$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x3c}}, 0x0) dup2(r2, r6) 13:38:44 executing program 2 (fault-call:10 fault-nth:50): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1019.718542] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1019.732575] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1019.748096] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1019.760028] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 1019.778222] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1019.785124] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1019.800686] reason=80000021 qualification=0000000000000000 [ 1019.812131] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1019.820744] IDTVectoring: info=00000000 errcode=00000000 [ 1019.827736] TSC Offset = 0xfffffddb81102027 [ 1019.832863] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1019.842968] EPT pointer = 0x00000000953b601e [ 1019.847903] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1019.858135] Virtual processor ID = 0x0001 [ 1019.867187] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1019.876801] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1019.939555] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 1019.953967] FAULT_INJECTION: forcing a failure. [ 1019.953967] name failslab, interval 1, probability 0, space 0, times 0 [ 1019.965521] CPU: 1 PID: 31561 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1019.972052] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1019.973404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1019.973408] Call Trace: [ 1019.973425] dump_stack+0x1b2/0x283 [ 1019.973441] should_fail.cold+0x10a/0x154 [ 1019.989474] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 1019.990749] should_failslab+0xd6/0x130 [ 1019.990761] __kmalloc_track_caller+0x2bc/0x400 [ 1019.993375] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 1019.996928] ? kstrdup_const+0x35/0x60 [ 1019.996941] kstrdup+0x36/0x70 [ 1019.996949] kstrdup_const+0x35/0x60 [ 1019.996958] alloc_vfsmnt+0xe0/0x7c0 [ 1019.996969] clone_mnt+0x6c/0xef0 [ 1019.996983] copy_tree+0x33a/0x860 [ 1019.996998] copy_mnt_ns+0x112/0x8a0 [ 1019.997010] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1020.009172] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1020.013034] ? kmem_cache_alloc+0x35f/0x3c0 [ 1020.013048] create_new_namespaces+0xc9/0x730 [ 1020.013060] ? security_capable+0x88/0xb0 [ 1020.017805] Interruptibility = 00000000 ActivityState = 00000000 [ 1020.024111] copy_namespaces+0x27b/0x310 [ 1020.024124] copy_process.part.0+0x2616/0x6fa0 [ 1020.024139] ? lock_release+0x149/0x7f0 [ 1020.034811] *** Host State *** [ 1020.034864] ? finish_task_switch+0x178/0x610 [ 1020.039510] RIP = 0xffffffff811642af RSP = 0xffff8880330e79d0 [ 1020.041993] ? __cleanup_sighand+0x40/0x40 [ 1020.042005] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1020.052242] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1020.054210] ? finish_task_switch+0x14d/0x610 [ 1020.054219] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1020.054232] _do_fork+0x180/0xc80 [ 1020.063890] FSBase=00007f1827926700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 1020.065958] ? fork_idle+0x270/0x270 [ 1020.065969] ? firmware_map_remove+0x18f/0x18f [ 1020.065988] ? do_syscall_64+0x4c/0x640 [ 1020.065996] ? sys_vfork+0x20/0x20 [ 1020.066006] do_syscall_64+0x1d5/0x640 [ 1020.066022] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1020.066030] RIP: 0033:0x45ca69 [ 1020.066034] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1020.066044] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1020.066048] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1020.066053] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1020.066057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1020.066062] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1020.222205] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1020.228194] CR0=0000000080050033 CR3=0000000097e39000 CR4=00000000001426f0 [ 1020.235321] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 1020.242051] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1020.248245] *** Control State *** [ 1020.251743] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 1020.258567] EntryControls=0000d1ff ExitControls=002fefff [ 1020.264061] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1020.271084] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1020.277930] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1020.284534] reason=80000021 qualification=0000000000000000 [ 1020.290946] IDTVectoring: info=00000000 errcode=00000000 [ 1020.296528] TSC Offset = 0xfffffddb13e28883 [ 1020.300964] EPT pointer = 0x000000008d91e01e [ 1020.305475] Virtual processor ID = 0x0002 13:38:45 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x200001, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, r5, 0x923}, 0x14}}, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) bind$rds(r7, &(0x7f0000000540)={0x2, 0x4e23, @local}, 0x10) dup2(r2, r6) 13:38:45 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') lsetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='com.apple.system.Security\x00', &(0x7f0000000200)='\x00', 0x1, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000140)=0xc) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="bd66c2adfc5245ba3d3cf8c300f9c55bd8cc7f229d1fdcf1d648001476960a899d8aa8a43d12c93bc5ba0155226309d79d", @ANYRES16=r0, @ANYBLOB="030bdd0000000000000008000000"], 0x14}}, 0x0) 13:38:45 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) openat$cgroup_ro(r0, &(0x7f00000002c0)='cpuacct.usage_percpu_sys\x00', 0x0, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000200)={@ipv4={[], [], @loopback}, 0x46}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000000)={0x0, @bt={0x9be8, 0x8, 0x0, 0x2, 0x9, 0x1, 0x1f, 0x6, 0x9, 0x12, 0x5, 0xc5a, 0x9, 0x7, 0xf, 0x34, {0x7, 0x8}, 0x0, 0xfe}}) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000180)={'nat\x00'}, &(0x7f00000000c0)=0x54) 13:38:45 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x10201, 0x1, 0xd000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000180)=0x8000) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4e20, @multicast2}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x113) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 13:38:45 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) 13:38:45 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000000)={r2}) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000040)={r3}) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:45 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:45 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0xffffffff) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:45 executing program 2 (fault-call:10 fault-nth:51): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:45 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0xfffffffd, {0x8}}, 0x14}}, 0x0) sendmsg$TIPC_CMD_SHOW_STATS(r1, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x0, 0x2, 0x70bd2c, 0x25dfdbfb, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4050}, 0x8000) 13:38:45 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000005c0)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d00400000801000030030000000000000801000030030000000400000004000000040000000400000004000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcf21e2ab1ce5ba874a3fb0b83d2f900000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r6) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r6, 0x54a2) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) setsockopt$IP_VS_SO_SET_DELDEST(r7, 0x0, 0x488, &(0x7f0000000540)={{0x62, @rand_addr=0x64010102, 0x4e20, 0x1, 'lc\x00', 0x4, 0x3, 0x55}, {@multicast2, 0x4e21, 0x2001, 0x8, 0x1}}, 0x44) r8 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0xc1}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r8}]}, 0x3c}}, 0x0) dup2(r2, r8) 13:38:45 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x54, r1, 0x2, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}]}, 0x54}}, 0x8810) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) 13:38:45 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x781040, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000300)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x2c, r2, 0x100, 0x70bd2b, 0x25dfdbff, {}, [@NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x126}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0xc}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x55f}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000014}, 0x8000) name_to_handle_at(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x1f, 0x76, "08ba2e9a9603117be7159e42a45983a5710ca2a3a8c765"}, &(0x7f0000000080), 0x1000) 13:38:45 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) setsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000540)={{{@in=@broadcast, @in=@rand_addr=0x64010100, 0x4e20, 0x0, 0x4e20, 0x1, 0xa, 0x20, 0x10, 0x2c, 0x0, r7}, {0x3, 0x0, 0xac6, 0x8000, 0x2, 0x7, 0x0, 0x7}, {0x3ff, 0x1, 0xffffffff, 0x1}, 0x7, 0x6e6bbb, 0x1, 0x2, 0x2}, {{@in6=@private2={0xfc, 0x2, [], 0x1}, 0x4d4}, 0x2, @in6=@loopback, 0x0, 0x3, 0x2, 0xff, 0x80000000, 0x5, 0x6}}, 0xe8) r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r9 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r8, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r9}]}, 0x3c}}, 0x0) dup2(r2, r9) [ 1020.819863] FAULT_INJECTION: forcing a failure. [ 1020.819863] name failslab, interval 1, probability 0, space 0, times 0 [ 1020.831389] CPU: 1 PID: 31632 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1020.839283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.848631] Call Trace: [ 1020.851223] dump_stack+0x1b2/0x283 [ 1020.854848] should_fail.cold+0x10a/0x154 [ 1020.858994] should_failslab+0xd6/0x130 [ 1020.862969] __kmalloc_track_caller+0x2bc/0x400 [ 1020.867636] ? kstrdup_const+0x35/0x60 [ 1020.871516] ? lock_downgrade+0x6e0/0x6e0 [ 1020.875655] kstrdup+0x36/0x70 [ 1020.878829] kstrdup_const+0x35/0x60 [ 1020.882967] alloc_vfsmnt+0xe0/0x7c0 [ 1020.886658] clone_mnt+0x6c/0xef0 [ 1020.890092] copy_tree+0x33a/0x860 [ 1020.893625] copy_mnt_ns+0x112/0x8a0 [ 1020.897320] ? kmem_cache_alloc+0x317/0x3c0 [ 1020.901621] create_new_namespaces+0xc9/0x730 [ 1020.906094] ? __sanitizer_cov_trace_pc+0x46/0x50 [ 1020.910930] copy_namespaces+0x27b/0x310 [ 1020.914969] copy_process.part.0+0x2616/0x6fa0 [ 1020.919542] ? get_pid_task+0xb8/0x130 [ 1020.923417] ? proc_tid_io_accounting+0x20/0x20 [ 1020.928075] ? __cleanup_sighand+0x40/0x40 [ 1020.932286] ? lock_downgrade+0x6e0/0x6e0 [ 1020.936413] _do_fork+0x180/0xc80 [ 1020.939846] ? fork_idle+0x270/0x270 [ 1020.943538] ? fput+0xb/0x140 [ 1020.946620] ? SyS_write+0x14d/0x210 [ 1020.950321] ? SyS_read+0x210/0x210 [ 1020.953924] ? SyS_clock_settime+0x1a0/0x1a0 [ 1020.958319] ? do_syscall_64+0x4c/0x640 [ 1020.962268] ? sys_vfork+0x20/0x20 [ 1020.965790] do_syscall_64+0x1d5/0x640 [ 1020.969661] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1020.974827] RIP: 0033:0x45ca69 [ 1020.977995] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1020.985680] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1020.992936] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1021.000181] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1021.007427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1021.014672] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:46 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000140)=0x14) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) 13:38:46 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r4, r5, 0x0) fcntl$getflags(r4, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r6, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x1e}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r7}]}, 0x3c}}, 0x0) dup2(r3, r7) 13:38:46 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0x100000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x1, 0x2000, 0x3, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:46 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x800, 0x0, 0xffffffff, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') r1 = shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffb000/0x3000)=nil) shmat(r1, &(0x7f0000ffd000/0x3000)=nil, 0x7000) fchdir(r0) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm-control\x00', 0x40000, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000300)={0x1, 'batadv0\x00'}, 0x18) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f00000000c0)) waitid$P_PIDFD(0x3, r0, &(0x7f0000000000), 0x1, &(0x7f0000000180)) 13:38:46 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:46 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$sock_SIOCGSKNS(r2, 0x894c, &(0x7f0000000140)=0x2001) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bsg\x00', 0x20000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r5, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="09070000000100000000004df9da5c7104605e6f7f81c24a7aebc0e271fc25ff196a01d75cd78d7f02ae0fe51e4391ce0eee9f1cbc7b91844bb3c251345db64ff56cd38c77076f0d65cc178e216cf768daeb375c8cdc2c86810485d5e278dee88ada683bbda7b926d6b755107a43668c6e251caf0f12ff56ec9a21206fbd961d9b3ce850147884539271b5c7ab6024478e8ae5c9d0333b6e9fbbc93fe9f0150309de6bcf2ddae0bc81ef73fe4481f7c74d419ff9d25404ff1fe65bff41c01c4ae5d5657318dd9e"], 0x1c}}, 0x0) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x84100004}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x3c, r6, 0x20, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_VLAN={0x8}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x1e, 0x13, "9224aa48b0e8ba1d455aca3fc01a6a519ceb5e236af85a98999b"}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8880}, 0x8040) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x3c, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}]}, @NFT_MSG_NEWCHAIN={0x34, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}]}], {0x14}}, 0x98}}, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r3, 0x28, 0x0, &(0x7f0000000000)=0x100000000, 0x8) 13:38:46 executing program 2 (fault-call:10 fault-nth:52): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:46 executing program 5: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000ec0)='/dev/vcs\x00', 0x10040, 0x0) getsockopt$inet6_tcp_int(r1, 0x6, 0x4, &(0x7f0000000f00), &(0x7f0000000f40)=0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x3c}}, 0x0) dup2(r2, r6) r7 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r7, 0x0) r8 = add_key(&(0x7f0000000540)='ceph\x00', &(0x7f0000000580)={'syz', 0x0}, &(0x7f00000005c0)="3c930e21614cd7f81e772192aa4a80e98274cac84c76d0ce38eba1f9ed73d62ad08368", 0x23, r7) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000600)={r8, 0xb6, 0x5}, &(0x7f00000007c0)=ANY=[@ANYBLOB="656e633d72617720686173683d7368613235090000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000002d650cdc0eec87ec7c6799b418529beb74fd61ef27d2713bfcee9290ab8760874cf5ca91bad9249248ca3ace8f6306449d5f2b598239fc4bfecc1d30af117b5bea7b74210a2bab86f4e373fc96303771eaf02fd428e37d0ac0bea3f061fb04f41050b4b9efac823cfe73dd1ad5b4e9b53afdc75c439f77b5298bdeef4f83ad02478ab54e51b3903cb005766592"], &(0x7f00000006c0)="0a3fa9c95e4900c2b163c2862481689d05d135ac0834a7bae53effbe7ad18ce9f97923e37d75b3a9b1f09a0e2c3d8e55834ff971ed81923cc26d4f16baab9869feea208458e5647d835068a894be52b4d2dbb0c686816d43d1cbfab89ba49f12fa62a106809667d7dff70fb8bbec84bba9b5f220d5027ed891176748a84b3f63f1aae6a528bb3b4eaa1c8a0e99f8677eefe239fa9972c25d3a7b954fdcfb15817921d2a7b7cb1009f53f484329befc3a85c54d2d3d6a", &(0x7f0000000780)=""/5) 13:38:46 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x7, 0x0, 0x8b, 0x0, 0x0, 0x0, 0xffffffffffffffff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x42) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:46 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='net/anycast6\x00') fchdir(r2) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r2, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="200028bd7000fddbdf2501000006000000000b000000000c001473797a3100000000"], 0x28}, 0x1, 0x0, 0x0, 0x811}, 0x20008808) r4 = eventfd2(0xb, 0x800) fsetxattr(r4, &(0x7f0000000340)=@known='trusted.overlay.upper\x00', &(0x7f0000000380)=',\x00', 0x2, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) ioctl$EVIOCGABS2F(r5, 0x8018456f, &(0x7f00000003c0)=""/195) 13:38:46 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8}]}, 0x24}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000005fc0)={'vcan0\x00', 0x0}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r3}]}, 0x24}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r5, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r6}]}, 0x24}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r8, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r9}]}, 0x24}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f00000065c0)=[{{&(0x7f0000000000)={0x2, 0x4e23, @private=0xa010100}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000040)="5f939812c013e0006429eb5748dacba4c9ce7aa0704517530df5219054b7b007eeaca1b45f4973fcf7bf00cb5c9cb2ef495cbd87916d105471fac4eb7a3d1d0aa0a9a82ce6f65481", 0x48}, {&(0x7f0000000180)="8e7c9fd4607d29b519574eef2464dbe8f8fa197ab9c5450bb90ca7fd467ec48c6c81b908c11855956e0cbfbb7c4105f7d2457f3517e4e7ce8c058dd2dcdf01a17d111222b6e51c11e4", 0x49}, {&(0x7f00000002c0)="d11f6a51c6deeed9c48bd82236a1fca8d7fa7ffa678e594f6a4a9aa6f0e42c42a0dbe233e18c2ec69a78b520d946fad5bcf41b4f5054109e66c1eb0634978ad4595a7914abe8eb8e6473624408e2b99a3d1081f247425b787ea8ed00796ed2fc0ba63f9500b28596e5e1617dadc618c3d893d1089401f074a9ea4a6a4790c1360c9c681f5dfc0065baadd87b283e30fc4124de49384a868457821a1ab0c95f0831af9efade938c5ef76fd88433fba3585c0da3242f79706765d5ca185c86af9c10abc1529a4c3cebe64280af7219ae4ea230104ba9fd0533f453689fe9f63ed95208afdf62cf3052", 0xe8}, {&(0x7f00000003c0)="2ee6e4c167e323001fac20fccd8592bbff3cda348a44b2672499b868aea3799665c59c41c297d2c236c2ab04067a007991a9e4d75f9b083ca48cc0ee60963f4ddf487a6b45605c3c71e958284d6759a88cb0226502bb7b4c4c10e6e6703654cf12985138c941c0bb727a7f4575290fdbde85cd14f6660498ba9d2b28ccb86c7c2457ff48c0", 0x85}, {&(0x7f0000000480)="395faff041b917fc00a53a73b927f322a1578013fc8712eb5fecce975b08f6d201dbaab5e4e3036c649f11d6e7d6ec2887582459e3314b19f7990827c534351118d259dd3f83eaa47e705517d0ce6984a2488e95b9c6f96ddcd86f66b0003997199a7517e1b4b4bd2020b831025c9752a1a060ad0c22a1f41dff32693ad011087b3cff821f9c2f9d0cbf54f515d8dee7eb9aea3d066e2f3ae8e5322eb6e673fcf5a039", 0xa3}, {&(0x7f00000000c0)="cc2fafbc138b662772baba31dc26becbc00c329e51e21edd5f94a82546c8af79ecd4bbeb0735e78666540fb6", 0x2c}, {&(0x7f0000000200)="314e2735923df542e1bc1dca5e23089d565366b34b973a0ae8ac12825068580a000131127f8275ebf1e6ff0048f77b931653126c098341e89ce0c085c58e75", 0x3f}], 0x7}}, {{&(0x7f00000005c0)={0x2, 0x4e21, @private=0xa010100}, 0x10, &(0x7f0000002a40)=[{&(0x7f0000000600)="0b7deac63919584647754758ac13f858de6fcab39cd88b1f4c92656c04326b73cb12cb58f0c321e46751448819ef639f7218a438033ea31164b56c9aa6734c6958f4159bdad28e8d2fe55f51b572263ae08aec26e5048e3dbba5e65f3b9bea6e0ce70fc95d798f74b4d10763ad51237b0316650a51a3db3847976f94ce3e61a8c5", 0x81}, {&(0x7f00000006c0)="24730bac7ca2c96b622d9738be63b836101a113460f528dc2a34268d3ff77856999b8ffe1abba0ad6f180a8686002fb33614d2ed4d630fc6c83af449e1b683c7d1ac17ecb92b4f8c5ad1dcabe3d52d546ed30b7993dbf656e110f32e8b8cc1375712d264325be674c8a145d951a9ddeedcdde463fbe8f8ada2cbabfb8f5359dcd855ce8c85b1722e40e4b271f486fc303c62293324cd435b4f131891137c9bf27f55440744a391ae2d02c00fac2bc1bb9aaada1de40c8cb84140e38640ca99b8348a518f70508303f6af6a1e6b339ecb7fbed5fbf2cef635388b5e4fc2", 0xdd}, {&(0x7f00000007c0)="09164fa73455ad0e246fd0fc87df41ed09e06333f324261f337bbba71e4ba5fac4179d49142006d644cf78f8c25f0c58bed927c8cd9c5afa6ebec5e9da5ec4664232bc065160289217fa462f097cf6fa7535cb2d0ada1095c248f7f27220ea6dbaa4430dd633963d7cafadf13e81ef1090fe79469c763edbf28243966514b154133a9417ac322dd874bf7088d7b1d38ae7d0fea71f1d631b5c4f0899e808116b2e0e2b0c988d25edef8487c8c5ee7762792ea9343fd149ac392990c4f444ee553a3d645b46a34fb84740f918915c73168696a857734d26d296cae2809472ba3746541912f32cad9ce8f08326f93631b732f1fe6aaf66c726f5ac31759b56fad8e5d7041d713926a34930e43dbf8ceb4a1e95359c3a9ac2b2408fe29b0e523732b02ac4cb8538ac3f0e961a2ec0c383a939672801fe80baad499138d1edd7fae62a4d6657ad2ced0f6d95f9a573c684a96ad16f77ab38bf632d016952171945547405aa7ffe123dbde7e6c3fa09d72b3c1196dc8ba445c8647cde5773887f5f13839baaf5e866e1a00989ba01fa1e4bc16f246ef50cd50f570d9b4db0804f076c2576ce1962bfcad23467d68e9a18bb478000fc7970a754ed27e4cd697e49b5480f901b625f8f5da37e16d4739921995d2845b6f8373cfa31c93b6f84a45393ca2859fadab35ac2ef74dca3342a716096142ab814faecd9506793eb137a53120a0d007d831c2195070aa71e25fb9886373b0e0b28eab49576b662c1f8b95a7f6ba0639d793fcb48efb4019f8fc7cf0ed2dc8a47a9d711f0ee80f11d5bf8597bb8348af699528284b05db3afa4058ca37aa400495825a462269bcce4bbde210c8ec0ba79a3cd5946e4d2fefdf03158064e34d8389da325317038a38de245afd2ef53aedff1abab1b0d34f5d71ad394d81dedab6477924361505fce729460bf848df42b2ac0553567265254cb572c764a7da1f0a3d9f372558d1a2b5a48af858676ecc30ed2ac06e5d19cd5d50ceb6e59454788d6b7d89e6a4f25c1ad39874b76ac97bc5d632b64156ef13ac4463577dd7a9b270019f817751e3e7c758b3d3cdd8ea53f3650a220dac8d4ef5bb101f1b68b38b635bd5465cecf309b6b126aeaedc074a06952cc396dddb7b07a53542c71060148ba11c7669edeb99781330281065427f59d3bd584aed8de041817922a11ada932f5a50019a97a5d8e294bfa00648852a91dba924c48ac578009a348ca6c2a24f656b33d900c8773b59a0b43698ab678f9a3bdd55065400752d14ea5c9580b577cb0de716559659e6dc6c4f2ce7b036b530212a47f52cee65874e65be469ef5f63a3d6f915989528bba7e27071cbbe824b6fa2ec302f3c73de256320dbc1980cc84fb318756b62b0f4495e8b4a82dde1f17dbf1eba3f74d9e0c3a758d20de5d105b169383abc230a3eea44963de303f16a4063d9c2e9a986140b0fa4f9845e8fa1b8a6f7f60e02ada258dafab73ac51b5419954cb2094ce5040e0534034715062b99a08fc66b361826341ea7e7f7995ffb226e6b895513ba5dccaca562171a7edf0a9828afd5156bca18926aa4341eae27b611c79621b3217cb425e380379f965ed2086f28c2fe0e1878c3fec7350c8dc170967f867fc088124561db513c6741c0a27bcfc63ee53124aec9a821818c954d160261f616b6194e11cb5095492003b4ac28b606a6ee9bca14520767732aaad807713040f96b9325acd83b76c00097bae913c71ea168df01c16b13f2cb1546ebb9fa5e33829f57870e1cf364676f88466910027f0b9e434c752467dc600110fcc6079e9f600f77d59516bbe1ba85f4954434d62f5004d5e05dbb942a6f70219d7365adddc8abd783ae434953fd814df20bf134b7022e0e923e9651aab0dfd2638ec405a4355c71dc6d6a96846292c160151a85e1a8949030e809e882f1bd5ab530acb80277a905c77b1a8321306dd5e4e50b769665524e8d8e1e10d041ab4000b09e42dc057aae886cccf06fcd365448d237fc1e6539580a4647e2e1a5645cdefc78ff7d9e1dea493c40f4b9ce2bbe8af3161c0a70734542990ccbb51d9bc9216f3f74ffb2fd6ea56e5c1d74929720008c45013cc86d212d31ef42c52c39f93a78bf632d5ea8bbb15067346bfe2291f7c92b5fb899210c1d4c00ea6e67d3c38a580d90554ef1f7b732d008d1cbc064b4d3bf1c373588ca1eb8068886a03dd164373065066bc4e3fa447d9656c27b3970508bda183f789f20e13a8dcb30df72cbb12aac732cdb0fd23a97695e9081e584cdc6fec1c83f9b5b2004a8798853fd02c3efdd6e8a2ea89b408c026ce0805e125c28a3c605254c5ea275d1bde64cc1ee7932bd7fe24a575d93c32257e647d6d9a03f64ad131da0e3a613b4e7092d3277b63dc05131209724b6ebaafafc244367762427d5930ae702dba6e528d77d53749cbbac3ebe92f0f9677d8c0255b3fa9b29df6737fdc016e7686d2452801f5990970bcb81fd517f668e0c417f2d6dfa9cb54785a11290cd697af888b6f79470a8fa2b22766fb26f1ee89d95338e6b8870b20f143643e9bc0b0a3a377cfb75986c25030015a2c8ae77f7f37c488637f8bb77ff4f066e4bc6a4655770616b0966f26bafbf5cb79600ae3dd49ff53bb925dcdbb4a9b7116f2784f6a273ca60a17eab8b6c665fd040153171dbe563ff7ce84136991e2e73600f0657d5b771dc021ed27809056b72dda8fba2ebc8ce3e343fcddfade9bfaef1dd95f3e46ed236b9aa659da6e49a0984fa0e4e3c98167aca8d47923b1e69e5c1507f2e9f6e9bb756da73132f279f7e98d2621d5fc71696ac613880125112900c1f7e18784dcdae95b3ab3a6bbb6cb1ac4983b359dcf289d5682bc7932a30bb565bc6ad71eee6e38a4cf614b5c424bffdda09a96fb157e1b61f63be163592eab4f4082ab452b3cf588cf8af270ec734b28f2b6827aeca141b7625b12640c882c3f6e0673ab9a9827f71707ada2caeae29fc160b9ac36e84fd00301eca68597dc4b44caf274306c9fe437eea6c09f8a908275a55ff733f8ac555516ba8a39be89b5ece37f96285a0d1e020729ba08af3565a5383ed2b79ed15736f5e522144e412fd8a362fb7f9aeb100f1f78c21169bbdc3172d5c42fe541c3d782b9b67acd9a4df1b12f7b6206a77cc503670aaa9988e5d900c310b4f1b1669369bb7f62cc4cbf774d7ee1cae63579adb6a3d91345ce76ab2423acf3415856f54eb9f18cf8a5290f0976840e61fbb4d1e6988e55c50527b12b1586beb0b27f1c21b3b8a572ea600b6b08f9889d4342bbb1f6a54f325daae5c85b7b7a867caf4b5d7165f0c884b99f8988c7a2fe96dac0d317ca73d19022a85eda8b9e6177c1b26b7007c3f3e7c93770e9350bb02f4a5fb5b4141d70bede39de9455bd271516ef68dfea24de2651432948d7b6fb522317a546bbd4664961256c1b442e8bd988c581fc1a10ed6b9fac0abf44f96835408de1f1eafd9dbe4c03b5fd525f2b2d38ddca6a1443285c342b9b9a027a3a0d2c7c9e492fb38edefd551f6f75ab69c52b803ea549f1d09a794b566c4a2e8513ae8e240a12368096cc79960a0bd5be2a2247a8954fd3f253a7d5e97b00d06edc0ea0cfacf3922548560df2d2f7ebbb0ac02df5a88f2cb1da1d2a9b11ff32342e59b05f242da09f000081d1578a52e36356dabcd707ce5004459c6d4d385653d1a752f21938311b9d1ce4c51757e0304529974a15bad629475c8d8f6dc8e9d7163732fdc7c243b3d19853de7bfea32712158631191d32b8cfff50e513cf82b2bfe491d1e9cc6d7ff71907c594257908a2c47e2a195343f0a5a777a917b5dc5682e0907334c6f5038d3cf065b6e62d493848427a987772d9e8f307063a2dceef0f6517848b099ed3bad1d98b82de0b168f5233271872ee3d34bbd0d4b587dfb877d722b9e8adf927464fb18a3913e90fdc5a9463561e6077a07f6fdc9179a6b0de2941c07aa6a99fde851aabbdaaf61222b3816a8627c13c734a073d6e44fe8327dfd395004318a597b32dfdabd6e0f39ac1c37bde86f9ed5e775e00c32260985d110d7e95fa5d9cc6af79b01a4089aebac6f61ce3a620e644ac165b4925b9ebe517002fd86b7feb40f88793062c79ac462268e6b66d353e23dcf35cc7f49bf679ddc77ce6684f9053a5c7bc509e45ff51fb420347ea94e22996a2908d37141fd373a785f49d24d4234df64224a6275418355c007af8baecccb4ade9aac2965c8387fe068eb5f821a812c1ab6be744e405feddf76eafd7b5250dfb125349c95d49970789e2ece927ae6a27fc18d413a9413d592ec4099b54b6e25a60cf227c1e406a4c865e43bc1ec3b4255d3ef0a4d3f9bbe3abd4bddf05c40a20b4be27d5033eaf41ca8a39a69039d85966a309aec3beb81e88eef223b31ee3098a37da5c049218e5cd8e050790b9c81d681ca8e09abaa4b9a2be69fca134ac88e4c0eabf65ad5b96a31085cb793c529ee94334d0c4ac131cb8aef51d59f87b939992385097f5f6818d14570c454eb5ae5ae72ad7ff4d448a9e84b4b843d5e01314f4a6e227a6b4ed5b3b78f6220f0e6bb9e87d7769396abdbd40dab67c30a0dd540b1e7d3d9b5b3313c2cebc8c75109329d85df9b86219c90713c16eb82108f7e56aeeaa04c8a7c0b7b3cc2fdece3cc38f47cc427c21b7b120dd26ed9ecf16033fa1f52a9699d1a08de5c90d2881b7580156fc7ba45692e4e4fdc11d9501daba6f8afddfb44911306ea5638199d7ad85a382b93e545571d66a4d7876eb5c0aad0efe82b226aad161f726d81969f2c07d329e10da385f368c3bdbee8ca80029a4aee1b359beb3fc6534496809cb365f48368fc70ce2192ec61cdad1b23eb333800d2e41c7f8a48fb81cfbc79ab51d26693f60733beb59b96250141e445acc9cb6618d47b325005ac32098d2418ef35fa03d658e55aceeacc1d0f16c6f4ace1569b4dfa2595c80498a8628b0b60764b843d38074bac3500441f98107fcd059787d5b1e744463863986af7f6351c26df8c55873a0ee0bf00aab18a258be496570cd50c66bec25efc94db5be020b10ecb55837e5c94942dbe5e22b8690a5d9dd3f90f2c3fd48ff3c44a9639ae5f2c5b7d3762656dfe1e5a31708af1e7d28a697c2cfd8fd5c1677eb6cfbb957369015458406b5e3023bf36403f03600c23cd05c4d313c651a3f2a92abbcea7f97fd406c3586e39f8697536aa7a849e2186dcdd55713f66e54ca3b816af950567171ec071caa2306dd1576b0b308a71f2f7ab99826a09119cc77ce044f86e0651baf0e12d9f4d30a6de27dd9c9fd718a8583862b8c34611814e3f2f8855fd256ccd59b9d6d0eace9a077057facf2398b361abe72f851d61bd11cb0b9e19156408d5d3b8607d35485e66391b810d81b5427b737b2810dba0f65c894c0ed65e691987abd47d12aa5de3dc51580ad769e80747e3bb1ba19534662f6e49e1f09a4ea332d2afa70597940cda5ab08f55bcd2509ae13cebfb8e104f0d4aa8d73decc7b3e5bf6d36b5217a54fc8383fac9dd8e044c55f2b58c3a8bb1da8c5d50491d5ff1deabe87a45e9838d0be85bd7780baab9d2d0f1b26a501e17f3ad0649b164dad63a2357b5b0aa6bf9cb92fbd57d536c8cd5cddf6b41b98b5c8f3b05812ba3f7f38997d8a05694eb1f3f4d704907b52dee1c3bf27c788d686641c967a3efe46d98440b9e563c2c43814f70d21bea22ab4190b98cf1d6a3cfeb1a91b9527c9fdf115fb27d4dc37c24947cc767a1c31a56494e819d84c7950ac491b63fc7", 