x680 [ 2970.908965][ T6384] tomoyo_encode+0x2b/0x50 [ 2970.913392][ T6384] tomoyo_mount_acl+0xe0/0x840 [ 2970.918180][ T6384] ? kasan_check_write+0x14/0x20 [ 2970.923137][ T6384] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2970.928716][ T6384] ? lock_downgrade+0x880/0x880 [ 2970.933591][ T6384] ? mark_held_locks+0xf0/0xf0 [ 2970.938378][ T6384] ? lock_acquire+0x16f/0x3f0 [ 2970.943047][ T6384] ? tomoyo_mount_permission+0x10a/0x410 [ 2970.948673][ T6384] tomoyo_mount_permission+0x16a/0x410 [ 2970.954127][ T6384] ? tomoyo_mount_permission+0x10a/0x410 [ 2970.960408][ T6384] ? tomoyo_mount_acl+0x840/0x840 [ 2970.965431][ T6384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2970.971669][ T6384] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2970.977900][ T6384] ? strncpy_from_user+0x2ac/0x380 [ 2970.983049][ T6384] tomoyo_sb_mount+0x35/0x40 [ 2970.987652][ T6384] security_sb_mount+0x87/0xd0 [ 2970.992422][ T6384] do_mount+0x1d4/0x1c00 [ 2970.996655][ T6384] ? copy_mount_options+0x5c/0x3a0 [ 2971.001765][ T6384] ? copy_mount_string+0x40/0x40 [ 2971.006719][ T6384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2971.012970][ T6384] ? copy_mount_options+0x280/0x3a0 [ 2971.018188][ T6384] ksys_mount+0xdb/0x150 [ 2971.022438][ T6384] __x64_sys_mount+0xbe/0x150 [ 2971.027111][ T6384] do_syscall_64+0xfd/0x680 [ 2971.031606][ T6384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2971.037487][ T6384] RIP: 0033:0x45bf6a [ 2971.041402][ T6384] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2971.061107][ T6384] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2971.069564][ T6384] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2971.077571][ T6384] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2971.085586][ T6384] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2971.093684][ T6384] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2971.101658][ T6384] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:41 executing program 4 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) sendto$x25(r1, &(0x7f0000000000)="15235bf909393fbda2eb4ca365ddc6980baeade7f5283063bca86ef0629989bbebacc4a3402710e1b1432391ea49552585bd59a54ce9d5bdf9f16f5ebba1", 0x3e, 0x10, 0x0, 0x0) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) 03:27:41 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0x800) dup3(r0, r1, 0x0) [ 2971.420536][ T6415] FAULT_INJECTION: forcing a failure. [ 2971.420536][ T6415] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2971.433994][ T6415] CPU: 1 PID: 6415 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2971.441908][ T6415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2971.452016][ T6415] Call Trace: [ 2971.455512][ T6415] dump_stack+0x172/0x1f0 [ 2971.459888][ T6415] should_fail.cold+0xa/0x15 [ 2971.464512][ T6415] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2971.470359][ T6415] ? mark_held_locks+0xf0/0xf0 [ 2971.475159][ T6415] should_fail_alloc_page+0x50/0x60 [ 2971.480378][ T6415] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2971.485765][ T6415] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2971.491875][ T6415] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2971.497641][ T6415] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2971.503292][ T6415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2971.509583][ T6415] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2971.515426][ T6415] cache_grow_begin+0x9d/0x650 [ 2971.520215][ T6415] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2971.526477][ T6415] kmem_cache_alloc+0x62a/0x6f0 [ 2971.531358][ T6415] getname_flags+0xd6/0x5b0 [ 2971.535994][ T6415] user_path_at_empty+0x2f/0x50 [ 2971.540852][ T6415] do_mount+0x150/0x1c00 [ 2971.545100][ T6415] ? copy_mount_options+0x5c/0x3a0 [ 2971.550238][ T6415] ? copy_mount_string+0x40/0x40 [ 2971.555199][ T6415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2971.561484][ T6415] ? copy_mount_options+0x280/0x3a0 [ 2971.566718][ T6415] ksys_mount+0xdb/0x150 [ 2971.570971][ T6415] __x64_sys_mount+0xbe/0x150 [ 2971.575669][ T6415] do_syscall_64+0xfd/0x680 [ 2971.580185][ T6415] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2971.586087][ T6415] RIP: 0033:0x45bf6a [ 2971.590011][ T6415] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2971.609634][ T6415] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2971.618064][ T6415] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2971.626058][ T6415] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2971.634042][ T6415] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2971.642125][ T6415] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2971.650116][ T6415] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:41 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:41 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x900, 0x70bd27, 0x25dfdbfb, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8811}, 0x40000) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:27:41 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000000c0)={0x0, @speck128, 0x1, "873c04ef3e2fa366"}) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) dup3(r0, r0, 0x80000) 03:27:41 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:27:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x400) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:42 executing program 4 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) 03:27:42 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)=0x3ffe, 0xfffffffffffffea3) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x200, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000080)={0x1, 0x8, [@random="9178105ecc19", @random="bcd9bc4d6b9b", @local, @broadcast, @random="590ce0f99fde", @empty, @dev={[], 0x12}, @random="9c9bd5dcd7e9"]}) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000040)=0x1) [ 2972.193146][ T6454] FAULT_INJECTION: forcing a failure. [ 2972.193146][ T6454] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2972.206422][ T6454] CPU: 1 PID: 6454 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2972.214328][ T6454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2972.224432][ T6454] Call Trace: [ 2972.227758][ T6454] dump_stack+0x172/0x1f0 [ 2972.232112][ T6454] should_fail.cold+0xa/0x15 [ 2972.236727][ T6454] ? tomoyo_mount_acl+0xe0/0x840 03:27:42 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000000), &(0x7f00000000c0)=0x4) 03:27:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x50) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r3, 0xc0505350, &(0x7f00000000c0)={{0x967}, {0x28e, 0x6dd}, 0x11, 0x4, 0x20000000001}) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2972.241713][ T6454] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2972.247561][ T6454] ? do_syscall_64+0xfd/0x680 [ 2972.252248][ T6454] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2972.258930][ T6454] ? kasan_check_read+0x11/0x20 [ 2972.263796][ T6454] should_fail_alloc_page+0x50/0x60 [ 2972.269098][ T6454] __alloc_pages_nodemask+0x1a1/0x8d0 [ 2972.274504][ T6454] ? kernel_text_address+0x73/0xf0 [ 2972.286833][ T6454] ? __alloc_pages_slowpath+0x28f0/0x28f0 [ 2972.293099][ T6454] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2972.298912][ T6454] cache_grow_begin+0x9d/0x650 [ 2972.303678][ T6454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2972.309944][ T6454] __kmalloc+0x67c/0x740 [ 2972.314206][ T6454] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2972.319968][ T6454] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2972.325547][ T6454] tomoyo_mount_acl+0x149/0x840 [ 2972.330421][ T6454] ? kasan_check_write+0x14/0x20 [ 2972.335378][ T6454] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2972.340955][ T6454] ? lock_downgrade+0x880/0x880 [ 2972.345828][ T6454] ? mark_held_locks+0xf0/0xf0 [ 2972.350636][ T6454] ? lock_acquire+0x16f/0x3f0 [ 2972.355354][ T6454] ? tomoyo_mount_permission+0x10a/0x410 [ 2972.361020][ T6454] tomoyo_mount_permission+0x16a/0x410 [ 2972.366495][ T6454] ? tomoyo_mount_permission+0x10a/0x410 [ 2972.372134][ T6454] ? tomoyo_mount_acl+0x840/0x840 [ 2972.377189][ T6454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2972.383490][ T6454] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2972.389771][ T6454] ? strncpy_from_user+0x2ac/0x380 [ 2972.395245][ T6454] tomoyo_sb_mount+0x35/0x40 [ 2972.399835][ T6454] security_sb_mount+0x87/0xd0 [ 2972.404616][ T6454] do_mount+0x1d4/0x1c00 [ 2972.408868][ T6454] ? copy_mount_string+0x40/0x40 [ 2972.413911][ T6454] ? copy_mount_options+0x1d9/0x3a0 [ 2972.419116][ T6454] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2972.425354][ T6454] ? copy_mount_options+0x280/0x3a0 [ 2972.430734][ T6454] ksys_mount+0xdb/0x150 [ 2972.435124][ T6454] __x64_sys_mount+0xbe/0x150 [ 2972.439811][ T6454] do_syscall_64+0xfd/0x680 [ 2972.444313][ T6454] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2972.450210][ T6454] RIP: 0033:0x45bf6a [ 2972.454147][ T6454] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2972.473762][ T6454] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2972.482186][ T6454] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2972.490181][ T6454] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2972.498173][ T6454] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2972.506144][ T6454] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2972.514134][ T6454] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) 03:27:42 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}, {r0}], 0x2, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:42 executing program 4 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:42 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) r1 = syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x2, 0x4000) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) syz_init_net_socket$netrom(0x6, 0x5, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:42 executing program 1: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x3, 0x2) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000100)) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040563d, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x1, {0xf688, 0x0, 0x74e, 0x1da9}}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r1, r2, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f00000000c0), &(0x7f0000000140)=0x4) 03:27:42 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) [ 2972.929234][ T6484] FAULT_INJECTION: forcing a failure. [ 2972.929234][ T6484] name failslab, interval 1, probability 0, space 0, times 0 [ 2972.975894][ T6484] CPU: 0 PID: 6484 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2972.983846][ T6484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2972.993933][ T6484] Call Trace: [ 2972.997255][ T6484] dump_stack+0x172/0x1f0 [ 2973.001626][ T6484] should_fail.cold+0xa/0x15 [ 2973.006234][ T6484] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2973.012067][ T6484] ? ___might_sleep+0x163/0x280 [ 2973.016933][ T6484] __should_failslab+0x121/0x190 [ 2973.021891][ T6484] should_failslab+0x9/0x14 [ 2973.026407][ T6484] kmem_cache_alloc+0x2af/0x6f0 [ 2973.031281][ T6484] ? kasan_check_write+0x14/0x20 [ 2973.036271][ T6484] getname_kernel+0x53/0x370 [ 2973.040878][ T6484] kern_path+0x20/0x40 [ 2973.044963][ T6484] tomoyo_mount_acl+0x28c/0x840 [ 2973.049843][ T6484] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2973.055415][ T6484] ? lock_downgrade+0x880/0x880 [ 2973.060309][ T6484] ? mark_held_locks+0xf0/0xf0 [ 2973.065114][ T6484] ? lock_acquire+0x16f/0x3f0 [ 2973.069802][ T6484] ? tomoyo_mount_permission+0x10a/0x410 [ 2973.075462][ T6484] tomoyo_mount_permission+0x16a/0x410 [ 2973.080956][ T6484] ? tomoyo_mount_permission+0x10a/0x410 [ 2973.086601][ T6484] ? tomoyo_mount_acl+0x840/0x840 [ 2973.091641][ T6484] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2973.097903][ T6484] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2973.104170][ T6484] ? strncpy_from_user+0x2ac/0x380 [ 2973.109296][ T6484] tomoyo_sb_mount+0x35/0x40 [ 2973.113909][ T6484] security_sb_mount+0x87/0xd0 [ 2973.118687][ T6484] do_mount+0x1d4/0x1c00 [ 2973.122941][ T6484] ? copy_mount_options+0x5c/0x3a0 [ 2973.128078][ T6484] ? copy_mount_string+0x40/0x40 [ 2973.133035][ T6484] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2973.139297][ T6484] ? _copy_from_user+0xdd/0x150 [ 2973.144179][ T6484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2973.150436][ T6484] ? copy_mount_options+0x280/0x3a0 [ 2973.155653][ T6484] ksys_mount+0xdb/0x150 [ 2973.159916][ T6484] __x64_sys_mount+0xbe/0x150 [ 2973.164621][ T6484] do_syscall_64+0xfd/0x680 [ 2973.169154][ T6484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2973.175074][ T6484] RIP: 0033:0x45bf6a [ 2973.178992][ T6484] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2973.198691][ T6484] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2973.207126][ T6484] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2973.215128][ T6484] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 03:27:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) 03:27:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) 03:27:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000000)={0x0, 0x44, "424fbc47b5d64592cdabb96289f22fdb19e36630b3b38dcbd9f653e3df27914394d67b27439ce403dfc79dd93e091e97d9aa9cb1473189f8c53853940c5d815266061531"}, &(0x7f0000000080)=0x4c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r3, @in={{0x2, 0x4e22, @empty}}, 0x5, 0x785, 0x2, 0xa000000}, 0x98) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2973.223284][ T6484] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2973.223301][ T6484] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2973.239253][ T6484] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:43 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000), 0x36a) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x121000, 0x0) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000080)={0x30, 0x5, 0x0, {0x0, 0x4, 0x8, 0xfffffffffffffff9}}, 0x30) 03:27:43 executing program 4 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9e\x00'}}}]}, 0x13c}}, 0x0) 03:27:43 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fstat(r0, &(0x7f00000000c0)) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$CAPI_GET_ERRCODE(r2, 0x80024321, &(0x7f0000000140)) dup3(r1, r1, 0x0) [ 2973.588012][ T6523] FAULT_INJECTION: forcing a failure. [ 2973.588012][ T6523] name failslab, interval 1, probability 0, space 0, times 0 [ 2973.645179][ T6523] CPU: 1 PID: 6523 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2973.653159][ T6523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2973.663325][ T6523] Call Trace: [ 2973.666649][ T6523] dump_stack+0x172/0x1f0 [ 2973.671870][ T6523] should_fail.cold+0xa/0x15 [ 2973.676488][ T6523] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2973.682344][ T6523] ? ___might_sleep+0x163/0x280 [ 2973.687235][ T6523] __should_failslab+0x121/0x190 03:27:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x8641}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x80000, 0x0) ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000000040)=[0x81]) fstat(0xffffffffffffffff, 0x0) 03:27:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) [ 2973.692205][ T6523] should_failslab+0x9/0x14 [ 2973.696719][ T6523] __kmalloc+0x2d9/0x740 [ 2973.701073][ T6523] ? tomoyo_realpath_from_path+0xc0/0x7a0 [ 2973.706814][ T6523] ? rcu_read_lock_sched_held+0x110/0x130 [ 2973.712654][ T6523] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2973.718398][ T6523] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2973.723968][ T6523] tomoyo_mount_acl+0x2cc/0x840 [ 2973.728869][ T6523] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 2973.734455][ T6523] ? lock_downgrade+0x880/0x880 [ 2973.739311][ T6523] ? mark_held_locks+0xf0/0xf0 [ 2973.744081][ T6523] ? lock_acquire+0x16f/0x3f0 [ 2973.748754][ T6523] ? tomoyo_mount_permission+0x10a/0x410 [ 2973.754430][ T6523] tomoyo_mount_permission+0x16a/0x410 [ 2973.759906][ T6523] ? tomoyo_mount_permission+0x10a/0x410 [ 2973.765548][ T6523] ? tomoyo_mount_acl+0x840/0x840 [ 2973.770590][ T6523] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2973.776862][ T6523] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2973.783101][ T6523] ? strncpy_from_user+0x2ac/0x380 [ 2973.788239][ T6523] tomoyo_sb_mount+0x35/0x40 [ 2973.792854][ T6523] security_sb_mount+0x87/0xd0 [ 2973.797621][ T6523] do_mount+0x1d4/0x1c00 [ 2973.801870][ T6523] ? retint_kernel+0x2b/0x2b [ 2973.806834][ T6523] ? copy_mount_string+0x40/0x40 [ 2973.811801][ T6523] ? __sanitizer_cov_trace_const_cmp4+0x20/0x20 [ 2973.818035][ T6523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2973.824271][ T6523] ? copy_mount_options+0x280/0x3a0 [ 2973.829478][ T6523] ksys_mount+0xdb/0x150 [ 2973.833727][ T6523] __x64_sys_mount+0xbe/0x150 [ 2973.838428][ T6523] do_syscall_64+0xfd/0x680 [ 2973.842982][ T6523] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2973.848893][ T6523] RIP: 0033:0x45bf6a [ 2973.852787][ T6523] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2973.872507][ T6523] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2973.881094][ T6523] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a 03:27:43 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x200, 0x0) accept4$unix(r0, &(0x7f0000000080)=@abs, &(0x7f00000001c0)=0x6e, 0x800) setsockopt$rose(r0, 0x104, 0x5, &(0x7f0000000040)=0x5, 0x4) inotify_add_watch(r0, &(0x7f0000000200)='./file0\x00', 0x40) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:43 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x800) dup3(r0, r0, 0x0) [ 2973.889090][ T6523] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2973.897074][ T6523] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2973.905042][ T6523] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2973.913187][ T6523] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2973.962039][ T6523] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:44 executing program 4 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:44 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x8641}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) r3 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x40) r4 = fcntl$getown(r2, 