0x1000}, {&(0x7f00000017c0)}, {&(0x7f0000001800)="a8752be63385502b73192ce6752f0e348d2a1860a58379a556f1b239f5f468bd2e4059d99d8012656e8e0089abce71386a377cb67ed85212be49fa4cb2086cc0c0c84082c91f2fcd4b5388c71152977c16790cc28738165a7f18d524bdaeb55a2148380b971f45074bbb", 0x6a}, {&(0x7f0000001880)="694e7c7ee18a7228571dffada56eb2ba09e62d4e2914cfbe1c354ede76d3a34cac61a4a084b3407f2c604949ca9112c6d58e2a261fd69feaae1cc57b44858bb01bc08f5cabb41de58e11e9782b17afaeacc322ff4beab186d2dc7874e1278d05f47522611096a2128f25088781b1ef8ac35f512a57940710a042859de9dced91d6bdf834e857d5", 0x87}, {&(0x7f0000001940)="5c0b5f10c96b11392faf3dd1f83be8eb6e53df9fccbe6713bd226cbc3d6882c47fb3c91651534388c70a5d15e7faacf4d09f25154aed569f50edb45dba97af4c1e0387a3659281a22998e76dc515e4126e94cbcbaf8f2d7be7e9d1a4e07826a87cdc22b2f1e199fd6cf9282469a5648a6f645781be2c04927075c3dd6d71c78e8fe83c56c2a5b93cfe2384781e7e02b2ce8f0361410254eb221949b7251ecb66de251c639a57316bcfda56a52e947bb0e44312a71f16122b80dfb25a6251c43a7916c462e47d8ec6a809a19437aaf1776dc0f037c269817db5d4699b08c87a7fe2c2264502644018cdd812ba029bdd2121de04d51d7c60913fbc6c101f639fdc4707c88dd4e01b6e95998b7c42f4573a81a613153db8874c2cac27cb3a5f7db2531243c30d640373b2145e98ffbfb7f2979b9eecc292e3fc15b8e000e5d2153ead231bc4f45c4c091d9eb030824f1376b3bfc7a1faaee0023fae607c7889a69b513547e1da8aea98245d14b8d865c9511c9508092821efcd8b971288caec1f09e061179176b294c2c1b1cf9d7bed842cfc1de8c6019016f1a635a03af6f7d0157018894f13496e15aceb59cc80444e99b232ade375edefae8148e6182c67aad62ffc193765cecc6d4cc817bdf28296cc863489c6e94dcb0b458a9413bd8fc8f024122fa3f1cc4fafccdee8385a24fec85e5995c992afc5e4b8518b52392ffc276bec6f179cf20a8bb75f920cfbcd8065578c8c543defa1aaca414ea861d10640b2adbdc2c4ea7ba94b7796d9510c3bf527343ad1c901da25d4c2ab01ab8fe5c07a194c8e7686f234276c4ce71185159adb97000956cb19453d05f585486f61708213d0910d0be810b27c7f59b8607515ee30d4139f429ea7ba901a52205a2a4805e5ac5a5c6baab6d7e8adf98376e0f0a90576627fcd52e4af750e8a342a3aa23084c14d588233408a8da26550db0a3fa93be339df41c556fe7d8f3a45a6edcb75d5e49fc50eeb5ba8aa6d50be90f11a3a877dd76369603de30fa6852fb91026b4c28a4c6ba38aca2fca03b392bf41967f277470a546b772c815960d57268bdded7abd3020c31b94be0ef6bae6b4dfe06b7d948f2dae1d8b6a69b9f55dc008fa7b1cef70d1ccb649b46bd6865252487301a3e47f2c4568317eb5139ea2cb8b1eb74d7a3d350919a8fde77cad9c88b1069e7eee6a0ad71731f0937d6c4bb1615ca2a424d5ea7239aedfc882387aa0a9e31795280e49945814bcda47b9b83613c82832f4e178a3b550bc19281911d74dc1e4a3d26eed4068bf6fb8e992cb98b48e13c4ca6bbfcbd66f8260a590d948a1ee62f825bcfc398572eeeb0a1aeff7765b74f11dbdc3cad9e9b41335679f0ef809607ede0cc0b4db76f3ba33373cdd9ad27b5218f48af82c21eeb2ac2273b3e60c449d888cdd819530ffcf04faab62d5b2af087787ba145b635d22e21652a6bf3e0f9b5e321e0f729ddda5262321918b0fdc85b4f95dfa1c6a548227ac77f38c8e2e05e2d9be9dd7fcd4487f93151b436c853046d54b7bf5340f67ed6dc3a093e9774d160cedfbedd2f98939b6dc99b01cf20e958a5c1562ce91839f7939cc16b9e92ff862c58b1c04ef2d71e30980e15c90d458edf8c53ea48c52b399c6f42b3afc6303bde353c88a13671ad3a8f698c7da313149f5df748f2cbca0fa18e033902514ce2136d811147578e6ee003bb92401328933c8e44938ef6e44c27b640c658c4904bdff62729479ce6555c2ca57feef0cd83a786a6bb25fa1b3b6ae1dcd43d8f2b597c1dcdcdb96fc3ce14dad56179005ebe10f10c220bda23555d5b5a17fee924157c97f6a5ae1ed5c28bd3f713513f43a2340096b1a474bf5e5b413abc6965a5d1863bd37ff7afa075665871a4151b9514d7c496707c6d7fb115357b2c294f9a1ec1c03eebe4aa67545934e7e8164357e37d00890ace0f044206bbc7a1b9a869dc3397aa0cd384a78fc3942c692d6d8a0ca2e7bd5d06fc5b3c43651f3e2007554843260f7bd599ff155655212e38877a038c6fcfbc6718f14b75c5afd3645c99b3c200c116523aa28ebac7a3dd5344ae9b8937087f0ddf7b1608ea91ed0b92a40d3c820f905123627fdf88f2c3597802a7c60b5b22eada2e7772d0f8c3ca2c17bc67be02ada6b49347f4f62abe108a25d7463974c5f3c3c8d1629ee9bb80fb6c2e81a9582b00bc7bc254c4c1116700c500521a3691f6e1755fc37b549d1b3f100fbd81b805ed47b8332c24ee52718af4fe7108fdf25b1271d7b094b935edfda462fcf127967d6cbd1a674280a61cb0b815b0078674ce02dbcc7eb528d8d1cc2679d4642a66e52071365b2f6cb57a04f7ffbbd55e5f54f5ff6eff0c6d1f497b8b25f680678a919ef59c9df79be7913474ba00028950724460cb4f6f83b8a319f838d34b4cef450ab46f1500d76ef44db53f85283dba2e9c32362b8c23427052dacae43b074771d4edbbae17006afa41217399907c48558c5d0eef124ca29989b3d0dd0293fc595c876906dc5d7676dd40b70a6ef7057970b444c6082f2d1f5d6c4944c75abc2d8222a8d51e3139ceb99e98acc63cd711f508a388959b29d5f75c94f679337e2edd36d18c78fb339dd8c2c786643cee000873131509091bd19cd4710c4ed6a7622ed086a2860632464cbbb563f923237090c20a75b16a8f8f30d634bda6bd249393c557a075d88a08157e6a7a6b15cedb948edc7785dbc62b1fd67e3b8f5555fef57b55c770b0723aee9062fa8d00d3e801500ac20913b5273b43367a4eee6dfad998ca003747aa0bfb0d65396c461afe594cbb1aeca291076e19f8d73f35113ed61bf5ca47e540affa5f7da2a1981e43cd112110cd4520624f9974a9a90c41d254a1a3540040852a039d4040acbf0b155aa7fd3ea6afc1d3009102c7cb7559401bff7f0c79d58271bdf8f5804d36588b98983b93770b3cdc72c6db2abc669dfa8464d82c7b68e4a1e8af22a051ac2e485d54a9b2753cb55fb5853a759901e392934078094fc719a5f7641aaa8104da7b2af033259c41872db26b3d5ebc1433effc6316df36c2c1804431284ee438a41608f398d2f502f3c928252bec3271030693d7aaf165d85d41101e57872981a06870dd2bfa80b69e7fdf518d6412137e40a52bb75d42af2075ef50f34df0b3ac60c696078f390029662274d1c953c33b3b7f8f97da77a21c95ff6dc5ce358e8a073e451b0227673ecc2b20460e1a2c29ad4959af18bca4e664d709a97722f97e86432fe102e7c8f39f123c608b9d9c0405c9b9cd0e0615a40f8840162af585a3e572421afb2fbc45d54c78dd308794b83d79544642a3d1f58dfde6607b96f4cc2a478353fa791df26e55c98c25444e058adfb66b860ffbb392906c8f997cae7b5456d81670387cd6771240a8e1f54d226c9dd3d55156c61040cc5b08038b833628e89febbc6a50a8c8ece937a1825267714cea7001ce38a0cc8bffbb802910710b89a6fcb40a81a9fa25812a966dd0e3cf49077fb200b2fceb2b84b5868745841f12bf9178b7d23e614c140ea9fb254740362e368d57b3184ee49cef4cef22aedfca4c072db63ddd3c7c7d9955138b8d8f82940c9bb2a9921d6c9e1ac30eee143afd542bb83c61dc11a81d73e86580f4482f0d20284a81c4fe9c8775dcd1a88a5d5284d4b9b0971d12298127455006c48a01781c62d0706c4034ba2b8ec895e8755e9a750387c444451762800977d8d710cbfae7544afe47f60b960a28d44f635032ccf50235c1ceb433a3245b1ec5ee9753c5d49045caee846017c0f6285dd8caf4d9774c5c939283179775c46a298dca9db0cc67154ef281780f89894da0aab4d5f69cf54e83985651b67554921cb3045bf1b04c7b1427a15e403bab9b384c0ecf8c2d0bf387e0af4658d361aacb258072398ec84b895272a26462e2e2af3b5043def13b904b7c4064007911bdf22932a7654d6d06138efd5ad3f4b2e6c3e3fe5cbe9e9d425119617ef9f22ce68d3eb956b4a16e675cd7cb629b5b749c01f1baee369c593873f7f7637e40d9a00ce409ecfa5f4c5bdd3d1c7fff5f5cd3ea1df2df2c8a43ca0f3c97607ac835aaf24321defda321b87e292b5eb0d9b302f66f2a30bcfdcf1d3e9d5a327c2197c4e8552d19ffdafb27e9d1570449de29e0b2bb60e96eb1045c9b903afd4d48589ad08b421f3b1c1b2e5211806978030cb93643d55de1ab357507bd584af424ddd7432b7a7b317c9ce0f21638c2e15ff1f31d7109dc6261f8b9419b39f2072230f8cd94e9e294dd83d203d8ad0a5e5c6ef4d0e40e106de5e928f4523f6bda15e5454a20883ab3d0bf74311808301f90a2322f0da2e9942947eeb00da48e756a5283ca933cf5cc609f403f3c34f6247089627a9c4178f83d694095ce23df71454699e35237d924b3e41c50b2dc8452bb3ffc4edcae45e418158a2919b98a095472d85169a086ebb83cfd6c2ca9258b4dc723cf2d40760ab5df93848fd138c2994f43f74e8e3760d54840e23d39d1a848f3404f35a7b1eeb98b9244fc0ad82b9f3e20a54cbcd8f5d19174b8ebd4f528cc10ee8355d9dc944ea3ef62a728f2f9718ae590570fc03535e633bd0db8ee552d091d3aa35e476043b26ebfb649ebe74c6ec7e1a4c4dfb102b7b3a7c60b51b30d4a8ed19899b359e13a176486e0447012c69882ab71ceecc4fb382b85ca4ef5635395e00ef67ec7b91f331c9769ceb57432bef53359a499e0946c06516bf4ba21059adfd952b922d8642720ee829dd9961b4487fb1e7af7c088e293186098425427f5d5339606da60442f989116ed0d7469321581841393411e290926648d8ecc3b36bc4fb65f2578fa9e06dd9b9327a82444628883f527792d3c6b4ff27c8437355135a23cb4c3ca1dbc38d990a82271e90024592292013b1568df516bfa377863184e981bd95349ab90b1404c4fbd5e771331a534d78fb5f712189df5e9dcac748144ba87bcce045324c11730251ffce1e17267cd5e226b6b9c4016ba93ba012d2173428e3390b55f4353e2c3589a0ba82b1a13a7c4cf650f8c38f4f058577cdbfcdc57f9536a1249f2e573c0be63c34aa6c16a8a27fb64aa0159455a5b1ea767403fff1fcc0692a9d5f740537316fb19c33fb9bbf786a6aa67ffdde8d0ea489afc38961b7c60d0e97d44d2844aae27a962165d6e59e789e4753790c1367dafb6983fc86b283cdb3fce26bda4d9f7e15ff5c9e93572cfb4b939ca4bc3c013b11a9ed0b3f18c2280b9c30a9f2f63b1dad118a37d8b6168a7d66e7f155df353626e37ecc2af06ba26b53e7288eb755eaa40b471ef2ef781903707cd5a75d78d74823630722b3f9d6f497b91e9c6c8831be06bdfc2f1f89216453551faf8e87e033d31271a19bc17be0da0884afee632f831c26e301b8405222a082f28d7ec14bafa2b70f3f04c136344723351f7e9d9d2526c43ec283e9950560700ae6225eb7ce0755a2fb1ea6bbdd359b7a33131977d6f48f4f4dec0cebe4641ac029206706189eb6bc97d05d8c0ce1efee01268f3a0d11d97aa54f8415c0904f30f2179ae01cd99710cdc2602f6ccf10ca15f86aab05eabcb996d0508c137462f92a25efafd7c2fcf2ca2684b23ebea284cd9ad562f05a299ef2ee94cbb735cdb6b2771c7d9c0a64c497455c1bcd76eff85f26b67bc9483b960d63257d85fbe64d7167a3189d10d04284e54608c2e3de568fdad7fb1c8e4cec46752a8baabb4cb94564affb86d261e1c87b5b2bfd28e1ef2931b6a5713518a59bc2ae72d16dd01f44", 0x1000}, {&(0x7f0000002940)="600806a8a097ecda0c2eb587b68854a9bce3bd0a5db8ff20a756d10394bc4964e63a726dba8e632fc85172e30d37212cd6e52ed278dd455c74a13707246eb42c49ee29b83386f761e019a347f5b3c12188ca40f039e3c7ae84cf703ef3869d5cf9dbd75910dcf0a9b5efe88c3cd953ce8b88f03fb34d78abd082646670c7e2e12008eaadb657397a2a73e867305c95a14c0abe98b14291ef59bdbb8012db3e5f12b3e38a56b9fca2628b82f6fa5c599614be703aaa35befb6321f0fc0cc700b2e44c45c1499131d9796867c09a10e5b818faaf649ab1e0929b5f889b929015e8a509998b04099d3527", 0xe9}], 0x8, &(0x7f0000002ac0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7e8}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast1, @rand_addr=0x64010100}}}, @ip_retopts={{0x4c, 0x0, 0x7, {[@cipso={0x86, 0xe, 0x3, [{0x4, 0x8, "1c13bcd8a89c"}]}, @end, @rr={0x7, 0x7, 0xb2, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp_prespec={0x44, 0x24, 0x66, 0x3, 0x0, [{@multicast2, 0x85}, {@broadcast, 0x3ff}, {@empty, 0x8001}, {@multicast2, 0x1ff}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x20}}], 0xb8}}, {{&(0x7f0000002b80)={0x2, 0x4e22, @loopback}, 0x10, &(0x7f0000003040)=[{&(0x7f0000002bc0)="e63195e8", 0x4}, {&(0x7f0000002c00)="f890f84a75d5be79a91fab09e78e941d3c94dce9a27ffe62b971eb2781a00b8273685e7bc15d65e6fb6ff6ae6f859b1b1c6ae122f9d0515ad3af2bcdf7f101bfe88e05b31a6c37f5d8bb8bb30665bb61734fe22a17fc3f1107e294d81a7e76d738aa3442a46a75c98b1bd40bddd0452bda6756d068f09aeec1fb1217e417e36b16a7fb7b811daddbd6c623ea355c87e20f9a2f9b9d1017b07164b64e95da4d31495842399590556b9989b7", 0xab}, {&(0x7f0000002cc0)="87b27eccffe9d3bafb39e4c3380c743c3caa172e7ea56323a73c9c6d475b2212a5bbeee72d08534410f0bf54ce873ef8c1256e8f4c60f3537efcffc81995a63dd844b4ed2aa8040d2ff196a4d3b11d65ded33601eed34f2c8bce60ded58ec66dcc958f3541cf5a73f2eeb502bc30c39e9b658dccd8d13846f1b5c130e708ba697510043df0be4a63acb0221636e37710358772916bc429fd102bd1f5e3560f03124c8bc584f498eca57a07d3b49a222d97c8df7b7778f5fc1124cb23c45f87d037d7debbeebe2420a694f3", 0xcb}, {&(0x7f0000002dc0)="53032df0673a5798e1be63375b98f5bad6993c33e9d0b99ae08144c72f32d3bc4ae524d83aa9762fd019598faf66789debafe583efd45639b36594a23702b156bf0fbff492b1a5b972c95d3a515d741fa2142f27bcd1a7bf43cc3b7c759e2a7c8e83b75e3d5a60dbc02eb07b8632d66db4dc2bf13bd06cb984340c416ffb108c189f59ec018d95c79d2e214ca3a6923dd7c188b9e7c4a9527ec2f4194a615079940690bf6c4efade7b26ed9f685d8de7f1ba80b3fceb5274292f4fabf3f19f18bd9e056e5da3046f71f8653d", 0xcc}, {&(0x7f0000002ec0)="e0d13e825d4efbb6c909abe91411028acbc977ae0bdd8410f9ca57654f99b3dc9c28b74bd45dbc641af7f45ecb95b64a45ff9352aa3f3c36af1c8906a104e91a1a51ee1f4a5b485d5169321836e68766ecabd75924c1ee84d40717771c83bae5da21064697281cd48e2b0f2a6171443e921b61861d2e2417fba4292f20bd0c0d8e27043a9a5be8820da90db81f3664755937868046cfb84d28dcf0a8124299885fd91565c7f86df6feebd7df21e03c816b48020e744a7d09024ad9a0a5ca27b437579f52d8b80176698199680610dc", 0xcf}, {&(0x7f0000002fc0)="146ba0e7656a0d7526fe918691bd728b39c17ea69a574e238b16acf336e5cbdfb3e0ef43494b45c7a82c4f730c86465596e3ba5b874c097ca1e9fbe19500ec45af11b95f3dcf05f6957949f3e6905139960d3e401e536a6dbd461b5255e3a03bc41cd9a0358d9c61e9aa1ffb7dbf05af74a356e830fb8012c8", 0x79}], 0x6, &(0x7f00000030c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @broadcast, @loopback}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x10000}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xaf10}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}], 0x68}}, {{&(0x7f0000003140)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000004380)=[{&(0x7f0000003180)="3d34f68436a3c663523864d91de33b1b4abd228c68d8609254f5a2d5b38163cc0d4514b82c1e4bf273b96a1689522daa20b8d7441655d345fdee9f716f9cc61744678f8858da6c1a2e86fd49a0b7bc67de7bd7a77c7e73461794e4895ebae932dfd4ba6384fb561ba93b27728f25add9b1a2742fb10e4cf54398ffd90775177dd4079ddec9a49aa70aa5", 0x8a}, {&(0x7f0000003240)="02cf7ad3e99b4a83989fe6af82e548f14fe9389eee8da274d2d7adce69f97d08904ec7ebaec3ab445f2558c956798c3bfdcf905a5cae79df3dd55bbb7819c4f3aab7ccb0959d119b957ca4b4e301f9eda06d797805fb78871a9ed0ade3c58d91901532378e6eebb795a7ec9fc80168fa40ad7426fc2a32ccd47cbf528e2ce277ba8cbfe808caaccf7ba359b5fd78a10fcdffc522ecc20ca7822a4fb19e50ea3204ea95e4432c9b1e19ca234c977b59", 0xaf}, {&(0x7f0000003300)="45213d3b9129f077da8b9516bc46fec7d542a6d8d3c7ebf5cda14cb522609c5be596fe39e4b40aa57781b2efcd0b6c64f7eafe0a1ed8dd33dc9cef0bdfbfb8019e81c3e50db711e7615b0b916ccf0661ef5cf6e8da5f35ec9cb6", 0x5a}, {&(0x7f0000003380)="c8b24da81a78b4c3ffbbf03e38873be6be5ad083a0a4fe69557b4ceb196e505fe7160674c67c355568b7eb5e1a48fd13e489215aa7064fe55eab1c893baabb620f38715ff80008a998e2eb13886f3e8946f61c0f6274e7917874604ee26642035c9787abab8082557c08ce3ef9dd0820bc64ad6aba424f80166d1041dc2b2e6170141b76690804476cd52b17fd0be6a99d90e0c7ff4ba4fcd939adb0c5437a18f7b95363f3ce70f678930987483081c13cb81e07d6a02c73e531f731a9b2a8b6511089050a382b0f778d4e48060625d2059cb7a6a3b98ba2bc159df96d2387a34f6e38713cfeb6373d24d0a69506069432ed6222565907fb628b56e450fa7c0109951ea556eb7e40b4cc501a23b3c8905085192b24f21f3041720107d21d109aa1a88cb0575a088365ac97f52741e0df8495f0b7173aabe663b4ac2ff619210489fc06f56244e41989f952272e576a6b65deb24548944a8c4237c89b956db730d8302fbbfdf0165b6350222eb7dbe44b93aa5f72596f2cc6b5a1609794736a431e8cf407c669bb2ebdebc8ccb9f5ef220c27e0cc0b061a9fdde879e0fafe05d3490a0958ccfbc42c17780a5b948bd00ca90deb8af261ba278b2080a8504a997b02ea2d440401d2f94862f04abfd5941f70decf720dd4e5fa8b1ae704457fa8349f0461d99365c53324e6654e98bd0eb9a839041db56899d55007481c3d1060a2f28c33836092ea30ebd965e27966b7c2ffd16b604c2fbe452ca999f166d8d6292cac6ab02a5dd6d43be6ea83bac2eb1c06059f77ae6179e061988833e53321a0978633727afc4763f84a16073a8886f10beaeb63eb4a1e444e769608a61df0321db287cdbefc57494732760122d153768aa9b3d05ffc5a6cd6b03b3b9d073acc62991f26ee8fc4947da0007be091874ecd3fe69c0d164e1ad9da7404767558ff5a7d86d8cc14b0b381c9fc024f39874bca661a6cccb38c3da078c6ecc2d78e2da330b8960b74b73630595e7a85596b56e0af54e8865382e86658a3cc76ee3705338b55387b111c51d0b632e50f2b2845c47fcb602537629f6cd2972a9113d60572fb9df7eb255e1269598f904dbfd29c5a109309248d06d062e30a0e94211c09d288d67599773e36d37af29ff88babdbc5e3530e69b6ff93ead8df57a641663a8b3f77dc756598b705323e1e3aebc7538efaa88acb82f8aaee4e2f6602b68990872990424e6a8ad2109e90b9bc6fae40b737deabc0de2d98bc493a491e336bf41e17590a2a677fbf186ea6627d7ee7bf6153513660997628492acff7950296104ad43448e0f22fd8132c01a25be0e0bede0dc3cf6d16a0f2eb4a64926f076a607bf921175ce30ff08dc3a77dc8a62322d803a21205373a6cd891f1f2edef9d89e2d5b71b51428240d42f245dc26510432c1458603f95b1fa3a49962de415ff7250ced8985ce9647917762d2cb6621f7f125d858f59a54de932ea02e0dbe73bd4878855970bf6864f32522dc9e429408de7a2fbe34a7e72c950ba7f381fa0c04ae026bde6742fe9247a4f277815b5fa0e748f5c2d450f3ae9be4d4f7c2e9b8dbadfc17d081db6b2e4835430a8cdba788861f28adc720dafb77caa8ff7929398daed22e7090996b2687ea6ccf40b0a5072fabe8e076ca448e058a1a28b959e1e7f4595c5cc33a8fd6e726032097f1bf3a1fb36372093fe377d4ea935a7c04c13fe7165db81ccc460e825614b8763c27df4092fc98114b64fe6a0c8ff4484037385bcf72990a1caccb80dd80cd183743d6bc9c971c531a05c5c1a48339bd21b656bc1b3ed2475ef4933c3364ce6676b61c9d86a3aa54ce82605f2dd63ef03448fc3afcbf4910410dc7d439164883a463e1b84db70dceb8edfeca7d61fa3b81c2e74193cdb76f566d0428083a08e6447e685caab87e21dd6ce56f7117ab98bebba6d0a12874853a322a4424ede9c3c0138e8cb73cba196238615c78e63c5c9eac34b1137682453b14383326e4a88823d6e5dbe403051bf082a9d415efe73367244dbb1729a046d055b4d1397bfdd775df1ad79ed20914e2c53ecbca1c735c008ab7bcb8b78868a1ed1481bdf63f2166e8dca354f119b5ff95d1c325faa6abacfb79b0c6339f4e993766854462b7cc26cc2d4d90d2e8a2a17f215e3dccfa1d41a858840fd1251b860786f881ceb8f7cb3d9437885825a3a16e1347e28c8bbedd1ccddc2f98297885bd8b4c8995a2c96276667c651ddfac83f7db40f34835278d7d021f03bf7c11e6dceb31bcc34e209c8605a88719d1a0ca7610b8b16b084a463ba3653a244e4cb8250e5cd243e301cab6acdcb90a2e0eda08d558e452fb98477d5bf70200bd6981c73b867f45847ee0a77aaee0c1bb2a3c57b943eb1a7692843874e847b26a580a82da4ec69d714283180b96b0e9fdf14a8ee1a9b6214ee780518d16ef7f63d470110d640ed4a94ef39910d6d5668eb933ad54ef3abd6f585af497aec1d591a321262dbc3ff54b6740b41b15a9a6ba6983174ce09f6d1c11ae1eb076a9ed962332785657615e64ebdc8bc80be781ea550efdec719bec3acdb90b14aa954074e1f9bff0695c9af2c7e6ac6d60c8b7b964dd841797dc7ddde2f09ad225fefe27ec594f88a8c1b0607c6b64299ea620028617bc9e9fc4f6806fd6e33220d7595120955db2441d8fd17f0052c92a18d4890ccf28742c230144275ab6e1a98c021a6f1ca1ed1e6f2cd6900c393599be0fdf76578091a8f869810641d7f90e7c98310197308fb17de3f0bb10ec852fa0c5d447b4eff24b667236300e39e8bcbf256f283374c316979ff50efb0ede34539988c61cd16d765a3b3147eb285a344d67abc9dd7bd07bd3d335832f40d08bb1d6e18235cafa43ac2728a28b9e6f223f59fd8abf47f8766c9d3491f0c8e64f58a2f278e861342073d4ba7576943870b37fea8c32238f9a67cb0da1b685ae79abaef66477cb8316640336afb3506d2394680642ac44096bfa943a04bf1de86308d7a0c96b7aadb675bbcda224c3e8397fcb3b889daeb5205e8dee5bad7b2aca790d0d029eb89594d0a93eae8bce2ef8c2325d0eba5a650db1c5daa69dc13356b76bbeae56e7e2d056a444640d0e4839592a21c64342b24e7c368a1d9c478080184e38fb87a7e9412c762e36e6b451bf53ff129c7cc33cc49f4973f0e6bb16a1b6dd34492118cda76983383c7c56f5e04501031a9d4867dccbeeaa21ef65d73af5f881d82186bfbb864a65c9bba429283e2c3eec150019c0e11d69bbba9725101c2d4b4809a0e1ae97ab74c4e37ddfd5becc876299f5d543051d23be0e876b1de742291e298702ba57c71358964e34704f3d42279aa587b30baf6a8753de7616ca4ec18959e924a8c916b5e8236f9482509f0ad341b1d21f14eaa7aa2deccfcfbb5a204a867a10510c994ba756c225b00aedeef6b28f11f23fd361155af92ee7b07ba72a82d1f2317b9fb8cb416fe73254ef4807fddf90b480c720bfc8369cee595bb03972e1d287450ca66100de6867d9697ede4939fc06c0fdf52e99bfde6a93dcfbe1c4e0ef6fd5d360ceb7d854a2a3c14c50eb1e373cd440133475a1f0a3f014775a9b2ef150464ce4fbf9e86453d3370a1918a1483daf86f576b640c3d9ee1263f3cc075b8033174d67f5a343d4457b558ebcccb7794e8caa6fc3b1b2236f47829443f76c2f7e36551ee658bba875930bf699fa02d69d9d4a429966d9e65720cf77f294e933ea3451e615c2f0a560c7d970d1525f91360da8a6a109beed354317e33485e245e3cf501e3e566d833f95d6626e1614781c0a3af23d054bc15f015266b2359575f566832475c81cc34fb6be436e9c3decd5b59467e929d2f019f5a8b372ab9606605e694583a0600cb994e44de838023105335843dc3b98e164e66c1d86eedeccbfffac80fcb8b8a0ace0dbb64c29eea125a08a0e8ffb2f1c0e527fa348cdee9de128a42032bdeb49de11daca9d5d7d7d86d06a81338a687c921c2281c101e264b3cdcdec2b07f017c900bed0b708cbeac9b71834231c54fab189b486a77a74210c76c926b6c9a1f73462621fdcabd4380e28684474bd93b1a1077b2d8d49b58910f35705e6c29f1802861cd4880c55ca4153f00c7d3ae31cd2bc0fd321c300f73caad28c2480df7da9bcb5a1e909c8e763177d5e95a97444c568b40ff960c07c3f3f62d14061758afea128ed1c49f8a1255ffde6f2ebdee7021140182c934507038b9db7d77dbc239f14c8fa6554baaae11808972243601b56e9df6ac7f8891eca50dabf15f1eba3cf53dd2e9ca8d10ea02115077a2b90691c441b6e983e6b6a30ee6bdb7e772d73fb566a6d72d9727f5501d86c66dfac44a58e5b5dac7fd4b27a3d417b5f9be241e610ea6bcbbd18a362a8fc57ac097293e4c4e273c1a668a1ce3a75d00c77bef8cbfdda9f94deb758612fab3ed8b77d921bbbcd0d4ede0c1a74f314623cd90166e8ab1083cec5875510167a0d56aaac7d3a7679d8ebd38c98e19ecbf5bfb11f3888283abcafd94c4f83e71aa64de6a44ec53c4109a94529472db82653b75141e9e7d16f4df9fc475e0989820c482a57dcbbbe191b81f57dd2e5773603a9f3813faedb92116a8c247b14ac224ec1866af176a7080d80579aae7a312636fd8fd6afb13d4c4d70ec70a529055307b451c34aa521ba9f54322ec67523458acf86eee01fda878a0ac62b311fd55644f541773779a409ed0918efe2cdce475c1cc6dc65e989dc3385bea0e9e5d2711da6f88d5728422e715a9a89c8931f39e90054aa1f84c07b2eadb0479e42584905cb3b83cd5b3ba1136d736c9871154fedfcc3f14ba3f6766a5abc4b82faef7457ec9555a3730b3ce195a13a3b22de02a51556c2757de95730e1b7ce564ff9d2ef0204abd0b24cbee237240a48c65d0dd16fefdde8b1275c2da57d7d377f960c9b114b12f2e152feec97bf855851609f68ded7325a62c892a127d7cfcf36d583b33e8d0063ebbebeb3d47b836125e73856cfa0f414ae2c58e107494efdb5e79fcbe061d4ac08653d35ae4158bfd48bd6a37939dcc1ebde0ed6d95cd34426630a48669e6de0f15ff2b42d4fcd2ebcbd9d2dc2b175065c329e7f31b3b3c0fac65579af8ce2334fb8f4a43c1ecd7b4ac081971f829c4cab0570cb1a2b9929e9b816a404a0bdc663a03f035d191a888cae23b78cf8af8f13c59923fcdff2c19a4981a6bd9908a6d9ff4422da3f7ec5c03c5ad3f3ded73bc46d76f89eae44ace41f35bebe97eab73a606d18d75a599c90c5c9df56b10d77de8cdc43c0ee7c7b68718be688ed81e9947e249b0ba197f22a83f8397422a1fb9e01e6cdb21f04957edb7de6038b546cd0dca17e74a460b15df2cb33645db5989c266b5e8d10bb0748408d863d73efc940ff25f23630907cb5dc4b472d324bbc7d67a33731e5af623956982ecdc106987004e990cc573fb8cb6c66a43bf7de1ccc83716d3051cad1daef0c5eb43da2ebbd54401ec6cc522e02210d4309862c93609c067580acb3e6709dd835e8d2dd416e6594c4fd48f20e5d3f32d63af380dda0fb2a39d9785a3a6dd2f32909043029232da2923cdcc2b08fe1a59e7d99fee220a632d9d18b2964983159f1cc71260f8df2dec1931866e7bc1e08460368b77f77b58f1ac92ef89bf4d9db950aea7e68a37fa049c73d86ed80b85f88aa8a2925d00ae88f57473482e1aedbe4dec9d62506cae37c6efc5a37738170933cd5f0d246280d8326430ab0bb30d1cd48102e77d54b08a272976981545611ed761b5c9", 0x1000}], 0x4, &(0x7f00000043c0)}}, {{0x0, 0x0, &(0x7f0000004740)=[{&(0x7f0000004400)}, {&(0x7f0000004440)="c9230253d0f7c544ae6b74df0c2d8cf76f5f02b695112a601689c16669e4f1fa5314c6bb9cb8b3745d8c3b2e0c91345cbffb84251181645476815ca1815a1fcedb4de2234f8add1a4b6e95c98725731416fc594b91f7d3c7e21d08d28715777a97498e4822d93af5779a69716e7fb00c5ea7e0a8c5", 0x75}, {&(0x7f00000044c0)="455e0adcd86d56b552b5fdd4eab254a6ef8aef6642519d8698458bdd104febdf8fd3c4250afd2b21ce6c12f1b1fa6c8dc23d3b7754a1891688dba69922e4c93ad19b9ff2137025f1d11b320f325243dc2bec60cf4cf3c82dfb3b5f59a828dc3722ab3993e46b9302f2b278d2b32b340e4ed8fefab767500388e45980d04b19ed990ff02c1f2e03c9adaf7f4e11f1548288d07b59293fafbeb8f443bb33ee63a0669fb5ccccc40ced2f24a5cfc45f2812ab5d95d745959828402f6d4f7d036d9c46693cafb214699834fef71934", 0xcd}, {&(0x7f00000045c0)="b7808827fe450f91a10009aaf9cabd5039a564b95ff1a760f12765e14bdf90e08c551995884d80ba3a142b5a105aef0efa934787205e449b4f39d69c7e09be063a0b81ebfee942864db57f34ddaa19adb1bac9577020d5fb14c61aa2c46a9c3bb31ff3a9f8fd2b8ed00779ed01649e092547e1e15584d41aa6cbdd39cbfc0eec079ec7a7f02eca", 0x87}, {&(0x7f0000004680)="09551a9580e0f4dd82aa536193e4f40d9b5739d615f569a81ab554c5eff4397d2a6f4e0b1ce0a03d61bd475421a1b12fcbe3b7ca4fb560717dc838a5268d724f41dd4fbf7949f7fb19a97417fdfcab55569428e2262a8f2b422d04e4cd40ba8e32ca3245385b76db08a08a53b26daa4316", 0x71}, {&(0x7f0000004700)="8d95c5bd0152f4143340f9e9c7052307d19882ee01885326bbd8b5a453daa2be0f6cbcad8571e6ebe816bff3ddfa", 0x2e}], 0x6, &(0x7f0000004840)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x15}, @private=0xa010101}}}], 0x20}}, {{&(0x7f0000004880)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000005f00)=[{&(0x7f00000048c0)="bebac5641b4683507ce435ecf76d11ab9a97317e59bcf17bbf6f78c2d85f4f9cc73b5915a38fb94f60059132c28774a3f5e5ca534b117aa01547e31cc2c845f4076e3c6f6be444c5fcf0e82c2a7febaca725b5a5c82ece24b280e7be614b6edb6aba99de1edbb5b65fd16aaa7d58c9edc880052151006390395d97f8a8a45f7430929ca53657cb659c3c44f8370aafffbc051a48d5c9be279898e7bff23261e5f66653863474d5c008db563a5203c3e636bd1c26a4b5ea2180f8dee0ef7938d9f778895969fd482bc803e473ccf8", 0xce}, {&(0x7f00000049c0)="055f750b717a5235f3d8173b65c3a15a1b87eb05ff25011812a388033c504dcb806015b7d7e5756881ecef028ded93ebff6916b510beab4854af5a1ddedbd2997b0afe0a7f00e341234426135c4f5d8a2b78bed472517ac83f2ab3d704b960f6b74a54a9eb16d9aea4a1e16b9823f2adb4ec045fccfd788958ce31d241fc239f201bed2a343cb4e5d1ecfcf24422af16436069c4bcd7c622dd0fb7c5da39704009c4be26ffbd0a3b33eb10765b9194ead66d0cbf18a854be036a6269b2f9790ab0739083b9021fc630", 0xc9}, {&(0x7f0000004ac0)="d362e8d5d2fb", 0x6}, {&(0x7f0000004b00)="7e13ec888d203c1da2aff11246f4c495321d14297d086a1de77ab185737c98227e22c7a78550303156889970c1815582a7bc42c5ff90c9238c8869ef30eea04d9f7f37023393a56d30f5e69277fec60e9faf55ca804dcb1a27f47c591626d2b829da899bc1e6d9ca93109abd97ec04b79811d1032d64fe71b87d90a9e7c6ac90f0e7ce293a031af05741d3cad2e30c90f5cbf41114f9b4a7cccc25c504e58a6c3f2e2e6aa937b5ca8041d50ce9749b0bcf42964275a262aa10bbde65853734ae85b8981abde36903efbd4748c1ba25b53797359ba0e816157700ac9a1e684de04f1d10cc66ad98eafe877ab429b81e39", 0xf0}, {&(0x7f0000004c00)="a2202d2bafa701e74620df75c77efe0fae5c4cb8f27f090e8b77c3b2bf153093d346ee6cabf90d6a8af165d0794c91ef7fd3fa61330baffbb6a6c47dfbb2b77f5e9f2ef48fa5871b3516f8d921e744f987be379a7822498e833806b75f7538171ec126c50653265b3a19ab739ccea78bab04d2518e015db1987fbbdcbcdaaad2677cb15f11a38a89241700ea4de26014b677fa5d5ef88183ef1ef33826e326daa7407669dd92b15d5bb5d8e231920dde9899183604f5974d86dbbbbc70e1a8b01b5aabc5a25d6b403e229f8559b61797469c93813d7caa37e86490b63491c7dcdd41d140b8617ae8bf06962c762f00d6604e77ecd0766eb7f6efc85463b9fec2b1add246bbddac3b66b988851bb2431669d3f36f28d3472103334b13b17c64cffbab4e90dba1954d6ff43b808a85370da38b0cc9a51b39162f4817658d8487c4da904955f3c7f58568c366dd255071bbeac109e1ee08b0388ec699b1db40ae741bc0c50afd61f71c890729f6357261c0a53ffe4368b64438a22edd41a5bae3d108b46ff03909b3e2241518dd5adfa15158b8ace2b69a3cfb4ba56d82910924261446401deae76171b4debf41d8a51a280d3be6e399d37943d4597ce682e1e7d85ee665325ef971f064acae74e54b6b437201337558b3f829d72b27561d6b871bc5ab9b0439bb0d531faf1020a71b60f017e15bc297fa3444bba3132622422412ea5a021eb89d9b33bbdb79359492e7696be9629cc6fcb2b825db5494545e49858b0c359d7fe3b1aca73a68f9996a157e8ddf15528098e8de0e2919f1b821bbd2ad8ba22241a6c7d4359796f7b5aa95542b882834547a42a9af20e2a096e3ec13dc18ecb988eff0f6586d3c612fd94f5dd16779b789076f83934db9e90b6606350794acaa3c7520ce2908fe578d36a962a40315a2fbe8046989e9921490125efff187ad3b883db57211437e8e6ad503ace54be1b93f3475e5aaba961eb610bd39ea3300ed36bf2fb45d80cd18b42a6c93dd3037f334bbaa097020896b4e901ed3bf23604519e23c1c40d81574387e803d92bf09f9fdbb3ffd7212e83703cef508318d4a395548578ffa938544b92f20bcab0290071450eb210f7798ea163c4203c316ae05fa323cf1dbc460ae4a6bf690221f8d731a2a1a991037f19c8b6047f2bf5e20cdb3fa81a8e5a5559021b9f71b2125787399af5dbec3fdebf9b1b36c4702fdcfe31101b6a86338a5fd52d9f955e6cf87148cd011f42aa481edde93a94b081ff754591f54df77cfcd436e4374aac1145e52c5768b4f17416d8cdc15fb84f2ee590869f06e6c2defc7b86401ce49c0fb689b4338754338abf45ace19491e6caa56df1b3650feecd3b0cc9118d16379e97768a37bf8d1e33ac172d297fb75484c2070fde79ecf1f88fee34af0e1768b6b0616df55dd87c2ae5ba77e5da59584d3dcf3e05e2df3dc3153c0dc1ef603431871e40cce8c2ce976790826a1087ea21135ee00854050cebdeb7e358280b504f78c07b8f25b141c021b7e1ad287bb3bbd24c72e277e3949215899b7eb515ed31b20b7c8e83f3c4bf8cb77d245cbe2752344311135e3199a3c32808c991dd831659a95e0c3badc84b7ccfa5c9c5f85621c6d07f73d7db82e929d1a58f312362b1d7278ed41fe630891c085642a15223564379ff88d4ac0e7ad392236726a260c1b22ad83ac9a1d8d0f8f5d9b5015ab61adb4f18b342fceb1740c24331e761b86e562dfe68bb9e44ba6bcbc32974dd8f72593b3dec34922d9e1924fa97cf9a0785dee1b59015128b9b19d8ef6a9f0d3fe38a78f5494c8efcb403cc57d81098ae0658d1b275644d7ad724f0ad09a57e1374405a8a33b83e9adb68f2d339235e5aeda0569aaab8fb17057293a0e53553fd8653ca5eaf50e9cec327653fd9a101a7a45b721826e25f04c32585c67adf482ec1e547500207739cfd13d85a7f20277e5062b5881fd56f290322749bccf9ce0eee06a95c71db495a1e4661766522c81a4f08f873112d78df0202f287a9fe6d2954beb26726eeae3085e21e23e5c463747aed7d04e564b0dbed3a7ead6a3ba6d24dcff33af3a54fd56330de23795a6fb7ae9c141c19d285a723362ebb8dc697f3a7d3abbff3b6a31b319e92bffa7410fed5578592969136163476d6f65a400ec8ed166580cc76d7e1780690190c4f3b1ce66d3ebc8c9d8009abf9b0adec7a076353744a852785530ab5e3fe022a2fdd1caaeada8239c0d66246e2862c52e077d32cf4b0251487bae3a6f3b742bf0cae0abdf7c1cfbc87cd04a48daf4b1a22f94ed57389780af6201219ff2357a5eb0379b5d0260448c4d60b049d96327b071a5881bf52bddc24d25b07cb15ccb3c84a0d77be723872331d197bc6380e9ed0d683fc9b7beafaf4c21af48b9e614cbfebaedb603b40eb2aa36dbd4d5f4270a3fbc5b8bdfe905316fe64af1533483f37bebd2bf71dff66916d9b5232d697f971a0917e8f0b97e3e5557ec104dbbdfcb13959cadf627fdfd9e72c2749f4e5615c9777324f470e6742afa0e9c6aa4e1d0cb0d08b17fe904a6e5fb8da7de0552a56f555e83575f1ff7988a75a7e4ce2855e2265c97162b330c5ca0d6681b7278707af4f65d618b6c6dbee748b7bed2debfcf80da20eba403a270345fd7fd311d1bc3c818536ed0b1c3b74711860e5776bb2d10fa7a7260eec4870f7470aac3cfd23fe87ba006a69bc776fa1740770cf65c9520808d859fd66d73be7cdab7bfb0217c5d061420d11896bf1e030e10601afa0788adf6ea392cd49f985307a42094084eebd8422c03d486ec7a07195a7de72a8125c286e460e65c240018713b0f0320d46acb3d5438fdabffb8be1b3a93bbab18bff9a76f21cc56cc46771c38c85bc59da9e088d46995e7e0a6d0e456deab9c4c10264af543c63281e8cdb68740479b3defe907e42e2459a43b2e9b8a159af9a1ea3e20c419fc47520abdd8929dab92d41da4965216669d3e10bac0931a19ba7f684a6eb78bf480ce222eb6262376deac5e514179f76c712188b5c9d88ef610cc922fec3e369a8ac45107ac91ed1e173162473f23c5d843f5326eb351cc65cca30a9628492942a92e9b683fa33c3bfed9c8efcb90d6e7511bad2db84ee2b07a01283d82301c9995670a66dd03c1034a8ef5dfe68e6be98ed6c137463c1f7e4540e948daa2719021e79dc3e17c812d58d00a40b7b1c2223482d57dc9cd074b88c1ace5b360dc5b2e7c9674219c2481c9145788b0651fd118777b8e31034d94597f8b60e33ce31b401dbc7ba6d97ee8eb58a79c0533fb753618ccda21ea0b34c3870faf5ae7db983a32595e5b0409acb402b9d32eda4357529f3f1a0b937168bf2771ca9abd501405100184590fea30e232f28d3fdf9dff1f7bddbf985a08f341ebb40fd02a7e9e516daf3093cf2b3466652b16874c5d2e321439f8ec7bb942003e8df95e6a56d235e4cb9a8926ca3ce0c19a68f8b4b59701907652271181fb0b7eb4e8db70937858867b842be96bfe74431a7bab52e2df51dd79917535797c305a897052467c2f709e4a31e10a0cf1be2dbc8a4e803e39071bfedd3aee73ddc3785097c557882f96f3feaf34897e28c8e6c7c0068579721b4d7fa58582b71e8851c14d72ea91f471b0cb8333529755e24557cd8ce7106907ba25d5d523c0a869101b2e80661a579937313d1530ee2b082d524c0493e48697f2f17599efc0b5c573fb604350a69a2398165b53d3ee36066908f99f045337f5ace0e6da37ba867df2583d8282a6d08108499346d9a2a33131d4bbf3fe4ed7428d9b4abba96924d551a44bdba049a5813dd2128b8a274c171de2234c74d1f410459e8c2ea43f85bc490b091f83a9366523be2c784a8860a769cff562d3dc0599e13b445db9e07ccb067306b9e2ed6ca4a2e52622625391ae93a2c893171fc024a30dfe83ae70d895c8c4e5d378c2e767a2843e80762a71b78b681c279c3eda4b4320b7fd1739f929f02349f1221f0eda25b45da8468501ac7e31a7dcddd320ca32e812c052d0dd96cc8d3170fe773250a47d0652565119797451d3df43884ed96eb4fa0b1c7c76ecb41306ace0ef13022e671211bd708ac91dfcabc56222be119f27485ea16848b692c9ec36821f9355b12786bf581fa6df258f5e717df7dde84de26a7e520d652a40e12fa2cf97890a9cebf74fc4561e268f24d2261ff79b44c058dda5fcf2e67488e87de19c89d60411c9f89b18d422b7aed64ae8bd83c8b143e25786803eca4c5b78a020e0712e724811cf1488ee46e2f61dfa5316111f80dd9bd1a1dca454cf3b8d0033eaea54a4f03e97244eeb519a3030bc99890fc377ddf4ab50027235f06c74438dbb159760c6c84ca06915ad3c436bce9cd30270ec53b7299222c3b65c36ee83ee580d44bf1564ca1ccc448f0b5257dcb2af377e4e4f82b8f5c5341591ca0b162a68721f41d81ee9848944445cb3741a8b26530a6082d3ec95c8dbf8db8b6b6e965756936fdc235a9af6f74a8d0d6055d447ec274d7a87fdaa800189b6fb5310c48bd59114198bf89a6c7d15937d8ce5c286552e7cfc1185e60f7a1c9222ef6723ccb91b345b1bacb19333f94f7d82878134d47e83e5f7a42f569f521510eb59cd8f8d05d0fad7283029246ffb21176c9f6fb8b4bb0d93cc787dadc3978642f89a9cbc925d52ef275bc929bb71b25fd97504dffa9a437d6c3b64d3a79aa639504042bf75e736096cf6d8621a9fc062d61669c1af789c0b260681e5e0b4af4a25b18940a613d179d98be6b37149fefe829a0e1832e8cc14e8788da5d958cf372a5574969e21d28d032f1f37eba0f9e733b36942bd63628f1b00bd826e3580fd663caa342d3015e07b331bca88760c33474c697821c557eee3ad6bd38d171b3fd0534c793dcccb81d953fc997bfd07ce32534ddaaf00c814961517e36acaa78339c5b199585ce30e2242569944398eceb5c9458bcabb5ca37a4d19dcea8c196ab80aa1c82a2faa6cb7fd4ffc7e77a46e5dd6c56c7552b364557a3e8e4fb0dd50b93c36f9c250a605e291cf9cd353bc59681791370053b53095244eb09d445a304076fedbe40c633b198510868a5571f1220dc40b70b8c98d90ed35a2ae76186082b7889733f88a6c1faef4c7c8d7d1aa9d3cc3a8c084afa31bb6303a83add6ff316c8562bd222664393663de4009898bd0b465380e7c157edd05a2552757153d74efc801a3842baf3084166bbfb2a14f993a3e1b2081e83f739df6d127be659022a05aae37362a210bb0f1fadedf6ef8f1808bcbc88c4e84769e87112b45091ef99ac66c1c881eb19920595c401e3fc10f6019bcfadb30d0a4eb1e4f75cfa4fd640d20d8faa7deb73e70446469f8ec6e3e00f6c816a5b6a71737fed9b37acab432e8ac56808fddacffc2f85322cd3dc21240916475be622cebf10ceb2ef643237c35d1ad6c5c6e61e2295748001ac6e2b1754b7c5ec904086b6f24629b9b41cabeb19ac9db6b90f2beb912a59ecf8d85fff26f3d52418b56e59d5bb85f4f19ca443af855061374d6ffe5dfecac350cb075364b7ffd009f929f9d090b79e643d9cc1373da1f44868275b568bcf4e7b9ec54ddb077793f8f51b5b16af61f6ffcc600227ae52ef2fbc1cb5951681b26bde72b30b88c96044b129a9856cb52ad17994e66162aec9b1952b496d573b2252c3dd163dd84cf7f1739b256a3c891c01ba5feba9446ed10bbab03bfb6a7c68203ec4ace85419e5296c264a943d17c8537bdc28a793395e22690fb13d17ad6bb48fd", 0x1000}, {&(0x7f0000005c00)="5b5749a474c117a6631eca517788c4daeac159cd856e418b5025bcc4f8edc1c09c68c800e8affc0542d419857fec533d75ac0935bb05ba6ca3da40099fa1831e101b8fd0e66cfc4861557c2047c135eb328ef9466de8b4392f0b1ca882e2d672f9a8bb4409fa4e957d3006664d2673122f8b613cb818b0249361ead766e6901ee493e9d2176faa5816330c483ca3dd75e36f03abae00aa7932cef1199a02c3cb3b69dd951778fb93d415f125ef53b09376afbd688448fe7796d5db39e84db39f25a601", 0xc3}, {&(0x7f0000005d00)="56ebfdcac862a12c99648008fb2e48bec8c2637a320fb4e03dd5b5c8d54f2f49fa91dd662b12258ca47dbd78c873a27256a421b1eb7e293d4d5541bfe4669d2e8325fcbfe0d94298ceecdfe375fb3d951a73e6815d8b60", 0x57}, {&(0x7f0000005d80)="d5c6f12a72718d910120caba28060e9abb4447803e58f3616f3ac188c37fe21c541a63b14df30493201da4f43c884dda9fa0f93bcfa865506b2e923e3388539a61f1f025315ff5a067254f3f24b7b383de56171d263252969598f7e818c272f070f98f69a7283d13bf2fa3b496188159fa5023db91d1814ff7e6c191472e121ac8", 0x81}, {&(0x7f0000005e40)="914b5c62d981e7bb5ed4fa19d14fddb495fc57e7400a22a19a259f2f90764f5008215109f07d19b505fbc18ebf6a2d838fadbf12e0e584b4b67fdd11dec0984de3fa28bfe1d377f910d75a2203a8c3971b889b62ac0323133e55", 0x5a}, {&(0x7f0000005ec0)="c2c3da0e3bc922f6cfc884cc90547841dcd936", 0x13}], 0xa, &(0x7f0000006000)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0xb}}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r0, @empty, @multicast1}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @dev={0xac, 0x14, 0x14, 0x20}, @local}}}, @ip_retopts={{0x5c, 0x0, 0x7, {[@lsrr={0x83, 0x23, 0x63, [@empty, @multicast2, @rand_addr=0x64010102, @loopback, @private=0xa010100, @multicast1, @multicast2, @loopback]}, @ssrr={0x89, 0x27, 0xa2, [@broadcast, @multicast2, @broadcast, @dev={0xac, 0x14, 0x14, 0x24}, @remote, @multicast2, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x20}]}, @generic={0x44, 0x2}]}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x2}}, @ip_retopts={{0x58, 0x0, 0x7, {[@noop, @timestamp_addr={0x44, 0xc, 0x94, 0x1, 0x4, [{@rand_addr=0x64010100, 0x8}]}, @cipso={0x86, 0x2a, 0x1, [{0x7, 0x4, "1318"}, {0x6, 0x2}, {0x1, 0x8, "bec5ae7b88f7"}, {0x1, 0xc, "a4fb465aeacc86141689"}, {0x1, 0xa, "94c939a3a0719692"}]}, @timestamp={0x44, 0x10, 0xa8, 0x0, 0x6, [0x9, 0x80000000, 0x7fffffff]}, @end]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x23}}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x3}}], 0x180}}, {{&(0x7f0000006180)={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000006480)=[{&(0x7f00000061c0)="a70e5bef985d9de6926a2ac3d5361518accf06164a7997f60a9847074d6e5dc61e06b439b0f014b30ad5362e2dd8b626598acf964611028ab7bd7fa04e339fe475195b741d1d9876569671c080f6229c09b0c484fecfc0009ed282b0f02ba3302556fb54fdb5132d117eb86a4a8524c60aacb2931c8417db493d9de3601cbe", 0x7f}, {&(0x7f0000006240)="e344282e6ff43b3226c874afd31468ab87d1448b26d45922f2e5875115a686f881487b47e8d1c15b842b66d7204868d3e9db8115936def0d2cf557b51c46a415", 0x40}, {&(0x7f0000006280)="cbf3074661eb21fe62a7482b99daf34ae83906bf2258caf0857f833fe49855e776f1b0b2573a6872d90e100a70f2d7f2417cbe26ef21e80ecb3214e6037eced8cee62daa7a90683e7e9e3905fa9adec626f2b35ddf8d0cc4b73334da54041a630185b0d3e890bb3f6abd950fb56454a1fa7084a9c0f2d1c0656716b4a972f2882c15f9d82d9b6cba51782f9f86bc655436a25c61557783481f0d24589e74276ea3d12d973b031defd32393531bce8c4f0ba9acb0a903610d11141168611c5fc91d678a67831b7816262efc477a797144c8b6e7f1fe66d9", 0xd7}, {&(0x7f0000006380)="2d0198503115bff7b2f9587c15c6b5bc05b7816ecce99bb673a30d7e33bc1cfed38731318934afc412c939fdc127c090a52c46519810ea772847ae5685bc3c47cdc0503432ab4d29bbed2b839924b39a7ebf82916e277d58d3d53ba2cac64c88dd9e4f1f1daa8d8f04085d408fef58bd3983319e61410c0613f5851ca4fd35f07644439a8258600dc3ed1cf987c52e", 0x8f}, {&(0x7f0000006440)="fdf6e484f23c1bf0f652e3fc562c4d7c2ad7ee96829776343bf5d4ca9b1e551d9e5a083dd66623d461ea835a74d1", 0x2e}], 0x5, &(0x7f0000006500)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @rand_addr=0x64010100, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7f4d16c3}}], 0x88}}], 0x7, 0x4001) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:46 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000540)='/dev/full\x00', 0xa0000, 0x0) ioctl$KVM_SET_FPU(r3, 0x41a0ae8d, &(0x7f0000000580)={[], 0x5, 0x1020, 0x3, 0x0, 0x2, 0x0, 0x5000, [], 0xffd}) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r4, r5, 0x0) fcntl$getflags(r4, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) r8 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r8) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="2309000000000000000001000000050007000000000008000900000000050000000001000000080011000100000008001700", @ANYRES32=r8, @ANYBLOB], 0x3c}}, 0x0) dup2(r2, r7) [ 1021.701966] FAULT_INJECTION: forcing a failure. [ 1021.701966] name failslab, interval 1, probability 0, space 0, times 0 [ 1021.713342] CPU: 0 PID: 31705 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1021.721230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1021.731010] Call Trace: [ 1021.733599] dump_stack+0x1b2/0x283 [ 1021.737232] should_fail.cold+0x10a/0x154 [ 1021.741381] should_failslab+0xd6/0x130 [ 1021.745344] __kmalloc_track_caller+0x2bc/0x400 [ 1021.750087] ? kstrdup_const+0x35/0x60 [ 1021.753960] kstrdup+0x36/0x70 [ 1021.757139] kstrdup_const+0x35/0x60 [ 1021.761266] alloc_vfsmnt+0xe0/0x7c0 [ 1021.764960] clone_mnt+0x6c/0xef0 [ 1021.768398] copy_tree+0x33a/0x860 [ 1021.771927] copy_mnt_ns+0x112/0x8a0 [ 1021.775624] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1021.780619] ? kmem_cache_alloc+0x35f/0x3c0 [ 1021.784925] create_new_namespaces+0xc9/0x730 [ 1021.789399] ? security_capable+0x88/0xb0 [ 1021.793534] copy_namespaces+0x27b/0x310 [ 1021.797580] copy_process.part.0+0x2616/0x6fa0 [ 1021.802147] ? get_pid_task+0xb8/0x130 [ 1021.806017] ? proc_tid_io_accounting+0x20/0x20 [ 1021.810681] ? __cleanup_sighand+0x40/0x40 [ 1021.814897] ? lock_downgrade+0x6e0/0x6e0 [ 1021.819033] _do_fork+0x180/0xc80 [ 1021.822469] ? fork_idle+0x270/0x270 [ 1021.826165] ? fput+0xb/0x140 [ 1021.829253] ? SyS_write+0x14d/0x210 [ 1021.832948] ? SyS_read+0x210/0x210 [ 1021.836564] ? do_syscall_64+0x4c/0x640 [ 1021.840522] ? sys_vfork+0x20/0x20 [ 1021.844051] do_syscall_64+0x1d5/0x640 [ 1021.847927] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1021.853107] RIP: 0033:0x45ca69 [ 1021.856277] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1021.863967] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1021.871216] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1021.878465] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1021.885713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1021.892962] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:46 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) ioctl$SNDRV_PCM_IOCTL_RESET(r1, 0x4141, 0x0) sendto$rose(0xffffffffffffffff, &(0x7f0000000140)="ae9642ac909b548232e34d4cc185f42ac8c1e565477c64f310435befee50ece768bbb3f8d4cab78991a962e21954997a88d305234f43c0e84b12c4cce9dd0e22447707b1f39bb7a5f6911083244bb275739a4be233528fa15690bd8033b64be18fc48c710013fb11fdcd3f8c92f9a17d5027bee19b7db605a7b3ce63432e8c07e68b989b5c0045a4f61baf288a24338eae78c18314ec82863db43c11164afc8916f3475179ef1b54d5e367007acf2c4c7da7450c00c4714d89a67790d9886764aab94de43972bf61594318c4ac6644a131d2ff7d19990300e35dd473550ee1cbc911edfdaae4cbdf586e935d5463d142fb6ca80d3b0cf6", 0xf7, 0x54, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000900", @ANYRES16=r0, @ANYBLOB="030b000000000000000008000000"], 0x14}}, 0x0) 13:38:47 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r0, @ANYBLOB="030b001300000000000008000000"], 0x14}}, 0x0) 13:38:47 executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5, 0xcfbd, 0x0, 0x3a3c, 0x6, 0x400000000000003, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff], 0x6000, 0x80}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x100000400203) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x200000000fc, 0x0, 0x0, 0x3bb, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1022.177087] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 13:38:47 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000040)=0x1, 0x4) fchdir(r0) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'wg1\x00', 0x200}) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000180)={'broute\x00'}, &(0x7f00000000c0)=0x78) [ 1022.229439] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.5'. 13:38:47 executing program 3: ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000140)) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) ioctl$FBIOPAN_DISPLAY(r3, 0x4606, &(0x7f0000000080)={0x3c0, 0x800, 0xf00, 0x140, 0x800, 0x0, 0x10, 0x0, {0x20, 0x9}, {0x1cf1, 0x2}, {0x2, 0x5}, {0x1, 0x9, 0x1}, 0x1, 0x2, 0x742, 0x20000003, 0x1, 0xf74, 0x1, 0xa5, 0x9, 0x0, 0x0, 0x2, 0x22, 0x1, 0x3, 0x7}) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:47 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000005c0)=ANY=[@ANYRESDEC], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) ioctl$TIOCGISO7816(r4, 0x80285442, &(0x7f0000000000)) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r5, 0x0) fcntl$getflags(r3, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x3c, r6, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_COOKIE={0x0, 0xf, 0x401}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x4}, @L2TP_ATTR_UDP_SPORT={0x0, 0x1a, 0x4e23}]}, 0x3c}}, 0x0) dup2(r2, r7) 13:38:47 executing program 2 (fault-call:10 fault-nth:53): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:47 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000140)={&(0x7f0000000000)=[0xdf, 0x6, 0xc176, 0x5, 0x2b1, 0x3, 0xdc6c, 0x80, 0x3, 0x2], 0xa, 0x7f, 0x7, 0x0, 0x465, 0x9, 0x1ff, {0x3, 0x2ec, 0x5, 0x5, 0x5, 0x0, 0x7, 0x0, 0x6, 0x6, 0x2, 0x3, 0xda0d, 0x8, "ba6301665ab056b65e6e29b859cbc8ddeaf230e6040cf103fe456752dbbb1cbb"}}) 13:38:47 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1fc, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x2, 0x0, 0x527c11f2, 0x0, 0x8, 0xfe, 0xfffffffffffffffc, 0x6, 0x0, 0x400000000000000, 0x0, 0xfffffffffffffffe, 0x300000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:47 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x10001}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, r0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x24000, 0x0) ioctl$PPPIOCGIDLE(r1, 0x8010743f, &(0x7f0000000040)) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x3) [ 1022.417112] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1022.452642] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.5'. 13:38:47 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0xff07, 0xd6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_ENUMAUDIO(0xffffffffffffffff, 0xc0345641, &(0x7f0000000000)={0x80, "efb1312a8deb1bb0ff47bd60e986c9342f744f4a449760cf0155622ec13be74a", 0x0, 0x1}) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:47 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) ioctl$EXT4_IOC_MIGRATE(r7, 0x6609) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x3c}}, 0x0) dup2(r2, r6) 13:38:47 executing program 4: syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$nl_generic(0x10, 0x3, 0x10) 13:38:47 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000200)={0x9a0000, 0xd6, 0x3, r3, 0x0, &(0x7f00000001c0)={0x9909c8, 0x7, [], @p_u16=&(0x7f0000000180)=0xa1cd}}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000240), &(0x7f0000000280)=0xc) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) getsockopt$sock_linger(r5, 0x1, 0xd, &(0x7f0000000000), &(0x7f0000000140)=0x8) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="14400200", @ANYRES16=r0, @ANYBLOB="030b000000000000000008000000"], 0x14}}, 0x0) [ 1022.633839] FAULT_INJECTION: forcing a failure. [ 1022.633839] name failslab, interval 1, probability 0, space 0, times 0 [ 1022.645248] CPU: 1 PID: 31779 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1022.653143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.662489] Call Trace: [ 1022.665080] dump_stack+0x1b2/0x283 [ 1022.668710] should_fail.cold+0x10a/0x154 [ 1022.672860] should_failslab+0xd6/0x130 [ 1022.676831] __kmalloc_track_caller+0x2bc/0x400 [ 1022.681604] ? kstrdup_const+0x35/0x60 [ 1022.685493] ? lock_downgrade+0x6e0/0x6e0 [ 1022.689643] kstrdup+0x36/0x70 [ 1022.692831] kstrdup_const+0x35/0x60 [ 1022.696542] alloc_vfsmnt+0xe0/0x7c0 [ 1022.700253] clone_mnt+0x6c/0xef0 [ 1022.703706] copy_tree+0x33a/0x860 [ 1022.707247] copy_mnt_ns+0x112/0x8a0 [ 1022.710958] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1022.715970] ? kmem_cache_alloc+0x35f/0x3c0 [ 1022.720291] create_new_namespaces+0xc9/0x730 [ 1022.724784] ? security_capable+0x88/0xb0 [ 1022.728935] copy_namespaces+0x27b/0x310 [ 1022.732996] copy_process.part.0+0x2616/0x6fa0 [ 1022.737575] ? __schedule+0x8ae/0x1d70 [ 1022.741459] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1022.746474] ? retint_kernel+0x2d/0x2d [ 1022.750370] ? __cleanup_sighand+0x40/0x40 [ 1022.754958] _do_fork+0x180/0xc80 [ 1022.758408] ? fork_idle+0x270/0x270 [ 1022.762117] ? vfs_write+0x319/0x4d0 [ 1022.765826] ? fput+0xb/0x140 [ 1022.768925] ? SyS_write+0x14d/0x210 [ 1022.772637] ? SyS_read+0x210/0x210 [ 1022.776264] ? SyS_clock_settime+0x1a0/0x1a0 [ 1022.780670] ? do_syscall_64+0x4c/0x640 [ 1022.784643] ? sys_vfork+0x20/0x20 [ 1022.788182] do_syscall_64+0x1d5/0x640 [ 1022.792073] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1022.797255] RIP: 0033:0x45ca69 [ 1022.800437] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1022.808138] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1022.815401] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1022.822664] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1022.829925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1022.837187] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:47 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r1, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r1, 0xfff}, &(0x7f0000000400)=0x8) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000180)=@assoc_value={r1, 0x3}, 0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000000)={r1, @in={{0x2, 0x4e22, @remote}}, 0x1, 0x4}, &(0x7f00000000c0)=0x90) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:47 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x30, 0x1406, 0x8, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) 13:38:48 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x1) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:48 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r6) r7 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r8) ioctl$TUNSETOWNER(r6, 0x400454cc, r8) r9 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r9}]}, 0x3c}}, 0x0) dup2(r2, r9) 13:38:48 executing program 2 (fault-call:10 fault-nth:54): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:48 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x40, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x41}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x40}}, 0x0) dup2(r2, r6) 13:38:48 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x153002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x2, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:48 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000)='gtp\x00') r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001100050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000680)={0x44, r2, 0xc694d42685586125, 0x0, 0x0, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_LINK={0x8, 0x1, r5}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}]}, 0x44}}, 0x0) r6 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r6, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) r8 = dup3(r6, r7, 0x80000) sendmsg$GTP_CMD_GETPDP(r8, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r2, 0x20, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20044010}, 0x800d) [ 1023.542235] FAULT_INJECTION: forcing a failure. [ 1023.542235] name failslab, interval 1, probability 0, space 0, times 0 [ 1023.553649] CPU: 1 PID: 31840 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1023.561538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1023.570901] Call Trace: [ 1023.573477] dump_stack+0x1b2/0x283 [ 1023.577090] should_fail.cold+0x10a/0x154 [ 1023.581224] should_failslab+0xd6/0x130 [ 1023.585181] __kmalloc_track_caller+0x2bc/0x400 [ 1023.589833] ? kstrdup_const+0x35/0x60 [ 1023.593703] kstrdup+0x36/0x70 [ 1023.596881] kstrdup_const+0x35/0x60 [ 1023.600582] alloc_vfsmnt+0xe0/0x7c0 [ 1023.604279] clone_mnt+0x6c/0xef0 [ 1023.607720] copy_tree+0x33a/0x860 [ 1023.611250] copy_mnt_ns+0x112/0x8a0 [ 1023.614950] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1023.620916] ? kmem_cache_alloc+0x35f/0x3c0 [ 1023.625223] create_new_namespaces+0xc9/0x730 [ 1023.629705] copy_namespaces+0x27b/0x310 [ 1023.633751] copy_process.part.0+0x2616/0x6fa0 [ 1023.638327] ? check_preemption_disabled+0x35/0x240 [ 1023.643324] ? perf_trace_lock+0x109/0x4b0 [ 1023.647550] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1023.652469] ? __cleanup_sighand+0x40/0x40 [ 1023.656693] ? lock_downgrade+0x6e0/0x6e0 [ 1023.660829] _do_fork+0x180/0xc80 [ 1023.664266] ? fork_idle+0x270/0x270 [ 1023.667971] ? fput+0xb/0x140 [ 1023.671077] ? SyS_write+0x14d/0x210 [ 1023.674770] ? SyS_read+0x210/0x210 [ 1023.678380] ? SyS_clock_settime+0x1a0/0x1a0 [ 1023.682772] ? do_syscall_64+0x4c/0x640 [ 1023.686728] ? sys_vfork+0x20/0x20 [ 1023.690252] do_syscall_64+0x1d5/0x640 [ 1023.694126] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1023.699297] RIP: 0033:0x45ca69 [ 1023.702467] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1023.710157] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1023.717415] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1023.724663] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1023.731913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1023.739173] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:48 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x101fe, 0x2, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x8, 0xfb, 0x9, 0x6, 0x0, 0x400000000000000, 0x20], 0x0, 0xc100}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:48 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x3c}}, 0x0) dup2(r2, r6) 13:38:48 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) write$P9_RSYMLINK(r3, &(0x7f0000000000)={0x14, 0x11, 0x2, {0x1, 0x0, 0x8}}, 0x14) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:49 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000004000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000305a88c3a070092600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000"/1291], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r2, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) dup2(r2, r0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r4, r5, 0x0) fcntl$getflags(r4, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r6, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r7}]}, 0x3c}}, 0x0) dup2(r3, r7) r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x14901, 0x0) ioctl$KDGETLED(r8, 0x4b31, &(0x7f0000000580)) 13:38:49 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x4040000000fffffe, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x5, 0x3, 0x5, 0x1, 0x0, 0x4, 0x5, 0x2, 0xfffffffffffffffc, 0x4]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:49 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:49 executing program 2 (fault-call:10 fault-nth:55): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:49 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r5, 0xc0945662, &(0x7f0000000540)={0x3, 0x0, [], {0x0, @bt={0x6, 0x6, 0x1, 0x2, 0x10000, 0x0, 0xfffffffb, 0x2, 0x3ff, 0x4, 0x2, 0xf6a, 0x80000001, 0xb5d, 0xb, 0x0, {0x5f57, 0x5}, 0x1, 0xff}}}) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r6, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r7}]}, 0x3c}}, 0x0) dup2(r2, r7) 13:38:49 executing program 4: r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000002000)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000002100)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000020c0)={&(0x7f0000002040)={0x74, r0, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x4}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xfffffffffffffff7}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x8}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x101}]}, 0x74}, 0x1, 0x0, 0x0, 0x40801}, 0x4) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x40, r0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [@NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x9}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x2}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x40}, 0x1, 0x0, 0x0, 0x8}, 0x40000) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x204b82, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r4, &(0x7f0000000080)={0xf, 0x8, 0xfa00, {r5}}, 0x10) write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000400)={0x1, 0x10, 0xfa00, {&(0x7f00000003c0), r5}}, 0x18) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dlm_plock\x00', 