0x9) write$P9_RGETLOCK(r3, &(0x7f0000000140)=ANY=[@ANYBLOB="280000003702000209000000000000000100008000000000", @ANYRES32=r4, @ANYBLOB="0a00419ac4bc58af626423009a72e1c57b0df28c91130f3f3402db8c6cee3412f4ffb80b196aceb203f5a496640bd5f6d822a92badbb88cb06a782591441cb1f42d31a1e6739871dbf59cce33549f177902ec1d7706200b477649516966f1552636ef2879245252f5ca50fae19fe8088a32887edbc3dcad00de9edf9fd3cf92ca982f6da027c521797265ba90fb295e3727ed97100c9ff0313ecb52cccb81d43e5007809234c4c0b447ff8"], 0x28) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000080)={0x1a2f, 0x4}) 03:27:44 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x10000, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000280)={0x0, 0xb7, "0d149542dc97cebc65bd57769758d0cfc9cafe437b755dd171dd7c1444cb0f9c1106cdf4c2c15c0abb987f88aebac4858f02507855b20206168d152b6282489ecc06ce256dcd26524ac7251327cf03ccf8c5a8e423556224d2e21749e07197f0f5981e929ec0a584d06d26bbb04b2603369e02bb23c06475a55df9b4cbe1d764e02bcebdcf2ddd8f523a362e2ab18b7247be72fc199e3420362073b4252eff09133c72c0f7d2906b6a739b5873acee35feaae5dc9eb69c"}, &(0x7f00000001c0)=0xbf) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000340)={r2, 0x21, "baeb6e0686d84941aa0369c3421ec660b88c07a359e21277452e750d84687b4f04"}, &(0x7f0000000380)=0x29) r3 = accept$alg(r0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x3000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x4000, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ubi_ctrl\x00', 0x0, 0x0) r5 = perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x50d, 0x0, 0x0, 0x7a, 0x0, 0x0, 0x80000000000000, 0x1, 0x0, 0x0, 0x145e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x7fff, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, r4, 0x0) r6 = fcntl$dupfd(r4, 0x0, r5) connect$llc(r6, &(0x7f0000000000)={0x1a, 0x108, 0xfffffffffffffff9, 0x80000000, 0x6, 0x7f, @dev={[], 0x17}}, 0x10) r7 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r8 = dup3(r5, r7, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r8, 0x84, 0x21, &(0x7f0000000040)=0x40, 0x4) 03:27:44 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) socket$inet_udp(0x2, 0x2, 0x0) [ 2974.308535][ T6555] FAULT_INJECTION: forcing a failure. [ 2974.308535][ T6555] name failslab, interval 1, probability 0, space 0, times 0 [ 2974.398741][ T6555] CPU: 0 PID: 6555 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2974.406691][ T6555] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2974.416850][ T6555] Call Trace: [ 2974.420164][ T6555] dump_stack+0x172/0x1f0 [ 2974.424556][ T6555] should_fail.cold+0xa/0x15 [ 2974.429181][ T6555] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2974.435008][ T6555] ? ___might_sleep+0x163/0x280 [ 2974.439977][ T6555] __should_failslab+0x121/0x190 [ 2974.439996][ T6555] should_failslab+0x9/0x14 [ 2974.440008][ T6555] kmem_cache_alloc_trace+0x2ce/0x750 [ 2974.440032][ T6555] alloc_fs_context+0x5a/0x690 [ 2974.440059][ T6555] fs_context_for_mount+0x25/0x30 [ 2974.440080][ T6555] do_mount+0x132d/0x1c00 [ 2974.469179][ T6555] ? copy_mount_string+0x40/0x40 [ 2974.474235][ T6555] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2974.480489][ T6555] ? copy_mount_options+0x280/0x3a0 [ 2974.485705][ T6555] ksys_mount+0xdb/0x150 [ 2974.489974][ T6555] __x64_sys_mount+0xbe/0x150 [ 2974.494673][ T6555] do_syscall_64+0xfd/0x680 [ 2974.499197][ T6555] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2974.505097][ T6555] RIP: 0033:0x45bf6a [ 2974.509003][ T6555] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2974.528631][ T6555] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2974.537087][ T6555] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2974.545097][ T6555] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2974.553187][ T6555] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2974.561177][ T6555] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2974.569166][ T6555] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2974.586139][ C1] net_ratelimit: 22 callbacks suppressed [ 2974.586149][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:27:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\x00'}}}]}, 0x13c}}, 0x0) [ 2974.597835][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2974.603715][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2974.609582][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:44 executing program 1: r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94f, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000280)='/dev/audio#\x00', 0xffffffffffff470f, 0x101200) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080)={0x4, 0xffffffff, 0x4, 0x100000000, 0x2, 0x1, 0x1, 0x200, 0x0}, &(0x7f0000000180)=0x20) ioctl$CAPI_GET_MANUFACTURER(r2, 0xc0044306, &(0x7f0000000200)=0x333b) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f00000001c0)={r3, 0x7, 0x8}, 0x8) r4 = dup3(r0, r1, 0x0) fsconfig$FSCONFIG_SET_PATH(r4, 0x3, &(0x7f0000000000)='/dev/binder#\x00', &(0x7f00000000c0)='./file0\x00', r4) 03:27:44 executing program 4 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x40040, 0x0) ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000200)={0x9, 0x1, 0x1, 0x37, &(0x7f0000000100)=""/55, 0x1000, &(0x7f0000000440)=""/4096, 0xa2, &(0x7f0000000140)=""/162}) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x2, 0x0) ioctl$SG_SET_TIMEOUT(r4, 0x2201, &(0x7f0000000080)=0x4) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) accept4$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @reserved}, 0x10, 0x800) fstat(0xffffffffffffffff, 0x0) 03:27:44 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:27:44 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)=0x9, 0x4) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x7, 0x70, 0x9, 0x7, 0x5, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x80000001, 0x10000, 0x6, 0x80000001, 0x0, 0x3, 0x7b, 0x4, 0x9, 0x3, 0x100, 0x9, 0xfffffffffffffffa, 0x1, 0x1, 0x2, 0x100000000, 0xc38a, 0x5, 0x5, 0x8001, 0x1, 0x0, 0x3549, 0x1, 0x401, 0x0, 0x0, 0x74c, 0x0, @perf_config_ext={0x2, 0x7f}, 0x20000, 0x1000000000000, 0x7, 0x6, 0x3, 0x7, 0x9}, r1, 0x10, r0, 0x2) r2 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_INFO(r2, 0x3, &(0x7f00000001c0)=""/149) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000280)={0xffffffffffffffff}, 0x117, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000300)={0x9, 0x108, 0xfa00, {r4, 0x84, "4973ba", "f1fd608022f5ff0a9c49d20e8ea4d6062e966f3235f3c63c90c7eb2b2d9bb55dd3fda22bc51a1a36e6a890433ab882dd3ad16b855ddf54e4276555d9a3ccb1d0aeb253ada485c62f1a4cf4604e2df24230d6dc56d923470ac22fc0c45b8eff73b17c62d6b7bbfb3b5d34384163e889b6ff29208157927f5009b4b3d2856f12d6b9170f34a4f5c7f4d6e33bf69eedf5daa6a65308a539080e65275c507db0bce90cf575c7dcadee8296d829991cc6d310cd19f04664160f7ed412fd5c1af86cc3de33004df3ed3759eaa97caae3a0ca0896d7fa2d5a6b858ba6c432556c7def91b322b7d917fff47a34ddfaea9e1951bb00b02460be802120ac610ca859cbcd21"}}, 0x110) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000540)=0xe8) [ 2974.991214][ T6588] FAULT_INJECTION: forcing a failure. [ 2974.991214][ T6588] name failslab, interval 1, probability 0, space 0, times 0 [ 2975.018062][ T6588] CPU: 0 PID: 6588 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2975.026007][ T6588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2975.036084][ T6588] Call Trace: [ 2975.039402][ T6588] dump_stack+0x172/0x1f0 [ 2975.043754][ T6588] should_fail.cold+0xa/0x15 [ 2975.048366][ T6588] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2975.054192][ T6588] ? ___might_sleep+0x163/0x280 [ 2975.059065][ T6588] __should_failslab+0x121/0x190 [ 2975.064018][ T6588] should_failslab+0x9/0x14 [ 2975.068545][ T6588] kmem_cache_alloc_trace+0x2ce/0x750 [ 2975.073927][ T6588] ? lockdep_init_map+0x1be/0x6d0 [ 2975.078971][ T6588] legacy_init_fs_context+0x48/0xe0 [ 2975.084177][ T6588] ? generic_parse_monolithic+0x200/0x200 [ 2975.089904][ T6588] alloc_fs_context+0x3a7/0x690 [ 2975.094779][ T6588] fs_context_for_mount+0x25/0x30 [ 2975.099821][ T6588] do_mount+0x132d/0x1c00 [ 2975.104183][ T6588] ? copy_mount_string+0x40/0x40 [ 2975.109147][ T6588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2975.115407][ T6588] ? _copy_from_user+0xdd/0x150 [ 2975.120372][ T6588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2975.126629][ T6588] ? copy_mount_options+0x280/0x3a0 [ 2975.131872][ T6588] ksys_mount+0xdb/0x150 [ 2975.136126][ T6588] __x64_sys_mount+0xbe/0x150 [ 2975.140820][ T6588] do_syscall_64+0xfd/0x680 [ 2975.145338][ T6588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2975.151243][ T6588] RIP: 0033:0x45bf6a [ 2975.155156][ T6588] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2975.174866][ T6588] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2975.183293][ T6588] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a 03:27:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x9e\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) [ 2975.191268][ T6588] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2975.199477][ T6588] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2975.207469][ T6588] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2975.215478][ T6588] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:45 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x8641}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:45 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = semget$private(0x0, 0x4, 0x10) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='memory.events\x00', 0x0, 0x0) ioctl$RTC_PIE_OFF(r2, 0x7006) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000100)) fcntl$getownex(r0, 0x10, &(0x7f0000000180)) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000001c0)=0x0) r4 = syz_open_procfs(r3, &(0x7f0000000140)='fd/3\x00!\x89]\x8f\xc7\\)\xa6\xf2d\xf0') ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5201) semop(r1, &(0x7f0000000000)=[{0x0, 0x100, 0x800}, {0x3, 0x9, 0x1000}, {0x7, 0xfa19}, {0x2, 0x3, 0x1800}, {0x0, 0xffffffffffff0000, 0x1000}, {0x2, 0x6f, 0x1800}, {0x3, 0x7fff, 0x1000}, {0x4, 0x1, 0x1000}], 0x8) r5 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r5, 0x0) 03:27:45 executing program 4 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:27:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x3) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x1, 0x800) ioctl$TIOCGLCKTRMIOS(r2, 0x5456, &(0x7f0000000040)={0x50cd, 0x5962, 0x2, 0x1000, 0x17, 0x40, 0x7a9, 0x7, 0xff, 0x1, 0x1ff, 0x1}) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000140)={0xffffffff80000001, 0x3, 0x62, 0x401, &(0x7f0000000080)=[{}, {}, {}]}) 03:27:45 executing program 5: syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x5, 0x800) r0 = syz_open_dev$cec(&(0x7f0000000080)='/dev/cec#\x00', 0x0, 0x2) write$FUSE_GETXATTR(r0, &(0x7f00000001c0)={0x18, 0xfffffffffdfffffe, 0x2, {0x100000000}}, 0x62) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2975.627015][ T6621] FAULT_INJECTION: forcing a failure. [ 2975.627015][ T6621] name failslab, interval 1, probability 0, space 0, times 0 03:27:45 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @bt={0x5, 0x8, 0x7, 0x3, 0xfffffffffffffffd, 0x7, 0x1a, 0xa}}) ioctl$TUNGETVNETHDRSZ(r0, 0x800454d7, &(0x7f0000000000)) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x20000, 0x0) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000100)=0x1, 0x4) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000280)={0x7, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}]}) r4 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r4, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f00000002c0)='veth0_to_bond\x00', 0x10) [ 2975.673052][ T6621] CPU: 1 PID: 6621 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2975.681004][ T6621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2975.691166][ T6621] Call Trace: [ 2975.694479][ T6621] dump_stack+0x172/0x1f0 [ 2975.698842][ T6621] should_fail.cold+0xa/0x15 [ 2975.703455][ T6621] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2975.705731][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2975.709263][ T6621] ? ___might_sleep+0x163/0x280 [ 2975.709286][ T6621] __should_failslab+0x121/0x190 [ 2975.709308][ T6621] should_failslab+0x9/0x14 [ 2975.715122][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2975.719905][ T6621] kmem_cache_alloc_trace+0x2ce/0x750 [ 2975.719921][ T6621] ? lockdep_init_map+0x1be/0x6d0 [ 2975.719945][ T6621] legacy_init_fs_context+0x48/0xe0 [ 2975.719957][ T6621] ? generic_parse_monolithic+0x200/0x200 [ 2975.719971][ T6621] alloc_fs_context+0x3a7/0x690 [ 2975.719989][ T6621] fs_context_for_mount+0x25/0x30 [ 2975.720010][ T6621] do_mount+0x132d/0x1c00 [ 2975.726373][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2975.731644][ T6621] ? copy_mount_string+0x40/0x40 [ 2975.737492][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2975.742774][ T6621] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2975.747997][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2975.753021][ T6621] ? _copy_from_user+0xdd/0x150 [ 2975.758881][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2975.763641][ T6621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2975.818693][ T6621] ? copy_mount_options+0x280/0x3a0 [ 2975.823895][ T6621] ksys_mount+0xdb/0x150 [ 2975.828151][ T6621] __x64_sys_mount+0xbe/0x150 [ 2975.832838][ T6621] do_syscall_64+0xfd/0x680 [ 2975.837426][ T6621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2975.843333][ T6621] RIP: 0033:0x45bf6a [ 2975.847234][ T6621] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 03:27:45 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) [ 2975.866858][ T6621] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2975.875370][ T6621] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2975.883348][ T6621] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2975.891351][ T6621] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2975.899453][ T6621] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2975.907458][ T6621] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:46 executing program 4 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r3, 0x2c, 0x70bd2d, 0x25dfdbfe, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40804}, 0xc000) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000140), &(0x7f0000000180)=0x4) 03:27:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03@\x00'}}}]}, 0x13c}}, 0x0) [ 2976.191698][ T6642] QAT: Invalid ioctl 03:27:46 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x5, 0x2c0800) ioctl$TIOCSSERIAL(r0, 0x541f, &(0x7f0000000080)={0x7ff, 0x0, 0x0, 0x2, 0x10001, 0x59e, 0xffffffffffffffff, 0x1fe600, 0xff, 0x1000, 0x3f, 0x64a1, 0x0, 0x6d, &(0x7f0000000040), 0x400, 0x3, 0xffffffff}) r1 = syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000240)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', 0x0}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f00000002c0)={@loopback, 0x0}, &(0x7f0000000300)=0x14) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000340)={{{@in, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000440)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@initdev}}, &(0x7f0000000580)=0xe8) getpeername$packet(r0, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000600)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000640)={{{@in6=@ipv4={[], [], @local}, @in6=@ipv4={[], [], @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}}}, &(0x7f0000000740)=0xe8) getpeername$packet(r0, &(0x7f0000000780)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000007c0)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000800)={{{@in6=@mcast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000000900)=0xe8) getsockname$packet(r0, &(0x7f0000000940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000980)=0x14) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000025c0)={{{@in=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4}}}, &(0x7f00000026c0)=0xe8) accept$packet(r0, &(0x7f0000002700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002740)=0x14) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000002c00)={{{@in=@empty, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@mcast2}}, &(0x7f0000002d00)=0xe8) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000003400)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000c0}, 0xc, &(0x7f00000033c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="6c060000", @ANYRES16=r1, @ANYBLOB="000829bd7000ffdbdf250300000008000100", @ANYRES32=r2, @ANYBLOB="6401020038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000800030003000000080004001f00000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000800030003000000080004004000000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r3, @ANYBLOB="080007000000000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400010001003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="3c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="a801020038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400e40c00003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c000400686173680000000038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400ffffff7f44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b000000140004000300010001000000050000ff0100000040000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000001000040062726f6164636173740000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000008000300060000000400040008000600", @ANYRES32=r7, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400ff03000008000100", @ANYRES32=r8, @ANYBLOB="9800020038000100240001006e6f746966795f706565723aaa636f756e74000000ea49e2294e5260c4581000080003000300000008000400a0a3f44e5c000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b0000002c000400ff01ddd4f40600003f00ff0800040000560801000200c4c631760900010402090400000008000100000000001195544e45f5e32f2e8feecb3a2060d77f2fcbf5644196e7d33dd76b9a16e62f8819f3a0ff1dd865f40a0d5637ab33fdafd5751afc39653a93317d5c7419847d", @ANYRES32=r9, @ANYBLOB="9c01020038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000080003000300000008000400ff7f000034000100240001006270665f686173685f66756e6300000000000000000000000000000000000000080003000b000000040004003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r10, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000800030003000000080004000000000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r11, @ANYBLOB="0800070000000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000800030003000000080004002ecb102a08000600", @ANYRES32=r12, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000080003000300000008000400ff00000008000100", @ANYRES32=r13, @ANYBLOB="f00002003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000008000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000080003000300000008000400000800003c000100240001006d6f64650000000000000000000000000000000000000000000000000000000008000300050000000c00040072616e646f6d00003c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000008000300050000000c0004006861736800000000"], 0x66c}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000000) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:46 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0x8641}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) [ 2976.276903][ T6648] FAULT_INJECTION: forcing a failure. [ 2976.276903][ T6648] name failslab, interval 1, probability 0, space 0, times 0 [ 2976.283672][ T6652] QAT: Invalid ioctl 03:27:46 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x101800, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r1, 0x54a3) setsockopt$RDS_FREE_MR(r1, 0x114, 0x3, &(0x7f00000000c0)={{0x6, 0x8}, 0x21}, 0x10) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r2, 0x0) [ 2976.395795][ T6648] CPU: 1 PID: 6648 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2976.403751][ T6648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2976.413854][ T6648] Call Trace: [ 2976.417177][ T6648] dump_stack+0x172/0x1f0 [ 2976.421551][ T6648] should_fail.cold+0xa/0x15 [ 2976.426198][ T6648] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2976.432057][ T6648] ? ___might_sleep+0x163/0x280 [ 2976.436932][ T6648] __should_failslab+0x121/0x190 [ 2976.441890][ T6648] should_failslab+0x9/0x14 [ 2976.446926][ T6648] kmem_cache_alloc_trace+0x2ce/0x750 [ 2976.452340][ T6648] alloc_fs_context+0x5a/0x690 [ 2976.457125][ T6648] fs_context_for_mount+0x25/0x30 [ 2976.462181][ T6648] vfs_kern_mount.part.0+0x28/0xf0 [ 2976.467308][ T6648] vfs_kern_mount+0x40/0x60 [ 2976.471844][ T6648] btrfs_mount+0x2b4/0x15e2 [ 2976.476357][ T6648] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2976.482018][ T6648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2976.488271][ T6648] ? should_fail+0x1de/0x852 [ 2976.492890][ T6648] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2976.498721][ T6648] ? btrfs_remount+0x11f0/0x11f0 [ 2976.503696][ T6648] ? rcu_read_lock_sched_held+0x110/0x130 [ 2976.509441][ T6648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2976.515695][ T6648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2976.522000][ T6648] ? vfs_parse_fs_string+0x111/0x170 [ 2976.527291][ T6648] ? vfs_parse_fs_string+0x111/0x170 [ 2976.532584][ T6648] ? rcu_read_lock_sched_held+0x110/0x130 [ 2976.538306][ T6648] ? kfree+0x1f7/0x220 [ 2976.542380][ T6648] ? vfs_parse_fs_string+0x116/0x170 [ 2976.547670][ T6648] ? vfs_parse_fs_param+0x540/0x540 [ 2976.552877][ T6648] ? btrfs_remount+0x11f0/0x11f0 [ 2976.557820][ T6648] legacy_get_tree+0x108/0x220 [ 2976.562598][ T6648] ? legacy_get_tree+0x108/0x220 [ 2976.568148][ T6648] ? legacy_parse_monolithic+0x11f/0x180 [ 2976.573883][ T6648] vfs_get_tree+0x8e/0x390 [ 2976.578326][ T6648] do_mount+0x138c/0x1c00 [ 2976.582668][ T6648] ? copy_mount_string+0x40/0x40 [ 2976.587621][ T6648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2976.593879][ T6648] ? copy_mount_options+0x280/0x3a0 [ 2976.599088][ T6648] ksys_mount+0xdb/0x150 [ 2976.603361][ T6648] __x64_sys_mount+0xbe/0x150 [ 2976.608052][ T6648] do_syscall_64+0xfd/0x680 [ 2976.612581][ T6648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2976.618486][ T6648] RIP: 0033:0x45bf6a [ 2976.622395][ T6648] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2976.650519][ T6648] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2976.658962][ T6648] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2976.666945][ T6648] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2976.675018][ T6648] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2976.683035][ T6648] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2976.691020][ T6648] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:46 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000100)='/dev/nbd#\x00', 0x0, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='system.advise\x00', &(0x7f0000000080)='\x00', 0x1, 0x1) 03:27:46 executing program 4 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:46 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x68c}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f00000000c0)={r1, 0x8001}, 0x8) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000008}, 0xc, &(0x7f0000000540)={&(0x7f0000000600)=ANY=[@ANYBLOB="e4020000", @ANYRES16=r2, @ANYBLOB="01002abd7000fbdbdf25160000006c00050034000200080002000100000008000300ff0f000008000400090000000800030009000000080004000000060008000300010000003400020008000100020000000800030002000000080002001d000000080003000000000008000400fd000000080001001e0000000c000700080002000500000004000100200001001c000200080001000800000008000300060000000800020007000000280002000400040008000200070000000800020004000000080002000500000008000100b3000000f80004000c00010073797a31000000002400070008000200800000000800030084fe0000080004002d000000080002007f0000003c000700080001000d000000080003000200009c65000800030001000000080004000200000008000300800000000800010000000000080002005a58000014000700080001000c00000008000200000000003c00070008000200030000000800020009000000080001001c00000008000300ffffff7f08000200090000000800020008000000080003000000008014000700080002000100000008000300ff07000024000700080002000100000008000200050000000800040009000000080001001c000000180005000c00020008000400010100000800010069620000b80004000c00010073797a300000000054000700080004000100000008000200020000000800020009000000080001001d0000000800010012000000080003002000000008000400030000000800020002000000080002000900000008000100160000003c00070008000400050000000800040000000000080001001c0000000800020006000000080002003f000000080002000400000008000400050000000c02010073797a30000000000c00010073797a3100000000440009000800010001000100080002000180ffff080001000180000008000200cc0700000800020001800000080002000200000008000100080000000800010005000000"], 0x2e4}, 0x1, 0x0, 0x0, 0x4000000}, 0x5) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:46 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={0x0}, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = geteuid() mount$9p_xen(&(0x7f0000000000)='\x06{&\\:\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x2000, &(0x7f0000000140)={'trans=xen,', {[{@mmap='mmap'}], [{@uid_gt={'uid>', r1}}]}}) fcntl$setflags(r0, 0x2, 0x10000002) dup3(r0, 0xffffffffffffffff, 0x0) 03:27:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}}}]}, 0x13c}}, 0x0) [ 2977.117849][ T6688] FAULT_INJECTION: forcing a failure. [ 2977.117849][ T6688] name failslab, interval 1, probability 0, space 0, times 0 [ 2977.172742][ T6688] CPU: 1 PID: 6688 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2977.180712][ T6688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2977.190784][ T6688] Call Trace: [ 2977.194104][ T6688] dump_stack+0x172/0x1f0 [ 2977.198564][ T6688] should_fail.cold+0xa/0x15 [ 2977.203178][ T6688] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2977.209016][ T6688] ? ___might_sleep+0x163/0x280 [ 2977.213907][ T6688] __should_failslab+0x121/0x190 [ 2977.218857][ T6688] should_failslab+0x9/0x14 [ 2977.223364][ T6688] __kmalloc_track_caller+0x2d5/0x740 [ 2977.228930][ T6688] ? mark_held_locks+0xf0/0xf0 [ 2977.233711][ T6688] ? __x64_sys_mount+0xbe/0x150 [ 2977.238782][ T6688] ? do_syscall_64+0xfd/0x680 [ 2977.243508][ T6688] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2977.249602][ T6688] ? btrfs_mount+0xdc/0x15e2 [ 2977.254222][ T6688] kstrdup+0x3a/0x70 [ 2977.258152][ T6688] ? btrfs_remount+0x11f0/0x11f0 [ 2977.263114][ T6688] btrfs_mount+0xdc/0x15e2 [ 2977.267551][ T6688] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2977.273198][ T6688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2977.279545][ T6688] ? should_fail+0x1de/0x852 [ 2977.284151][ T6688] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2977.289981][ T6688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2977.296234][ T6688] ? btrfs_remount+0x11f0/0x11f0 [ 2977.301195][ T6688] ? rcu_read_lock_sched_held+0x110/0x130 [ 2977.306922][ T6688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2977.313174][ T6688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2977.319430][ T6688] ? vfs_parse_fs_string+0x111/0x170 [ 2977.324723][ T6688] ? vfs_parse_fs_string+0x111/0x170 [ 2977.330023][ T6688] ? rcu_read_lock_sched_held+0x110/0x130 [ 2977.335757][ T6688] ? kfree+0x1f7/0x220 [ 2977.340014][ T6688] ? vfs_parse_fs_string+0x116/0x170 [ 2977.345314][ T6688] ? vfs_parse_fs_param+0x540/0x540 [ 2977.350530][ T6688] ? btrfs_remount+0x11f0/0x11f0 [ 2977.355520][ T6688] legacy_get_tree+0x108/0x220 [ 2977.360304][ T6688] ? legacy_get_tree+0x108/0x220 [ 2977.365249][ T6688] ? legacy_parse_monolithic+0x11f/0x180 [ 2977.370890][ T6688] vfs_get_tree+0x8e/0x390 [ 2977.375338][ T6688] do_mount+0x138c/0x1c00 [ 2977.379682][ T6688] ? copy_mount_string+0x40/0x40 [ 2977.384634][ T6688] ? copy_mount_options+0x1f8/0x3a0 [ 2977.389891][ T6688] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2977.396145][ T6688] ? copy_mount_options+0x280/0x3a0 [ 2977.401376][ T6688] ksys_mount+0xdb/0x150 [ 2977.405653][ T6688] __x64_sys_mount+0xbe/0x150 [ 2977.410361][ T6688] do_syscall_64+0xfd/0x680 [ 2977.414905][ T6688] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2977.420805][ T6688] RIP: 0033:0x45bf6a [ 2977.424707][ T6688] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2977.444332][ T6688] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2977.452768][ T6688] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2977.460778][ T6688] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 03:27:47 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write(r0, &(0x7f0000000000)="4c011f6e6d7024dafbbe8cdd7fb6cd53e6e4ad497dc07257aef1c137a16468da25a875e1736d5231ea89a5469d37e1c919beca1feadb451816387d4dab5691b00613d8c22e8ced555c903a5d68b795b7ba767af3c4601473a391ec136b87fd5ec2d54d39d08f7f3f421f50ddd2a72d01fe4b84bb008f163430976d5cc789f49d36a8ec2753550a903a959b859ae42de656435628fc7fcddde783477ed5c7b07d97d27d67f0618c3fe1c9df22bb2a2dc0e50027e85842e9b4c1ced47a04a47a630f773747020b75", 0xc7) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x8acdecc038ebafc8) ioctl$KDSIGACCEPT(r4, 0x4b4e, 0x38) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r6 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0x0, 0x2) ioctl$VIDIOC_ENCODER_CMD(r5, 0xc028564d, &(0x7f00000001c0)={0x1, 0x1, [0x1, 0x6, 0x1ff, 0x2, 0x7fffffff, 0x7, 0xfffffffffffffffd, 0x7]}) r7 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000000)=0x1fe, 0x4) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'bridge0\x00', 0x0}) bind$packet(r7, &(0x7f0000000680)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @remote}, 0x14) r9 = dup(r7) sendto$inet6(r9, &(0x7f0000000200)="150300000600400000000200850cf7c21975e697080080356b2a2fcddad8897c6f11876d886b662100080000d51cc5470a66e79f60d8b33deae307d02f74610000000000b7c3d66412e3a9a0", 0x4c, 0x0, 0x0, 0x0) ioctl$UI_SET_PHYS(r6, 0x4008556c, &(0x7f0000000140)='syz0\x00') fstat(0xffffffffffffffff, 0x0) 03:27:47 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) accept4$inet(r2, 0x0, &(0x7f0000000000), 0x0) [ 2977.468766][ T6688] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2977.476750][ T6688] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2977.484746][ T6688] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) 03:27:47 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:47 executing program 4 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:47 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x10001, 0x100) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffff9c, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000040)=@assoc_id=0x0, &(0x7f0000000080)=0x4) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f00000001c0)=ANY=[@ANYRES32=r2, @ANYBLOB="ff0000003e0c849b22f0d23463f1fb29dcf99b293e64cdc9d86a0cbd92ac6c6970d62d7d300508cad48b2f6499909e3b6736d82350a884a1c7b3d90a3d384edfd9ce7d1745ecb0a9f940c8e8914c221ffdf05cb78b933db054e848bffd2f6391773ae6abab5d1a9f652f39e16e4736d74a46152466c3a5324a5de675eaea4bbe164fce37840d6cab0741ee82bc89d9f0f2c89844368446f495640187bc9bd940c28f2eb71880fa816fd0ae1169e62df7592f92dd1a7245cf4547a7299f0a97805314dd67ec618377fed861c53aa3f665c9d8a8f7d06292929237d5c270947808ba00a934ded3cbe830c0857a84044f6edf12eac6e7b51f2e96909c6c1af5ef1732c684"], &(0x7f00000000c0)=0x107) 03:27:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x2, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000080)={0x0, 0x0, 0x9, [0x1f, 0x100000001, 0x6, 0x1462, 0xffffffffffffff7f, 0x1f, 0x20, 0x5, 0x6]}, &(0x7f00000000c0)=0x1a) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000100)={0x5, 0x0, 0x204, 0x101, 0x7, 0xff, 0xff, 0x100, r3}, 0x20) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) ioctl$BLKROGET(r2, 0x125e, &(0x7f0000000000)) fstat(0xffffffffffffffff, 0x0) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000040)='\x00', 0x1) 03:27:47 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:47 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$amidi(&(0x7f0000000180)='/dev/amidi#\x00', 0x3, 0x20000) ioctl$TCSETA(r2, 0x5406, &(0x7f00000001c0)={0xffffffffffffff80, 0x9, 0x4742, 0x3, 0x5, 0x81, 0x1ff, 0x7ff, 0x0, 0xffffffffffffffe0}) r3 = dup3(r0, r1, 0x0) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000000)=0x0) perf_event_open(&(0x7f00000000c0)={0x3, 0x70, 0x9, 0x9f43, 0x8, 0x5, 0x0, 0x7f, 0x823, 0x2, 0x5, 0xda, 0xfffffffffffff001, 0x7, 0x9, 0x8000, 0x400, 0x8001, 0x25a, 0x0, 0x8001, 0x4000000000005, 0x6, 0x7fff, 0x80, 0x7, 0x5f, 0xc662, 0x6, 0xbb, 0xae, 0xffffffff, 0x122d, 0x8, 0x400000000, 0x100000001, 0x2, 0x7, 0x0, 0x40, 0x5, @perf_config_ext={0x1, 0x9}, 0x20006, 0x744, 0x197, 0x8, 0xd43b, 0x2, 0xc310}, r4, 0x2, r0, 0xa) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f0000000140)=0x8) 03:27:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) [ 2978.011894][ T6732] FAULT_INJECTION: forcing a failure. [ 2978.011894][ T6732] name failslab, interval 1, probability 0, space 0, times 0 [ 2978.040029][ T6732] CPU: 1 PID: 6732 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2978.047975][ T6732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2978.058051][ T6732] Call Trace: 03:27:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r3 = open(&(0x7f0000000000)='./file0\x00', 0x400100, 0x50) ioctl$RTC_VL_READ(r3, 0x80047013, &(0x7f0000000040)) getsockopt$ARPT_SO_GET_REVISION_TARGET(r3, 0x0, 0x63, &(0x7f0000000080)={'NETMAP\x00'}, &(0x7f00000000c0)=0x1e) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2978.061375][ T6732] dump_stack+0x172/0x1f0 [ 2978.065736][ T6732] should_fail.cold+0xa/0x15 [ 2978.070346][ T6732] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2978.076172][ T6732] ? ___might_sleep+0x163/0x280 [ 2978.081044][ T6732] __should_failslab+0x121/0x190 [ 2978.086036][ T6732] should_failslab+0x9/0x14 [ 2978.090566][ T6732] kmem_cache_alloc_trace+0x2ce/0x750 [ 2978.095968][ T6732] alloc_fs_context+0x5a/0x690 [ 2978.100762][ T6732] fs_context_for_mount+0x25/0x30 [ 2978.105813][ T6732] vfs_kern_mount.part.0+0x28/0xf0 [ 2978.110987][ T6732] vfs_kern_mount+0x40/0x60 [ 2978.115525][ T6732] btrfs_mount+0x2b4/0x15e2 [ 2978.120066][ T6732] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2978.125722][ T6732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.131982][ T6732] ? should_fail+0x1de/0x852 [ 2978.136601][ T6732] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2978.142489][ T6732] ? btrfs_remount+0x11f0/0x11f0 [ 2978.147472][ T6732] ? rcu_read_lock_sched_held+0x110/0x130 [ 2978.153212][ T6732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.159493][ T6732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.165799][ T6732] ? vfs_parse_fs_string+0x111/0x170 [ 2978.171121][ T6732] ? vfs_parse_fs_string+0x111/0x170 [ 2978.176437][ T6732] ? rcu_read_lock_sched_held+0x110/0x130 [ 2978.182358][ T6732] ? kfree+0x1f7/0x220 [ 2978.186448][ T6732] ? vfs_parse_fs_string+0x116/0x170 [ 2978.191747][ T6732] ? vfs_parse_fs_param+0x540/0x540 [ 2978.196967][ T6732] ? btrfs_remount+0x11f0/0x11f0 [ 2978.201922][ T6732] legacy_get_tree+0x108/0x220 [ 2978.206704][ T6732] ? legacy_get_tree+0x108/0x220 03:27:48 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x10100, 0x0) r2 = mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0xfffffffffffffffd) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0xd0, 0x0, &(0x7f00000002c0)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000100)={@ptr={0x70742a85, 0x1, &(0x7f00000000c0)=""/5, 0x5, 0x1, 0x1a}, @fd={0x66642a85, 0x0, r0}, @flat=@handle={0x73682a85, 0x100, 0x2}}, &(0x7f0000000180)={0x0, 0x28, 0x40}}}, @acquire_done={0x40106309, 0x3}, @dead_binder_done, @free_buffer={0x40086303, r2}, @acquire={0x40046305, 0x1}, @increfs_done, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000200)={@ptr={0x70742a85, 0x1, &(0x7f00000001c0)=""/30, 0x1e, 0x1, 0x39}, @fda={0x66646185, 0x4, 0x2, 0x22}, @flat=@binder={0x73622a85, 0x0, 0x2}}, &(0x7f0000000280)={0x0, 0x28, 0x48}}}], 0x54, 0x0, &(0x7f00000003c0)="a505b4764f164f74b5e0ae0abe652f05357d0386acbe3a8c04b4a0c4d0ea5f9ff75c2bb2917af8d2e04a22ba3fc3f6847b375412995d9cfc3253b34a42a5c13c9c74c26ccee6fda10148428b504afa6ed8d19c70"}) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r3, 0x0) [ 2978.211653][ T6732] ? legacy_parse_monolithic+0x11f/0x180 [ 2978.217296][ T6732] vfs_get_tree+0x8e/0x390 [ 2978.221728][ T6732] do_mount+0x138c/0x1c00 [ 2978.226080][ T6732] ? copy_mount_string+0x40/0x40 [ 2978.231042][ T6732] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.237296][ T6732] ? copy_mount_options+0x280/0x3a0 [ 2978.242533][ T6732] ksys_mount+0xdb/0x150 [ 2978.246792][ T6732] __x64_sys_mount+0xbe/0x150 [ 2978.251608][ T6732] do_syscall_64+0xfd/0x680 [ 2978.256138][ T6732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2978.262194][ T6732] RIP: 0033:0x45bf6a [ 2978.266086][ T6732] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2978.285800][ T6732] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2978.294221][ T6732] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2978.302367][ T6732] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 03:27:48 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) munlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2978.310346][ T6732] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2978.318354][ T6732] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2978.326512][ T6732] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:48 executing program 4 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:48 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:27:48 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:48 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0xffffffffffffffff, 0x100) 03:27:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000040)={0xb, @capture={0x1000, 0x0, {0x3f, 0x5}, 0x4, 0x7ff}}) fstat(0xffffffffffffffff, 0x0) 03:27:48 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_G_MODULATOR(r0, 0xc0445636, &(0x7f0000000000)={0x4, "c06a4fb4a81d604dc8ba25d8d2f3b74677a881238bd8e8a7e00e844d74002d5b", 0x1400, 0x886d, 0x8, 0x1, 0x4}) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2978.695635][ T6757] FAULT_INJECTION: forcing a failure. [ 2978.695635][ T6757] name failslab, interval 1, probability 0, space 0, times 0 [ 2978.802125][ T6757] CPU: 0 PID: 6757 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2978.810072][ T6757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2978.810079][ T6757] Call Trace: [ 2978.810107][ T6757] dump_stack+0x172/0x1f0 [ 2978.810131][ T6757] should_fail.cold+0xa/0x15 [ 2978.810152][ T6757] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2978.810175][ T6757] ? ___might_sleep+0x163/0x280 [ 2978.810197][ T6757] __should_failslab+0x121/0x190 [ 2978.810217][ T6757] should_failslab+0x9/0x14 [ 2978.810231][ T6757] kmem_cache_alloc_trace+0x2ce/0x750 [ 2978.810248][ T6757] ? lockdep_init_map+0x1be/0x6d0 [ 2978.810272][ T6757] legacy_init_fs_context+0x48/0xe0 [ 2978.810287][ T6757] ? generic_parse_monolithic+0x200/0x200 [ 2978.810302][ T6757] alloc_fs_context+0x3a7/0x690 [ 2978.810328][ T6757] fs_context_for_mount+0x25/0x30 [ 2978.864567][ T6757] vfs_kern_mount.part.0+0x28/0xf0 [ 2978.890479][ T6757] vfs_kern_mount+0x40/0x60 [ 2978.895006][ T6757] btrfs_mount+0x2b4/0x15e2 [ 2978.899550][ T6757] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2978.905194][ T6757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.911481][ T6757] ? should_fail+0x1de/0x852 [ 2978.916095][ T6757] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2978.921929][ T6757] ? btrfs_remount+0x11f0/0x11f0 [ 2978.926901][ T6757] ? rcu_read_lock_sched_held+0x110/0x130 [ 2978.934439][ T6757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.940798][ T6757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2978.948099][ T6757] ? vfs_parse_fs_string+0x111/0x170 [ 2978.953399][ T6757] ? vfs_parse_fs_string+0x111/0x170 [ 2978.958705][ T6757] ? rcu_read_lock_sched_held+0x110/0x130 [ 2978.964447][ T6757] ? kfree+0x1f7/0x220 [ 2978.968533][ T6757] ? vfs_parse_fs_string+0x116/0x170 [ 2978.973826][ T6757] ? vfs_parse_fs_param+0x540/0x540 [ 2978.979037][ T6757] ? btrfs_remount+0x11f0/0x11f0 [ 2978.983993][ T6757] legacy_get_tree+0x108/0x220 [ 2978.988766][ T6757] ? legacy_get_tree+0x108/0x220 [ 2978.993711][ T6757] ? legacy_parse_monolithic+0x11f/0x180 [ 2978.999352][ T6757] vfs_get_tree+0x8e/0x390 [ 2979.003780][ T6757] do_mount+0x138c/0x1c00 [ 2979.008135][ T6757] ? copy_mount_string+0x40/0x40 [ 2979.013530][ T6757] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2979.019776][ T6757] ? _copy_from_user+0xdd/0x150 [ 2979.024656][ T6757] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2979.030908][ T6757] ? copy_mount_options+0x280/0x3a0 [ 2979.036122][ T6757] ksys_mount+0xdb/0x150 [ 2979.040382][ T6757] __x64_sys_mount+0xbe/0x150 [ 2979.045074][ T6757] do_syscall_64+0xfd/0x680 [ 2979.049683][ T6757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2979.055589][ T6757] RIP: 0033:0x45bf6a [ 2979.059489][ T6757] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2979.079131][ T6757] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2979.087563][ T6757] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2979.095739][ T6757] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2979.103726][ T6757] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2979.111705][ T6757] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2979.119679][ T6757] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:27:49 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) dup3(r0, r1, 0x0) 03:27:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x918000000000000, 0x40200) ioctl$NBD_DISCONNECT(r0, 0xab08) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:49 executing program 4 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:49 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) ioctl$PPPIOCATTACH(r0, 0x4004743d, &(0x7f0000000040)=0x2) 03:27:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) 03:27:49 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_nlink(r1, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'L-', 0x1}, 0x28, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000000)={0x6000, 0x1000}) fsetxattr$security_smack_entry(r2, &(0x7f0000000140)='security.SMACK64\x00', &(0x7f0000000180)='L-', 0x2, 0x1) [ 2979.514712][ T6794] FAULT_INJECTION: forcing a failure. [ 2979.514712][ T6794] name failslab, interval 1, probability 0, space 0, times 0 [ 2979.555793][ T6794] CPU: 1 PID: 6794 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2979.563738][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2979.573892][ T6794] Call Trace: [ 2979.577204][ T6794] dump_stack+0x172/0x1f0 [ 2979.581531][ T6794] should_fail.cold+0xa/0x15 [ 2979.586138][ T6794] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2979.591955][ T6794] ? ___might_sleep+0x163/0x280 [ 2979.596809][ T6794] __should_failslab+0x121/0x190 [ 2979.601762][ T6794] should_failslab+0x9/0x14 03:27:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0x1, 0x5, 0x76f, 0x7fff, 0x6, 0x7}, 0x6}, 0xa) [ 2979.606272][ T6794] kmem_cache_alloc_trace+0x2ce/0x750 [ 2979.611661][ T6794] ? lockdep_init_map+0x1be/0x6d0 [ 2979.616718][ T6794] legacy_init_fs_context+0x48/0xe0 [ 2979.621934][ T6794] ? generic_parse_monolithic+0x200/0x200 [ 2979.627670][ T6794] alloc_fs_context+0x3a7/0x690 [ 2979.632547][ T6794] fs_context_for_mount+0x25/0x30 [ 2979.637587][ T6794] do_mount+0x132d/0x1c00 [ 2979.641931][ T6794] ? copy_mount_string+0x40/0x40 [ 2979.646907][ T6794] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2979.653238][ T6794] ? copy_mount_options+0x280/0x3a0 [ 2979.658455][ T6794] ksys_mount+0xdb/0x150 [ 2979.662715][ T6794] __x64_sys_mount+0xbe/0x150 [ 2979.667422][ T6794] do_syscall_64+0xfd/0x680 [ 2979.671966][ T6794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2979.677862][ T6794] RIP: 0033:0x45bf6a [ 2979.681763][ T6794] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2979.701377][ T6794] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2979.709800][ T6794] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2979.717791][ T6794] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2979.725770][ T6794] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2979.733757][ T6794] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2979.741740][ T6794] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2979.865660][ C0] net_ratelimit: 18 callbacks suppressed [ 2979.865669][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2979.877429][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2979.883302][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2979.889261][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2979.895117][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2979.900981][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:49 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:49 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:27:49 executing program 4 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:50 executing program 1: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f00000000c0)=0x9) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) [ 2980.079279][ T6818] FAULT_INJECTION: forcing a failure. [ 2980.079279][ T6818] name failslab, interval 1, probability 0, space 0, times 0 [ 2980.122941][ T6818] CPU: 0 PID: 6818 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2980.130907][ T6818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2980.140983][ T6818] Call Trace: [ 2980.144300][ T6818] dump_stack+0x172/0x1f0 [ 2980.148655][ T6818] should_fail.cold+0xa/0x15 [ 2980.153274][ T6818] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2980.159101][ T6818] ? ___might_sleep+0x163/0x280 [ 2980.163979][ T6818] __should_failslab+0x121/0x190 [ 2980.168938][ T6818] should_failslab+0x9/0x14 [ 2980.173456][ T6818] __kmalloc_track_caller+0x2d5/0x740 [ 2980.178855][ T6818] ? vfs_parse_fs_string+0xe8/0x170 [ 2980.184163][ T6818] kmemdup_nul+0x31/0xa0 [ 2980.188427][ T6818] vfs_parse_fs_string+0xe8/0x170 [ 2980.193470][ T6818] ? vfs_parse_fs_param+0x540/0x540 [ 2980.198682][ T6818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.198697][ T6818] ? alloc_fs_context+0x400/0x690 [ 2980.198717][ T6818] do_mount+0x700/0x1c00 [ 2980.198739][ T6818] ? copy_mount_string+0x40/0x40 [ 2980.198761][ T6818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.225500][ T6818] ? copy_mount_options+0x280/0x3a0 [ 2980.230804][ T6818] ksys_mount+0xdb/0x150 [ 2980.235074][ T6818] __x64_sys_mount+0xbe/0x150 [ 2980.239782][ T6818] do_syscall_64+0xfd/0x680 [ 2980.244309][ T6818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2980.250423][ T6818] RIP: 0033:0x45bf6a [ 2980.254326][ T6818] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 03:27:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00'}}}]}, 0x13c}}, 0x0) 03:27:50 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0x2, 0x2) ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f00000001c0)={[], 0x7fffffff, 0x0, 0x0, 0x0, 0x1, 0x1d000, 0x10000, [], 0x81}) ioctl$SCSI_IOCTL_SYNC(r0, 0x4) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000040)=""/125) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) 03:27:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x16, 0x6, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(r1, 0x0) [ 2980.273934][ T6818] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2980.282366][ T6818] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2980.290359][ T6818] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2980.290368][ T6818] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2980.290375][ T6818] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2980.290383][ T6818] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:50 executing program 4 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\v\x00'}}}]}, 0x13c}}, 0x0) 03:27:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) time(&(0x7f0000000040)) fstat(0xffffffffffffffff, 0x0) 03:27:50 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x8000, 0x0) ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f00000000c0)) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r2, 0x0) [ 2980.567050][ T6844] FAULT_INJECTION: forcing a failure. [ 2980.567050][ T6844] name failslab, interval 1, probability 0, space 0, times 0 [ 2980.585637][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2980.591485][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2980.660026][ T6844] CPU: 0 PID: 6844 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2980.667975][ T6844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2980.678052][ T6844] Call Trace: [ 2980.678084][ T6844] dump_stack+0x172/0x1f0 [ 2980.678109][ T6844] should_fail.cold+0xa/0x15 [ 2980.678135][ T6844] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2980.696153][ T6844] ? ___might_sleep+0x163/0x280 [ 2980.701019][ T6844] __should_failslab+0x121/0x190 [ 2980.701039][ T6844] should_failslab+0x9/0x14 [ 2980.701060][ T6844] __kmalloc_track_caller+0x2d5/0x740 [ 2980.715967][ T6844] ? vfs_parse_fs_string+0xe8/0x170 [ 2980.721269][ T6844] kmemdup_nul+0x31/0xa0 [ 2980.725546][ T6844] vfs_parse_fs_string+0xe8/0x170 [ 2980.730598][ T6844] ? vfs_parse_fs_param+0x540/0x540 [ 2980.735850][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.742206][ T6844] ? alloc_fs_context+0x400/0x690 [ 2980.747286][ T6844] vfs_kern_mount.part.0+0x73/0xf0 [ 2980.752430][ T6844] vfs_kern_mount+0x40/0x60 [ 2980.756950][ T6844] btrfs_mount+0x2b4/0x15e2 [ 2980.761479][ T6844] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2980.767141][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.773399][ T6844] ? should_fail+0x1de/0x852 [ 2980.778023][ T6844] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2980.783859][ T6844] ? btrfs_remount+0x11f0/0x11f0 [ 2980.788820][ T6844] ? rcu_read_lock_sched_held+0x110/0x130 [ 2980.794558][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.800811][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.807075][ T6844] ? vfs_parse_fs_string+0x111/0x170 [ 2980.812561][ T6844] ? vfs_parse_fs_string+0x111/0x170 [ 2980.817876][ T6844] ? rcu_read_lock_sched_held+0x110/0x130 [ 2980.825452][ T6844] ? kfree+0x1f7/0x220 [ 2980.829539][ T6844] ? vfs_parse_fs_string+0x116/0x170 [ 2980.834842][ T6844] ? vfs_parse_fs_param+0x540/0x540 [ 2980.840071][ T6844] ? btrfs_remount+0x11f0/0x11f0 [ 2980.845066][ T6844] legacy_get_tree+0x108/0x220 [ 2980.849848][ T6844] ? legacy_get_tree+0x108/0x220 [ 2980.854797][ T6844] ? legacy_parse_monolithic+0x11f/0x180 [ 2980.860443][ T6844] vfs_get_tree+0x8e/0x390 [ 2980.864873][ T6844] do_mount+0x138c/0x1c00 [ 2980.869250][ T6844] ? copy_mount_string+0x40/0x40 [ 2980.874195][ T6844] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2980.880460][ T6844] ? copy_mount_options+0x280/0x3a0 [ 2980.885681][ T6844] ksys_mount+0xdb/0x150 [ 2980.889955][ T6844] __x64_sys_mount+0xbe/0x150 [ 2980.894690][ T6844] do_syscall_64+0xfd/0x680 [ 2980.899212][ T6844] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2980.905119][ T6844] RIP: 0033:0x45bf6a 03:27:50 executing program 5: stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getgroups(0x1, &(0x7f00000000c0)=[r0]) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/btrfs-control\x00', 0x1, 0x0) setsockopt$llc_int(r1, 0x10c, 0x6, &(0x7f0000000200)=0x3, 0x4) ioctl$TCSBRKP(r1, 0x5425, 0x3ff) [ 2980.909109][ T6844] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2980.929344][ T6844] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2980.939458][ T6844] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2980.939468][ T6844] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 03:27:50 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x8641}], 0x1, 0x0) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:50 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$EVIOCGABS2F(r2, 0x8018456f, &(0x7f0000000280)=""/140) r3 = dup3(r0, r1, 0x0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000000)=0x0) waitid(0x3, r4, 0x0, 0x8, &(0x7f00000000c0)) 03:27:50 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0e\x00'}}}]}, 0x13c}}, 0x0) [ 2980.939476][ T6844] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2980.939484][ T6844] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2980.939491][ T6844] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2980.947760][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2980.947828][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:51 executing program 4 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00'}}}]}, 0x13c}}, 0x0) 03:27:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x40040, 0x0) ioctl$PPPIOCGFLAGS1(r2, 0x8004745a, &(0x7f0000000040)) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r4 = request_key(&(0x7f0000000200)='id_resolver\x00', &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000380)='/dev/full\x00', 0xfffffffffffffffd) add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000100)="48972dcaa58afa9be3c02631707c33ea9fa79c0aaa00d4954515d759caed2e60330736ec4033f40ee49adf3c5e2e1ecdcfa1723017f6df06828e1ccca37d6945b6f73b06ddd6c835c1e6d59079e4ed3cb115359bc49a57c8ac3428948abe1005844032355c8ab229425d8c03b74b4e749823adff80445f8e17dfa65c9f45c0735f2492f586c8c40fe1a0f5dfd42c5757996fc0f066cb051de53f9e971553ac65071cdb123894e36c5030facb1140f7bfb5779059396f246f77783fc65f119ab8fed793e5e3", 0xc5, r4) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x8641}], 0x1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) 03:27:51 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000), 0x1bb) 03:27:51 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00'}}}]}, 0x13c}}, 0x0) [ 2981.418615][ T6880] FAULT_INJECTION: forcing a failure. [ 2981.418615][ T6880] name failslab, interval 1, probability 0, space 0, times 0 03:27:51 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x4) fanotify_init(0x10, 0x80003) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x9, @empty, 0x6865}, 0x1c) 03:27:51 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x8641}], 0x1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) [ 2981.504883][ T6880] CPU: 1 PID: 6880 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2981.512811][ T6880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2981.523039][ T6880] Call Trace: [ 2981.526357][ T6880] dump_stack+0x172/0x1f0 [ 2981.530712][ T6880] should_fail.cold+0xa/0x15 [ 2981.535340][ T6880] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2981.541152][ T6880] ? ___might_sleep+0x163/0x280 [ 2981.546110][ T6880] __should_failslab+0x121/0x190 [ 2981.551066][ T6880] should_failslab+0x9/0x14 [ 2981.555611][ T6880] __kmalloc_track_caller+0x2d5/0x740 [ 2981.561020][ T6880] ? mark_held_locks+0xf0/0xf0 [ 2981.565797][ T6880] ? __x64_sys_mount+0xbe/0x150 [ 2981.570654][ T6880] ? do_syscall_64+0xfd/0x680 [ 2981.575340][ T6880] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2981.581415][ T6880] ? btrfs_mount+0xdc/0x15e2 [ 2981.586024][ T6880] kstrdup+0x3a/0x70 [ 2981.589953][ T6880] ? btrfs_remount+0x11f0/0x11f0 [ 2981.594884][ T6880] btrfs_mount+0xdc/0x15e2 [ 2981.599312][ T6880] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2981.604954][ T6880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2981.611203][ T6880] ? should_fail+0x1de/0x852 [ 2981.615808][ T6880] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2981.621621][ T6880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2981.627859][ T6880] ? btrfs_remount+0x11f0/0x11f0 [ 2981.632813][ T6880] ? rcu_read_lock_sched_held+0x110/0x130 [ 2981.638570][ T6880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2981.644845][ T6880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2981.651104][ T6880] ? vfs_parse_fs_string+0x111/0x170 [ 2981.656415][ T6880] ? vfs_parse_fs_string+0x111/0x170 [ 2981.661707][ T6880] ? rcu_read_lock_sched_held+0x110/0x130 [ 2981.667437][ T6880] ? kfree+0x1f7/0x220 [ 2981.671540][ T6880] ? vfs_parse_fs_string+0x116/0x170 [ 2981.676852][ T6880] ? vfs_parse_fs_param+0x540/0x540 [ 2981.682070][ T6880] ? btrfs_remount+0x11f0/0x11f0 [ 2981.687028][ T6880] legacy_get_tree+0x108/0x220 [ 2981.691823][ T6880] ? legacy_get_tree+0x108/0x220 [ 2981.696767][ T6880] ? legacy_parse_monolithic+0x11f/0x180 [ 2981.702412][ T6880] vfs_get_tree+0x8e/0x390 [ 2981.706835][ T6880] do_mount+0x138c/0x1c00 [ 2981.711622][ T6880] ? copy_mount_string+0x40/0x40 [ 2981.716590][ T6880] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2981.722877][ T6880] ? copy_mount_options+0x280/0x3a0 [ 2981.728076][ T6880] ksys_mount+0xdb/0x150 [ 2981.732322][ T6880] __x64_sys_mount+0xbe/0x150 [ 2981.737014][ T6880] do_syscall_64+0xfd/0x680 [ 2981.741528][ T6880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2981.747425][ T6880] RIP: 0033:0x45bf6a [ 2981.751321][ T6880] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2981.770922][ T6880] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2981.779425][ T6880] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2981.787422][ T6880] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2981.795416][ T6880] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2981.803403][ T6880] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2981.811374][ T6880] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x761, 0x105000) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) fstat(0xffffffffffffffff, 0x0) delete_module(&(0x7f0000000080)='\x00', 0x200) 03:27:51 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000440)='/dev/full\x00', 0x2000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@local, 0x6, 0x2, 0xff, 0x1, 0x1, 0xa7}, 0x20) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) ioctl$KVM_SET_PIT2(r0, 0x4070aea0, &(0x7f0000000080)={[{0x0, 0xddb1, 0x80000000, 0x2, 0x1, 0x80, 0x100, 0x40, 0x800, 0x101, 0xe22, 0x4, 0x8}, {0x5, 0x18b, 0x3, 0x6, 0x6, 0x3, 0x9ad, 0x9, 0x0, 0x401, 0x9, 0x3, 0x8001}, {0x585, 0x0, 0x10001, 0x0, 0x6, 0x8, 0x0, 0x6, 0x1, 0x7, 0x6, 0x12000000000000, 0x5}], 0x1000}) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f00000001c0)) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000200)={0x0, 0xf0, "7d49ed236be63982e99932411947f9448ca90e5078431b35705c7e6604cee8e7c106418a750dcb63c8e9233d4189180a1659d2051e6cb7aed72904ad1da7a52ad12ce34d1c9f39a635087aa3b58ea58bf33a32e75811ce2b353f1f1602adcb81595b5bfa64edce1e299ebe6306f9d2bc6d803465cd67486b8e5a3d96fcb3758ca2bf9d898c050fa67ddd6119faddb1af6359459b4cb109f18a4389bf0b3560155eff111e32f32ad1c6787f19fb499003794b1cef324cc3a2c965c40fabf62cb49db466fb3ac90b0eb9da656c4df1eb2b18f83dbecf06488d74e2f8c3a80ef79819244834525d31231f82e3717e5e89a2"}, &(0x7f0000000300)=0xf8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000340)={r1, @in={{0x2, 0x4e21, @broadcast}}}, &(0x7f0000000400)=0x84) 03:27:52 executing program 4 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}}}]}, 0x13c}}, 0x0) 03:27:52 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x8641}], 0x1, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0) 03:27:52 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) r3 = getuid() r4 = getegid() write$FUSE_CREATE_OPEN(r2, &(0x7f00000000c0)={0xa0, 0x0, 0x2, {{0x0, 0x0, 0xfffffffffffffff8, 0x3ff, 0x78, 0x1, {0x2, 0xffffffffffffab1e, 0x54c, 0x4, 0x9, 0xffffffffffff09db, 0x8001, 0x7ff, 0x3, 0x80000000, 0x0, r3, r4, 0x8}}}}, 0xa0) [ 2982.210476][ T6922] FAULT_INJECTION: forcing a failure. [ 2982.210476][ T6922] name failslab, interval 1, probability 0, space 0, times 0 03:27:52 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x1, 0x2, 0x10000000000005) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0x0, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r1) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x800) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r4, 0xc0a85322, &(0x7f00000000c0)) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80800) ioctl$LOOP_SET_DIRECT_IO(r5, 0x4c08, 0x1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f00000001c0)) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fcntl$dupfd(r3, 0x406, r0) fstat(0xffffffffffffffff, 0x0) [ 2982.323519][ T6922] CPU: 1 PID: 6922 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2982.331569][ T6922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2982.341641][ T6922] Call Trace: [ 2982.344956][ T6922] dump_stack+0x172/0x1f0 [ 2982.349319][ T6922] should_fail.cold+0xa/0x15 [ 2982.353926][ T6922] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2982.359751][ T6922] ? ___might_sleep+0x163/0x280 [ 2982.364630][ T6922] __should_failslab+0x121/0x190 [ 2982.369605][ T6922] should_failslab+0x9/0x14 [ 2982.374128][ T6922] kmem_cache_alloc_trace+0x2ce/0x750 [ 2982.379528][ T6922] alloc_fs_context+0x5a/0x690 [ 2982.384311][ T6922] fs_context_for_mount+0x25/0x30 [ 2982.389361][ T6922] vfs_kern_mount.part.0+0x28/0xf0 [ 2982.394494][ T6922] vfs_kern_mount+0x40/0x60 [ 2982.399027][ T6922] btrfs_mount+0x2b4/0x15e2 [ 2982.403566][ T6922] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2982.409306][ T6922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2982.415599][ T6922] ? should_fail+0x1de/0x852 03:27:52 executing program 1: getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0xc) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x9, 0x100) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000180)={0x7, {{0x2, 0x4e23, @empty}}}, 0x88) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r1, r3, 0x0) 03:27:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00'}}}]}, 0x13c}}, 0x0) 03:27:52 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x8000, 0x0) ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f00000000c0)) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r2, 0x0) [ 2982.420216][ T6922] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2982.426048][ T6922] ? btrfs_remount+0x11f0/0x11f0 [ 2982.431022][ T6922] ? rcu_read_lock_sched_held+0x110/0x130 [ 2982.436762][ T6922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2982.443031][ T6922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2982.449324][ T6922] ? vfs_parse_fs_string+0x111/0x170 [ 2982.454623][ T6922] ? vfs_parse_fs_string+0x111/0x170 [ 2982.459917][ T6922] ? rcu_read_lock_sched_held+0x110/0x130 [ 2982.465664][ T6922] ? kfree+0x1f7/0x220 [ 2982.469745][ T6922] ? vfs_parse_fs_string+0x116/0x170 [ 2982.477128][ T6922] ? vfs_parse_fs_param+0x540/0x540 [ 2982.482360][ T6922] ? btrfs_remount+0x11f0/0x11f0 [ 2982.487311][ T6922] legacy_get_tree+0x108/0x220 [ 2982.492080][ T6922] ? legacy_get_tree+0x108/0x220 [ 2982.497037][ T6922] ? legacy_parse_monolithic+0x11f/0x180 [ 2982.502682][ T6922] vfs_get_tree+0x8e/0x390 [ 2982.507115][ T6922] do_mount+0x138c/0x1c00 [ 2982.511460][ T6922] ? copy_mount_string+0x40/0x40 [ 2982.516409][ T6922] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2982.522661][ T6922] ? copy_mount_options+0x280/0x3a0 [ 2982.527877][ T6922] ksys_mount+0xdb/0x150 [ 2982.532250][ T6922] __x64_sys_mount+0xbe/0x150 [ 2982.536947][ T6922] do_syscall_64+0xfd/0x680 [ 2982.541452][ T6922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2982.547365][ T6922] RIP: 0033:0x45bf6a [ 2982.551259][ T6922] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2982.570988][ T6922] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2982.579407][ T6922] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2982.587594][ T6922] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2982.595738][ T6922] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2982.603715][ T6922] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2982.611675][ T6922] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:52 executing program 4 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:52 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000000)) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080)=0x9, 0xffffffffffffffda) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x3c9002, 0x0) ioctl$VIDIOC_RESERVED(r1, 0x5601, 0x0) 03:27:52 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\x00'}}}]}, 0x13c}}, 0x0) 03:27:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x100, 0x0) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(r1, 0x0) 03:27:53 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:53 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) [ 2983.081707][ T6962] FAULT_INJECTION: forcing a failure. [ 2983.081707][ T6962] name failslab, interval 1, probability 0, space 0, times 0 [ 2983.110475][ T6962] CPU: 1 PID: 6962 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2983.118557][ T6962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2983.128632][ T6962] Call Trace: [ 2983.131948][ T6962] dump_stack+0x172/0x1f0 [ 2983.136755][ T6962] should_fail.cold+0xa/0x15 [ 2983.141382][ T6962] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2983.147400][ T6962] ? ___might_sleep+0x163/0x280 [ 2983.152319][ T6962] __should_failslab+0x121/0x190 [ 2983.157290][ T6962] should_failslab+0x9/0x14 [ 2983.161819][ T6962] __kmalloc_track_caller+0x2d5/0x740 [ 2983.167225][ T6962] ? btrfs_mount_root+0x1d0/0x1220 [ 2983.172379][ T6962] ? rcu_read_lock_sched_held+0x110/0x130 [ 2983.178130][ T6962] ? btrfs_mount_root+0x2b8/0x1220 [ 2983.183267][ T6962] kstrdup+0x3a/0x70 [ 2983.187194][ T6962] btrfs_mount_root+0x2b8/0x1220 [ 2983.192170][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.198540][ T6962] ? btrfs_decode_error+0x70/0x70 [ 2983.203751][ T6962] ? rcu_read_lock_sched_held+0x110/0x130 [ 2983.209468][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.215708][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.221951][ T6962] ? vfs_parse_fs_string+0x111/0x170 [ 2983.227387][ T6962] ? vfs_parse_fs_string+0x111/0x170 [ 2983.232705][ T6962] ? rcu_read_lock_sched_held+0x110/0x130 [ 2983.238413][ T6962] ? kfree+0x1f7/0x220 [ 2983.242585][ T6962] ? vfs_parse_fs_string+0x116/0x170 [ 2983.247876][ T6962] ? vfs_parse_fs_param+0x540/0x540 [ 2983.253083][ T6962] ? btrfs_decode_error+0x70/0x70 [ 2983.258207][ T6962] legacy_get_tree+0x108/0x220 [ 2983.262977][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.269208][ T6962] vfs_get_tree+0x8e/0x390 [ 2983.273645][ T6962] fc_mount+0x17/0xc0 [ 2983.277619][ T6962] vfs_kern_mount.part.0+0xd8/0xf0 [ 2983.282746][ T6962] vfs_kern_mount+0x40/0x60 [ 2983.287262][ T6962] btrfs_mount+0x2b4/0x15e2 [ 2983.291768][ T6962] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2983.297391][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.303910][ T6962] ? should_fail+0x1de/0x852 [ 2983.308524][ T6962] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2983.314351][ T6962] ? btrfs_remount+0x11f0/0x11f0 [ 2983.319292][ T6962] ? rcu_read_lock_sched_held+0x110/0x130 [ 2983.325057][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.331307][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.337560][ T6962] ? vfs_parse_fs_string+0x111/0x170 [ 2983.342837][ T6962] ? vfs_parse_fs_string+0x111/0x170 [ 2983.348456][ T6962] ? rcu_read_lock_sched_held+0x110/0x130 [ 2983.354167][ T6962] ? kfree+0x1f7/0x220 [ 2983.358269][ T6962] ? vfs_parse_fs_string+0x116/0x170 [ 2983.363565][ T6962] ? vfs_parse_fs_param+0x540/0x540 [ 2983.368841][ T6962] ? btrfs_remount+0x11f0/0x11f0 [ 2983.373773][ T6962] legacy_get_tree+0x108/0x220 [ 2983.378548][ T6962] ? legacy_get_tree+0x108/0x220 [ 2983.383928][ T6962] ? legacy_parse_monolithic+0x11f/0x180 [ 2983.389570][ T6962] vfs_get_tree+0x8e/0x390 [ 2983.393980][ T6962] do_mount+0x138c/0x1c00 [ 2983.398305][ T6962] ? copy_mount_string+0x40/0x40 [ 2983.403252][ T6962] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 2983.409682][ T6962] ? _copy_from_user+0xdd/0x150 [ 2983.414530][ T6962] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2983.420786][ T6962] ? copy_mount_options+0x280/0x3a0 [ 2983.425993][ T6962] ksys_mount+0xdb/0x150 [ 2983.430286][ T6962] __x64_sys_mount+0xbe/0x150 [ 2983.435176][ T6962] do_syscall_64+0xfd/0x680 [ 2983.439681][ T6962] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2983.445599][ T6962] RIP: 0033:0x45bf6a [ 2983.449497][ T6962] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2983.469114][ T6962] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 03:27:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00'}}}]}, 0x13c}}, 0x0) [ 2983.477535][ T6962] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2983.485536][ T6962] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2983.493519][ T6962] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2983.501642][ T6962] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2983.509603][ T6962] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:53 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = request_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='\x00', 0xfffffffffffffffb) keyctl$KEYCTL_PKEY_QUERY(0x18, r0, 0x0, &(0x7f00000000c0)='md5sumbdev\x00', &(0x7f00000001c0)) 03:27:53 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x40000, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x80000) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x100, 0x0) 03:27:53 executing program 4 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x10001, 0x81) ioctl$EVIOCREVOKE(r3, 0x40044591, &(0x7f0000000040)=0x2) fstat(0xffffffffffffffff, 0x0) 03:27:53 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00'}}}]}, 0x13c}}, 0x0) 03:27:54 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open_by_handle_at(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="fe00000001000100be76f78055e55345c94c8c1209198799e6a8d2d1e4eef4ac0f16693356d9b15dc173d2da738efea94b86857759c11e3df8cfe081a62383f82f5ec9c588a799e51e0d219439b21e4f8e995ba9adbd36169640ca50d760c3cf7e7a1473b1346a5bbbe9ebe9bcd4805420cc18ae40a77b800b287a6de42b80551188ce95895fbbb4117968f198dc6ee47c2421ec9466355877742436bba73a2eef9b2ebc85f4211d3a06aaacf264bd54df702e184a36f193756bf6a63082e6740700c4b43e3b424994f5cdf91a72b78f4f15be1ea2aa1220a2c8bc4cbd90a26cdd3d09dbb1f0aaa8d448750c5a6d38e08b5b79fffa826d077f1f377bc17d2489dbd8991a992e8bf8702d444a1903fad25fbe0ef9c3841beda10964f0e0574fe117775ad69396adc5cb8c06ed1059f15bdf7c9b058baafd1ad147a3e80e5be0b916ec55aff0ecda1ccc1ace26862b72af018bad20a213043a1ffb3eb95643acab858f94ffc8798afc5ea65a69ab500d8cac4e14383eacd680f1c2825387963ebc32f95c055c7f0e4953a4ea04061f9fe5196a8b3dd4801da313bd225136afa64b7f0f14fcd07b1b8c0420a9573fcf9a9f838e6e"], 0x101100) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$KVM_GET_ONE_REG(r2, 0x4010aeab, &(0x7f0000000000)={0xc7a9, 0x400}) 03:27:54 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x100, 0x0) clock_settime(0x7, &(0x7f00000001c0)={0x77359400}) socket$can_bcm(0x1d, 0x2, 0x2) flock(r0, 0x7) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffff9c, 0xc0106426, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {0x0}]}) ioctl$DRM_IOCTL_GET_CTX(r1, 0xc0086423, &(0x7f00000000c0)={r2, 0x2}) 03:27:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x12, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x80000) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2983.953914][ T6997] FAULT_INJECTION: forcing a failure. [ 2983.953914][ T6997] name failslab, interval 1, probability 0, space 0, times 0 03:27:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}}}]}, 0x13c}}, 0x0) [ 2984.017980][ T6997] CPU: 1 PID: 6997 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2984.025928][ T6997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2984.036005][ T6997] Call Trace: [ 2984.039407][ T6997] dump_stack+0x172/0x1f0 [ 2984.043751][ T6997] should_fail.cold+0xa/0x15 [ 2984.048360][ T6997] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2984.054183][ T6997] ? ___might_sleep+0x163/0x280 [ 2984.059125][ T6997] __should_failslab+0x121/0x190 [ 2984.064324][ T6997] should_failslab+0x9/0x14 [ 2984.068842][ T6997] __kmalloc_track_caller+0x2d5/0x740 [ 2984.074267][ T6997] ? vfs_parse_fs_string+0xe8/0x170 [ 2984.079918][ T6997] kmemdup_nul+0x31/0xa0 [ 2984.084195][ T6997] vfs_parse_fs_string+0xe8/0x170 [ 2984.089259][ T6997] ? vfs_parse_fs_param+0x540/0x540 [ 2984.094698][ T6997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.100970][ T6997] ? alloc_fs_context+0x400/0x690 [ 2984.106026][ T6997] vfs_kern_mount.part.0+0x73/0xf0 [ 2984.111173][ T6997] vfs_kern_mount+0x40/0x60 [ 2984.115707][ T6997] btrfs_mount+0x2b4/0x15e2 [ 2984.120239][ T6997] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2984.125878][ T6997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.132140][ T6997] ? should_fail+0x1de/0x852 [ 2984.136928][ T6997] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2984.142397][ T6997] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2984.148495][ T6997] ? btrfs_remount+0x11f0/0x11f0 [ 2984.153463][ T6997] ? rcu_read_lock_sched_held+0x110/0x130 [ 2984.159178][ T6997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.165418][ T6997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.171664][ T6997] ? vfs_parse_fs_string+0x111/0x170 [ 2984.176978][ T6997] ? vfs_parse_fs_string+0x111/0x170 [ 2984.182279][ T6997] ? rcu_read_lock_sched_held+0x110/0x130 [ 2984.188009][ T6997] ? kfree+0x1f7/0x220 [ 2984.192095][ T6997] ? vfs_parse_fs_string+0x116/0x170 [ 2984.197382][ T6997] ? vfs_parse_fs_param+0x540/0x540 [ 2984.202637][ T6997] ? btrfs_remount+0x11f0/0x11f0 [ 2984.207599][ T6997] legacy_get_tree+0x108/0x220 [ 2984.212469][ T6997] ? legacy_get_tree+0x108/0x220 [ 2984.217414][ T6997] ? legacy_parse_monolithic+0x11f/0x180 [ 2984.223054][ T6997] vfs_get_tree+0x8e/0x390 [ 2984.227477][ T6997] do_mount+0x138c/0x1c00 [ 2984.231814][ T6997] ? copy_mount_string+0x40/0x40 [ 2984.236855][ T6997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.243110][ T6997] ? copy_mount_options+0x280/0x3a0 [ 2984.248326][ T6997] ksys_mount+0xdb/0x150 [ 2984.252587][ T6997] __x64_sys_mount+0xbe/0x150 [ 2984.257475][ T6997] do_syscall_64+0xfd/0x680 [ 2984.262026][ T6997] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2984.267929][ T6997] RIP: 0033:0x45bf6a [ 2984.271857][ T6997] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2984.291474][ T6997] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2984.299898][ T6997] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2984.307875][ T6997] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2984.315869][ T6997] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2984.323854][ T6997] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2984.331930][ T6997] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:54 executing program 0: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)=0x9, 0x4) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x7, 0x70, 0x9, 0x7, 0x5, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x80000001, 0x10000, 0x6, 0x80000001, 0x0, 0x3, 0x7b, 0x4, 0x9, 0x3, 0x100, 0x9, 0xfffffffffffffffa, 0x1, 0x1, 0x2, 0x100000000, 0xc38a, 0x5, 0x5, 0x8001, 0x1, 0x0, 0x3549, 0x1, 0x401, 0x0, 0x0, 0x74c, 0x0, @perf_config_ext={0x2, 0x7f}, 0x20000, 0x1000000000000, 0x7, 0x6, 0x3, 0x7, 0x9}, r1, 0x10, r0, 0x2) r2 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_INFO(r2, 0x3, &(0x7f00000001c0)=""/149) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000280)={0xffffffffffffffff}, 0x117, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000300)={0x9, 0x108, 0xfa00, {r4, 0x84, "4973ba", "f1fd608022f5ff0a9c49d20e8ea4d6062e966f3235f3c63c90c7eb2b2d9bb55dd3fda22bc51a1a36e6a890433ab882dd3ad16b855ddf54e4276555d9a3ccb1d0aeb253ada485c62f1a4cf4604e2df24230d6dc56d923470ac22fc0c45b8eff73b17c62d6b7bbfb3b5d34384163e889b6ff29208157927f5009b4b3d2856f12d6b9170f34a4f5c7f4d6e33bf69eedf5daa6a65308a539080e65275c507db0bce90cf575c7dcadee8296d829991cc6d310cd19f04664160f7ed412fd5c1af86cc3de33004df3ed3759eaa97caae3a0ca0896d7fa2d5a6b858ba6c432556c7def91b322b7d917fff47a34ddfaea9e1951bb00b02460be802120ac610ca859cbcd21"}}, 0x110) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000540)=0xe8) 03:27:54 executing program 4 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`\x00'}}}]}, 0x13c}}, 0x0) 03:27:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) close(r0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:54 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x1, 0x8000}) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) dup3(r0, r2, 0x0) 03:27:54 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2984.755687][ T7031] FAULT_INJECTION: forcing a failure. [ 2984.755687][ T7031] name failslab, interval 1, probability 0, space 0, times 0 03:27:54 executing program 0: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)=0x9, 0x4) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x7, 0x70, 0x9, 0x7, 0x5, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x80000001, 0x10000, 0x6, 0x80000001, 0x0, 0x3, 0x7b, 0x4, 0x9, 0x3, 0x100, 0x9, 0xfffffffffffffffa, 0x1, 0x1, 0x2, 0x100000000, 0xc38a, 0x5, 0x5, 0x8001, 0x1, 0x0, 0x3549, 0x1, 0x401, 0x0, 0x0, 0x74c, 0x0, @perf_config_ext={0x2, 0x7f}, 0x20000, 0x1000000000000, 0x7, 0x6, 0x3, 0x7, 0x9}, r1, 0x10, r0, 0x2) r2 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_INFO(r2, 0x3, &(0x7f00000001c0)=""/149) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000280)={0xffffffffffffffff}, 0x117, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000300)={0x9, 0x108, 0xfa00, {r4, 0x84, "4973ba", "f1fd608022f5ff0a9c49d20e8ea4d6062e966f3235f3c63c90c7eb2b2d9bb55dd3fda22bc51a1a36e6a890433ab882dd3ad16b855ddf54e4276555d9a3ccb1d0aeb253ada485c62f1a4cf4604e2df24230d6dc56d923470ac22fc0c45b8eff73b17c62d6b7bbfb3b5d34384163e889b6ff29208157927f5009b4b3d2856f12d6b9170f34a4f5c7f4d6e33bf69eedf5daa6a65308a539080e65275c507db0bce90cf575c7dcadee8296d829991cc6d310cd19f04664160f7ed412fd5c1af86cc3de33004df3ed3759eaa97caae3a0ca0896d7fa2d5a6b858ba6c432556c7def91b322b7d917fff47a34ddfaea9e1951bb00b02460be802120ac610ca859cbcd21"}}, 0x110) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000540)=0xe8) [ 2984.882674][ T7031] CPU: 0 PID: 7031 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2984.890627][ T7031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2984.900704][ T7031] Call Trace: [ 2984.904025][ T7031] dump_stack+0x172/0x1f0 [ 2984.908400][ T7031] should_fail.cold+0xa/0x15 [ 2984.913195][ T7031] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2984.919031][ T7031] ? ___might_sleep+0x163/0x280 [ 2984.923918][ T7031] __should_failslab+0x121/0x190 [ 2984.928881][ T7031] should_failslab+0x9/0x14 [ 2984.934908][ T7031] kmem_cache_alloc_node_trace+0x26d/0x720 [ 2984.940739][ T7031] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2984.946221][ T7031] __kmalloc_node+0x3d/0x70 [ 2984.946247][ T7031] kvmalloc_node+0xbd/0x100 [ 2984.946269][ T7031] btrfs_mount_root+0x12b/0x1220 [ 2984.946291][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.946313][ T7031] ? btrfs_decode_error+0x70/0x70 [ 2984.971952][ T7031] ? rcu_read_lock_sched_held+0x110/0x130 [ 2984.977690][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.983955][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2984.990226][ T7031] ? vfs_parse_fs_string+0x111/0x170 [ 2984.995541][ T7031] ? vfs_parse_fs_string+0x111/0x170 [ 2985.000858][ T7031] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.006604][ T7031] ? kfree+0x1f7/0x220 [ 2985.010704][ T7031] ? vfs_parse_fs_string+0x116/0x170 [ 2985.016015][ T7031] ? vfs_parse_fs_param+0x540/0x540 [ 2985.021276][ T7031] ? btrfs_decode_error+0x70/0x70 [ 2985.026346][ T7031] legacy_get_tree+0x108/0x220 [ 2985.031136][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.037512][ T7031] vfs_get_tree+0x8e/0x390 [ 2985.041949][ T7031] fc_mount+0x17/0xc0 [ 2985.045954][ T7031] vfs_kern_mount.part.0+0xd8/0xf0 [ 2985.051114][ T7031] vfs_kern_mount+0x40/0x60 [ 2985.055647][ T7031] btrfs_mount+0x2b4/0x15e2 [ 2985.060164][ T7031] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2985.065815][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.072083][ T7031] ? should_fail+0x1de/0x852 [ 2985.076704][ T7031] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2985.082576][ T7031] ? btrfs_remount+0x11f0/0x11f0 [ 2985.087567][ T7031] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.093737][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.100017][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.106292][ T7031] ? vfs_parse_fs_string+0x111/0x170 [ 2985.106310][ T7031] ? vfs_parse_fs_string+0x111/0x170 [ 2985.106329][ T7031] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.106344][ T7031] ? kfree+0x1f7/0x220 [ 2985.106370][ T7031] ? vfs_parse_fs_string+0x116/0x170 [ 2985.122689][ T7031] ? vfs_parse_fs_param+0x540/0x540 [ 2985.122713][ T7031] ? btrfs_remount+0x11f0/0x11f0 [ 2985.122731][ T7031] legacy_get_tree+0x108/0x220 [ 2985.122748][ T7031] ? legacy_get_tree+0x108/0x220 [ 2985.122763][ T7031] ? legacy_parse_monolithic+0x11f/0x180 [ 2985.122787][ T7031] vfs_get_tree+0x8e/0x390 [ 2985.162039][ T7031] do_mount+0x138c/0x1c00 [ 2985.166408][ T7031] ? copy_mount_string+0x40/0x40 [ 2985.171383][ T7031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.177650][ T7031] ? copy_mount_options+0x280/0x3a0 [ 2985.182896][ T7031] ksys_mount+0xdb/0x150 [ 2985.187165][ T7031] __x64_sys_mount+0xbe/0x150 [ 2985.191877][ T7031] do_syscall_64+0xfd/0x680 [ 2985.196404][ T7031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2985.202322][ T7031] RIP: 0033:0x45bf6a [ 2985.206320][ T7031] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2985.225963][ T7031] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2985.234667][ T7031] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2985.242669][ T7031] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2985.242695][ T7031] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2985.258685][ T7031] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2985.266671][ T7031] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2985.266971][ C1] net_ratelimit: 22 callbacks suppressed 03:27:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00'}}}]}, 0x13c}}, 0x0) 03:27:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9e\x00'}}}]}, 0x13c}}, 0x0) 03:27:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:55 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x5, 0x200) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000000c0)={0x2, [0x0, 0x0]}, &(0x7f0000000100)=0xc) getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={r2, 0x100000001}, &(0x7f0000000180)=0x8) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r3, 0x0) [ 2985.266979][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2985.267043][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 2985.267162][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 2985.267215][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:27:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) fcntl$setpipe(r0, 0x407, 0xd79) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xf0\x00'}}}]}, 0x13c}}, 0x0) 03:27:55 executing program 4 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:55 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x60000, 0x0) sendto$rxrpc(r0, &(0x7f0000000040)="a9e8fedf04635b4b94c1aa29f4be81808c706d7629926d729e777f454ce60a51504a925f2d6cb1a4b7f0444cef58d6c9dbb1f681d8e3a2b329f200de26a390a283984242856d521987bfac132a9c8933b820ddde1f5259ae", 0x58, 0x4000000, &(0x7f00000000c0)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e23, 0xaed9, @empty, 0x3}}, 0x24) llistxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=""/59, 0x3b) socket$inet6_tcp(0xa, 0x1, 0x0) 03:27:55 executing program 0: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f00000000c0)=0x9, 0x4) ioctl$sock_FIOGETOWN(0xffffffffffffff9c, 0x8903, &(0x7f0000000080)=0x0) perf_event_open(&(0x7f0000000000)={0x7, 0x70, 0x9, 0x7, 0x5, 0x400, 0x0, 0x1, 0x1, 0x0, 0x1, 0x80000001, 0x10000, 0x6, 0x80000001, 0x0, 0x3, 0x7b, 0x4, 0x9, 0x3, 0x100, 0x9, 0xfffffffffffffffa, 0x1, 0x1, 0x2, 0x100000000, 0xc38a, 0x5, 0x5, 0x8001, 0x1, 0x0, 0x3549, 0x1, 0x401, 0x0, 0x0, 0x74c, 0x0, @perf_config_ext={0x2, 0x7f}, 0x20000, 0x1000000000000, 0x7, 0x6, 0x3, 0x7, 0x9}, r1, 0x10, r0, 0x2) r2 = shmget$private(0x0, 0x4000, 0x400, &(0x7f0000ffa000/0x4000)=nil) shmctl$IPC_INFO(r2, 0x3, &(0x7f00000001c0)=""/149) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000280)={0xffffffffffffffff}, 0x117, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000000300)={0x9, 0x108, 0xfa00, {r4, 0x84, "4973ba", "f1fd608022f5ff0a9c49d20e8ea4d6062e966f3235f3c63c90c7eb2b2d9bb55dd3fda22bc51a1a36e6a890433ab882dd3ad16b855ddf54e4276555d9a3ccb1d0aeb253ada485c62f1a4cf4604e2df24230d6dc56d923470ac22fc0c45b8eff73b17c62d6b7bbfb3b5d34384163e889b6ff29208157927f5009b4b3d2856f12d6b9170f34a4f5c7f4d6e33bf69eedf5daa6a65308a539080e65275c507db0bce90cf575c7dcadee8296d829991cc6d310cd19f04664160f7ed412fd5c1af86cc3de33004df3ed3759eaa97caae3a0ca0896d7fa2d5a6b858ba6c432556c7def91b322b7d917fff47a34ddfaea9e1951bb00b02460be802120ac610ca859cbcd21"}}, 0x110) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@mcast2, @in=@dev}}, {{@in6=@dev}, 0x0, @in6=@mcast1}}, &(0x7f0000000540)=0xe8) 03:27:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r1, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:55 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='trusted.overlay.origin\x00', &(0x7f0000000100)=""/17, 0x11) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r1, 0x0) 03:27:55 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x7f\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) [ 2985.721200][ T7087] FAULT_INJECTION: forcing a failure. [ 2985.721200][ T7087] name failslab, interval 1, probability 0, space 0, times 0 [ 2985.761760][ T7087] CPU: 1 PID: 7087 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2985.770053][ T7087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2985.780312][ T7087] Call Trace: [ 2985.783731][ T7087] dump_stack+0x172/0x1f0 [ 2985.788091][ T7087] should_fail.cold+0xa/0x15 [ 2985.792793][ T7087] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2985.798620][ T7087] ? ___might_sleep+0x163/0x280 [ 2985.803606][ T7087] __should_failslab+0x121/0x190 [ 2985.808586][ T7087] should_failslab+0x9/0x14 [ 2985.813109][ T7087] kmem_cache_alloc_trace+0x2ce/0x750 [ 2985.818494][ T7087] ? kasan_kmalloc+0x9/0x10 [ 2985.823004][ T7087] ? __kmalloc_node+0x4e/0x70 [ 2985.827683][ T7087] btrfs_mount_root+0x174/0x1220 [ 2985.833099][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.839349][ T7087] ? btrfs_decode_error+0x70/0x70 [ 2985.844382][ T7087] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.850121][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.856383][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.862737][ T7087] ? vfs_parse_fs_string+0x111/0x170 [ 2985.868034][ T7087] ? vfs_parse_fs_string+0x111/0x170 [ 2985.873347][ T7087] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.879068][ T7087] ? kfree+0x1f7/0x220 [ 2985.883162][ T7087] ? vfs_parse_fs_string+0x116/0x170 [ 2985.888477][ T7087] ? vfs_parse_fs_param+0x540/0x540 [ 2985.893700][ T7087] ? btrfs_decode_error+0x70/0x70 [ 2985.898729][ T7087] legacy_get_tree+0x108/0x220 [ 2985.903515][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.909800][ T7087] vfs_get_tree+0x8e/0x390 [ 2985.914210][ T7087] fc_mount+0x17/0xc0 [ 2985.918201][ T7087] vfs_kern_mount.part.0+0xd8/0xf0 [ 2985.923332][ T7087] vfs_kern_mount+0x40/0x60 [ 2985.927976][ T7087] btrfs_mount+0x2b4/0x15e2 [ 2985.932503][ T7087] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2985.938170][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.944453][ T7087] ? should_fail+0x1de/0x852 [ 2985.949053][ T7087] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2985.955383][ T7087] ? btrfs_remount+0x11f0/0x11f0 [ 2985.960969][ T7087] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.966811][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.973109][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2985.979367][ T7087] ? vfs_parse_fs_string+0x111/0x170 [ 2985.984671][ T7087] ? vfs_parse_fs_string+0x111/0x170 [ 2985.990038][ T7087] ? rcu_read_lock_sched_held+0x110/0x130 [ 2985.996379][ T7087] ? kfree+0x1f7/0x220 [ 2986.000501][ T7087] ? vfs_parse_fs_string+0x116/0x170 [ 2986.005803][ T7087] ? vfs_parse_fs_param+0x540/0x540 [ 2986.011011][ T7087] ? btrfs_remount+0x11f0/0x11f0 [ 2986.015970][ T7087] legacy_get_tree+0x108/0x220 [ 2986.020745][ T7087] ? legacy_get_tree+0x108/0x220 [ 2986.025788][ T7087] ? legacy_parse_monolithic+0x11f/0x180 [ 2986.031436][ T7087] vfs_get_tree+0x8e/0x390 [ 2986.035867][ T7087] do_mount+0x138c/0x1c00 [ 2986.040565][ T7087] ? copy_mount_string+0x40/0x40 [ 2986.045520][ T7087] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.051805][ T7087] ? copy_mount_options+0x280/0x3a0 [ 2986.057018][ T7087] ksys_mount+0xdb/0x150 [ 2986.061274][ T7087] __x64_sys_mount+0xbe/0x150 [ 2986.065963][ T7087] do_syscall_64+0xfd/0x680 [ 2986.070475][ T7087] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2986.076364][ T7087] RIP: 0033:0x45bf6a [ 2986.080288][ T7087] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2986.100369][ T7087] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2986.105691][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2986.108895][ T7087] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2986.108925][ T7087] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2986.108934][ T7087] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2986.108952][ T7087] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2986.114768][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2986.122769][ T7087] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2986.160752][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2986.166642][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 2986.172519][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 2986.178385][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:27:56 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) close(r0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:56 executing program 5: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x8, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x6, 0x6, 0x5}) perf_event_open(&(0x7f0000000140)={0x2, 0x40a, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:56 executing program 4 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:56 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xff\xff\xff\xff\xff\xff\x00'}}}]}, 0x13c}}, 0x0) 03:27:56 executing program 1: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/snapshot\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000001ac0)={0x3, 0x8}) r1 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000000c0)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) vmsplice(r1, &(0x7f0000001780)=[{&(0x7f0000000100)="3ecbdf2c3b1238d93be1b3501fbe60b452f375fbd42ec5e5fc22f304e6dff3eaeea017433882d79ffe167d8f7483410fdee2be533857b82b1f22e8ff3a4dbe84c4314dd9b2e1c04c5677c063557d5534ba49d4d2fa3ed0221340341f", 0x5c}, {&(0x7f0000000180)="cb6ddbc651d1f339e77679f722e0d3e37a4b8f8e3d388b051229bb845c580ec3b30af22093d6a89c182bc153eb3ba92069054f9fb6219deb5a645ce482db0ec8166272736c92fbae17398327e9fb2805748d47992a4376891a6c990290bf113bff6641dc9b12581dbce3684e9905756d7640dcda9af12319c0ed169cda6a7d75c47a2f4155adf4ca9913f62eb0b3a02d6fcfcc5d38a1a7e373278729be4c555682939307e7a20a56480004e28a94f225f3149d6180a7df58a8fdc5bc8cea3a578f3f4a63a2401f48c9dfcf82b212e0a27705dc4220a829632fefe0", 0xdb}, {&(0x7f0000000280)="4b17d8bda4ad4a592668121c7a02659b40d86881de02957c9bef1c2c108dacb9056e410ed716eea020c4fb95c242c0cdec2aeed0a7fbc28f8a4a7c9322ff87b7e09c5c0448ee3598a2375620b668d270914d6f8a8ae4e3152a2f3257e8f34d474006a0784ea244a126a30afa4a754e0e19e249330685308fe3325dbd840337fef7f98190194cbad49ab659b50c1c90ff524f1571b97009b71f5b63a1ea7877645df2ee816d9ebbd13b0e0db3d7153cbe04bbc64a525a07aa4db92989414a1d873792464b741bb2a4810dd2c9c6e27da66c4b6947e46f6e70e883c8f069877184027f3d197053424fd3b9", 