0x424dc0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000480)={0x0, 0x56, "9ddeac684201d89ffa04e89d08b8335dd8b3690612442954b142f303897a150e923ee750aa05ff83ea1e9b40fb3b627d885608ad838f1c07ce59d922e74ed52d504ab634ead937fccfc3a9078df5c26a85fae521552f"}, &(0x7f0000000500)=0x5e) waitid(0x2, r2, &(0x7f0000000200), 0x2, &(0x7f0000000280)) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="030b04e6231c2167000000"], 0x14}}, 0x0) 13:38:49 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(0xffffffffffffffff, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:38:49 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000), &(0x7f0000000040)=0xe) 13:38:49 executing program 4: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) r2 = socket(0x36, 0x1, 0x500) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000000)={'team0\x00'}) [ 1024.464652] FAULT_INJECTION: forcing a failure. [ 1024.464652] name failslab, interval 1, probability 0, space 0, times 0 [ 1024.476038] CPU: 1 PID: 31896 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1024.483920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.493260] Call Trace: [ 1024.495839] dump_stack+0x1b2/0x283 [ 1024.499455] should_fail.cold+0x10a/0x154 [ 1024.503588] should_failslab+0xd6/0x130 [ 1024.507541] kmem_cache_alloc+0x28e/0x3c0 [ 1024.511677] alloc_vfsmnt+0x23/0x7c0 [ 1024.515371] clone_mnt+0x6c/0xef0 [ 1024.518812] copy_tree+0x33a/0x860 [ 1024.522337] copy_mnt_ns+0x112/0x8a0 [ 1024.526031] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1024.531025] ? kmem_cache_alloc+0x35f/0x3c0 [ 1024.535327] create_new_namespaces+0xc9/0x730 [ 1024.539800] ? security_capable+0x88/0xb0 [ 1024.543926] copy_namespaces+0x27b/0x310 [ 1024.547966] copy_process.part.0+0x2616/0x6fa0 [ 1024.552528] ? retint_kernel+0x2d/0x2d [ 1024.556394] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1024.561389] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1024.566139] ? __cleanup_sighand+0x40/0x40 [ 1024.570351] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1024.574825] ? finish_task_switch+0x14d/0x610 [ 1024.579294] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1024.583770] _do_fork+0x180/0xc80 [ 1024.587202] ? fork_idle+0x270/0x270 [ 1024.590890] ? firmware_map_remove+0x18f/0x18f [ 1024.595451] ? fput+0xb/0x140 [ 1024.598538] ? do_syscall_64+0x4c/0x640 [ 1024.602486] ? sys_vfork+0x20/0x20 [ 1024.606007] do_syscall_64+0x1d5/0x640 [ 1024.609877] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1024.615053] RIP: 0033:0x45ca69 [ 1024.618478] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1024.626164] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1024.633412] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1024.640657] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1024.647916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1024.655162] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:49 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x400000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fchdir(0xffffffffffffffff) ioctl$SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, &(0x7f0000000000)) 13:38:49 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000480)=""/154, &(0x7f0000000340)=0x9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0xc0800, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(0xffffffffffffffff, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:49 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) splice(r2, 0x0, r1, 0x0, 0x4ffe0, 0x8) 13:38:49 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r0, r1) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x3c}}, 0x0) dup2(r2, r6) 13:38:49 executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r5, 0xc0945662, &(0x7f0000000540)={0x3, 0x0, [], {0x0, @bt={0x6, 0x6, 0x1, 0x2, 0x10000, 0x0, 0xfffffffb, 0x2, 0x3ff, 0x4, 0x2, 0xf6a, 0x80000001, 0xb5d, 0xb, 0x0, {0x5f57, 0x5}, 0x1, 0xff}}}) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r6, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r7}]}, 0x3c}}, 0x0) dup2(r2, r7) 13:38:49 executing program 0: perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:50 executing program 2 (fault-call:10 fault-nth:56): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:50 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x14) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f00000000c0)={0x2c, 0x8, 0x4, 0x7ff, 0xfffffe01, 0x4, 0x40, 0xc1, r1}, 0x20) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0xa0200, 0x0) ioctl$KDGKBSENT(r2, 0x4b48, &(0x7f00000002c0)={0x80, "ae675fb8d573c66a0a750c5479d134802d651b90c3435d1e3c67a5b406f3215ecfb86668c46e766a0dcf0cbc7865d9c92ce0b8e105a19ccafe1eb8653400953521a02a862f1a387d5d3c4aca4fad20247badd2e5a16cdc80cb272d623384d3e69872288881b2210e865972816ba104f3eda5fa6e97a05b381f617a495cd21e03a48832a769f920e12f446f85251fab00da04b87d274edb9ebfd622e112ecf9f81b8c5cda23ed322be46a686a2066cfb961d079bd1ffd790720f90210ef439af7e9da0351efde3ea2241fb84826fe720f018bdb0d318943f29f61d78692a34f916abcd535e0e8be51e246406e18598370faba68056cb0a367db6602d02d4d0bd4ee06e46d79a7c7b18a05f0eda6830791c0cc01d86d071b40c4681c9a066ce34a146203c06f4c7f09b73bd4bbdff5a39dd2e1114e23894dde53504f49bc9a7c77e7a9bd151460e1ae46b6c0704eafb6a096c5325a572f4f8f291277c7e81c8c82b107488606bbf32e7844a339dafdcf78cb0c141d789db30ad2a80dccd0ca8cc0fbb28351453e1c88fee3aca9408ab1e640e21ddc8603bfd8f72229b2c3f25324dedd9b0b940e789197555f895c81e19a94e4d7551d77950862413aefed94242c6a025af23cb6abf5c7f01ffb520b2c8ac5b0c184392dbb7c7feb3995dc4cd7429aaa6c927b91e02455697a705ecfd413d0f3e6f512aa83970af22bd06750ca0e"}) 13:38:50 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000180)={0x10001, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:38:50 executing program 4: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000)='gtp\x00') r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001100050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000680)={0x44, r2, 0xc694d42685586125, 0x0, 0x0, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_LINK={0x8, 0x1, r5}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}]}, 0x44}}, 0x0) r6 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r6, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) r8 = dup3(r6, r7, 0x80000) sendmsg$GTP_CMD_GETPDP(r8, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r2, 0x20, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20044010}, 0x800d) 13:38:50 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000000c0)=ANY=[@ANYRES16=r2], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r6 = dup3(r4, r5, 0x0) tkill(0x0, 0x40) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, 0x0, 0x0, 0x0) prlimit64(0x0, 0xa, &(0x7f0000000000)={0xde, 0x9789}, &(0x7f0000000100)) fcntl$getflags(0xffffffffffffffff, 0x40a) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="3e27cb260a1a2d0fd72a2d4000", @ANYRES16=r7, @ANYBLOB="230900000000000000000100000086129aa969b8012ec05d165c050007000000000008000900000000000600020001ea0000", @ANYRES32, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) dup2(r3, 0xffffffffffffffff) [ 1025.213875] QAT: Invalid ioctl 13:38:50 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1025.237814] QAT: Invalid ioctl 13:38:50 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000600)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b96f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bc4b00000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800a824c7bde8fc9b6fecef1ea9d000000000000000000000000000000000000000000000000020280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d00000000000000100000000000000000000000000f8ce0000002800636ed9a997321ccf90abee1403008d1b7fe7569094dad98dd5684c0f1934f1e40422b0d22ac1d4f8828924f012783ff7e9800be89b95a018eddb861bf99343696af3632d04c2454ec7c3bedf8edf95ec12577eafd80400e8a6f4872a9fc327161ed867b0f0307b294f137311c015dc1836a97c90b1cece2ef73a1440929ba1e6530451b2caad58d3dd7f0c4dd8fe52966a6c357d4a7f0c4e4cf5a45fe5d2bb1a133ae9176ae9d1e8e140f9f40083ed9efd9a07df1ce32a881b99be5577f0b591ec17a91820cb000000000000"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)={0x40, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_RECV_TIMEOUT={0xc, 0x16, 0x100000001}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_L2SPEC_LEN={0x5}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x40}}, 0x0) dup2(r2, r6) [ 1025.345165] FAULT_INJECTION: forcing a failure. [ 1025.345165] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.356529] CPU: 0 PID: 31979 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1025.364419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1025.373767] Call Trace: [ 1025.376358] dump_stack+0x1b2/0x283 [ 1025.379992] should_fail.cold+0x10a/0x154 [ 1025.384142] should_failslab+0xd6/0x130 [ 1025.388116] __kmalloc_track_caller+0x2bc/0x400 [ 1025.392781] ? kstrdup_const+0x35/0x60 [ 1025.396675] kstrdup+0x36/0x70 [ 1025.399867] kstrdup_const+0x35/0x60 [ 1025.403579] alloc_vfsmnt+0xe0/0x7c0 [ 1025.407295] clone_mnt+0x6c/0xef0 [ 1025.410747] copy_tree+0x33a/0x860 [ 1025.414295] copy_mnt_ns+0x112/0x8a0 [ 1025.418002] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1025.422994] ? kmem_cache_alloc+0x35f/0x3c0 [ 1025.427318] create_new_namespaces+0xc9/0x730 [ 1025.431808] ? security_capable+0x88/0xb0 [ 1025.435957] copy_namespaces+0x27b/0x310 [ 1025.440018] copy_process.part.0+0x2616/0x6fa0 13:38:50 executing program 0: r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) perf_event_open$cgroup(&(0x7f0000000040)={0x3, 0x70, 0x4, 0x20, 0x3, 0x5, 0x0, 0x1, 0x22201, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffffff01, 0x1, @perf_bp, 0x2, 0xfffffffffffff000, 0x80000001, 0x3, 0x9, 0x20, 0x7}, r1, 0x1, r0, 0x1) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x1c, r3, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_GET_KEY(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, r3, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY={0x1c, 0x50, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "23d0f02433"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, @NL80211_ATTR_KEY_SEQ={0xd, 0xa, "bd4890ea22fc888fda"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_SEQ={0xc, 0xa, "a501ee69a0fffc80"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x44014) [ 1025.444598] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1025.449089] ? finish_task_switch+0x178/0x610 [ 1025.453585] ? finish_task_switch+0x14d/0x610 [ 1025.458075] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1025.462569] ? __schedule+0x8ae/0x1d70 [ 1025.466464] ? __cleanup_sighand+0x40/0x40 [ 1025.470700] ? lock_downgrade+0x6e0/0x6e0 [ 1025.474848] _do_fork+0x180/0xc80 [ 1025.478290] ? fork_idle+0x270/0x270 [ 1025.481989] ? fput+0xb/0x140 [ 1025.485077] ? SyS_write+0x14d/0x210 [ 1025.488781] ? SyS_read+0x210/0x210 [ 1025.492390] ? SyS_clock_settime+0x1a0/0x1a0 [ 1025.496792] ? do_syscall_64+0x4c/0x640 [ 1025.500748] ? sys_vfork+0x20/0x20 [ 1025.504273] do_syscall_64+0x1d5/0x640 [ 1025.508150] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1025.513324] RIP: 0033:0x45ca69 [ 1025.516508] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1025.524199] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1025.531450] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1025.538700] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1025.545950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1025.553199] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:50 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$pptp(0x18, 0x1, 0x2) execve(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180), &(0x7f0000000200)=[&(0x7f00000001c0)='fdinfo\x00']) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) getpeername$unix(r0, &(0x7f0000000080), &(0x7f0000000000)=0x6e) connect$rose(r1, &(0x7f00000006c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @bcast}, 0x1c) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) r4 = socket$netlink(0x10, 0x3, 0x6) splice(0xffffffffffffffff, 0x0, r4, 0x0, 0x8, 0x0) sendmsg$SOCK_DIAG_BY_FAMILY(r4, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000240)={0x2c8, 0x14, 0xf04, 0x70bd2b, 0x25dfdbfb, {0x27}, [@INET_DIAG_REQ_BYTECODE={0x89, 0x1, "e923733b8fe771602f6298edb3797ecbc938b05735f1bd82c21da2ed89d3b2114681d5e33c1427a2350cc5e591fd833f185bd203fdcad92b51aa10d67d669c54fe4683222d6ac3a62bd139f74333bb47a7f19b9ac571d9989fe1d4185fe36a1b4959cd16b9198e64651ebba855c24630412238bc25d2d8e504db320529ba21588b10b7f4bf"}, @INET_DIAG_REQ_BYTECODE={0x8b, 0x1, "479c82d0f2829f24b01e461c3c5411c7eb8adc789eaebb60a3986dc948aa25b6dab8c9abb1009f894c3873ca29602f6f3e39d8b9700010f087e068bbf107f2b48e947f73341baeabda3b044be94140db1dcae8d6fe2cf00306ff20f0a483344d07e9cb7675ad5ab5c51438a6c167d34ebbaeeef6640beae1d88d7a2bb4ed758ebb3977ff83530a"}, @INET_DIAG_REQ_BYTECODE={0x57, 0x1, "4e554915a69d879a5cc78b7de9f052d874d23fd801c9b762f088bc4d93cebf1b86f45722a639f711810a909ec4e438c7e2a10a57e5dd5be6f50c933146ad03c362b355f3eaf681206afab4b0772ddf71ade277"}, @INET_DIAG_REQ_BYTECODE={0x4e, 0x1, "f0da6ab329b3624249602d3cba976bf3897312a84a566f81515c7831a5307e8898c9ce5703119fb1f613024ef2562156088d733c824ea3c3d4b55eeb63051387b2f6fb46112feca3c819"}, @INET_DIAG_REQ_BYTECODE={0xf4, 0x1, "8427b69f1976890630662a36bd2d6d19ca5628b720a345790fecebda2b8ebd4b6d760286280f2341d129718e4cf450e872be4a2d6c52fe553cd4eb56ceb7fdefd27da6a0f334d241ea12849b6c78467f6f986a3be609f2b0d50a288c7e714c18af613ae93df5fc4dcb0c3fc2eb0c541a2e2b50efdd2ce15b8744fd6f475f80ee329b75543abc43ea26d6b4592a80507491fea233c861368a8c93cacc7662450968472319b70d3325faa1086d68c24a591a52e9a135afa18e50d00020aa6fc8e220d4167edbcce86f072ef22abff9b0c6c58c71dc8276a8199228d9dfcefa2fc40bbaf7391baa3c70ebee57360939fd12"}]}, 0x2c8}, 0x1, 0x0, 0x0, 0x4000}, 0x40) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r6) ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f00000005c0)=ANY=[@ANYBLOB="0600000000000000000000000000000000000000000000000000000000000000000000000000000000006033056046e7ab030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000573500"/248]) ioctl$KVM_REINJECT_CONTROL(r5, 0xae71, &(0x7f0000000100)={0x1}) 13:38:50 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$KVM_GET_API_VERSION(0xffffffffffffffff, 0xae00, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:50 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)='\x00B', 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:38:50 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) fchdir(0xffffffffffffffff) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, &(0x7f0000000ac0)=""/4096) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r3, &(0x7f0000000a80)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000a40)={&(0x7f00000005c0)={0x468, r4, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x80000000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1600000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x100}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1e}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_LINK={0xc0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x30}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xbe6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x69}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0x110, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @loopback, 0x8002}}, {0x14, 0x2, @in={0x2, 0x4e24, @empty}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x736}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x24}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x6}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x3, @private2={0xfc, 0x2, [], 0x1}, 0xffffffc0}}, {0x14, 0x2, @in={0x2, 0x4e22, @multicast2}}}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc878}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}, @TIPC_NLA_BEARER_NAME={0xc, 0x1, @l2={'eth', 0x3a, 'wg1\x00'}}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1000}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x81}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1ff}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8bf}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0x120, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc5}]}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth1_to_bridge\x00'}}, @TIPC_NLA_BEARER_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4a8e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'ib', 0x3a, 'vxcan1\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x22}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x800}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x3ff, @empty}}, {0x14, 0x2, @in={0x2, 0x4e24, @local}}}}]}, @TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_CON={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}]}, @TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}]}]}, 0x468}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r5, r6, 0x0) fcntl$getflags(r5, 0x40a) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r8 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ac0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="230900000000000005009cfbec8c104f072ad4d187628da36c87000000000500070000000000080009000000000006000202", @ANYRES32=r8, @ANYBLOB="76b3076e0ae8193e856c76e7f719ce8dcf35abb594919394afeea770c876fc952b998bcfa8453699aaa63ade349b82c8a27eb009b500"/69], 0x3c}}, 0x0) dup2(r2, r8) 13:38:50 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = dup(r0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000000)) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0xc810}, 0x0, 0x0, r1, 0x0) 13:38:50 executing program 2 (fault-call:10 fault-nth:57): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:50 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000540)='l2tp\x00') getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r8, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r8, 0xfff}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r5, 0x84, 0x1f, &(0x7f0000000580)={r8, @in6={{0xa, 0x4e24, 0x3ff, @remote}}, 0x958, 0x1}, &(0x7f0000000640)=0x90) r9 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') sendmsg$L2TP_CMD_TUNNEL_CREATE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r7, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x1}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x40}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r6}]}, 0x3c}}, 0x0) dup2(r2, r6) 13:38:50 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000480)="ea9901ebc6d1ccf0eac49d39135be92bf727d9b80c80030ede74ddb8fa3d338c126abdcd72d3c8a5be3f6a92342e2b555c8fb75303d0030dc1ff736bc742345be25188699efd0664dc9bd486af0006e17d7e43db416492dfcdba5c67bcec86cab9c1191d95d70ad0ee072ee871843b9e6e8bf07e68dfbd2dca30d1afab23ebb59853e02cf665a7ceb0", 0x89) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000540)=""/143, &(0x7f0000000040)=0x8f) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x3fffffffffffffd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:50 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x0, 0x1], 0x2) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x3, 0x701102) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:51 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32=r6, @ANYBLOB="0b41fdfb2dfef49eda770f04c1840b36810f4b9a2cc2af92e7d853d5c43ed569edadf08754e9be57574db9943945ec9b1a117c41ed32bcacaf4bdf7ffb1ddc0c76c4a27ee71a3a4bfaf63a68ffa1e8b52c83cba37c33ad0db958c182609d4b4b330a903cc4421be6633db84c45770ff2878fb47503af30bfde04a080c4cad194df0aca3da358f2efac193742965f293030f8077dcf4f5940bf4223fcd8b3e5dcf72a32e17a5a4f263abd5c94d3a538221e1b82c1da506ee41fc5aa280981e67a086392520e00b2bab9762e"], 0x3c}}, 0x0) dup2(r2, r6) 13:38:51 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x204101, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040)=[@in6={0xa, 0x4e21, 0xf467, @local, 0xf8b}, @in6={0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x11}, 0x9b79}, @in={0x2, 0x4e24, @loopback}, @in={0x2, 0x4e23, @empty}], 0x58) [ 1026.206039] FAULT_INJECTION: forcing a failure. [ 1026.206039] name failslab, interval 1, probability 0, space 0, times 0 [ 1026.217500] CPU: 1 PID: 32055 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1026.225389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1026.234740] Call Trace: [ 1026.237333] dump_stack+0x1b2/0x283 [ 1026.240966] should_fail.cold+0x10a/0x154 [ 1026.245125] should_failslab+0xd6/0x130 [ 1026.249106] kmem_cache_alloc+0x28e/0x3c0 [ 1026.253246] alloc_vfsmnt+0x23/0x7c0 [ 1026.256941] clone_mnt+0x6c/0xef0 [ 1026.260392] copy_tree+0x33a/0x860 [ 1026.263938] copy_mnt_ns+0x112/0x8a0 [ 1026.267654] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1026.272667] ? kmem_cache_alloc+0x35f/0x3c0 [ 1026.276990] create_new_namespaces+0xc9/0x730 [ 1026.281481] ? security_capable+0x88/0xb0 [ 1026.285625] copy_namespaces+0x27b/0x310 [ 1026.289675] copy_process.part.0+0x2616/0x6fa0 [ 1026.294243] ? retint_kernel+0x2d/0x2d [ 1026.298118] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1026.303131] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1026.307891] ? __cleanup_sighand+0x40/0x40 [ 1026.312108] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1026.316589] ? finish_task_switch+0x14d/0x610 [ 1026.321068] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1026.325550] _do_fork+0x180/0xc80 [ 1026.328991] ? fork_idle+0x270/0x270 [ 1026.332685] ? firmware_map_remove+0x18f/0x18f [ 1026.337249] ? fput+0xb/0x140 [ 1026.340344] ? do_syscall_64+0x4c/0x640 [ 1026.344299] ? sys_vfork+0x20/0x20 [ 1026.347830] do_syscall_64+0x1d5/0x640 [ 1026.351710] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1026.356881] RIP: 0033:0x45ca69 [ 1026.360050] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1026.367739] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1026.375002] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1026.382252] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1026.389503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1026.396751] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:51 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd], 0x0, 0x8080}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:51 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r3}]}, 0x24}}, 0x0) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)={0x188, 0x13, 0x400, 0x70bd29, 0x25dfdbfc, {0x2c, 0x20, 0x0, 0x1, {0x4e23, 0x4e22, [0x3, 0xab74, 0x18, 0x600000], [0x2, 0x4, 0x9, 0x7f], r3, [0x4, 0x9]}, 0x5, 0x800}, [@INET_DIAG_REQ_BYTECODE={0x10, 0x1, "fb7caeb46f19feebcd72f12d"}, @INET_DIAG_REQ_BYTECODE={0xb2, 0x1, "39c541cbb30f3213893e4739ac6ff71f5c6ec02caffcb2b2a76252a5c3b074f60bb4770f3f15eef7379d36a575634865bf54ee34dbb7d58036962b400e4563aa28c5c66e1435d48ff87d09323f425ec2814dd5548f7e5f7151bc8cb7c3defae863a8fc118a9b1d360606f1d9950074b824bdab6421ec796b72a2cbd04b695cd4dc34d0e9f3fc33164eeafb732dea4da53c90c74064f12e9da68cb8924562c682a93c847268691ca1471d84fc642d"}, @INET_DIAG_REQ_BYTECODE={0x76, 0x1, "ac212011fa735f9a6b9998993814cf55556d729ab808a731e1b879841823a7399debaa4df4e986cfed3b909b9c5ed8b9eac0e6397656cf08bc71ff195af220fbaeb62fd7ecfedb26e33e83aa5848b782def4c5de89ef8f9ae4fb90eb5378b807cf0d3794d241058250647b5ea5b2b28ec36f"}]}, 0x188}, 0x1, 0x0, 0x0, 0x4}, 0x4008040) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 13:38:51 executing program 4: r0 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) perf_event_open$cgroup(&(0x7f0000000040)={0x3, 0x70, 0x4, 0x20, 0x3, 0x5, 0x0, 0x1, 0x22201, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0xffffff01, 0x1, @perf_bp, 0x2, 0xfffffffffffff000, 0x80000001, 0x3, 0x9, 0x20, 0x7}, r1, 0x1, r0, 0x1) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r2, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x1c, r3, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_GET_KEY(r1, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x6c, r3, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY={0x1c, 0x50, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "23d0f02433"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}, @NL80211_ATTR_KEY_SEQ={0xd, 0xa, "bd4890ea22fc888fda"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x2}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_SEQ={0xc, 0xa, "a501ee69a0fffc80"}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x44014) 13:38:51 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d18e1bd6c20d0195deb5f9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff01000000000000000000000000000000000000000000002800a7d3823808b81b759b27f373519b52454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a8d63600000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d00000000000000000000000000000000000000000000000000028006304f855eb1d75749ddb50425d8f20e4624937f8123a33c4e77515559eb2e8752c951fc188a48a6b0a98a7793ffbc61cc2b4914940b60a4d62fb52d795107bc178a9e3a9b47f9b09d9ced22ea04542"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r5 = socket$l2tp(0x2, 0x2, 0x73) r6 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r6, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r6, 0x0) sendfile(0xffffffffffffffff, r6, &(0x7f0000000000)=0x5, 0x6) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000540)) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="02d668531dc47e3ff2589d3c094c1aaf3584aaf4ea6b23c61d2eabf7ea51b74c7a9f58bf65798485e1088571f4b399ae2afcc75ead0713875cffee27bfa3be9064e5", @ANYRES16=0x0, @ANYBLOB="0002000000000000000001000000060003000300000005001300e00000000c0016000900000000000000050012001c000000050005000100000014002000fc010000000000000000000000000001"], 0x54}}, 0x200480d3) dup2(r2, r5) [ 1026.659622] *** Guest State *** [ 1026.662928] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 1026.678318] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 1026.691629] CR3 = 0x00000000fffbc000 [ 1026.713484] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 1026.743414] RFLAGS=0x00008082 DR7 = 0x0000000000000400 13:38:51 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r3}]}, 0x24}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r6, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r6, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r7}]}, 0x24}}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r9, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r10}]}, 