0xea}, {&(0x7f0000000380)="bd82735f9fc7b1f24d464b366982aad2f18073a47266f98c8d3f5b4708754d53bf4a6be18331dfa9c44b9922073578e59103d7e79c1734610b3ea8b5742bfde060ad6a19b9c03584d3eb1d6505c11e89c629a0c0d6198fe7eb3445672a489311b2740af8f07a3ec29b268d50cd567909b6a2202e1511a1d76497c5d67686aa174b49ca9d74c0e94c209d827149b64b2f6941d6e9e54f24fa585724c8caa8d6b5a7e40be17245101e578445daaddf143968759fc2055908914d47b253378724f4d5b32184c7f73d2024c058bc96736a975af04a871a1e38bebeec035864f3acb12b46458dac208de49f5e292d9c7a6ccc57a28ee26cb2aa237f81c68da466313f028ce6f179c01af30b45666993a731e79727ffe82419f6f348fb3b16cf7c79d982a421a113423256c42ee63fbb30fc77120ca0c26416c5e6906655f06b073a5a7025f5fcdbb0b496e1b21d005e72f0b96d4ae7c2a8f90b9926130a652ee590a13bd90a4237dcf6d208935da9971928c0069cc022d0ad1fec0df44cf562ead07c6f51e2f89797f0a46de132b5f2a39637c4044f38df8398003bc1bd466cde798eef362d01d8b5f720bde7e26f455ecbd63c5ec4a73d768dff54f0267c30ce957c0cd906ed328fe3ed746371e1868e6f18411df327243f46e064c5e7fcc790bddfe668092dd04e24beef4dcf35b62278b0e8293d3f0e3c3ad99e74f9df865186895d56f4ddf8dd6c1a2c37a122f04651a9b666ead9dffa2eb9afdc807576477f4623562cbbaf6f6b51faf348f53f59bec4f60adcb4e75eb64e0968b0f41285f7def4b879ec2babfa3554014ed9b85c70c1ccf428753af42007d83186d71baa30ae3ce0aa86895aec59e0724a73e8d9b78222af7d7da83169831164da651ee46de80b727e4354b057e337a716532bdbcf627f46397f0fccf8fbe21596a7e0ef83f7e42f1e09f914076beb5826c3078b6740b78ff7031b689de254024f0cb7d8707d4a4757b5217c392825e140f4d2aad84b1f2c081bfed36747843939e76830a6bb620cbb68e80e8c667de63630b313c02720bd52ef7df5487d1613169ade8dd72094f30aaf841f5b925ee44ea7bf9b8beffefc19fa37016eb962de8bd8a9153b275cd8ebb1d01d1b527a079816e8e0ded9376edd47d9e82d2a3efd4bace9ec0be90a3c9889d4754356ad32964c6f7e514e80839be69ed6cf7ab61b8ef340e99b734eb2e5a23654e72b4c3f9a1a7e4c92c7d63cc9ce9f804e34541b8819f061b33a27435090bfdb872eb1f8a496961b5b7ff5ab34e3591997e8498d97825a65363f887542142fc462daaeff16f51ad1a9f142ccf1c70205ae2d7ef5bd55a9982ca319c2d22ee0113aa676b1abe626e09977190a6a28634068471c72d7a3dea326479d0225a0b2ef77d528b7ef2b8aff686ac0b1459aec800ec7273b2da20e2ca1af5e4ebe2aa574150565f8825cf9a963147e599b4826111eaf8285607f76551898c804ea4b8a1aeee31cd3c01167182e7c4550ff0ff116fd8017610360a7a6c0c542419bae95fea71c780d3302ce629cf312487ca6c60f4fe2caa7121d9ef507aea5756193c30bf1fcb1573e7f39919252da398bc59c640e9707cdb41161fd93b61d02f7783e0bd148289c10c773ae26aa4503f837ef762a909762edb61b8df950386e97608f544eebea98664fdfcb270234b0ea7c0950cb3b0b34d731a04a7fe6d1ed527a22ef5e8ea0c869a52f601a4e52963f7b5f4a954c0b5017cacb93c8a4e9984ebed9bb249fee33c5037eae05a58dd681356cabeb5aeabf5ecf1b0ef74d99deba3eaff3ebfa204efe352e766c593f5551da9242576908b4053a346926ad5cd60ebcc560394491c37933294ea137c5d120e91ff262721d56ba28420dd4908900b9e81e7d7d7b674d91b77367cde182943018a3dd7bbd308fa8118fa68231e71df801c521a1aec7184ed2b82ae405abbf6f989432c553db3c30e79574b9ef2ac5ea5ce3b8b6889ea0e39cf240d7ca24fb49d1606b360f467349fab37e9831e7dd8dcdad33ccd8c32daf5c356cdc7ad3d35436365ece0507788ba6397a3e76b5195320d1f17b187aa64e557e321255229abcf2fb7024b2a928e25a07e39b4192a326ff57e7784745afe7ade52612be501e7ba8d870a36e2d85b52068b4ee8d1ad0ebb1f9ce86995a01b579a1c5ff39198aa5bd445d2169efdda4a8cd5b19861b128432eccce9cd1bb49b2b1bcee040b8c6ff72fd2da756b6686758d64f963e39ea71d3d897c78b290c814528ab789441ce9aa5682d45a5b694f09fe315172b2f41bed58db9e3e0b6b3eba2baf2bb018a83661f13e4d124332797c528d0c2ad0a950bf9b38316e1269b4e9800c3f1fe402ad5db73e138cee9a2018a43b205190bc0a9decf0888ae1d7976175c4f72ab79648353dcfd15977fd64a4d523c1b82ef34661842275a805d45f8c538cccc18af40dff085df8883e52eb7b05311e830581913fafeccb84c4fbaef55082e8ee0458bdb157582780fa93266023bdf764b2ce77e0bfc275b8d0693d594ec90b7223e054df501c50991ce313255c320abd0276c05c7aca2ebc1325983d408e7a96c1c5a8de47c8119f41e327f66bee472cad80785d82d22cd96897c6be506dbf52415bb1fde7ec3f1b24b88dc9d541ff81172fb0d4999532765f3b5c91f16506e5780811b5018e423ec95bbed200be1a017d7993f2b7f4d2862e8ad5ac114c908887f2a7e2aec15f53338e1c490a6d4537afffa12f359f05c9f1b7a5975f2109487ad3bd94dbc4bc6b83ec68b05bede805ac8726549757eabdcb0cea803783742c6415fcdfb4a077a35bc8e2d8d39f1bbf7de999dc2a83b682724c8cba9f02bdb0c2ba1ea736535dcffc098b4a3d4a15f75bdd2588849425a3b3c588f9b6f175a4a1e811eb569cb2d630692390e0f2a066c3b91261ee77ddd84381c87b187d576cd6be35f0038d05594ea15b38bb7a4283c0f4359e5cbf4c85ea405df648dd1a2c2e854af5e48d190fa1c3f9dd49af4690ff4016c19ac045c4bb300017d625358129b18b951a7babd1743975d967a30d68a6904b4071d01b23ea030e609eeec2159ded70b3d5827a3dfcb4f053010aa084173f1fd56c1b3a01f40ba26ec3c1e6895499a9f7a209f9512330c1a3d8a093bc4c96c116607a02c7c6b296845f879df0bdd2e91792e47a2de044893d0d43be54c5b4c59807e60e9a1d10a262d512af0fc22b37510a3e00951ca25530e5cf644e6cdd580ba7cede4fa7936b011f3474cd9da412634855edad91287a6e2d88a99497f859960ddc34b8aa9fe5772dadc43b5ad1a81abfe6f01c3b3f0cddbc26f06cee77edd5ecdf01da44fda6bbcb945846dc7eb59cf67430471910a081b44031ccfaa675fac85a45f978ef1d489655217a81541f66edeb6962a7ce656c59e0d24807fa1e065f4927cf070c76c667e239cf3e5f7e8308837f5d0701f97a5ed60b6fa6063af395f26bd2d5b37340c0c05ce1efd93cf7c1ab365eba81d577a0b342fdb9156e439ce480489c8fd2b318ef960bc45e4bc294b2a8cc137594974269890b7a51d5a10c657aa8a8c5f09a79adcc36477d977459574942182969bcc01a4a5eff634a7cf01ff8025cc249b451ff17ef222a6233d0542a622c0043c6eef74a1144c408b9cb3303b8aa8ba8b1e191a50dba94c80e46858f90818d68c916396d3224f4add2ae76697268c7f9abd069d7c3170d1f24393aaf0dd3d047d3f5d19bb42402073a212c17f41ca21a577329e4d3a50c91dc978b2086529c800e3b46bbe533a3b60ddecbb3acf470397dd9b14da9063dfa21836492766052352230aa660ac373edcb425509599d5508424768f229f4e0fc1f80aef21da6cf80bcf017515c21f6aac7c8176fe19ecaa9ab9ce6447cbf34aa88bf48c5f48212694a5616584cac0faecda2afd692df21e62376048f16f8fb05bb3386a3676d9928f1952a31e3655753039f93694d5dba882d7eb6a3aee8a96afc86e9712b432e761264f5ab5475e330d2add31be114b284a34e7cf7f7f43ddb9b9e3560f40d23b8b5f5afe67ac2802ccff4551f9cb123f03ddbc5493f5d5c55b800bf1b8614cdf8ef7b44b844a07f18c6e3177a46914ed157086a9f395846654f901ec9b91c870037d01cce8ccbfea2afa8dc33db164813adabff7216b6dbbe75e4dee7fedc014df594da1e3c20e403d700953ee764170e00c698f142897900e44f829c227a4dd6bc928935ecd07aebb479d6987b0cb40827121181e2a0416d88a3218a17bff426f38c7f3e4c66dd4b09d1d707ccf0f8d8c12c9fe5869c1a92a741220ced94d89c34f98174251d23fe9bbd9f69791ad0e9e9c1f20c11bc924f24aec5f223cf232238e0c1b45cb456ed07e107320dbb15d18f01fb016fb2b1b5d59556af3f66b959d71cc7887249d9eee7f108ee09b9fdbe3263c1d62de85a0476273d9727b61ae0c058261448a2a7d945c7f8b178486e725ade8323ea7f12a2e91b1d799646e505b05e528be3fd50f03082a3d76434c548f1c9852a8911940cf925286cc5687f1139e71931a70b64ae6cfc4e4140b6d5ad2e5f7cad353940184d01afa312b7abeb03d2524d255480b322005786b8c494a559e6775ceaf96247734faa5cfb078cb2436dce06b586664f4c5466de8e97f96200b4da28348a50fede6e744d782f362b097b92aaa8fa89e5e50c5a8baa42ad1ae3adfbbb791619437f4abfbd0038ab9dea01234e3e18576a074c1eb780fe78decf2f353e73916eef9c40a70bb410145037955a47ad7f518f68857be97e514cecdfdb9bee716d5f85126ea4704ba2e2ff535c95a54b854b6d9409908ae4d24e385f76fbc50ce20da4602f4923f496be80d74079d799cdbfe550bc370e9e58db88443d464a8021c8ec9e75e3a7d497fd8b4e91bfffed093e63f14e34c51de958bcecff20489f03612cbf1c07d4660eafb5186317b15da44206fb547be644518902f36e719b956bb9d04340da00a33fd4cc7566b4f428e99c01f05f737563432b3a6e42efe4cd9144ec242b3c55ba8fd5ef06eac30649288e37ff63ad5bb18f2d36e1927cd524220b6e2567a88cf5e82959bd6cd3d88bf3f1ddcd55d32ab9c440c2a00b9305fe7f85e00d38d6266785257c5b3e5d71a540dc68b1634873fcbcf8e57cd77ae0d3c81208c08a82598e46fd81e6515fb10ba55bfb32b1d81d8b2c9cdcb14568b761edd4700c69fbb44a18048729213b588953cf0585675146df1a783d82d241e98a5b83858aa75b666557a2a2a51bc5c8945a00a0eda753fd51c2462fef0077ede8370db48b3ed55c7b28da1905131368eb46dca6f4a7dd701cc4810a83ab96f23060572b1218de123d2957496145fa6588f66bfa52f7184e457888d6960a813e05bce6952728cc38ede2545511877486f0224fa1d8727c8d0c803d044e7398083f8930db399f06b0136d7a211943ef9229b4d53d7e8cfe51518a9d734024c9bec1fe3b751d67a2ce22468694207e02588c64bed234641754ce60e73621255681fc063fbad725b0c09332d802511f7223eb5dadf7052b063c9c2b61d12fd20cd8c724f8db35e26ed85636ba86ddd49396dfb947dbbc1b118ca2c2e6c3a65e5faee9f8435b463c631566e37aafd2dd19ef68dbdaec0af680d9b7b234728e310a4725f3df231f8217af9044b1a98c84b5c36333a4a1ce1bb9ca2ec961399ff0e8104af8eb3cd63ddbc206db45684b0d8330bfe045a7e759177c6b18b1ab76a7907a8741e2fa60469efcd632f3c76855fa6e474", 0x1000}, {&(0x7f0000001380)="35bedda22369f415431c0138a514f0ebdd046d29bbc3555675634e5ac81803c3fb5854b11ac607d9f8adf84fde395287e589d9191265702d9f528e2986df03bc490ed16115d70e4d71062cff9c140e2fd70b9c1e4944ffe10f43b9fba8a3e3f1e7481625fc069c994cde4a645e6bbd36ebdb80c24b5851f3df3ba98ccc", 0x7d}, {&(0x7f0000001400)="1090d289c96f96a8270da92166599551482418901d83f41f1f3c004efc650f4ce9eb06fc25fc8f7775dbdedb77ae4ab769d400f20a5342ad3ede205fc81ef11d4e7afa2cc3d1172fee54c17a137a3a10bb9d003d223408a5adb5971740a0e70a4378", 0x62}, {&(0x7f0000001480)="f18d83a9ce70d8c3375c05f42bf8cc41dcb56c74c7034c497f2d0a1c433f0bf2c52e2d7e033e2a554f8ac16a8a869030c5f946467aabb5a66f833a68b5063a71cb6b8f0fe48654603aca2450dd7c27478e5c1b399e0687b59ede81f8696d30a29fcfd1d6b333eaf8ef3275480d9cb0865b2826c5b9752e2497319656a0dc65211989e61b8fc6b18eb6577de2534a4cfd9e1830d84601e5b2b143a505d1f0996b228c543f7b27c87084e102dd3d73f6f133b29e884d966f6d537ddb92be70fe9f90e60774885cc1b2", 0xc8}, {&(0x7f0000001580)="a8f6f53929a522a06f971a93b6561e9d67cd9ec3a828653fce0b6b92ae55d24f443cff5d986b3ff47928c2bd0f9135fcc2d4682c6c8f6f6e8ba7a3369b76554bd174ceb8e572eeba5548c5fe9672f70c6e02c674f08804997c1839628a3bb1262c973c43570c5ef779db3a71649f6b6c7c072d7227435ff954c77e5a44593de61825", 0x82}, {&(0x7f0000001640)="c8501c6742f08559bbb93fb6c7a32db36146c79541477aa6e544e2ebe736d15fde1654317d97a72c066d673426b0c0197b706c43c6f21a4314820f9ac4ca97287670fe4a69ea8ec9917953d537046413047811ded096e01e0538282fdeea03fedc502ca6cea5aea873402b11ae9e89ce008023a4b54c32847c8355e72edcba439e72f54a2d84056595e9f9cbbe1cf140c63f6f7eb9fc78ff738d0a78e78fea1bfa1c457a77973722dab7e3e016c6c9cd2f13660222492817a4e27e21da6485b060ae8fab8bf6a09babc33f37d870f4b574ea649633233cace12961e16ff4d1c7323542789c7802817b5800a026c400", 0xef}, {&(0x7f0000001740)="4c4b3b554eec9fb027097c4550a730e80caeebdfbffb2b64805e62d49e647c4bf9ebd81bb4bcb6c1ae6aae94e50968ceba8e988e90fad3ef60262af3", 0x3c}], 0xa, 0x8) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r4 = dup3(r2, r3, 0x0) ioctl$EVIOCGVERSION(0xffffffffffffffff, 0x80044501, &(0x7f0000001840)=""/183) syz_open_dev$mice(&(0x7f0000001900)='/dev/input/mice\x00', 0x0, 0x400) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000002e00)={0xf, @vbi={0x6, 0xfffffffffffffffa, 0x3, 0x3031334d, [0x8ea4, 0x61], [0x1, 0x1], 0x13b}}) ioctl$LOOP_SET_FD(r0, 0x4c00, r2) 03:27:56 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x80, 0x0) syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0x67, 0x800) getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000100), &(0x7f00000001c0)=0x4) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000000)) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000040)=0x3, 0x1ce0b40837ea5054) r2 = fcntl$dupfd(r0, 0x406, r0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x4008af23, &(0x7f0000000080)={0x3, 0x3ff}) [ 2986.622844][ T7117] FAULT_INJECTION: forcing a failure. [ 2986.622844][ T7117] name failslab, interval 1, probability 0, space 0, times 0 03:27:56 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x1, 0x8000}) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) dup3(r0, r2, 0x0) 03:27:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0xfffffeffffffffff, 0x2) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2986.723882][ T7117] CPU: 1 PID: 7117 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2986.731817][ T7117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2986.741897][ T7117] Call Trace: [ 2986.745230][ T7117] dump_stack+0x172/0x1f0 [ 2986.749628][ T7117] should_fail.cold+0xa/0x15 [ 2986.754242][ T7117] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2986.760076][ T7117] ? ___might_sleep+0x163/0x280 [ 2986.765043][ T7117] __should_failslab+0x121/0x190 [ 2986.770009][ T7117] should_failslab+0x9/0x14 [ 2986.774625][ T7117] __kmalloc_track_caller+0x2d5/0x740 [ 2986.779993][ T7117] ? btrfs_mount_root+0x1d0/0x1220 [ 2986.785206][ T7117] ? rcu_read_lock_sched_held+0x110/0x130 [ 2986.790988][ T7117] ? btrfs_mount_root+0x2b8/0x1220 [ 2986.796223][ T7117] kstrdup+0x3a/0x70 [ 2986.800141][ T7117] btrfs_mount_root+0x2b8/0x1220 [ 2986.805104][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.811493][ T7117] ? btrfs_decode_error+0x70/0x70 [ 2986.816567][ T7117] ? rcu_read_lock_sched_held+0x110/0x130 [ 2986.822375][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.830359][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.836600][ T7117] ? vfs_parse_fs_string+0x111/0x170 [ 2986.842017][ T7117] ? vfs_parse_fs_string+0x111/0x170 [ 2986.847391][ T7117] ? rcu_read_lock_sched_held+0x110/0x130 [ 2986.853142][ T7117] ? kfree+0x1f7/0x220 [ 2986.857227][ T7117] ? vfs_parse_fs_string+0x116/0x170 [ 2986.862523][ T7117] ? vfs_parse_fs_param+0x540/0x540 [ 2986.867730][ T7117] ? btrfs_decode_error+0x70/0x70 [ 2986.872757][ T7117] legacy_get_tree+0x108/0x220 [ 2986.877524][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.883836][ T7117] vfs_get_tree+0x8e/0x390 [ 2986.888267][ T7117] fc_mount+0x17/0xc0 [ 2986.892269][ T7117] vfs_kern_mount.part.0+0xd8/0xf0 [ 2986.897383][ T7117] vfs_kern_mount+0x40/0x60 [ 2986.901917][ T7117] btrfs_mount+0x2b4/0x15e2 [ 2986.907022][ T7117] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2986.912673][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.918918][ T7117] ? should_fail+0x1de/0x852 [ 2986.923573][ T7117] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2986.929381][ T7117] ? btrfs_remount+0x11f0/0x11f0 [ 2986.934424][ T7117] ? rcu_read_lock_sched_held+0x110/0x130 [ 2986.940244][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.946504][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2986.952741][ T7117] ? vfs_parse_fs_string+0x111/0x170 [ 2986.958025][ T7117] ? vfs_parse_fs_string+0x111/0x170 [ 2986.963310][ T7117] ? rcu_read_lock_sched_held+0x110/0x130 [ 2986.969019][ T7117] ? kfree+0x1f7/0x220 [ 2986.973087][ T7117] ? vfs_parse_fs_string+0x116/0x170 [ 2986.978369][ T7117] ? vfs_parse_fs_param+0x540/0x540 [ 2986.983591][ T7117] ? btrfs_remount+0x11f0/0x11f0 [ 2986.988561][ T7117] legacy_get_tree+0x108/0x220 [ 2986.993349][ T7117] ? legacy_get_tree+0x108/0x220 [ 2986.998334][ T7117] ? legacy_parse_monolithic+0x11f/0x180 [ 2987.004017][ T7117] vfs_get_tree+0x8e/0x390 [ 2987.008461][ T7117] do_mount+0x138c/0x1c00 [ 2987.012811][ T7117] ? copy_mount_string+0x40/0x40 [ 2987.017745][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2987.024003][ T7117] ? copy_mount_options+0x280/0x3a0 [ 2987.029216][ T7117] ksys_mount+0xdb/0x150 [ 2987.033576][ T7117] __x64_sys_mount+0xbe/0x150 [ 2987.038248][ T7117] do_syscall_64+0xfd/0x680 [ 2987.042742][ T7117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2987.048624][ T7117] RIP: 0033:0x45bf6a [ 2987.052504][ T7117] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 03:27:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}}}]}, 0x13c}}, 0x0) [ 2987.072513][ T7117] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2987.080944][ T7117] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2987.089115][ T7117] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2987.097080][ T7117] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2987.105049][ T7117] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2987.113108][ T7117] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 03:27:57 executing program 4 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 03:27:57 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x9, 0x0) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000000c0)={0x0, 0x1, 0x0, "17f18d5dc3bf5ad08f6c7c76d6419e617c4e17f27b38bff4578a88cf19c279bd"}) r2 = dup3(r0, r0, 0x7fffe) ioctl$BLKROGET(r2, 0x125e, &(0x7f00000002c0)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f00000000c0)={0x4, 0x41414270, 0x8, 0x6, 0x3, @stepwise={{0x9, 0xa373}, {0x20, 0x3000000000000000}, {0x5cb, 0x3}}}) open$dir(&(0x7f0000000280)='./file0\x00', 0x400, 0x110) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0x40a85323, &(0x7f0000000000)={{0x3, 0x8d}, 'port0\x00', 0x1, 0x41006, 0x200, 0x5, 0x20, 0x3f, 0xde7b, 0x0, 0x2, 0x81}) mkdir(&(0x7f00000003c0)='./file0\x00', 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r4 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f00000002c0)) umount2(&(0x7f0000000000)='./file0\x00', 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) setsockopt$bt_BT_SECURITY(r2, 0x112, 0x4, &(0x7f0000000240)={0x0, 0x8001}, 0x2) gettid() ioctl$sock_inet6_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000300)) socket$kcm(0x29, 0x5, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) close(r6) fcntl$dupfd(r0, 0x3, r0) mount$9p_fd(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="7472616ebf08000000000000006f3d", @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB]) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r8 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r8, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070") r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) 03:27:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000000)={{0xfffffffffffffffe, 0x4, 0xd8d1, 0x6, 0x800, 0x3}, 0x100000001}) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x100, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x10003, 0x0, 0x0, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) 03:27:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00'}}}]}, 0x13c}}, 0x0) 03:27:57 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000240)={'U+', 0x9}, 0x28, 0x3) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x80) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={0x0, 0x3448a558, 0x6}, &(0x7f0000000200)=0xc) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) dup3(r0, r2, 0x0) 03:27:57 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f00000000c0)={0x0, 0x1, 0x3, 0x1, 0x8000}) r2 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f) dup3(r0, r2, 0x0) [ 2987.546717][ T7153] FAULT_INJECTION: forcing a failure. [ 2987.546717][ T7153] name failslab, interval 1, probability 0, space 0, times 0 [ 2987.615137][ T7153] CPU: 0 PID: 7153 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2987.623172][ T7153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2987.633244][ T7153] Call Trace: [ 2987.636562][ T7153] dump_stack+0x172/0x1f0 [ 2987.640908][ T7153] should_fail.cold+0xa/0x15 [ 2987.645520][ T7153] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2987.651365][ T7153] ? ___might_sleep+0x163/0x280 [ 2987.656234][ T7153] __should_failslab+0x121/0x190 [ 2987.661189][ T7153] should_failslab+0x9/0x14 [ 2987.665709][ T7153] __kmalloc+0x2d9/0x740 [ 2987.669972][ T7153] ? tomoyo_realpath_from_path+0xc0/0x7a0 [ 2987.675710][ T7153] ? rcu_read_lock_sched_held+0x110/0x130 [ 2987.681443][ T7153] ? tomoyo_realpath_from_path+0xcd/0x7a0 [ 2987.687270][ T7153] tomoyo_realpath_from_path+0xcd/0x7a0 [ 2987.692829][ T7153] ? tomoyo_path_number_perm+0x193/0x520 [ 2987.698519][ T7153] tomoyo_path_number_perm+0x1dd/0x520 [ 2987.703992][ T7153] ? tomoyo_path_number_perm+0x193/0x520 [ 2987.709745][ T7153] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 2987.709760][ T7153] ? perf_trace_lock_acquire+0xf5/0x530 [ 2987.709783][ T7153] ? __fget+0x35a/0x550 [ 2987.709816][ T7153] ? __fget+0x381/0x550 [ 2987.709837][ T7153] ? ksys_dup3+0x3e0/0x3e0 [ 2987.734768][ T7153] tomoyo_file_ioctl+0x23/0x30 [ 2987.739553][ T7153] security_file_ioctl+0x77/0xc0 [ 2987.744524][ T7153] ksys_ioctl+0x57/0xd0 [ 2987.748706][ T7153] __x64_sys_ioctl+0x73/0xb0 [ 2987.753321][ T7153] do_syscall_64+0xfd/0x680 [ 2987.757847][ T7153] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2987.763753][ T7153] RIP: 0033:0x459387 [ 2987.767661][ T7153] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2987.787286][ T7153] RSP: 002b:00007feed796ca88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2987.795720][ T7153] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 0000000000459387 [ 2987.803775][ T7153] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005 03:27:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}}}]}, 0x13c}}, 0x0) 03:27:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00'}}}]}, 0x13c}}, 0x0) 03:27:57 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x50d, 0x0, 0x0, 0x6, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x20000000000002, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x0, @perf_config_ext={0x7, 0x71d}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setsig(r0, 0xa, 0x3d) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}, &(0x7f0000000180)=0x10) getsockname$netlink(r1, &(0x7f00000000c0), &(0x7f0000000100)=0xc) dup3(0xffffffffffffffff, r0, 0x80000) [ 2987.811769][ T7153] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2987.819754][ T7153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 2987.827765][ T7153] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2987.846253][ T7153] ERROR: Out of memory at tomoyo_realpath_from_path. 03:27:57 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) poll(&(0x7f00000000c0)=[{r0, 0x8641}], 0x1, 0xc4b) ioctl$BINDER_WRITE_READ(r0, 0x40046208, 0x0) 03:27:58 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(r0, 0x0) 03:27:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00'}}}]}, 0x13c}}, 0x0) 03:27:58 executing program 4 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000008c0)="8da4363ac0ed0000000000000000004d01000000000000000000000000000000fff6f2a2299748aeb81e1b00ff0efd9a000001000000000001000000ffffff8c5f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 2988.229337][ T7198] FAULT_INJECTION: forcing a failure. [ 2988.229337][ T7198] name failslab, interval 1, probability 0, space 0, times 0 [ 2988.309983][ T7198] CPU: 1 PID: 7198 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2988.317936][ T7198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2988.328011][ T7198] Call Trace: [ 2988.331340][ T7198] dump_stack+0x172/0x1f0 [ 2988.335700][ T7198] should_fail.cold+0xa/0x15 [ 2988.340314][ T7198] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2988.346148][ T7198] ? ___might_sleep+0x163/0x280 [ 2988.351117][ T7198] __should_failslab+0x121/0x190 [ 2988.356076][ T7198] should_failslab+0x9/0x14 [ 2988.360600][ T7198] __kmalloc+0x2d9/0x740 [ 2988.364863][ T7198] ? bio_alloc_bioset+0x40f/0x680 [ 2988.369907][ T7198] bio_alloc_bioset+0x40f/0x680 [ 2988.374779][ T7198] ? btrfs_alloc_device+0xb4/0x720 [ 2988.381025][ T7198] ? bvec_alloc+0x2f0/0x2f0 [ 2988.385553][ T7198] ? bd_set_size+0xb0/0xb0 [ 2988.389991][ T7198] ? wait_for_completion+0x440/0x440 [ 2988.395304][ T7198] btrfs_alloc_device+0xd3/0x720 [ 2988.400269][ T7198] ? btrfs_find_device_by_devspec+0x5b0/0x5b0 03:27:58 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x2, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000040)=0x4, 0x4) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) 03:27:58 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\x00'}}}]}, 0x13c}}, 0x0) 03:27:58 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) readv(r1, &(0x7f0000000400)=[{&(0x7f0000000300)=""/205, 0xcd}], 0x1) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000200)={0xf, @win={{0x0, 0x6, 0xd4, 0x7}, 0x8, 0x5, &(0x7f0000000140)={{0x200, 0x6, 0x80000000, 0x7}, &(0x7f0000000100)={{0x2, 0x3f, 0x48, 0x5}, &(0x7f00000000c0)={{0x9, 0x7ff, 0x3, 0xfffffffffffffffb}}}}, 0x73, &(0x7f0000000180)="2b0e49739967ec714498e4d837b70f64e845b2f11426460b7c67814a17756e13257ecf770340d88e65c0cb3d01393652cf49e44f1587dae7d4d277878cbed52cff6ae58845edd8d4a7f41a5873da2bd280d535d4727f295d9288033c8177dad288ab88c47b2f7314d54f2ece4266", 0xbb}}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000004c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000480)={0xffffffffffffffff}, 0x13f, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000500)={0x12, 0x10, 0xfa00, {&(0x7f0000000440), r2, r0}}, 0x18) dup3(r0, 0xffffffffffffffff, 0x0) write$smack_current(r1, &(0x7f0000000540)='.\'keyringsecuritycgroup)ppp1\\@\x00', 0x1f) 03:27:58 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x400000000800) dup3(r0, r1, 0x0) 03:27:58 executing program 2: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x11, 0x2, 0x0) r2 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r3 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) setsockopt$rose(r1, 0x104, 0x6, &(0x7f0000000000)=0xd0cd, 0x4) ioctl$NBD_SET_SOCK(r3, 0xab00, r1) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000040)) ioctl$NBD_CLEAR_SOCK(r2, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) fstat(0xffffffffffffffff, 0x0) [ 2988.406365][ T7198] ? blkdev_put+0x98/0x560 [ 2988.410820][ T7198] close_fs_devices.part.0+0x1af/0x790 [ 2988.416352][ T7198] btrfs_close_devices+0xa0/0x200 [ 2988.421412][ T7198] btrfs_mount_root+0xf0c/0x1220 [ 2988.426386][ T7198] ? btrfs_decode_error+0x70/0x70 [ 2988.431436][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2988.437214][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.443486][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2988.448803][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2988.454115][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2988.459852][ T7198] ? kfree+0x1f7/0x220 [ 2988.463960][ T7198] ? vfs_parse_fs_string+0x116/0x170 [ 2988.469246][ T7198] ? vfs_parse_fs_param+0x540/0x540 [ 2988.474481][ T7198] ? btrfs_decode_error+0x70/0x70 [ 2988.479517][ T7198] legacy_get_tree+0x108/0x220 [ 2988.484325][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.490570][ T7198] vfs_get_tree+0x8e/0x390 [ 2988.494981][ T7198] fc_mount+0x17/0xc0 [ 2988.498997][ T7198] vfs_kern_mount.part.0+0xd8/0xf0 [ 2988.504207][ T7198] vfs_kern_mount+0x40/0x60 [ 2988.508795][ T7198] btrfs_mount+0x2b4/0x15e2 [ 2988.513312][ T7198] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2988.518935][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.525196][ T7198] ? should_fail+0x1de/0x852 [ 2988.531731][ T7198] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2988.537572][ T7198] ? btrfs_remount+0x11f0/0x11f0 [ 2988.542535][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2988.548639][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.554979][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.561311][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2988.566630][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2988.572155][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2988.577874][ T7198] ? kfree+0x1f7/0x220 [ 2988.581951][ T7198] ? vfs_parse_fs_string+0x116/0x170 [ 2988.587235][ T7198] ? vfs_parse_fs_param+0x540/0x540 [ 2988.592437][ T7198] ? btrfs_remount+0x11f0/0x11f0 [ 2988.597371][ T7198] legacy_get_tree+0x108/0x220 [ 2988.602134][ T7198] ? legacy_get_tree+0x108/0x220 [ 2988.607280][ T7198] ? legacy_parse_monolithic+0x11f/0x180 [ 2988.612952][ T7198] vfs_get_tree+0x8e/0x390 [ 2988.617390][ T7198] do_mount+0x138c/0x1c00 [ 2988.621752][ T7198] ? copy_mount_string+0x40/0x40 [ 2988.626738][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.633003][ T7198] ? copy_mount_options+0x280/0x3a0 [ 2988.638210][ T7198] ksys_mount+0xdb/0x150 [ 2988.642492][ T7198] __x64_sys_mount+0xbe/0x150 [ 2988.647197][ T7198] do_syscall_64+0xfd/0x680 [ 2988.651711][ T7198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2988.657628][ T7198] RIP: 0033:0x45bf6a [ 2988.661782][ T7198] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2988.681387][ T7198] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2988.689810][ T7198] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2988.697795][ T7198] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2988.705763][ T7198] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2988.713844][ T7198] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2988.721845][ T7198] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2988.732644][ T7198] ------------[ cut here ]------------ [ 2988.738188][ T7198] kernel BUG at fs/btrfs/volumes.c:1270! [ 2988.745902][ T7198] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 2988.751999][ T7198] CPU: 1 PID: 7198 Comm: syz-executor.4 Not tainted 5.2.0-rc6+ #41 [ 2988.759883][ T7198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2988.769942][ T7198] RIP: 0010:close_fs_devices.part.0+0x5b9/0x790 [ 2988.776260][ T7198] Code: 3c 03 0f 8e 44 01 00 00 48 8b 45 c0 c7 80 20 01 00 00 00 00 00 00 48 83 c4 48 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 87 28 c4 fe <0f> 0b e8 80 28 c4 fe 0f 0b e8 79 28 c4 fe 0f 0b e9 16 ff ff ff e8 [ 2988.795868][ T7198] RSP: 0018:ffff888060fc77a0 EFLAGS: 00010246 [ 2988.801947][ T7198] RAX: 0000000000040000 RBX: ffff88808c74f5c0 RCX: ffffc9000e645000 [ 2988.809956][ T7198] RDX: 0000000000040000 RSI: ffffffff82ac98a9 RDI: 0000000000000007 [ 2988.817924][ T7198] RBP: ffff888060fc7810 R08: ffff88808cfe8180 R09: ffff88808cfe8a48 [ 2988.828096][ T7198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2988.836075][ T7198] R13: dffffc0000000000 R14: ffff88808b6d5680 R15: fffffffffffffff4 [ 2988.844094][ T7198] FS: 00007feed796d700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 2988.853042][ T7198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2988.859637][ T7198] CR2: 00005555573e5978 CR3: 000000005eea5000 CR4: 00000000001406e0 [ 2988.867631][ T7198] Call Trace: [ 2988.870937][ T7198] btrfs_close_devices+0xa0/0x200 [ 2988.875993][ T7198] btrfs_mount_root+0xf0c/0x1220 [ 2988.880962][ T7198] ? btrfs_decode_error+0x70/0x70 [ 2988.886014][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2988.891768][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.898050][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2988.903356][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2988.908638][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2988.914355][ T7198] ? kfree+0x1f7/0x220 [ 2988.918471][ T7198] ? vfs_parse_fs_string+0x116/0x170 [ 2988.923843][ T7198] ? vfs_parse_fs_param+0x540/0x540 [ 2988.929080][ T7198] ? btrfs_decode_error+0x70/0x70 [ 2988.934122][ T7198] legacy_get_tree+0x108/0x220 [ 2988.938903][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.945609][ T7198] vfs_get_tree+0x8e/0x390 [ 2988.950058][ T7198] fc_mount+0x17/0xc0 [ 2988.954124][ T7198] vfs_kern_mount.part.0+0xd8/0xf0 [ 2988.959369][ T7198] vfs_kern_mount+0x40/0x60 [ 2988.963869][ T7198] btrfs_mount+0x2b4/0x15e2 [ 2988.968364][ T7198] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 2988.973998][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2988.980591][ T7198] ? should_fail+0x1de/0x852 [ 2988.985303][ T7198] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2988.991486][ T7198] ? btrfs_remount+0x11f0/0x11f0 [ 2988.996450][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2989.002187][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2989.008438][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2989.014703][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2989.020449][ T7198] ? vfs_parse_fs_string+0x111/0x170 [ 2989.025774][ T7198] ? rcu_read_lock_sched_held+0x110/0x130 [ 2989.031505][ T7198] ? kfree+0x1f7/0x220 [ 2989.035606][ T7198] ? vfs_parse_fs_string+0x116/0x170 [ 2989.040907][ T7198] ? vfs_parse_fs_param+0x540/0x540 [ 2989.046118][ T7198] ? btrfs_remount+0x11f0/0x11f0 [ 2989.051071][ T7198] legacy_get_tree+0x108/0x220 [ 2989.055852][ T7198] ? legacy_get_tree+0x108/0x220 [ 2989.060804][ T7198] ? legacy_parse_monolithic+0x11f/0x180 [ 2989.066455][ T7198] vfs_get_tree+0x8e/0x390 [ 2989.070890][ T7198] do_mount+0x138c/0x1c00 [ 2989.075236][ T7198] ? copy_mount_string+0x40/0x40 [ 2989.080192][ T7198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 2989.086484][ T7198] ? copy_mount_options+0x280/0x3a0 [ 2989.091711][ T7198] ksys_mount+0xdb/0x150 [ 2989.095969][ T7198] __x64_sys_mount+0xbe/0x150 [ 2989.100657][ T7198] do_syscall_64+0xfd/0x680 [ 2989.105175][ T7198] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2989.111177][ T7198] RIP: 0033:0x45bf6a [ 2989.115083][ T7198] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 2989.135110][ T7198] RSP: 002b:00007feed796ca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2989.143583][ T7198] RAX: ffffffffffffffda RBX: 00007feed796cb40 RCX: 000000000045bf6a [ 2989.151659][ T7198] RDX: 00007feed796cae0 RSI: 0000000020000100 RDI: 00007feed796cb00 [ 2989.159662][ T7198] RBP: 0000000000000001 R08: 00007feed796cb40 R09: 00007feed796cae0 [ 2989.167645][ T7198] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 2989.175624][ T7198] R13: 00000000004c83f3 R14: 00000000004def18 R15: 0000000000000003 [ 2989.183618][ T7198] Modules linked in: [ 2989.192505][ T7198] ---[ end trace baa97309a2846bc3 ]--- [ 2989.207834][ T3879] kobject: 'loop3' (00000000128207e0): kobject_uevent_env [ 2989.218472][ T3879] kobject: 'loop3' (00000000128207e0): fill_kobj_path: path = '/devices/virtual/block/loop3' 03:27:59 executing program 0: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = dup(r0) ioctl$KVM_PPC_GET_PVINFO(r2, 0x4080aea1, &(0x7f00000000c0)=""/237) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000000)=0x0) sched_rr_get_interval(r3, &(0x7f00000001c0)) dup3(r0, r1, 0x0) [ 2989.280302][ T3879] kobject: 'loop5' (00000000c9ae0635): kobject_uevent_env [ 2989.295173][ T7198] RIP: 0010:close_fs_devices.part.0+0x5b9/0x790 [ 2989.316139][ T3879] kobject: 'loop5' (00000000c9ae0635): fill_kobj_path: path = '/devices/virtual/block/loop5' 03:27:59 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000001540)="c0dca5055e0bcfec7be070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0xfd, &(0x7f0000000000)={&(0x7f0000417e08)=@newsa={0x13c, 0x10, 0x203, 0x0, 0x0, {{@in, @in=@multicast1}, {@in6=@loopback, 0x0, 0x33}, @in=@remote={0xac, 0x14, 0xffffffffffffffff}, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'}}}]}, 0x13c}}, 0x0) 03:27:59 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$bt_l2cap_L2CAP_LM(r2, 0x6, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) dup3(r0, r1, 0x0) [ 2989.324105][ T7198] Code: 3c 03 0f 8e 44 01 00 00 48 8b 45 c0 c7 80 20 01 00 00 00 00 00 00 48 83 c4 48 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 87 28 c4 fe <0f> 0b e8 80 28 c4 fe 0f 0b e8 79 28 c4 fe 0f 0b e9 16 ff ff ff e8 [ 2989.344279][ T3879] kobject: 'loop4' (000000006693cfde): kobject_uevent_env [ 2989.358467][ T3879] kobject: 'loop4' (000000006693cfde): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 2989.370742][ T7198] RSP: 0018:ffff888060fc77a0 EFLAGS: 00010246 03:27:59 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100), 0x4) [ 2989.383394][ T7198] RAX: 0000000000040000 RBX: ffff88808c74f5c0 RCX: ffffc9000e645000 [ 2989.395880][ T7198] RDX: 0000000000040000 RSI: ffffffff82ac98a9 RDI: 0000000000000007 [ 2989.408852][ T7198] RBP: ffff888060fc7810 R08: ffff88808cfe8180 R09: ffff88808cfe8a48 [ 2989.417496][ T7198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 2989.418269][ T3879] kobject: 'loop0' (000000009a98c845): kobject_uevent_env 03:27:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x11, 0x2, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000400)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) r2 = syz_open_dev$ndb(0x0, 0xffffffffffffffff, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) fstat(r0, &(0x7f0000000000)) ioctl$NBD_CLEAR_SOCK(r1, 0xab03) ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, &(0x7f0000000240)={0x0, @output={0x0, 0x0, {}, 0x2, 0x4}}) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x400100, 0x0) ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f00000004c0)={0x3, &(0x7f00000000c0)=""/75, &(0x7f0000000440)=[{0x8e8, 0xa6, 0x100000001, &(0x7f0000000140)=""/166}, {0x80, 0x1f, 0x6, &(0x7f0000000200)=""/31}, {0x3f, 0x99, 0x6, &(0x7f0000000340)=""/153}]}) fstat(0xffffffffffffffff, 0x0) [ 2989.427466][ T7198] R13: dffffc0000000000 R14: ffff88808b6d5680 R15: fffffffffffffff4 [ 2989.452392][ T7198] FS: 00007feed796d700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 2989.462571][ T3879] kobject: 'loop0' (000000009a98c845): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 2989.474222][ T7198] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2989.486808][ T3879] kobject: 'loop3' (00000000128207e0): kobject_uevent_env [ 2989.487261][ T7198] CR2: 00007f494c3d8848 CR3: 000000005eea5000 CR4: 00000000001406e0 [ 2989.493974][ T3879] kobject: 'loop3' (00000000128207e0): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 2989.517630][ T3879] kobject: 'loop1' (0000000000fa1be1): kobject_uevent_env [ 2989.524838][ T3879] kobject: 'loop1' (0000000000fa1be1): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 2989.535696][ T7198] Kernel panic - not syncing: Fatal exception [ 2989.542887][ T7198] Kernel Offset: disabled [ 2989.547213][ T7198] Rebooting in 86400 seconds..