0x24}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000003500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000034c0)={&(0x7f0000003540)=ANY=[@ANYBLOB="f03300002d00000825bd7000fddbdf2500000000", @ANYRES32=r3, @ANYBLOB="0500f2ff0a000a00ffff0a000a0001006261736963000000b833020004000300600404000c000800ff070000000000000800050008000000080005008d0000003c000100070000000000002002000000220600000100010003000500030081000400000009000200030005000001000000000000020000000900000004040200ff0300000300000081000000ffffffff050000001f000000afa000000200000090083c670200000059090000fdffffff00000000070000000000000001000080fc000000000000000700000009000000070000000080000007000000c6448844010100000500000006000000ffff000000f8ffff07000000ff030000ffff00000900000055c1000095000000090000000a000000ff03000007000000040000000600000064eb00000200000000000080f800000001f8ffffff0700000400000000000000020000000080000005000000070000000700000005000000090000000000000003000000810000000800000020000000040000000300000000ffffff74ffffff0000000030b60000760700000c0000000100000007000000740000000500000007000000010000000800000000000006ad0000001f0000000400000003000000027900000500000000100000090000000700000001040000ff030000e07f000008000000010000007f0000000500000001000000070000000100000001000080080000003f000000010100000900000006000000b70000000600000007000000ff0700000080000057850000800000000000c02043d90000fcffffff010000000900000019000000772200000500000003000000020000009c3500005a060000feffffff090000002b000000010000000000000005000000fe00000050000000da2c0000ff7f00000200000008000000070000007206000049d10000390000000900000000010000053d00000700000004000000070000007f000000070000000104000004000000010001000900000000080000830000000600000004000000060000000300000000010000ff0f0000fbffffff553d000001ffffff000400002e000000000000000200000004000000010000000700000006000000ff7f00006d4baf76a70200000900000009000000350400000900000042050000ff070000ffffff7ffcffffff0018000006000000010000000100000001000000200000000300000003000000b78400000000010007000000000200000300000026170000004f0000cd0900000900000001000000913a00000600000003000000080000003f0000000001000008000000870d00000300000000000080050000000100010006000000050000000600000004000000ffffffff000000006c0200000001000040000000ffff000007000000958c000000010000ff0700000600000007000000f9ffffff235a000081000000000000000400000008000000ff0100008000000001000100ff0f000001feffff00000100200000000700000001f8ffff4600000003000000020000001f000000080000000300000000000000050000000200000005000000000200000800000001000000010001000100000001000000502f0300900115000b0001006d69727265640000640002802000020081000000ff07000006000000000000000500000001000000", @ANYRES32=r4, @ANYBLOB="200000000000071d0000ff0300000400006fba86b76af835c000"/35, @ANYRES32=r7, @ANYBLOB="200002000500000006000000ffffffff050000000100000004000000", @ANYRES32=r10, @ANYBLOB="01010600688398d93fff617c2927a41b68bafee115b154a7a6e02bf301853a849b51ec62ca665faffa358e8471ecc112c7b4abe9163b91544421f656279425a6e1ccda336864257b0c2049d16b5e829d2252a3948e54a24ca511d768586da06c094e8196b6a370b467599d75be4ebdcfb97f9c04233f17dc8635b892be93e126766069d5a0fb04e8c2e536fa45030fd8233d9bd1ab87b8b31fae609c9ea48838c6ef16d291267c67eb5f48d3368445565c495655cf66eff4ade8ec66b2ef6887e445b67fc4d8edc591a9bfe59bcc7c2b5496776ed574fd84efb1065c467d156439b8b22af95336273e891c395f0b523575c70969a2caf07d52bb8fd51d2e7be8520000000c00070000000000000000000c0008000000000000000000bc2d1d000a0001007065646974000000302d0280980e040001000000ffffff7f0400000049000000090000007f0800008cd60000ffffffff05000000050000007f00000000000000010000000100000003000000000000007400000087000000050000000000000000a02c3d8100000001000000040000000200000047790000fa000000090000000d0000000004000009000000f202000089000000ff030000010000001f0000000100010009000000f00b00000200000008000000010000000400000000000000feffffff060000000300000003000000fcffffff03000000faffffff07000000ffffff7f00020000010000000100000082d0136205000000000400000080000002000000f7ffffff00000000040000001d00000004000000030000007f0000000400000004000000ff0f000005000000ffffff7fd60f000005000000fcffffffff0f00002000000005000000ffff00007f00000000000000010400009e0f0000080000000100000008000000090000000200000004000000840000003f00000004000000603300000101000005000000cb0300000200000003000000fcffffff07000000030000000600000007000000ff00000003000000010100000200000001000000010100000000000001040000090000000200000002000000010400000900000038000000050000000600000006000000200000008700000000000010050000009e00000000000000090000000500000000000100030000000500000002000000110b00000000000002000000590200000300000007000000ccfffffffaffffff06000000090000000700000002000000cd0f0000080000000600000047000000630000000400000003000000ff010000070000000400000005000000810000000900000009000000080000000200000020000000070000000700000003000000050000000500000000000000ff7f00000100000009000000730000000800000007000000ff01000007000000008000003f0000000100010000004000059b000009000000fb040000acb50000000800000700000018000000090000003100000007000000000000003f0000006300000001000000283c00006505000008000000ff0100000400000004000000010000000002000000000000230000000200000007000000b95b000000000000040000008e030000010000000400000000020000400000000100000057d500000800000007000000010000003f00000007000000db0900000200000000020000030000000180000000800000090000000101000000000100f9ffffff3f00000007000000f1cb0000030000000104000004000000400000000700000096000000fcffffff07000000a3070000d2dd000062060000faffffffff030000040000002dcd00000300000069000000050000005c143c5609000000030000000000000008000000030000000000000005000000d4f9ffff00000000010000001f000000040000000900000020000000ff0f00000700000000fcffff4000000000100000020000005f0000000100008002000000060000000100010008000000cf060000ff7f0000b100000003000000080000000600000000000000018000000000000021d500004000000004000000ff7f00000100000003000000b70700004f0d0000000000800600000006000000040000000000010000000100200000000400000000020000000000000100000000000080ff000000050000000300000001000080010000003f0000000000000000000000010000000300000002000000fc000000000100001f0000000180000002000000020000000600000001010000ff0000000600000002000000c29300000900000004000000000000800400000008000000040000000700000007000000e2060000050000000200000009000000050000000300000000000000030000000700000002000000ffffff7f00020000ff0000004f0d00002b5a760403000000ff7f0000080000000700000000800000ff0700000700000001000000030000002400000003000000400000000100000081000000510f00008000000004000000ffff0000070000000700000009000000ffff0000010000801f000000ffffffff000800003200000005000000050000000100000004000000090000004600000005000000ff010000010000809d2600004dac0dfa080000000800000002000000800000000400000001800000060000008c7c00000800000000000000f9ffffff09000000ffffff7f07000000000000000000000007000000308e00000000010002000000dd93000000000000010000000300000043000000ffffffff01000000ffffff7f0900000001000000800000003e0e0000010100000700000000000000783c0000ff0b000000000000fa590c5505000000193600007f0000000400000000080000030000000100000007000000ffffffffd300000006000000080000000000010000080000ed4e00000500000000020000090000007f000000000000007f00000007000000010000000008000093000000fdffffff3000000009000000df0000006d0c000081000000020000004d0000002b000000ff0f000009000000ff0f00000000000004000000ffffffffffffff7f006000000180000002000000a70000000000000004000000090000000900000001000000010000000300000001000100010000000900000001000000020000003f000000ff0f00000000008001000080070000008700000004000000b900000061000000090000005b5a000006000000050000000000008005000000000000000600000000000000ff010000070000000000008034370000080000000080040009000000080000008400000003000000020dffff06000000080000007f0000001000000001800000ff7f0000070000000700000002000000ff010000ffffff7fb0d10000090000001f00000001000000faffffff010000000700000008000000080000000000405f09000000000000000300000001000000f057000000000000010000000000000001800000ff0300000008000001000000000000000600000008000000010400000004000000020000ff03000035ee000000f8070004000000000000000700000020000000feffffff0300000003000000090000000700000040000000040000000300000007000000ff07000000000080800000000008000008000000ff7f0000010000003f00000000400000ff0f0000010000800000000000000000000000e09498000005000000060000003f000000200000000300000006000000020000000100000005000000a60d00000800000003000000faffffff0500000001000100060000000000000081000000080000005400000004000000cf0000000000000068070000030000000000008001000000ee000000030000000101000001000100050000000900000000800000800000001f000000d2000000a30d0000090000000600000042880000ffff00000500000000fe030001010000030000000100000000000080020000000000000041ffffff01800000060000000100000004000000ff0f0000fb0a00000101000001000000b60e0000060000007f0000000000010009000000da0a0000ffffff7f07000000cf7d0000050000000689ffff000000000900000000000000791f0000090000000000000009000000810000000900000003000000060000000080000007000000090000001b0c000001010000200000000180000000100000f6e60000ff030000700c000005000000000000000400000000000080060000007703000004000000ff07000040000000c1ffffff07000000470000001f0000007da90000060000000700000002000000cf310000c23f0000010000004000000005000000010100008000000008000000000000000900000008000000020000000100000001040000ffffffffff0300000500000066000000070000001f0000007f00000000000100000000009d48000005000000080000000600000007000000fffffeff07000000080000000001000000000000080000000600000004000000010000007f000000f300000000fcffff00000000008000002000000044000000000200000300000072640000040000000100010008000000080000000e0000007f000000ff000000e108000000000000f90e000005000000fdffffff030000000000000009000000050000003f000000010000000100000005250000ff0f000008000000050000001f000000070000000700000004000000000000000000684080000000060000000200000004000000000000000100000000000100008000008a010000010100000200000081000000010000000400000003000000040000000800000000050b000a000000270f00001000000000010000f9ffffff03000000090000008d0600003501000020000000fcffffff0100008005000000010100000000010000000100010001000100000002000100030001000000000000000000040001000500010004000100030000000200000005000100000001000400010004000000000001000300577201000000050001000100000004000100010000000400010004000100040001000500010002000000040001000100010000000000020001000300010000000000050000000100000003000000030001000500000003000100030001000400010003000100060001000500000002000000010001000100000005000100000001000400000005000100050001000200010006000100000000000400010000000000000000000200010000000000040001000200010005000100050001000400010005000100020000000100010003000000020000000000010002000100000001000300000001000100050001000500000004000100050000000300010005000000fe090100000000000200010000000100040001000000010002000100030001000500000002000100050000000000000005000100020000000000010001000100020001000000010004000000000000000000000003000100020001000200000004000000000000000400010003000100000001000500010000000000050000000b00000001000100030001000100010003000100000000000500030005000000020000000300000000000000030000000300010001000000c80e040008000000ff00000006000000e80a0000ffffffff7f0600000700000040000000010000000300000000000000000000003c7e0000040000000800000001040000050000000200000006000000050000000101000003000000b700000000000000ff0700000700000003000000ff0300000300000008000000000000002d0500000500000009000000000000005600000008000000ff010000d70000003f00000003000000ffffffff040000003400000005000000d80000000600000000010000210b0000080000003f0100001300000000000000070000000b7700000600000007000000010000000700000002000000faffffff0000000009000000ff070000f81c0000170e0000ffffffff72000000010000800300000080000000070000001f93000006000000090000000000000001000000390000000800000007000000000000808000000000040000070000001f0000000700000008000000000000000200000083030000080000000600000009000000000000000400000008000000000000004c000000ff7f00008000000004000000b8000000070000000900000004000000040000000100000007000000ff070000c1ffffff7f00000006000000ff7f0000020000000800000005000000ff000000010400000800000005000000020000000400000009000000aa0a0000e200000000000000000000000200000001000000010000000000000000040000060000000101000034000000000000002de0000034000000060000000400000000000080010001000200000043000000f1ac000001000000a300000065410000ff030000ff0f00006571000007000000060000008b000000190d000033000000030000000300000009000000ff0f0000008000002000000008000000ffff0000080b0000f9ffffff080000007f060000010000803f000000080000000fd80000fbffffff080000000100000002000000010001000000000006000000050000000900000009000000ffffffffae40000008000000d3e15a190300000000000100ff7fffff08000000c6c50000f9ffffff01000080ffffffff1f00000001000000ffffffff090000000500000000000100ffff0000a5010000c1ffffff6fffffff080000000000000000000000b2f5000005000000090000000000000002000000001000000500000000000000030000000400000005000000000000000200000003000000010000002f00000004000000190a00000200000081000000060000002000000007000000ff00000007000000030000007f00000000a0dd004300000001040000010100000800000001010000050000000010000048090000ff000000000001009daac8533f00000008000000e400000000010000d80c0000fb00000004000000010000000800000023ad000007000000060000000600000000020000ffff0000ff01000009000000040000000700000009000000ffffffff07000000000000007f00000007000000e101000005000000ba0000000180000009000000749a00004f000000ffff000007000000080000002000000001800000fcb6000020000000ffffffff0300000005000000a20000000500000004000000080000000000000007000000f7fffffff40c00006d0600000c4100000800000003000000010100001f00000005000000f8ffffffff0000005100000000fcffff010400000700000007000000090000000500000002000000080000006300000009c90000ff01000044b10000020000009905000003f600000000008003000000feffffff0080000001010000000000009d0000000700000005000000ff000000ffff000001000000040000000600000000040000010000000300000008000000f8ffffff0300000000100000ffffffff05000000090000000100000004000000080000000600000030dc0000010000000104000000000000090000000000000081000000000020000500000001040000830900000000000001010000060000000000000000080000f8ffffffc2000000930000000300000003000000c70000000400000081000000000800007f000000df070000ed4700000300000009000000020000000800000002000000ff0700008000000083000000890000000000000007000000060000009e0000009a13000001000000000000003c040000010001000800000007000000010000004000000056000000030000000400000007000000060f000002cdffff06000000520000000500000005000000769800000900000006000000050000000000000000020000ff0300000900000004000000030000004100000009000000030000000300000075c900000500000000000000000100000800000003000000ffffff7f01040000030000000500000000000000ff0f0000090000006c04000001010000fcffffffa032725b0700000000000000740000000700000007000000faffffff08000000aa08000004000000060000000000c000a50800003f0000000100000000000000fffffffff732f8780000000007000000060000000100000003000000030000008100000006000000090000000002000000060000ff030000ffff0000ffffff7f2000000007000000020000000900000020000000432eea20001000000200000000000000030000007f000000070000001804000080000000000000000e000000090000000008000008000000040000000400000001000000070000000100000068000000fa8e0000060000000100000094000000080000000900000003000000560800007a96000009d2ffff000001000600000003000000060000000700000000000000010000801f00000002000000d30800002a010000000000000700000078df000008000000b3070000ff0f00000100000000000000810000000800000000000000ffffff7f060000000100000006000000050000000200000001000000000000c0f803000000000000080000000100000000000000090000000300000004000000ffffffff010100000800000002000000ff7f00000100000007000000ff0100007f00000006000000000000808100000006000000280e000001000000ff01000000080000050000003f00000007000000ff00000000000000aa070000ff03000006000000090000000080000008000000040000005d000000000000000600000009000000040000003f000000810000000900000003000000060000000200000004000000f9ffffffff03000008000000000200003f000000090000000100010009000000cb000000001000000800000040000000000200001f00000002000000c1ffffff7f000000030000000800000001800000ff7f00000800000004000000ff7f0000070000000000010009000000fdd8921effffff7f080000003b0500000100008009000000080000005e870000ff010000800000000600000004000000060000009f02000005000000870d000020030000000400000100010000000000a89100007f00000002000000680000008a080000030000000104000001000000010100000400000092ef000008000000070000000800000001fcffff0300000003000000020000000200000035000000462c0000020000000800000007000000ffffffff82c0000055000000720000000100008001800000070000003f000000010000800700000009000000040000000900000073ffffffffffff7f00040000ffff0000040000000400000000000000ff01000001040000d8000000ffffffffff0700000800000005000000850800000000000005000000ffffff7ffffbffff010100000500000007000000e8feffff02000000090000000800000003000000ea00000007000000000000006b0000000010000005000000660000000500000008000000ed0000000400000000010000ff0f00000200000095010000abdf000008000000ffffffffff7f00003f0000000700000004000000020000003f000000800000003507000001000000080000000000000000fcffff070000000100000001040000fcffffff08000000010000000600000000000000ffff0000040000000500000003000000010000000000000006000000060000000800000007000000b1da1d28060000005f000000000400000600000000000080090000008100000004000000030000003ede0000000001000500000008000000fa090000000800004c000000020000000600000004000000940c0000cd000000ff07000003000000068cd53a0100000043040000010400009f000000fffbffff01000000ff000000600000000900000005000000ff070000810000000200000002000000afdb000006000000090000000700000008000000ff010000050000007f000000030000000100010007000000ffffff7f0000000007000000050000000300000000010000cd520000ffffff7fffff000008000000020000000500000005000000010000000000000040000000060000000010000087e9a9ce0100000000020000f3000000010000000500000000000100010000000200000003000000010001000100010002000000010003000100000003000100050001000100010000000100000000000000010006000100020000000500000006000100020000000100010004000100010001000000010004000100030000000300000000000000030000000500010004000000040000000500010002000000040000000400000005000100040000000500010001000000040000000100010001000100040000000000000002000000020001000100010002000100030000000500010001000100050000000400010002000100030000000100010000000100030001000500010005000100030001000400010001000000020000000500000000000100000000000400000000000000010001000400000003000000050000000100010000000000000000000400010002000000020001000200000005000100000001000200010002000100050001000b0000000400f690030001000300010000000000070000000300010002000100010001000400010003000100050000000100010001000000020001000100010003000000010001000000010005000100010001000500000005000100050001000200000004000000050000000500000005000100030000000300010003000300000001000400010007000000000000000600010002000100020001000200000001000000ec00058044000680060001000000000006000100030000000600020001000000060001000100000006000200000000000600020001000000060001000000000006000200000000003c000680060002000000000006000200010000000600010004000000060001000200000006000100040000000600020000000000060001001fa400001c0006800600020000000000060002000100000006000200000000004c000680060001000400000006000200010000000600020001000000060002000100000006000200010000000600010000000000060002000100000006000100030000000600010000000000e00e0200000000000500000006000000010000000500000009f7000006000000030000009600000002000000060000003f0a4251ff7f000068000000ff0f0000090000000100000005000000040000000300000000000100070000000500000017aa000001010000030000000008000007000000070000000600000005000000fbffffff06000000000000000900000009000000ff000000090000001f000000050000000200000007000000f7ffffff0100000008000000ff0f000004000000c7ed0000fdffffff01000000040000001f000000a5000000070000000100000006000000ba000000ff0700004000000002000000040000009ba87ab704000000a4730000010000004ad9000001040000080000000004000007000000020000000200000006000000000200008000000003000000010001000400000000080000040000002e0000000104000000000000950000000200000052f92065000800000800000009000000050000000300000009000000fdfffffffeac2c3400040000ffffffff050000000700000001000080940400000200000000000000040000006600000001000000897200000400000001800000450a00000100000005000000050000004000000081000000fcffffff000100000100000001000000050000000700000000010000ffff000004000000060000000800000006000000000800007f0000000700000000000000f8ffffff0080000001800000b40000001f0000001f000000080000000800000009000000a5f3c96105000000030000000300000003000000ff0f000007000000200000000800000005000000f8ffffff01000000000000800700000008000000ec0000000900000000000000ff0f0000641bffff090800009102000006000000970000009e0f00008104000005000000060000000700000079730000001000000800000011000000f30000000700000020000000ffffff7f00feffff070000007f090000090000001c000000d4140000a10700000400000003000000ff030000070000000000008080000000010000004d8800000000000085ab3b3b2000000000000000fdffffff3f00000000000100010000000900000070d10000f40000008c00000080fffffff0ff0f0099040000f7ffffff000000000700000000100000ff0700003e070000030000003f0000000100010009000000d200000001000000ffffffff06000000530000000500000005000000040000001105000002000000ffffff7f01010000ff000000010100000ca000001f000000ff0f0000faffffff0000000070ffffff020000000300000003000000000000800200000000000000f7ffffff080000007f000000ff0f000008000000477700000000000040000000d85100000400000002000000040000000000008007000000020000000000000000020000d6000000ffff000001000000750000000200000000000000000000000800000000080000060000001f0000001d0d00000100000000040000800000000001000002000000ff0100000900000008000000dbb418260000000008000000070000007f00000072dd000004000000010100000000008004000000030000003c8effff00000000080000001f00000000000100a14f0000cf450000f9ffffffffffffff0200000006000000fb0900000800000001000000490e00000500000007000000e002000075fdffff000200000300000007000000080000000300000002000000010000000900000065060000fafffffff9ffffff01040000c434fc1cc2590000070000000600000000000000200000002000000001000000ff07000008000000080000000300000020000000000000000000010004000000200000000008000008000000050000000900000001feffffff0700003f000000080000000500000005000000000000000100000080000000fffffffff8ffffff0108000006000000060000000010000003000000080000000500000001010000200000000200000002000000ffffff7fff0300009c9e0000a000000004000000f9ffffff0500000007000000050000000600000000000000050000000eef000000000000ff070000ff00000005000000010000800080000038030000020000000700000006000000020000000200000074090000019000000000000006000000ff03000000800000ff0f00000800000007000000000200000000010008000000ffffffff03000000030000004c79af6709000000ff000000fbffffffff7fffff06000000020000000700000003000000a5000000650000000180000080000000070000000700000000000000010001003f00000000000000a60c0000070000006b0100000104000006000000000000003f00000000800000000000000200000000000000ffffffff9a5b000004000000030000000900000001000000ffff000000010000ff0f0000feffffff03000000661c0000ffffff7fa301ffff721a000001000000810000000104000004000000bb00000020000000ffff000005000000f100000006000000ffff00000100000000040000000000000600000001fcffff400c0000070000000100000002000000ff01000007000000080000000100ffff8885000040000000020000000100008000000000090000000700000001000000da75000001000000080000000400000010020000ffff00007f00000009000000ffffffff8000000007000000000000000700000003000000000000000200000049000000090000000700000000000000ff0f000007000000010000800700000003000000010000000100008000100000010000001f000000090000000100008007000000e50c0000ff0100000010000001000000070000003c070000070000001f000000060000007f000000050000000101000002000000db000000ffff0000020b00000700000002000000f60000000104000001000000020000000500000001f8ffff060000000500000040010000060000000000000009000000ff0f0000951c00008000000089f200000004000008000000217c000000000080018000000300000056aa0000200000000100010001000000080000009e735303ff03000000020000010000003f0e00000000000007000000feffffff7fffffff02000000070000000100008006000000ffff0000c0ff0100050000000700000009000000050000000000000006000000010000000300000000000000070000009400000002000000010001000700000004000000050000000101000009000000060000000100010001000100ff0100001f0000000200000004000000fcffffff81000000ff01000003000000e36400000200000004000000f8ffffff07000000040000000001000009000000ff01000001800000000000000500000008000000ff0700006f3d000002000000ff030000000000000600000003000000ffffff7f050000000500000008000000ff0f00000500000000000000010000000700000006000000080000000800000003000000040000000900000006000000ff7f0000ab0000000038000064050000ff030000cd5589580100000008000000f0e60000010000000000000006000000249700000300000007000000d5000000040000000900000001040000000000008100000011000000010400007f00000002000000010100000004000005000000050000003f00000009000000050000000080ffff400000000080000005000000080000004fff0000090000000000000003000000070000000800000003000000010000001f000000060000000100000003000000018000003b0000004000000001000080070000007f000000febd0000c8000000050000000900000005000000010000000200000001000000b500000009000000050000000300000005000000bb00000004000000060000008000000000000000030000000600000078ef000003000000020000000300000002000000070000003b0000000100010008000000020000001f00000080000000040000000700000005000000cc00000001010000010100000300000006000000520700000600000007000000ff01000075d000000100000005000000ff07000001fcffff03000000000000007ffbffff0200000009000000000000007f00000001000000090000003c940000ff7ffffffbffffff0000ffff0600000000080000ae0e000007000000020000000004000000020000018000000000000001800000000000000700000003000000b3000000640000006a000000fc04000005000000fde70000040000000000002005000000f20c00000100000009000000050000001f00000002000000050000008000000005000000080000000500000000010000800000000000000000000000e37aee06060000000104000002000000616800000200000001010000ff7f0000001000000000000000800000700e0000050000000100000008000000010000002700000001ffffff030000000600000000000000ff7f0000010000000600000006000000ff01000004000000080000000200000001000100000001000400010004000100000001000200000000000000000000000500010005000100030001000400000003008e1b000001000300000004000100040000000300000002000000040000000300010002000100020000000500010005000000030001000100000002000100010000000200010000000000000000000200000001000000050000000500010003000000030000000300000005000100050001000300000001000000030000000500000004000000050000000400f63d0300010004000100030001000000010002000000030000000500000001000100010000000100000004000000030000000500010002000000000001000200000003000100030001000100010005000000050000000000000002000100050000000300010001000100020001000500010000000100000001000000000005000100020000000100010005000100050000000500000003000000030000000300010002000100050001000500010002000000040001000400010004000100040000000100000004000000040000000400000001000000000000000500010000000000050000000500000006000000060000000200000005000000050000000300010000000000030001000100000004000100000000000500010000000100050001000400010001000100050001000400000000000000030000000400010002000000010000006300060087679843f614eba7a60e02c7c8279719355f752f8c99f94d87fa92771de260f5e69962150caafe13b40157f2a777a5aa8f4a1ccbd398b0f645077cbf943db28fe21bae075b22c637da3e8f7d8d4e5b4ce581215b2d42e371d8e912b3916eac000c00070000000000010000000c000800000000000000000008000b0001800000"], 0x33f0}, 0x1, 0x0, 0x0, 0x1}, 0x68c267a7725eaf09) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1026.764340] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 13:38:51 executing program 2 (fault-call:10 fault-nth:58): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:51 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xc) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:51 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000040)=ANY=[@ANYRES64=r1, @ANYRES16], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x34, r5, 0x1, 0x70bd2b, 0x25dfdbfb, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'team_slave_1\x00'}}}, ["", "", "", "", "", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x40001) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r6, 0x0) fcntl$getflags(r3, 0x40a) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r8 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="c0cde7a62ca862a73198c043c131e434ef953e7437909dad95a295f7abc6c69b1152c20419cdc11d207148ae5f559717a9011790bc8869e9bbbb6e12c3ecbb25c935c9ff24f5183a8f204f2f097317a56e9b90409cff585dfab66a679373849f68df6dce9ab78cf0e48b51dd3cf029716ffba20b558c7aeb61", @ANYRES16=r7, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32=r8, @ANYBLOB], 0x3c}}, 0x0) dup2(r2, r8) [ 1026.815136] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 1026.833114] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1026.870117] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1026.903826] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1026.923801] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1026.940785] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 13:38:51 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) recvmsg$can_bcm(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000540)=""/162, 0xa2}], 0x1}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000060000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r6 = dup3(r4, r5, 0x0) fcntl$getflags(r4, 0x3) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680)='l2tp\x00') r8 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r7, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r8}]}, 0x3c}}, 0x0) dup2(r3, r8) ioctl$SNDRV_PCM_IOCTL_XRUN(r6, 0x4148, 0x0) [ 1026.972112] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1027.004529] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 1027.082358] FAULT_INJECTION: forcing a failure. [ 1027.082358] name failslab, interval 1, probability 0, space 0, times 0 [ 1027.083870] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1027.101852] CPU: 1 PID: 32104 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1027.107876] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 1027.109749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.109754] Call Trace: [ 1027.109771] dump_stack+0x1b2/0x283 [ 1027.109786] should_fail.cold+0x10a/0x154 [ 1027.119007] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 1027.127072] should_failslab+0xd6/0x130 [ 1027.127083] __kmalloc_track_caller+0x2bc/0x400 [ 1027.127094] ? kstrdup_const+0x35/0x60 [ 1027.127106] kstrdup+0x36/0x70 [ 1027.127116] kstrdup_const+0x35/0x60 [ 1027.127125] alloc_vfsmnt+0xe0/0x7c0 [ 1027.127135] clone_mnt+0x6c/0xef0 [ 1027.127152] copy_tree+0x33a/0x860 [ 1027.132483] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1027.133329] copy_mnt_ns+0x112/0x8a0 [ 1027.133343] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1027.139038] Interruptibility = 00000000 ActivityState = 00000000 [ 1027.143866] ? kmem_cache_alloc+0x35f/0x3c0 [ 1027.143879] create_new_namespaces+0xc9/0x730 [ 1027.143888] ? security_capable+0x88/0xb0 [ 1027.143902] copy_namespaces+0x27b/0x310 [ 1027.150518] *** Host State *** [ 1027.152498] copy_process.part.0+0x2616/0x6fa0 [ 1027.152508] ? retint_kernel+0x2d/0x2d [ 1027.152520] ? trace_hardirqs_on_caller+0x3a8/0x580 13:38:52 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) accept$nfc_llcp(r0, &(0x7f0000000040), &(0x7f00000000c0)=0x60) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @aes256, 0x3, "4be4567790abaaf1"}) [ 1027.157795] RIP = 0xffffffff811642af RSP = 0xffff8880347f79d0 [ 1027.159562] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1027.159589] ? __cleanup_sighand+0x40/0x40 [ 1027.163328] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1027.166969] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1027.166980] ? finish_task_switch+0x14d/0x610 [ 1027.166989] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1027.167002] _do_fork+0x180/0xc80 [ 1027.167014] ? fork_idle+0x270/0x270 [ 1027.167024] ? firmware_map_remove+0x18f/0x18f [ 1027.167035] ? fput+0xb/0x140 [ 1027.167047] ? do_syscall_64+0x4c/0x640 [ 1027.167057] ? sys_vfork+0x20/0x20 [ 1027.173143] FSBase=00007f18279ed700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 1027.174006] do_syscall_64+0x1d5/0x640 [ 1027.174022] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1027.182883] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1027.185127] RIP: 0033:0x45ca69 [ 1027.185132] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1027.185142] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 13:38:52 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d00400000801000030030000000000000801000030030000000400000004000000040000000400000004000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e9ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a454354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1ff00000000000000000000000000000000000000000000ffde0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d00000000000e0ffffffffffffff00000000000000000000000028006300000000"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) prctl$PR_SET_TSC(0x1a, 0x2) dup3(0xffffffffffffffff, r3, 0x0) fcntl$getflags(0xffffffffffffffff, 0x40a) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r5 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRES32=r5, @ANYBLOB="d4db7ab2668dc3c0b9a3f1bfdb6a1b5d65f1df7b6f50ee63add664dbd75352a2fb92f32fe9a3a60dd3faba1a110f67560fcf0967aac8fa6c22b83a8a4359f262323af4b7edddb37cbf85c87e468cb9f84c8f768a22bb6c8505f7784e87e334b4859b1604d816531b3863eedb2c96a2d3226150171f2678254047853abcd4a45698d509aca6e9ad433c176bc4"], 0x3c}}, 0x0) dup2(r2, r5) [ 1027.185147] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1027.185153] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1027.185158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1027.185163] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1027.361964] CR0=0000000080050033 CR3=000000001ebe4000 CR4=00000000001426f0 [ 1027.369670] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 1027.377506] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1027.383806] *** Control State *** [ 1027.389240] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 1027.397932] EntryControls=0000d1ff ExitControls=002fefff [ 1027.406433] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1027.421101] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 13:38:52 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 1027.451341] VMExit: intr_info=00000000 errcode=00000000 ilen=00000002 [ 1027.475942] reason=80000021 qualification=0000000000000000 [ 1027.497738] IDTVectoring: info=00000000 errcode=00000000 [ 1027.523247] TSC Offset = 0xfffffdd74bf229b8 [ 1027.563347] EPT pointer = 0x000000009e42201e [ 1027.578171] Virtual processor ID = 0x0001 13:38:52 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:52 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = creat(&(0x7f0000000080)='./file0\x00', 0x1c0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r4, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r4, 0xfff}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000000c0)={r4, 0x4, 0x20}, &(0x7f0000000100)=0xc) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) r5 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x1f, 0x2800c0) splice(r0, 0x0, r5, 0x0, 0x4ffe0, 0x3) 13:38:52 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) r3 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000340)=ANY=[@ANYRESOCT], 0x1) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r5, r6, 0x0) fcntl$getflags(r5, 0x40a) r7 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r8 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r7, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_MTU={0x6, 0x1c, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) dup2(r4, r8) 13:38:52 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ptrace$getregs(0xe, 0xffffffffffffffff, 0x8, &(0x7f0000000000)=""/17) 13:38:52 executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="23e913f6484a977a02000100000005002197cf8d000a00"/49, @ANYRES32=r6, @ANYBLOB], 0x3c}}, 0x0) dup2(r2, r6) 13:38:52 executing program 2 (fault-call:10 fault-nth:59): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:52 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x406, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d69740000000000000000000000000000ffff0000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) fcntl$getflags(r3, 0x40a) r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r6 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x101900, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f0000000580)={0x5, 0x3, 0x1}) r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r5, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r7}]}, 0x3c}}, 0x0) dup2(r2, r7) 13:38:52 executing program 0: perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000240)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) eventfd(0x4) 13:38:52 executing program 4: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$KVM_GET_MSR_INDEX_LIST(r3, 0xc004ae02, &(0x7f0000000540)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r4, r5, 0x0) fcntl$getflags(r4, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x3c, r6, 0x923, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp=r7}]}, 0x3c}}, 0x0) dup2(r2, r7) [ 1027.856821] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'. [ 1027.930756] Unknown ioctl 1075861082 13:38:52 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[], 0x0, 0x4afe66f3797cd94e}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1027.990881] FAULT_INJECTION: forcing a failure. [ 1027.990881] name failslab, interval 1, probability 0, space 0, times 0 [ 1028.002237] CPU: 0 PID: 32169 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1028.010131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1028.019466] Call Trace: [ 1028.022036] dump_stack+0x1b2/0x283 [ 1028.025650] should_fail.cold+0x10a/0x154 [ 1028.029777] should_failslab+0xd6/0x130 [ 1028.033727] kmem_cache_alloc+0x28e/0x3c0 [ 1028.037851] alloc_vfsmnt+0x23/0x7c0 [ 1028.041539] clone_mnt+0x6c/0xef0 [ 1028.044974] copy_tree+0x33a/0x860 [ 1028.048495] copy_mnt_ns+0x112/0x8a0 [ 1028.052189] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1028.057180] ? kmem_cache_alloc+0x35f/0x3c0 [ 1028.061480] create_new_namespaces+0xc9/0x730 [ 1028.065950] ? security_capable+0x88/0xb0 [ 1028.070076] copy_namespaces+0x27b/0x310 [ 1028.074117] copy_process.part.0+0x2616/0x6fa0 [ 1028.078675] ? finish_task_switch+0x178/0x610 [ 1028.083152] ? lock_downgrade+0x6e0/0x6e0 [ 1028.087279] ? _raw_spin_unlock_irq+0x24/0x90 [ 1028.091757] ? __cleanup_sighand+0x40/0x40 [ 1028.095975] _do_fork+0x180/0xc80 [ 1028.099407] ? fork_idle+0x270/0x270 [ 1028.103095] ? retint_kernel+0x2d/0x2d [ 1028.106962] ? SyS_read+0x210/0x210 [ 1028.110583] ? do_syscall_64+0x4c/0x640 [ 1028.114536] ? sys_vfork+0x20/0x20 [ 1028.118053] do_syscall_64+0x1d5/0x640 [ 1028.121922] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1028.127089] RIP: 0033:0x45ca69 [ 1028.130254] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1028.137939] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1028.145196] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1028.152444] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1028.159690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1028.166937] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1028.320491] Unknown ioctl 1075861082 13:38:53 executing program 0: r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) renameat(r1, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000140)='./file0\x00') r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x14, r0, 0xb03, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) 13:38:53 executing program 4 (fault-call:10 fault-nth:0): sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:38:53 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000000000080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x184c0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) dup3(r3, r4, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r5, @ANYBLOB="0100000000000000000000636173742d6c696e6afffffffff200"/35], 0x30}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000580)={0x1c, r5, 0x20, 0x70bd25, 0x25dfdbff, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0xc080) fcntl$getflags(r3, 0x40a) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r7 = socket$l2tp(0x2, 0x2, 0x73) r8 = memfd_create(&(0x7f0000000880)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\xc9[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V;\x96\x02\xf0\xddcO\x9f\xeb1\xd2\xa9}\x17\x85\xe8$\xd7\x183W\xe1^\x9f5\x1a\x9d\xe3\x18\x1f\x8d\x81H\xc9\xf3\xfa\xc9\x94{=x\x03\v\x94\x90\xd8\x81\xa4u\xd4\xae6\xca\\p\xcb\x110\xd0\x86\x19\xa4t\fg\xcfN\xb4N\xab\xda\x8a\xba<\xc2}\x9d\x16K:\x82g\xe60\x0e\x05\x0f\'`\x86B*\'\x99\x16\xc2b\xb8.3,\xb8\xc7}}\x9fx\xfc\xf5\x15\xb2B\xca\x8a\x8b\x96\x9e^\x8e6\xfb\x1f\xd6\x11\xa5\xba\xe4\x84\x13Q{\xa2G\x85\x13\xd3\xf3\xbe\x84%\xf0W\xcb!\xa7\\\xa0`\x7f\"\xd7\t\xd4R{\"\x9b\xf8\xa7H(`\x1fr\xfe\xe4d\xc5\xbc\xac4\xfa\xdb\x93d\xe4\xffj!\xddmP*\x95\x94\x88\xa4\xe6\x1a\x98\xcd\xd1\x04\x8d\xeaWDK\xff\x9fJ\xda\xce\x8fB#\xbaF3\x17/\xee!_W\x03s\x0e\x93\xdb\xffV\x14\xbaU\x1a\xc6\xc8\xa3\xe6IjW\xe4#\x1b\xa4\x84F\xc3Cq\n\x8f`\x95\x1d\x99\xfbvXPa\xe8G)\x8a\xdb\xff,\xf6J\x8d\xd9aR\x1b\xf8\x86\x05)\xaf\xf6>\xa0\xbb\xc3\xaeK\xc1\xec@\x9eO\xb0\x90\x91\xa6\xc5W+\x95\xc4\xc8\xf1\x7f\xa6;8,u\x7f_yQ\x0f\x8e\xff\x93\xeada\x01\xf2!M]\xd0\f\x9a]_g\x1d\xf2d\xdb\x06\x17hS=\fvt\xd5[\xa8\x0e\xc6=\x99\xf4V\xc2\'\x1b\xe8\xdf2bA`\x10\xb00\xc0\x95\xb53\xe3\xb1\x92\x01\x80\xef\xcd\xe6\xb6/aa\xb79\x87k\x14\xdc\xb6\x86\xb9/\xbd\xdd\xc2\x15\xda\xd3', 0x0) write(r8, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r8, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c800000", @ANYRES16=r6, @ANYBLOB="230900000000000000000100000005000700000000000800090000000000060002000100000008000a000000000008001700", @ANYRESHEX=r8, @ANYBLOB="38d0149be44aa4bf42afd8649fb5252504c10162d820012405559dee22b70100008095937c"], 0x3c}}, 0x0) dup2(r2, r7) 13:38:53 executing program 0 (fault-call:5 fault-nth:0): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) [ 1028.450957] *** Guest State *** [ 1028.466347] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 1028.480961] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 13:38:53 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) r3 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x8) ioctl$TIOCGLCKTRMIOS(r3, 0x5456, &(0x7f0000000000)={0x5, 0x5, 0x1f, 0x5, 0x82, "e0729a8fcc038b4b38d44abd93895ce927b4df"}) socket$netlink(0x10, 0x3, 0xa) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r4, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000100)={0x1c0, r5, 0x800, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x58, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x20}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x72a}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7f}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x20}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfa09}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x52}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc20d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0x78, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffe}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x8001}, 0x4000000) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1028.504875] audit: type=1804 audit(1590845933.382:1598): pid=32190 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/661/file0/bus" dev="sda1" ino=16865 res=1 [ 1028.523273] CR3 = 0x00000000fffbc000 [ 1028.532019] FAULT_INJECTION: forcing a failure. [ 1028.532019] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1028.542424] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 1028.561368] RFLAGS=0x4afe66f3797cd94e DR7 = 0x0000000000000400 [ 1028.570739] CPU: 0 PID: 32190 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 1028.575768] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1028.578624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1028.578628] Call Trace: [ 1028.578648] dump_stack+0x1b2/0x283 [ 1028.578665] should_fail.cold+0x10a/0x154 [ 1028.578681] __alloc_pages_nodemask+0x22b/0x2730 [ 1028.578700] ? ima_match_policy+0x3e3/0x10d0 [ 1028.585571] CS: sel=0x0000, attr=0x0009b, limit=0x0000ffff, base=0x0000000000000000 [ 1028.594686] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1028.594699] ? trace_hardirqs_on+0x10/0x10 [ 1028.594707] ? __lock_acquire+0x655/0x42a0 [ 1028.594722] ? __lock_acquire+0x655/0x42a0 [ 1028.594733] ? __lock_acquire+0x655/0x42a0 [ 1028.594743] ? __do_page_cache_readahead+0x285/0xa10 [ 1028.594757] alloc_pages_current+0xe7/0x1e0 [ 1028.594771] __page_cache_alloc+0x243/0x3c0 [ 1028.594783] __do_page_cache_readahead+0x2d0/0xa10 [ 1028.594803] ? read_cache_pages+0x690/0x690 [ 1028.598439] FAULT_INJECTION: forcing a failure. [ 1028.598439] name failslab, interval 1, probability 0, space 0, times 0 [ 1028.600972] ? find_get_entry+0x31b/0x660 [ 1028.600989] ? lock_downgrade+0x6e0/0x6e0 [ 1028.601006] ? ondemand_readahead+0x516/0xb60 [ 1028.601015] ondemand_readahead+0x516/0xb60 [ 1028.601031] page_cache_sync_readahead+0xa6/0xf0 [ 1028.601043] generic_file_read_iter+0x1095/0x21d0 13:38:53 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = accept$ax25(r1, &(0x7f0000000980)={{0x3, @netrom}, [@netrom, @rose, @remote, @remote, @remote, @null, @null]}, &(0x7f0000000a00)=0x48) getsockopt$bt_hci(r2, 0x0, 0x2, &(0x7f0000000a40)=""/171, &(0x7f0000000b00)=0xab) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b40)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000a85a00000000000000000000000004000000d0040000080100003003000000153b00080100003003000000040000000400000004000000040000000400000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a80008010000000000000000000000000000000000000000000000006000484d41524b00000000000000000000000000000000000000000000000000fe8800000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000228020000000000000000000000000000000000000000000000005801686173686c696d6974000000000000000000000000000000000000000003726f7365300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ffffffff00000000000000000000000020000000000000000000000009000000ff0100000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000830000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a267ad5af036b5e8e0346cd8e0000000000000000000000000000000000000000000000000001d00000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280063f9aed8750e7c6f3a1297f40591a416a01639feeab656017c2d9bd3285c3d99a824be33fd73e3e29928a0eafbeaf5a8c33063a133342c34a9e44b2d2cef4c79fdd23eb5e347e8cde2dc236b1766ea133c8a227c6d5a88b9ab6867bfe1a4e8f8bb5555f849e0c9b45a191a500ab486f5134895fc267ad3cd0dc8decb4a55a3203cb32166492dc3392d443a28369e9bdda827f250e7cc70947ae061e52b797b76ab2a2843213fbb143ce252a97b71275adb94"], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/btrfs-control\x00', 0x1, 0x0) ioctl$SG_GET_COMMAND_Q(r4, 0x2270, &(0x7f0000000680)) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r7 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) r8 = inotify_init1(0x0) inotify_add_watch(r8, &(0x7f0000000040)='./control\x00', 0xa4000960) dup3(r8, r7, 0x0) fcntl$getflags(r6, 0x40a) r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r10 = socket$l2tp(0x2, 0x2, 0x73) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="230700000000000000000100000005000700170000000800090000000000060a0000000000080017004909a779a228ecd52518a3bc54a559f518d30c262847f83b19b0cd5971822ed0653b9f567d7534897a480f03d466ddffced6e728d6b2b5d0d7aa7d7bb39e07b64f01594793eaa83c24ff870a1452b183726bcb51b5d8d9ee16000000000000000000b0de04ec0eee85e4fbc4e363b2d9e17fc3b1d9cc4f43c7f4fe7a9ac5f61b5aef841e8738b634ce3980ca4d828c197fc7a82a8551a31ede9a80434b08408ffa1dea7b342fae9069cec77c9514d64bf819920af487", @ANYRES32=r10, @ANYBLOB], 0x3c}}, 0x0) dup2(r5, r10) 13:38:53 executing program 2 (fault-call:10 fault-nth:60): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1028.612458] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1028.614309] ext4_file_read_iter+0x14b/0x330 [ 1028.614322] __vfs_read+0x44b/0x610 [ 1028.614334] ? vfs_copy_file_range+0x990/0x990 [ 1028.614348] ? avc_policy_seqno+0x5/0x10 [ 1028.614359] ? selinux_file_permission+0x7a/0x440 [ 1028.651974] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1028.653348] ? rw_verify_area+0xe1/0x290 [ 1028.653360] vfs_read+0x131/0x330 [ 1028.653373] SyS_read+0xf2/0x210 [ 1028.653383] ? kernel_write+0x110/0x110 [ 1028.653393] ? SyS_clock_settime+0x1a0/0x1a0 [ 1028.653404] ? do_syscall_64+0x4c/0x640 [ 1028.673893] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1028.678066] ? kernel_write+0x110/0x110 [ 1028.678080] do_syscall_64+0x1d5/0x640 [ 1028.678099] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1028.678107] RIP: 0033:0x45ca69 [ 1028.678112] RSP: 002b:00007fe38e7b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1028.678122] RAX: ffffffffffffffda RBX: 00000000004fad40 RCX: 000000000045ca69 [ 1028.678128] RDX: 00000000fffffe47 RSI: 0000000020000180 RDI: 0000000000000005 [ 1028.678133] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1028.678138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1028.678142] R13: 000000000000087b R14: 00000000004c9ff4 R15: 00007fe38e7b96d4 [ 1028.716620] audit: type=1804 audit(1590845933.402:1599): pid=32190 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/661/file0/bus" dev="sda1" ino=16865 res=1 [ 1028.760970] CPU: 1 PID: 32198 Comm: syz-executor.0 Not tainted 4.14.182-syzkaller #0 [ 1028.825494] audit: type=1804 audit(1590845933.402:1600): pid=32190 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/661/file0/bus" dev="sda1" ino=16865 res=1 [ 1028.826784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1028.826789] Call Trace: [ 1028.826809] dump_stack+0x1b2/0x283 [ 1028.905832] should_fail.cold+0x10a/0x154 [ 1028.909985] should_failslab+0xd6/0x130 [ 1028.913961] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 1028.918634] snd_pcm_oss_change_params_locked+0x15e/0x30a0 [ 1028.924255] ? __mutex_lock+0x2cb/0x1430 [ 1028.928320] ? snd_pcm_oss_change_params+0x87/0xb0 [ 1028.933248] ? snd_pcm_oss_sync.isra.0+0x128/0x6f0 [ 1028.938211] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1028.943654] ? snd_pcm_hw_param_near.constprop.0+0x6f0/0x6f0 [ 1028.949444] ? snd_pcm_drain+0x38c/0x790 [ 1028.953482] ? lock_downgrade+0x6e0/0x6e0 [ 1028.957607] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1028.963041] snd_pcm_oss_change_params+0x5e/0xb0 [ 1028.967777] snd_pcm_oss_make_ready+0x9b/0x140 [ 1028.972339] snd_pcm_oss_sync.isra.0+0x19a/0x6f0 [ 1028.977074] snd_pcm_oss_release+0x205/0x280 [ 1028.981461] ? snd_pcm_oss_sync.isra.0+0x6f0/0x6f0 [ 1028.986367] __fput+0x25f/0x7a0 [ 1028.989642] task_work_run+0x113/0x190 [ 1028.993509] exit_to_usermode_loop+0x1ad/0x200 [ 1028.998072] do_syscall_64+0x4a3/0x640 [ 1029.001949] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1029.007114] RIP: 0033:0x45ca69 [ 1029.010282] RSP: 002b:00007f408b463c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 1029.017968] RAX: 0000000000000003 RBX: 00000000004db5c0 RCX: 000000000045ca69 [ 1029.025213] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1029.032458] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1029.039703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1029.046948] R13: 000000000000009d R14: 00000000004c355f R15: 00007f408b4646d4 [ 1029.055487] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 13:38:53 executing program 4 (fault-call:10 fault-nth:1): sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:38:53 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=@bridge_setlink={0xe0, 0x13, 0x300, 0x70bd29, 0x25dfdbfc, {0x7, 0x0, 0x0, r5, 0x20000, 0x1c000}, [@IFLA_CARRIER_CHANGES={0x8}, @IFLA_MAP={0x24, 0xe, {0x100000001, 0x2, 0x0, 0x34b, 0xff, 0x63}}, @IFLA_WEIGHT={0x8, 0xf, 0x1}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x8}, @IFLA_PROP_LIST={0x68, 0x34, 0x0, 0x1, [{0x14, 0x35, 'macsec0\x00'}, {0x14, 0x35, 'macvlan1\x00'}, {0x14, 0x35, 'netpci0\x00'}, {0x14, 0x35, 'bond_slave_1\x00'}, {0x14, 0x35, 'batadv_slave_0\x00'}]}, @IFLA_WEIGHT={0x8, 0xf, 0x6}, @IFLA_IFNAME={0x14, 0x3, 'veth0_macvtap\x00'}]}, 0xe0}, 0x1, 0x0, 0x0, 0x8000}, 0x1) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r6) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) close(r2) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="d400000019001905000000000000000002200000ff0297000000000008000100ac1414"], 0x1}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 1029.063856] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1029.072954] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1029.081427] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 1029.100324] IDTR: limit=0x0000ffff, base=0x0000000000000000 13:38:54 executing program 0 (fault-call:5 fault-nth:1): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) [ 1029.159783] FAULT_INJECTION: forcing a failure. [ 1029.159783] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.171173] CPU: 1 PID: 32222 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1029.179047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1029.188388] Call Trace: [ 1029.190971] dump_stack+0x1b2/0x283 [ 1029.194581] should_fail.cold+0x10a/0x154 [ 1029.198709] should_failslab+0xd6/0x130 [ 1029.202662] __kmalloc_track_caller+0x2bc/0x400 [ 1029.207320] ? kstrdup_const+0x35/0x60 [ 1029.211183] ? lock_downgrade+0x6e0/0x6e0 [ 1029.215307] kstrdup+0x36/0x70 [ 1029.218477] kstrdup_const+0x35/0x60 [ 1029.222166] alloc_vfsmnt+0xe0/0x7c0 [ 1029.225857] clone_mnt+0x6c/0xef0 [ 1029.229294] copy_tree+0x33a/0x860 [ 1029.232816] copy_mnt_ns+0x112/0x8a0 [ 1029.236509] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1029.241502] ? kmem_cache_alloc+0x35f/0x3c0 [ 1029.245814] create_new_namespaces+0xc9/0x730 [ 1029.250290] ? security_capable+0x88/0xb0 [ 1029.254436] copy_namespaces+0x27b/0x310 [ 1029.258476] copy_process.part.0+0x2616/0x6fa0 [ 1029.263037] ? get_pid_task+0xb8/0x130 [ 1029.266904] ? proc_tid_io_accounting+0x20/0x20 [ 1029.271559] ? __cleanup_sighand+0x40/0x40 [ 1029.275772] ? lock_downgrade+0x6e0/0x6e0 [ 1029.279985] _do_fork+0x180/0xc80 [ 1029.283416] ? fork_idle+0x270/0x270 [ 1029.287108] ? fput+0xb/0x140 [ 1029.290190] ? SyS_write+0x14d/0x210 [ 1029.293895] ? SyS_read+0x210/0x210 [ 1029.297505] ? do_syscall_64+0x4c/0x640 [ 1029.301474] ? sys_vfork+0x20/0x20 [ 1029.304999] do_syscall_64+0x1d5/0x640 [ 1029.308872] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1029.314041] RIP: 0033:0x45ca69 [ 1029.317226] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1029.324912] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1029.332172] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1029.339438] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1029.346774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1029.354022] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:54 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x4ffe0, 0x0) [ 1029.460147] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 1029.521827] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 1029.552876] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 1029.557968] FAULT_INJECTION: forcing a failure. [ 1029.557968] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.572591] audit: type=1804 audit(1590845934.443:1601): pid=32233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/662/file0/bus" dev="sda1" ino=16997 res=1 [ 1029.586915] Interruptibility = 00000000 ActivityState = 00000000 [ 1029.607782] audit: type=1804 audit(1590845934.483:1602): pid=32233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/662/file0/bus" dev="sda1" ino=16997 res=1 [ 1029.609633] CPU: 1 PID: 32234 Comm: syz-executor.0 Not tainted 4.14.182-syzkaller #0 [ 1029.634172] FAULT_INJECTION: forcing a failure. [ 1029.634172] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1029.639856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1029.639861] Call Trace: [ 1029.639879] dump_stack+0x1b2/0x283 [ 1029.639895] should_fail.cold+0x10a/0x154 [ 1029.639910] should_failslab+0xd6/0x130 [ 1029.639921] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 1029.639936] snd_pcm_oss_change_params_locked+0x194/0x30a0 [ 1029.639949] ? __mutex_lock+0x2cb/0x1430 [ 1029.655385] *** Host State *** [ 1029.661063] ? snd_pcm_oss_change_params+0x87/0xb0 [ 1029.661080] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1029.661091] ? snd_pcm_hw_param_near.constprop.0+0x6f0/0x6f0 [ 1029.663710] RIP = 0xffffffff811642af RSP = 0xffff88802946f9d0 [ 1029.667254] ? snd_pcm_drain+0x38c/0x790 [ 1029.667264] ? lock_downgrade+0x6e0/0x6e0 [ 1029.667272] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1029.667292] snd_pcm_oss_change_params+0x5e/0xb0 [ 1029.667304] snd_pcm_oss_make_ready+0x9b/0x140 [ 1029.667314] snd_pcm_oss_sync.isra.0+0x19a/0x6f0 [ 1029.667327] snd_pcm_oss_release+0x205/0x280 [ 1029.667338] ? snd_pcm_oss_sync.isra.0+0x6f0/0x6f0 [ 1029.667346] __fput+0x25f/0x7a0 [ 1029.667361] task_work_run+0x113/0x190 [ 1029.667376] exit_to_usermode_loop+0x1ad/0x200 [ 1029.673865] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1029.675455] do_syscall_64+0x4a3/0x640 [ 1029.675472] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1029.675481] RIP: 0033:0x45ca69 [ 1029.675486] RSP: 002b:00007f408b463c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 1029.675496] RAX: 0000000000000003 RBX: 00000000004db5c0 RCX: 000000000045ca69 [ 1029.675501] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1029.675506] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1029.675511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1029.675518] R13: 000000000000009d R14: 00000000004c355f R15: 00007f408b4646d4 [ 1029.699967] FSBase=00007f18279ed700 GSBase=ffff8880aed00000 TRBase=fffffe0000003000 [ 1029.788167] CPU: 1 PID: 32233 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 1029.791620] audit: type=1804 audit(1590845934.513:1603): pid=32233 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/662/file0/bus" dev="sda1" ino=16997 res=1 [ 1029.797964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1029.797967] Call Trace: [ 1029.797985] dump_stack+0x1b2/0x283 [ 1029.798001] should_fail.cold+0x10a/0x154 [ 1029.798016] __alloc_pages_nodemask+0x22b/0x2730 [ 1029.798035] ? ima_match_policy+0x3e3/0x10d0 [ 1029.805405] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1029.812543] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1029.819814] CR0=0000000080050033 CR3=000000008b250000 CR4=00000000001426e0 [ 1029.827037] ? trace_hardirqs_on+0x10/0x10 [ 1029.827046] ? __lock_acquire+0x655/0x42a0 [ 1029.827060] ? __lock_acquire+0x655/0x42a0 [ 1029.827074] ? __lock_acquire+0x655/0x42a0 [ 1029.834864] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 1029.842705] ? __do_page_cache_readahead+0x285/0xa10 [ 1029.866916] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1029.876212] alloc_pages_current+0xe7/0x1e0 [ 1029.876226] __page_cache_alloc+0x243/0x3c0 [ 1029.876242] __do_page_cache_readahead+0x2d0/0xa10 [ 1029.878809] *** Control State *** [ 1029.882419] ? read_cache_pages+0x690/0x690 [ 1029.886651] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 1029.891263] ? find_get_entry+0x31b/0x660 [ 1029.896111] EntryControls=0000d1ff ExitControls=002fefff [ 1029.901593] ? lock_downgrade+0x6e0/0x6e0 [ 1029.906499] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1029.913397] ? ondemand_readahead+0x516/0xb60 [ 1029.918122] VMEntry: intr_info=80000202 errcode=00000000 ilen=00000000 [ 1029.921807] ondemand_readahead+0x516/0xb60 [ 1029.926095] VMExit: intr_info=00000000 errcode=00000000 ilen=00000002 [ 1029.930232] page_cache_sync_readahead+0xa6/0xf0 [ 1029.936908] reason=80000021 qualification=0000000000000000 [ 1029.941969] generic_file_read_iter+0x1095/0x21d0 [ 1029.948099] IDTVectoring: info=00000000 errcode=00000000 [ 1029.952320] ext4_file_read_iter+0x14b/0x330 [ 1029.965336] TSC Offset = 0xfffffdd6585c945f [ 1029.969245] __vfs_read+0x44b/0x610 [ 1029.981541] EPT pointer = 0x000000004c5ca01e [ 1029.985468] ? vfs_copy_file_range+0x990/0x990 [ 1029.985482] ? avc_policy_seqno+0x5/0x10 [ 1029.985491] ? selinux_file_permission+0x7a/0x440 [ 1029.985505] ? rw_verify_area+0xe1/0x290 [ 1029.985515] vfs_read+0x131/0x330 [ 1029.985526] SyS_read+0xf2/0x210 [ 1029.985535] ? kernel_write+0x110/0x110 [ 1029.985543] ? SyS_clock_settime+0x1a0/0x1a0 [ 1029.985554] ? do_syscall_64+0x4c/0x640 [ 1029.993721] Virtual processor ID = 0x0001 [ 1029.996588] ? kernel_write+0x110/0x110 [ 1029.996600] do_syscall_64+0x1d5/0x640 [ 1029.996616] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1029.996624] RIP: 0033:0x45ca69 [ 1029.996628] RSP: 002b:00007fe38e7b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 13:38:55 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)=@bridge_setlink={0xe0, 0x13, 0x300, 0x70bd29, 0x25dfdbfc, {0x7, 0x0, 0x0, r5, 0x20000, 0x1c000}, [@IFLA_CARRIER_CHANGES={0x8}, @IFLA_MAP={0x24, 0xe, {0x100000001, 0x2, 0x0, 0x34b, 0xff, 0x63}}, @IFLA_WEIGHT={0x8, 0xf, 0x1}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x8}, @IFLA_PROP_LIST={0x68, 0x34, 0x0, 0x1, [{0x14, 0x35, 'macsec0\x00'}, {0x14, 0x35, 'macvlan1\x00'}, {0x14, 0x35, 'netpci0\x00'}, {0x14, 0x35, 'bond_slave_1\x00'}, {0x14, 0x35, 'batadv_slave_0\x00'}]}, @IFLA_WEIGHT={0x8, 0xf, 0x6}, @IFLA_IFNAME={0x14, 0x3, 'veth0_macvtap\x00'}]}, 0xe0}, 0x1, 0x0, 0x0, 0x8000}, 0x1) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r6) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) close(r2) socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="d400000019001905000000000000000002200000ff0297000000000008000100ac1414"], 0x1}, 0x1, 0x0, 0x0, 0x4040010}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:55 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) accept(r2, 0x0, &(0x7f00000002c0)) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm_plock\x00', 0x40000, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r6, @in6={{0xa, 0x1000, 0x1000001, @private1={0xfc, 0x1, [], 0x1}, 0xf8}}, 0x2, 0x0, 0x0, 0x3, 0x68, 0x0, 0x1}, &(0x7f00000001c0)=0xfc) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000240)={0x5, 0xfffffffe, 0x4}) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r6, 0xfff}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000080)={0x0, 0x6, 0x7, 0x6, 0x9, 0x6, 0x6, 0xffffffd2, {r6, @in6={{0xa, 0x4e24, 0x0, @remote, 0x1f}}, 0x7, 0x7, 0x8000, 0x5}}, &(0x7f0000000000)=0xb0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000140)={r7, 0x40, 0x10}, 0xc) [ 1029.996637] RAX: ffffffffffffffda RBX: 00000000004fad40 RCX: 000000000045ca69 [ 1029.996642] RDX: 00000000fffffe47 RSI: 0000000020000180 RDI: 0000000000000005 [ 1029.996647] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1029.996654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1030.149849] R13: 000000000000087b R14: 00000000004c9ff4 R15: 00007fe38e7b96d4 13:38:55 executing program 0 (fault-call:5 fault-nth:2): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) 13:38:55 executing program 2 (fault-call:10 fault-nth:61): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:55 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_PPC_GET_SMMU_INFO(0xffffffffffffffff, 0x8250aea6, &(0x7f0000000180)=""/60) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000480)=""/132, &(0x7f0000000340)=0x84) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x10001, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x100000000, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000], 0x15002}) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x3], 0x0, 0x40501}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1030.268168] FAULT_INJECTION: forcing a failure. [ 1030.268168] name failslab, interval 1, probability 0, space 0, times 0 [ 1030.305945] CPU: 0 PID: 32252 Comm: syz-executor.0 Not tainted 4.14.182-syzkaller #0 [ 1030.313846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1030.323195] Call Trace: [ 1030.325787] dump_stack+0x1b2/0x283 [ 1030.329422] should_fail.cold+0x10a/0x154 [ 1030.333574] should_failslab+0xd6/0x130 [ 1030.337545] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 1030.342216] snd_pcm_oss_change_params_locked+0x1ca/0x30a0 [ 1030.347844] ? __mutex_lock+0x2cb/0x1430 [ 1030.351904] ? snd_pcm_oss_change_params+0x87/0xb0 [ 1030.356838] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1030.362289] ? snd_pcm_hw_param_near.constprop.0+0x6f0/0x6f0 [ 1030.368089] ? snd_pcm_drain+0x38c/0x790 [ 1030.372144] ? lock_downgrade+0x6e0/0x6e0 [ 1030.376284] ? __ww_mutex_wakeup_for_backoff+0x210/0x210 [ 1030.381740] snd_pcm_oss_change_params+0x5e/0xb0 [ 1030.386485] snd_pcm_oss_make_ready+0x9b/0x140 [ 1030.391048] snd_pcm_oss_sync.isra.0+0x19a/0x6f0 [ 1030.393787] FAULT_INJECTION: forcing a failure. [ 1030.393787] name failslab, interval 1, probability 0, space 0, times 0 [ 1030.395797] snd_pcm_oss_release+0x205/0x280 [ 1030.395811] ? snd_pcm_oss_sync.isra.0+0x6f0/0x6f0 [ 1030.416260] __fput+0x25f/0x7a0 [ 1030.419523] task_work_run+0x113/0x190 [ 1030.423390] exit_to_usermode_loop+0x1ad/0x200 [ 1030.427953] do_syscall_64+0x4a3/0x640 [ 1030.431823] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1030.436989] RIP: 0033:0x45ca69 [ 1030.440156] RSP: 002b:00007f408b463c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000021 [ 1030.447840] RAX: 0000000000000003 RBX: 00000000004db5c0 RCX: 000000000045ca69 [ 1030.455088] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000004 [ 1030.462341] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1030.469601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 1030.476857] R13: 000000000000009d R14: 00000000004c355f R15: 00007f408b4646d4 [ 1030.484130] CPU: 1 PID: 32270 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1030.492010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1030.501353] Call Trace: [ 1030.503935] dump_stack+0x1b2/0x283 [ 1030.507565] should_fail.cold+0x10a/0x154 [ 1030.511714] should_failslab+0xd6/0x130 [ 1030.515685] kmem_cache_alloc+0x28e/0x3c0 [ 1030.519834] alloc_vfsmnt+0x23/0x7c0 [ 1030.523547] clone_mnt+0x6c/0xef0 [ 1030.526998] copy_tree+0x33a/0x860 [ 1030.530541] copy_mnt_ns+0x112/0x8a0 [ 1030.534251] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1030.539253] ? kmem_cache_alloc+0x35f/0x3c0 [ 1030.543558] create_new_namespaces+0xc9/0x730 [ 1030.548036] ? security_capable+0x88/0xb0 [ 1030.552178] copy_namespaces+0x27b/0x310 [ 1030.556220] copy_process.part.0+0x2616/0x6fa0 [ 1030.560783] ? get_pid_task+0xb8/0x130 [ 1030.564650] ? proc_tid_io_accounting+0x20/0x20 [ 1030.569305] ? __cleanup_sighand+0x40/0x40 [ 1030.573517] ? lock_downgrade+0x6e0/0x6e0 [ 1030.577659] _do_fork+0x180/0xc80 [ 1030.581092] ? fork_idle+0x270/0x270 [ 1030.584787] ? fput+0xb/0x140 [ 1030.587873] ? SyS_write+0x14d/0x210 [ 1030.591577] ? SyS_read+0x210/0x210 [ 1030.595186] ? SyS_clock_settime+0x1a0/0x1a0 [ 1030.599575] ? do_syscall_64+0x4c/0x640 [ 1030.603526] ? sys_vfork+0x20/0x20 [ 1030.607046] do_syscall_64+0x1d5/0x640 [ 1030.610916] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1030.616082] RIP: 0033:0x45ca69 13:38:55 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x8000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1030.619248] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1030.627368] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1030.634626] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1030.641876] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1030.649121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1030.656368] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:55 executing program 4 (fault-call:10 fault-nth:2): sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:38:55 executing program 1: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpu.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6, 0xab6e, 0x0, 0x200, 0x200000000, 0xfffffffffffffff9, 0x0, 0x0, 0x40000000000000], 0xf000, 0x100000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1030.955034] audit: type=1804 audit(1590845935.833:1604): pid=32286 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/663/file0/bus" dev="sda1" ino=17003 res=1 [ 1030.982925] FAULT_INJECTION: forcing a failure. [ 1030.982925] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1031.004517] CPU: 0 PID: 32286 Comm: syz-executor.4 Not tainted 4.14.182-syzkaller #0 [ 1031.012414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.021749] Call Trace: [ 1031.024323] dump_stack+0x1b2/0x283 [ 1031.027932] should_fail.cold+0x10a/0x154 [ 1031.032074] __alloc_pages_nodemask+0x22b/0x2730 [ 1031.036829] ? ima_match_policy+0x3e3/0x10d0 [ 1031.041221] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1031.046040] ? trace_hardirqs_on+0x10/0x10 [ 1031.050250] ? __lock_acquire+0x655/0x42a0 [ 1031.054466] ? __lock_acquire+0x655/0x42a0 [ 1031.058677] ? __lock_acquire+0x655/0x42a0 [ 1031.062902] ? __do_page_cache_readahead+0x285/0xa10 [ 1031.067985] alloc_pages_current+0xe7/0x1e0 [ 1031.072285] __page_cache_alloc+0x243/0x3c0 [ 1031.076584] __do_page_cache_readahead+0x2d0/0xa10 [ 1031.081493] ? read_cache_pages+0x690/0x690 [ 1031.085790] ? find_get_entry+0x31b/0x660 [ 1031.089919] ? lock_downgrade+0x6e0/0x6e0 [ 1031.094046] ? ondemand_readahead+0x516/0xb60 [ 1031.098526] ondemand_readahead+0x516/0xb60 [ 1031.102831] page_cache_sync_readahead+0xa6/0xf0 [ 1031.107577] generic_file_read_iter+0x1095/0x21d0 [ 1031.112417] ext4_file_read_iter+0x14b/0x330 [ 1031.116813] __vfs_read+0x44b/0x610 [ 1031.120427] ? vfs_copy_file_range+0x990/0x990 [ 1031.124990] ? avc_policy_seqno+0x5/0x10 [ 1031.129030] ? selinux_file_permission+0x7a/0x440 [ 1031.133853] ? rw_verify_area+0xe1/0x290 [ 1031.137892] vfs_read+0x131/0x330 [ 1031.141323] SyS_read+0xf2/0x210 [ 1031.144678] ? kernel_write+0x110/0x110 [ 1031.148889] ? SyS_clock_settime+0x1a0/0x1a0 [ 1031.153274] ? do_syscall_64+0x4c/0x640 [ 1031.157226] ? kernel_write+0x110/0x110 [ 1031.161175] do_syscall_64+0x1d5/0x640 [ 1031.165050] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1031.170218] RIP: 0033:0x45ca69 [ 1031.173386] RSP: 002b:00007fe38e7b8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1031.181072] RAX: ffffffffffffffda RBX: 00000000004fad40 RCX: 000000000045ca69 [ 1031.188316] RDX: 00000000fffffe47 RSI: 0000000020000180 RDI: 0000000000000005 [ 1031.195570] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1031.202822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1031.210067] R13: 000000000000087b R14: 00000000004c9ff4 R15: 00007fe38e7b96d4 13:38:56 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'macvlan0\x00', 0x0}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d616376746170000400028008000500", @ANYRES32=r3, @ANYBLOB="2f68146e6b1aa9923708000000000000003f73895edd006c49fbcc78326eb6d3eb5dcea7b91d6ca56c8ace62cb7e2a8dbec1dc7c048301094259d4dcb7f72dc7c5c799728b6695d0d7a2bdab1aa602e8fff320fdca46afa88f865601d55a9918707e2a478b3a46a62dd13f030000000000000083c12203f82599792b3f35"], 0x3c}}, 0x0) 13:38:56 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC=r3], 0xfffffecc) write$USERIO_CMD_REGISTER(r3, &(0x7f0000000100)={0x0, 0x6f}, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) ioctl$VIDIOC_EXPBUF(r4, 0xc0405610, &(0x7f00000000c0)={0xc, 0x3ff, 0x400, 0x4000}) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:56 executing program 2 (fault-call:10 fault-nth:62): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1031.273720] audit: type=1804 audit(1590845935.853:1605): pid=32286 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/663/file0/bus" dev="sda1" ino=17003 res=1 13:38:56 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r3, r3) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1031.370128] audit: type=1804 audit(1590845935.853:1606): pid=32286 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/663/file0/bus" dev="sda1" ino=17003 res=1 13:38:56 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20002, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) [ 1031.512935] FAULT_INJECTION: forcing a failure. [ 1031.512935] name failslab, interval 1, probability 0, space 0, times 0 [ 1031.524255] CPU: 0 PID: 32325 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1031.532146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.541495] Call Trace: [ 1031.544088] dump_stack+0x1b2/0x283 [ 1031.547724] should_fail.cold+0x10a/0x154 [ 1031.551889] should_failslab+0xd6/0x130 [ 1031.555867] __kmalloc_track_caller+0x2bc/0x400 [ 1031.560530] ? kstrdup_const+0x35/0x60 [ 1031.564412] ? lock_downgrade+0x6e0/0x6e0 [ 1031.568563] kstrdup+0x36/0x70 [ 1031.571750] kstrdup_const+0x35/0x60 [ 1031.575451] alloc_vfsmnt+0xe0/0x7c0 [ 1031.579147] clone_mnt+0x6c/0xef0 [ 1031.582580] ? copy_tree+0x529/0x860 [ 1031.586275] copy_tree+0x33a/0x860 [ 1031.589809] copy_mnt_ns+0x112/0x8a0 [ 1031.593507] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1031.598502] ? kmem_cache_alloc+0x35f/0x3c0 [ 1031.602803] create_new_namespaces+0xc9/0x730 [ 1031.607291] ? security_capable+0x88/0xb0 [ 1031.611420] copy_namespaces+0x27b/0x310 [ 1031.615475] copy_process.part.0+0x2616/0x6fa0 [ 1031.620041] ? get_pid_task+0xb8/0x130 [ 1031.623908] ? proc_tid_io_accounting+0x20/0x20 [ 1031.628562] ? __cleanup_sighand+0x40/0x40 [ 1031.632772] ? lock_downgrade+0x6e0/0x6e0 [ 1031.636899] _do_fork+0x180/0xc80 [ 1031.640329] ? fork_idle+0x270/0x270 [ 1031.644022] ? fput+0xb/0x140 [ 1031.647118] ? SyS_write+0x14d/0x210 [ 1031.650808] ? SyS_read+0x210/0x210 [ 1031.654411] ? SyS_clock_settime+0x1a0/0x1a0 [ 1031.658797] ? do_syscall_64+0x4c/0x640 [ 1031.662834] ? sys_vfork+0x20/0x20 [ 1031.666352] do_syscall_64+0x1d5/0x640 [ 1031.670222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1031.675389] RIP: 0033:0x45ca69 [ 1031.678552] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1031.686236] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1031.693574] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1031.700820] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1031.708066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1031.715309] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:56 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x40) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) write$P9_RREADDIR(r0, &(0x7f0000000080)={0x28, 0x29, 0x2, {0x40, [{{0x20, 0x2, 0x2}, 0x5, 0x7, 0x5, './bus'}]}}, 0x28) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r1 = creat(&(0x7f0000000040)='./file0\x00', 0x28) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x2010, r3, 0x4000) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) 13:38:57 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x2, 0x3, 0x1, 0x1000, &(0x7f0000001000/0x1000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0xffffffffffffffff, 0x2, 0x0, 0x80000000000000, 0x8, 0xfb, 0x1, 0x1, 0x0, 0x400000000000000, 0x0, 0x8, 0x0, 0x1ff]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYRESOCT, @ANYRESOCT=r0, @ANYRES64]}}, 0x20000040) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:38:57 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x2, 0x20400) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r3, 0xc08c5334, &(0x7f00000001c0)={0x2, 0x7fff, 0x1, 'queue0\x00', 0x3b076b78}) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:38:57 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000080)={0x2, 0x2, @stop_pts=0x9}) socket$netlink(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:57 executing program 2 (fault-call:10 fault-nth:63): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1032.234074] audit: type=1804 audit(1590845937.103:1607): pid=32351 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/665/file0/bus" dev="sda1" ino=17011 res=1 13:38:57 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) r2 = dup2(r1, r0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c06, r0) tkill(r3, 0x40) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r3, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000080)={0x5, 0x0, {r3}, {}, 0x100, 0xd9fb}) ioprio_get$pid(0x1, r4) 13:38:57 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0x8f) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 1032.472696] FAULT_INJECTION: forcing a failure. [ 1032.472696] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.484197] CPU: 0 PID: 32377 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1032.492086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1032.501436] Call Trace: [ 1032.504023] dump_stack+0x1b2/0x283 [ 1032.507651] should_fail.cold+0x10a/0x154 [ 1032.511799] should_failslab+0xd6/0x130 [ 1032.515774] kmem_cache_alloc+0x28e/0x3c0 [ 1032.519920] alloc_vfsmnt+0x23/0x7c0 [ 1032.523633] clone_mnt+0x6c/0xef0 [ 1032.527081] copy_tree+0x33a/0x860 [ 1032.530626] copy_mnt_ns+0x112/0x8a0 [ 1032.534344] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1032.539341] ? kmem_cache_alloc+0x35f/0x3c0 [ 1032.543642] create_new_namespaces+0xc9/0x730 [ 1032.548139] ? security_capable+0x88/0xb0 [ 1032.552270] copy_namespaces+0x27b/0x310 [ 1032.556310] copy_process.part.0+0x2616/0x6fa0 [ 1032.560870] ? retint_kernel+0x2d/0x2d [ 1032.564758] ? _raw_spin_unlock_irq+0x50/0x90 [ 1032.569236] ? __cleanup_sighand+0x40/0x40 [ 1032.573451] ? retint_kernel+0x2d/0x2d [ 1032.577329] _do_fork+0x180/0xc80 [ 1032.580762] ? fork_idle+0x270/0x270 [ 1032.584451] ? retint_kernel+0x2d/0x2d [ 1032.588318] ? do_syscall_64+0xc8/0x640 [ 1032.592268] ? sys_vfork+0x20/0x20 [ 1032.595798] do_syscall_64+0x1d5/0x640 [ 1032.599666] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1032.604833] RIP: 0033:0x45ca69 [ 1032.607998] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1032.615682] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1032.622928] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1032.630186] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1032.637443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1032.644710] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:57 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x10) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) ioctl$VIDIOC_PREPARE_BUF(r1, 0xc058565d, &(0x7f0000000300)={0x7, 0xa, 0x4, 0x10000, 0x8, {0x0, 0xea60}, {0x1, 0x0, 0x81, 0x7f, 0x4, 0x3, "ea05c06a"}, 0x6, 0x3, @fd, 0x7, 0x0, 0xffffffffffffffff}) ioctl$KVM_TPR_ACCESS_REPORTING(r3, 0xc028ae92, &(0x7f0000000380)={0x8000, 0x4}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e20, 0xfaac, @private0, 0xfffffff8}}, 0x8, 0xb6d0, 0x8, 0x1, 0x2}, &(0x7f0000000000)=0x98) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f00000000c0)={r4, 0xa3}, &(0x7f00000002c0)=0x8) socketpair(0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, 0x0) fchdir(r5) ioctl$SCSI_IOCTL_START_UNIT(r5, 0x5) 13:38:57 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) getpeername$inet6(r1, &(0x7f0000000100), &(0x7f0000000140)=0x1c) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960) fchdir(r3) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000380)={@in6={{0xa, 0x4e24, 0x0, @mcast1, 0x51}}, 0x0, 0x0, 0x37, 0x0, "a556b2e7239dbb8a5ff4253b3e7f381078eb71c3cf447e85bec64247bd39af8668da6fc5a2a9417678c871b5dcc608a3613c03115162d0b4986e4b84028f56fd7038c1520aa4d1e1cf45d9fafceb6df9"}, 0xd8) write$UHID_CREATE(r2, &(0x7f0000000240)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000080)=""/75, 0x4b, 0x2, 0xfd3, 0x101, 0x196, 0x9}}, 0x120) r4 = socket$alg(0x26, 0x5, 0x0) dup2(r4, r0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fcntl$addseals(0xffffffffffffffff, 0x409, 0x8) fchdir(r5) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r5, 0xc018620c, &(0x7f0000000180)={0x3}) 13:38:57 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x3]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:38:57 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) ioctl$USBDEVFS_DISCSIGNAL(r0, 0x8010550e, &(0x7f0000000000)={0x9, &(0x7f0000000080)="5085cd3b65ca5ccb4234f77f97046dc5f34431a98dc608d3e9f8a2074a0ef1d4ec86636f6745e527c1a26929c57dc6504fc180802e2f33dbfe5d6739a88bb86dc2a1262e13cecd9c243e8abe3fd01aee00ea5bea292e113972992fed1a710a7755cfb3d325bf99bbe92b016b0421c7a01b2381748b0ecef92f35ee020693c6f3d82ce3fa13b449f6fcaab803202827ddd36c310849d0c5bc692415171b71cb2672c178759e0f074f96466329c7dedc82b2e2197ac6d6365211dae52c01d35f90022b676f98b9a8259c76c3590edd809ae30835bfc65f26de83cd5bb4ee21b277e7b0"}) 13:38:57 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mice\x00', 0x400041) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:38:58 executing program 2 (fault-call:10 fault-nth:64): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:58 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x10000000000000, 0x6, 0xfffffffffffffffc, 0x400000000000000, 0x4]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0xfffffffffffffbff) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x4, 0x40000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x10]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1033.378563] FAULT_INJECTION: forcing a failure. [ 1033.378563] name failslab, interval 1, probability 0, space 0, times 0 [ 1033.390002] CPU: 0 PID: 32427 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1033.397896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.407243] Call Trace: [ 1033.409835] dump_stack+0x1b2/0x283 [ 1033.413466] should_fail.cold+0x10a/0x154 [ 1033.417615] should_failslab+0xd6/0x130 [ 1033.421587] __kmalloc_track_caller+0x2bc/0x400 [ 1033.426254] ? kstrdup_const+0x35/0x60 [ 1033.430137] ? lock_downgrade+0x6e0/0x6e0 [ 1033.434283] kstrdup+0x36/0x70 [ 1033.437474] kstrdup_const+0x35/0x60 [ 1033.441183] alloc_vfsmnt+0xe0/0x7c0 [ 1033.444894] clone_mnt+0x6c/0xef0 [ 1033.448350] copy_tree+0x33a/0x860 [ 1033.451895] copy_mnt_ns+0x112/0x8a0 [ 1033.455622] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1033.460634] ? kmem_cache_alloc+0x35f/0x3c0 [ 1033.464951] create_new_namespaces+0xc9/0x730 [ 1033.469437] ? security_capable+0x88/0xb0 [ 1033.473580] copy_namespaces+0x27b/0x310 [ 1033.477639] copy_process.part.0+0x2616/0x6fa0 [ 1033.482223] ? get_pid_task+0xb8/0x130 [ 1033.486115] ? proc_tid_io_accounting+0x20/0x20 [ 1033.490800] ? __cleanup_sighand+0x40/0x40 [ 1033.495032] ? lock_downgrade+0x6e0/0x6e0 [ 1033.499182] _do_fork+0x180/0xc80 [ 1033.502633] ? fork_idle+0x270/0x270 [ 1033.506344] ? fput+0xb/0x140 [ 1033.509444] ? SyS_write+0x14d/0x210 [ 1033.513150] ? SyS_read+0x210/0x210 [ 1033.516767] ? SyS_clock_settime+0x1a0/0x1a0 [ 1033.521169] ? do_syscall_64+0x4c/0x640 [ 1033.525134] ? sys_vfork+0x20/0x20 [ 1033.528691] do_syscall_64+0x1d5/0x640 [ 1033.532580] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1033.537758] RIP: 0033:0x45ca69 [ 1033.540937] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1033.548638] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1033.555899] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1033.563158] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1033.570409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1033.577661] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:38:58 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') creat(&(0x7f0000000080)='./bus\x00', 0x44) r0 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(0xffffffffffffffff, 0x40000000001) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000000)) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f00000000c0)=""/19, 0x13) socketpair(0x0, 0x0, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r3 = syz_open_procfs(r2, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) [ 1033.719698] kauditd_printk_skb: 9 callbacks suppressed [ 1033.719746] audit: type=1326 audit(1590845938.593:1617): auid=0 uid=0 gid=0 ses=4 subj=system_u:system_r:kernel_t:s0 pid=32388 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45f8aa code=0x0 [ 1033.839204] audit: type=1804 audit(1590845938.713:1618): pid=32442 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/668/file0/bus" dev="sda1" ino=17012 res=1 13:38:58 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960) write$binfmt_misc(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="c35aa637bc2d5e5ef3a1794748edd37f5781a436978f15e9d9af3e2ddb854fdddf1a0e6c8d059f0f1e2390a34f1c1fbbd6e956e13de6e5ddbc0dbdc98e24dbca9be7b2a610dfaa132863546ab66cb37f20703b7fc3e996180e62009ecd748929d66c91b26fe434572e040a181ef427377838df0b9449576205d36b38941ae35ef11709af7d16c27a68fcb9f18607c9fa610fe240b544febb3cfc958bc59c0f9884bc927234e0e6938a445035b1cd6d624cf517ec8639ccc3745187f3471e6d37970bcd1d69d2b9244642e687e4385356accfbcc03e78ec7a91ae25", @ANYRESOCT=r3, @ANYRES64=r0], 0xfffffecc) ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000000)=0x8) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:38:58 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x3, 0x6, 0x0, 0x400000000000000, 0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000], 0x6000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1033.953968] audit: type=1804 audit(1590845938.713:1619): pid=32442 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/668/file0/bus" dev="sda1" ino=17012 res=1 13:38:58 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='9p\x00', 0x842800, &(0x7f00000002c0)={'trans=tcp,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@uname={'uname', 0x3d, 'ramfs\x00'}}, {@version_9p2000='version=9p2000'}, {@access_any='access=any'}, {@posixacl='posixacl'}, {@access_any='access=any'}, {@debug={'debug', 0x3d, 0xfff}}, {@mmap='mmap'}, {@nodevmap='nodevmap'}, {@access_user='access=user'}, {@mmap='mmap'}], [{@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@subj_type={'subj_type', 0x3d, 'ramfs\x00'}}, {@fowner_gt={'fowner>', r3}}]}}) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000003c0)='trusted.overlay.upper\x00', &(0x7f0000000440)={0x0, 0xfb, 0x58, 0x0, 0x1, "408f6e18507f1d77715cbc23c783240e", "ca618d15a2347bb3c2df0fdeb830d827a7349d79ce033a81f971f2395183a4bc598cc1d5f8427bc38afedb3a8ba9ba2060a9b5598d911115b2c7e49b5935cf344c3d2a"}, 0x58, 0x2) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) 13:38:59 executing program 2 (fault-call:10 fault-nth:65): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:38:59 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1034.135701] audit: type=1804 audit(1590845938.713:1620): pid=32442 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/668/file0/bus" dev="sda1" ino=17012 res=1 13:38:59 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x142882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x480c00, 0x0) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f00000000c0)=0x3, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) dup2(r2, r0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r4, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="09070000000000000000010000000800010000000000"], 0x1c}}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r6) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) openat(r7, &(0x7f0000000300)='./file0\x00', 0x400, 0x4) getsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000140)={@private2, 0x0}, &(0x7f0000000180)=0x14) sendmsg$NL80211_CMD_GET_SCAN(r3, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8080000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x80, r5, 0x4, 0x70bd2a, 0x5, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x0, 0x3}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x3, 0xffffffffffffffff}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xfffffff8}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8000, 0xffffffffffffffff}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_WDEV={0xc}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xeec, 0x3}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x81}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x20008840) [ 1034.244618] audit: type=1804 audit(1590845938.943:1621): pid=32460 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/669/file0/bus" dev="sda1" ino=17012 res=1 13:38:59 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000002c0)={{{@in6=@initdev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private2}, 0x0, @in=@local}}, &(0x7f00000001c0)=0xe8) mount$overlay(0x0, &(0x7f0000000000)='\x00', &(0x7f00000000c0)='overlay\x00', 0xa000, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file0'}}], [{@smackfshat={'smackfshat', 0x3d, 'em1'}}, {@pcr={'pcr', 0x3d, 0x1}}, {@appraise='appraise'}, {@uid_eq={'uid', 0x3d, r1}}]}) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) read(r3, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) [ 1034.367666] FAULT_INJECTION: forcing a failure. [ 1034.367666] name failslab, interval 1, probability 0, space 0, times 0 [ 1034.379047] CPU: 0 PID: 32489 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1034.386935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.396284] Call Trace: [ 1034.398875] dump_stack+0x1b2/0x283 [ 1034.402503] should_fail.cold+0x10a/0x154 [ 1034.406636] should_failslab+0xd6/0x130 [ 1034.410590] kmem_cache_alloc+0x28e/0x3c0 [ 1034.414718] alloc_vfsmnt+0x23/0x7c0 [ 1034.418411] clone_mnt+0x6c/0xef0 [ 1034.421848] copy_tree+0x33a/0x860 [ 1034.425371] copy_mnt_ns+0x112/0x8a0 [ 1034.429074] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1034.434066] ? kmem_cache_alloc+0x35f/0x3c0 [ 1034.438381] create_new_namespaces+0xc9/0x730 [ 1034.442866] ? security_capable+0x88/0xb0 [ 1034.446997] copy_namespaces+0x27b/0x310 [ 1034.451050] copy_process.part.0+0x2616/0x6fa0 [ 1034.455627] ? get_pid_task+0xb8/0x130 [ 1034.459498] ? proc_tid_io_accounting+0x20/0x20 [ 1034.464153] ? __cleanup_sighand+0x40/0x40 [ 1034.468386] ? lock_downgrade+0x6e0/0x6e0 [ 1034.472523] _do_fork+0x180/0xc80 [ 1034.475968] ? fork_idle+0x270/0x270 [ 1034.479665] ? fput+0xb/0x140 [ 1034.482772] ? SyS_write+0x14d/0x210 [ 1034.486471] ? SyS_read+0x210/0x210 [ 1034.490078] ? SyS_clock_settime+0x1a0/0x1a0 [ 1034.494480] ? do_syscall_64+0x4c/0x640 [ 1034.498432] ? sys_vfork+0x20/0x20 [ 1034.501955] do_syscall_64+0x1d5/0x640 [ 1034.505825] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1034.510990] RIP: 0033:0x45ca69 [ 1034.514162] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1034.521846] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1034.529101] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1034.536358] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1034.543603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1034.550847] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1034.711641] audit: type=1804 audit(1590845938.943:1622): pid=32460 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/669/file0/bus" dev="sda1" ino=17012 res=1 13:38:59 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f0000000000)) close(r1) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffecc) r2 = socket$netlink(0x10, 0x3, 0xa) splice(r2, 0x0, r1, 0x0, 0x4ffe0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$SG_EMULATED_HOST(r3, 0x2203, &(0x7f0000000080)) 13:38:59 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x4080, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f00000000c0)={0xc185, 0x2, 0x80000000, 0x0, 0x1f, 0x0, 0xc}) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:38:59 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa4000960) dup2(r1, r2) [ 1034.855270] audit: type=1804 audit(1590845938.953:1623): pid=32460 uid=255 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/669/file0/bus" dev="sda1" ino=17012 res=1 [ 1034.935057] audit: type=1804 audit(1590845939.753:1624): pid=32504 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/671/file0/bus" dev="sda1" ino=17022 res=1 13:38:59 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) write$UHID_INPUT(r4, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r5 = socket$alg(0x26, 0x5, 0x0) dup2(r5, r0) 13:38:59 executing program 2 (fault-call:10 fault-nth:66): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1034.997087] audit: type=1804 audit(1590845939.753:1625): pid=32504 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/671/file0/bus" dev="sda1" ino=17022 res=1 13:39:00 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x25, 0x1, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000000)={0x0, @local, @empty}, &(0x7f00000000c0)=0xc) r3 = syz_open_procfs(0x0, 0x0) fchdir(0xffffffffffffffff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) [ 1035.119706] audit: type=1804 audit(1590845939.753:1626): pid=32504 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/671/file0/bus" dev="sda1" ino=17022 res=1 13:39:00 executing program 0: pkey_alloc(0x0, 0x1) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) perf_event_open(&(0x7f00000010c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3f}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x2e) setsockopt$inet_int(r1, 0x0, 0xca, &(0x7f0000000000)=0x10001, 0x10) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x0, 0xcb, &(0x7f0000000000)=0x10001, 0x10) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={r5, 0x4}, 0x8) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) [ 1035.241241] FAULT_INJECTION: forcing a failure. [ 1035.241241] name failslab, interval 1, probability 0, space 0, times 0 [ 1035.253271] CPU: 0 PID: 32526 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1035.261165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.270527] Call Trace: [ 1035.273099] dump_stack+0x1b2/0x283 [ 1035.276710] should_fail.cold+0x10a/0x154 [ 1035.280836] should_failslab+0xd6/0x130 [ 1035.284788] __kmalloc_track_caller+0x2bc/0x400 [ 1035.289444] ? kstrdup_const+0x35/0x60 [ 1035.293309] ? lock_downgrade+0x6e0/0x6e0 [ 1035.297435] kstrdup+0x36/0x70 [ 1035.300606] kstrdup_const+0x35/0x60 [ 1035.304297] alloc_vfsmnt+0xe0/0x7c0 [ 1035.307987] clone_mnt+0x6c/0xef0 [ 1035.311419] copy_tree+0x33a/0x860 [ 1035.314940] copy_mnt_ns+0x112/0x8a0 [ 1035.318644] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1035.323636] ? kmem_cache_alloc+0x35f/0x3c0 [ 1035.327949] create_new_namespaces+0xc9/0x730 [ 1035.332422] ? security_capable+0x88/0xb0 [ 1035.336551] copy_namespaces+0x27b/0x310 [ 1035.340591] copy_process.part.0+0x2616/0x6fa0 [ 1035.345154] ? get_pid_task+0xb8/0x130 [ 1035.349020] ? proc_tid_io_accounting+0x20/0x20 [ 1035.353677] ? __cleanup_sighand+0x40/0x40 [ 1035.357889] ? lock_downgrade+0x6e0/0x6e0 [ 1035.362017] _do_fork+0x180/0xc80 [ 1035.365448] ? fork_idle+0x270/0x270 [ 1035.369151] ? fput+0xb/0x140 [ 1035.372232] ? SyS_write+0x14d/0x210 [ 1035.375933] ? SyS_read+0x210/0x210 [ 1035.379547] ? SyS_clock_settime+0x1a0/0x1a0 [ 1035.383932] ? do_syscall_64+0x4c/0x640 [ 1035.387881] ? sys_vfork+0x20/0x20 [ 1035.391396] do_syscall_64+0x1d5/0x640 [ 1035.395266] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1035.400432] RIP: 0033:0x45ca69 [ 1035.403599] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1035.411380] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1035.418626] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1035.425872] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1035.433129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1035.440386] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:00 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r1, 0xc04064aa, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0], &(0x7f00000000c0), 0x6d, 0x0, [], 0x2}) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) ioctl$RTC_VL_CLR(r0, 0x7014) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) syz_mount_image$ntfs(&(0x7f0000000180)='ntfs\x00', &(0x7f00000001c0)='./file0\x00', 0x1f, 0x6, &(0x7f0000000b40)=[{&(0x7f00000003c0)="b45afe5587a55387b59a47b222c10ba41dadca64992dd8e5bf96a302fcd2d12c59820d154238b0154b8ebcdb5d7045ab86196508a97b3ded46f8d032d5207ea97c6d302d1ed333a9418358362f464f53ccae28b4a87bb9f51ddc6d6169a204cca046dea4864a859aa9fb7fde48ff3c76863ae8e71d8b79b04987f4145c051d8276eff9d2", 0x84, 0xffffffff}, {&(0x7f0000000480)="9f74bef528f5e104e7cf74b3cd5f4017bd31d19d92b89c865ef094d5a78cf07bd4eec9d0d5aa5398e471e6ee52d3b6d7c95eb2fd76647f0ef51154695dd4d1b68cdb7b749811f17dfa6bd9c85553141f075f9e85daaf5b70fc3ec1fe65fad6255579162ab48713ef1fb21ae9b707e48abb178da7001bddb1cc261829888d3ecf5afae06c50f9ae10419ba9e65d1ee0eebbfdd493c7761135b3509dbc1e4ed0ee01d5f5d6862385afbd22a0de3da120e8c5da61e5c312f8f3b2f273c5d6ab7bcd623e23cca47cfb042642ead9575dda9a413bbdcbc0d754352f404d08e6e2", 0xde, 0xf02}, {&(0x7f00000002c0)="21f75767a85730dcd0f2ac62d8cd6dd2867bcec254ceeaaf25ac63c9193bd211519fed3c3bafa544dfe92e2ca1d331597e24809616d6401d9cf533f97148b0e63cf485dd3506af60d8", 0x49, 0x401}, {&(0x7f0000000580)="7983272f30e49c17f23e42711bb915828cb34e97fb39fa9bd3f640a813fad8622188ee1778ba0d0a4eb36fcf3dc00247ff5a77fb06f2b15ce7be11c28bf9", 0x3e, 0x27}, {&(0x7f00000005c0)="0b5673ba5862a0272589e3fde8665c83768ab7372fa7289036db2a560fa9d2a0becfa7619554222dc5abefecc218436a45e21366050b900c007f69d848baa0cdb988ae34e549be26f2aed9996ac6efdbe7f37ecafa03a058aef784210a7f9ca5e6596b952471820d1500e4abe9de8893c8a2102ecb69d0fa3642e52484b4a0217c78c5c7e177e80f74c2c79387a40b2ece29d1f94659a544fbe0709472deeb9333b6dc54557bad1273415c047740e322689679d816cffa6bd79d805c134fae9c4e41a0d61582f567ef8801783b8b35011f8de1381561be1852163591f2769aadb891fcec22adfbca4d15ef", 0xeb, 0x9}, {&(0x7f00000006c0)="e06c0c569cb1961ca7e66777dbe07b2cbd69645a706a01dbff25fbfdde9f9e09cdd7396657b17c8ee7b8ce9ef337ffea22c829aca1936afe317e6b2eb1323f43a957bd055161eec310e9c3e86ebc806f969a7af42a4226ea3770bcd275b85a6089ca129715e43f1c3667d73a20e9bc544378790a443c029455a301f83a9a7a7920e2a75a24d2abd11f327bd7e05e889e2834b47a26f29a158086456d7a7b83613cd7c0d52ada82", 0xa7, 0x9}], 0x2000000, &(0x7f0000000c00)={[{@errors_continue='errors=continue'}], [{@hash='hash'}]}) getsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000240)={@remote, @empty, @broadcast}, &(0x7f0000000280)=0xc) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000006000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000000ef2d30ed9e9ae396fcc43020ed7dbc3b7c3fd06c3aed8a89b7085bd01433b0360341925d090efe0d2369c59c71aba2050c64ef17096431429b20c92d1c105cab83a91537753b06f81a7a2ced6159b8161e81fbeff7f068017de70b90825cdc4dae5c5c807bd49093fb976ec196e2b721e03ae0105bedab2ec3328435ed198f80b82c02d9974adee7743c3924534a1ce29c10751eed6d9c5aeea67b4750af6f5fe7e99bf4f4f51aafa96b4cb76cc03b59d172cf77ae0cc07331e4e09bdf16e7865ec2bcff59f24a97e1fc2d7d91a591947d04e5c3d43f6a1c7d6b88ea19ce81fd3609ee714a1155a58d7652f03f6f12b9d2ffd9b1ea7e860f35856ad73174eb9c2fa209dce42d02aad1011c1effcb53d5f7f0573cdd7ca83b18b4844ec29aed06a9c0015d1d84ce9231662fccae6192afbb32abf23096eb9ea4d1a572f110d0c8a85cddfc07c64dd107d86982feec979db5209c7256d7827820f5c8b17f19b5bad118c406b4e8368b2d20100f8d32a97240000f100e7b196360be847201ca5b666747f81459fbb22a4964c988120472424f6802788b2b3f4bf6cf42e276416322d96c63d291a947e2f3d461a6fecf971e9214f6bce3513789a7e77af51e1797e106c76ca85abdbec1c0eaa5659238b14c5c23146321c6b604d4ce89ce87fcf8b647de74241c116f6ae2ec5ad87c8f31a4a4bf6030020c3b68aae7d766eea000014d2f6b020671364ae00000000034e45253928bb590aacaf1cfe2f60606ef94efe249232500e1041ebc5bfbc9feef398813877c919af6f1f0dfb5a0b6c0a5bffc60f2f9b2e7aaa62ff5e38f9f0852126b4d306ed838cb90c89eca03de9a608c8e527931ea2004c96e2c0b1c94a862aa6d1cae9053838575d9b697f35ef75fb8fe8a41e7827572670c7d8d5f9780ec0a0392e218c330bfec7293d9476b0340509bd875c6aabaae615f27625ad88225b104c2b914d000000000000000000000000000d191ba374ca0aa66b1a41f1277b100344d96cb6edf6eba8cc06eb2fee6437a148790c721b089de85178951e35dec3d5a1f2c9b1898d9dd03c506862974ce500646a3c6c2fbc4953f0959c1d30cc26c483a7ae7c0a7ff3"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r3, 0x18000000000002e0, 0xe, 0x0, &(0x7f0000000380)="b95b03b700030000009e40f086dd", 0x0, 0x7ff, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) ioctl$SG_SET_DEBUG(r4, 0x227e, &(0x7f0000000140)) write$P9_RLOPEN(r1, &(0x7f0000000000)={0x18, 0xd, 0x2, {{0x38, 0x3, 0x6}, 0xc}}, 0x18) 13:39:00 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000080)=0xfffffffffffffffc) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) 13:39:00 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000], 0x3000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file1/file0\x00', 0x86c0af3b8456a548, 0x104) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x8, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x7f, 0x3]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:39:00 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:00 executing program 2 (fault-call:10 fault-nth:67): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:00 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f00000002c0)="2442bf7a2a4b6a7d8f3b95b4aece79f663eb9a6f2c81c2253e917b16b621ee3de49e49b4a36777e0e14fdcb62ece352bef83fd070b1ab47300866a1170f1e1b224552a8e618f8200fed24fd9651dd1cae5a0bdea7b8c00", 0x57) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000740)={0x10003, 0x2, 0xd000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f], 0x0, 0x40000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1036.149556] FAULT_INJECTION: forcing a failure. [ 1036.149556] name failslab, interval 1, probability 0, space 0, times 0 [ 1036.160966] CPU: 0 PID: 32588 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1036.168849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.178197] Call Trace: [ 1036.180772] dump_stack+0x1b2/0x283 [ 1036.184384] should_fail.cold+0x10a/0x154 [ 1036.188515] should_failslab+0xd6/0x130 [ 1036.192467] kmem_cache_alloc+0x28e/0x3c0 [ 1036.196593] alloc_vfsmnt+0x23/0x7c0 [ 1036.200285] clone_mnt+0x6c/0xef0 [ 1036.203719] copy_tree+0x33a/0x860 [ 1036.207243] copy_mnt_ns+0x112/0x8a0 [ 1036.210934] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1036.215925] ? kmem_cache_alloc+0x35f/0x3c0 [ 1036.220225] create_new_namespaces+0xc9/0x730 [ 1036.224696] ? security_capable+0x88/0xb0 [ 1036.228823] copy_namespaces+0x27b/0x310 [ 1036.232863] copy_process.part.0+0x2616/0x6fa0 [ 1036.237422] ? trace_hardirqs_on+0x10/0x10 [ 1036.241635] ? check_preemption_disabled+0x35/0x240 [ 1036.246633] ? finish_task_switch+0x178/0x610 [ 1036.251112] ? __cleanup_sighand+0x40/0x40 [ 1036.255322] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1036.259794] ? finish_task_switch+0x14d/0x610 [ 1036.264272] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1036.268756] _do_fork+0x180/0xc80 [ 1036.272197] ? fork_idle+0x270/0x270 [ 1036.275889] ? firmware_map_remove+0x18f/0x18f [ 1036.280461] ? fput+0xb/0x140 [ 1036.283550] ? do_syscall_64+0x4c/0x640 [ 1036.287504] ? sys_vfork+0x20/0x20 [ 1036.291037] do_syscall_64+0x1d5/0x640 [ 1036.294908] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1036.300089] RIP: 0033:0x45ca69 [ 1036.303260] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1036.310952] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1036.318204] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1036.325454] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1036.332702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1036.339949] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:01 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x218020, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:01 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, r4, 0x1, 0x0, 0x0, {0x4}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}}, 0x0) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r4, 0x8, 0x70bd2a, 0x25dfdbfb, {}, [@L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x4000) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:39:01 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x355280, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x480200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:01 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x20100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8, 0xfb, 0xffffffffffffffff, 0x6, 0x0, 0x400000000000001, 0x0, 0x0, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:01 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0xb, 0xa, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:01 executing program 2 (fault-call:10 fault-nth:68): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1037.030145] FAULT_INJECTION: forcing a failure. [ 1037.030145] name failslab, interval 1, probability 0, space 0, times 0 [ 1037.041516] CPU: 0 PID: 32638 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1037.049394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1037.058728] Call Trace: [ 1037.061302] dump_stack+0x1b2/0x283 [ 1037.064910] should_fail.cold+0x10a/0x154 [ 1037.069038] should_failslab+0xd6/0x130 [ 1037.072997] __kmalloc_track_caller+0x2bc/0x400 [ 1037.077644] ? kstrdup_const+0x35/0x60 [ 1037.081507] ? lock_downgrade+0x6e0/0x6e0 [ 1037.085631] kstrdup+0x36/0x70 [ 1037.088802] kstrdup_const+0x35/0x60 [ 1037.092491] alloc_vfsmnt+0xe0/0x7c0 [ 1037.096185] clone_mnt+0x6c/0xef0 [ 1037.099632] copy_tree+0x33a/0x860 [ 1037.103153] copy_mnt_ns+0x112/0x8a0 [ 1037.106846] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1037.111841] ? kmem_cache_alloc+0x35f/0x3c0 [ 1037.116157] create_new_namespaces+0xc9/0x730 [ 1037.120631] ? security_capable+0x88/0xb0 [ 1037.124761] copy_namespaces+0x27b/0x310 [ 1037.128799] copy_process.part.0+0x2616/0x6fa0 [ 1037.133362] ? get_pid_task+0xb8/0x130 [ 1037.137229] ? proc_tid_io_accounting+0x20/0x20 [ 1037.141894] ? __cleanup_sighand+0x40/0x40 [ 1037.146103] ? lock_downgrade+0x6e0/0x6e0 [ 1037.150243] _do_fork+0x180/0xc80 [ 1037.153686] ? fork_idle+0x270/0x270 [ 1037.157379] ? fput+0xb/0x140 [ 1037.160461] ? SyS_write+0x14d/0x210 [ 1037.164150] ? SyS_read+0x210/0x210 [ 1037.167754] ? SyS_clock_settime+0x1a0/0x1a0 [ 1037.172139] ? do_syscall_64+0x4c/0x640 [ 1037.176099] ? sys_vfork+0x20/0x20 [ 1037.179627] do_syscall_64+0x1d5/0x640 [ 1037.183583] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1037.188748] RIP: 0033:0x45ca69 [ 1037.191924] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1037.199607] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1037.206864] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1037.214110] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1037.221367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1037.228614] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:02 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) connect$caif(r1, &(0x7f0000000000), 0x18) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:03 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000080)=0x6, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x1) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$VIDIOC_QUERY_DV_TIMINGS(r3, 0x80845663, &(0x7f00000000c0)={0x0, @reserved}) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r4 = socket$alg(0x26, 0x5, 0x0) dup2(r4, r0) 13:39:03 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0x7) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r4 = open(&(0x7f0000000280)='./file0\x00', 0x2842, 0x50) ioctl$KVM_PPC_ALLOCATE_HTAB(r4, 0xc004aea7, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r3, @in={{0x2, 0x4e21, @multicast1}}, 0x100000}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r3, 0xfff}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000080)={r3, @in={{0x2, 0x4e22, @multicast1}}, 0x80000001, 0xfff, 0x9, 0x6, 0x20, 0x5, 0x7a}, &(0x7f0000000000)=0x9c) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000140)={r5, @in={{0x2, 0x4e21, @loopback}}, [0xffff, 0x400, 0x6, 0x0, 0x6, 0x3, 0xfffffffffffffff8, 0xa7, 0x0, 0x8, 0x4f12, 0x0, 0x4, 0x140000000000, 0x7]}, &(0x7f0000000240)=0x100) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:39:03 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, r4, 0x1, 0x0, 0x0, {0x4}, [@L2TP_ATTR_CONN_ID={0x8}]}, 0x1c}}, 0x0) sendmsg$L2TP_CMD_TUNNEL_GET(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="00022bbd7000fbdbdf250400000005000700036d9600"], 0x1c}, 0x1, 0x0, 0x0, 0x20000001}, 0x100) 13:39:03 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000], 0xe27746fc3beedacd}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:03 executing program 2 (fault-call:10 fault-nth:69): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1038.905329] kauditd_printk_skb: 17 callbacks suppressed [ 1038.905337] audit: type=1804 audit(1590845943.784:1642): pid=32667 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/677/file0/bus" dev="sda1" ino=17043 res=1 [ 1038.962988] *** Guest State *** [ 1038.969540] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 1038.979292] audit: type=1804 audit(1590845943.784:1643): pid=32667 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/677/file0/bus" dev="sda1" ino=17043 res=1 [ 1039.003155] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 13:39:03 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x28, 0x140e, 0x9c91989df5a6223, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_RES_PDN={0x8, 0x3c, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0xc040}, 0x8044) connect$l2tp(r1, &(0x7f0000000080)={0x2, 0x0, @private=0xa010100, 0x4}, 0x10) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) socket$alg(0x26, 0x5, 0x0) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa4000960) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r4, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="240000001a00010000000000000000000a000000000000000000000008000300", @ANYRES32=r5, @ANYBLOB="8c70ac3a7b6b7c72a3f54132413f1acf1979a522790afc54fe5ba31414361d94753cc5ea9b2d9e9659b8858998de69f83be65b515e74fb9e695fbf4330889118638db212f443119253ec99a6e46968a48ee9c4a5a073007dcb040000000000000020ad04b484df67f072bbbbeccc1182f5b0eb10688c70f663e9f2a815e82a21dcd5b63f749f7814852a3a4e5eafd5c0bcba70479c986de105182e2c985f761027583f6f6d58ed5d325ca1c661c6a60a95dfc77fafafb198c5277aa1a629253302"], 0x24}}, 0x0) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f00000002c0)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @private1, @remote, 0xffff, 0xffff, 0x8001, 0x600, 0x9, 0x100040, r5}) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f0000000040)='./control\x00', 0xa4000960) dup2(r2, 0xffffffffffffffff) [ 1039.048288] FAULT_INJECTION: forcing a failure. [ 1039.048288] name failslab, interval 1, probability 0, space 0, times 0 [ 1039.059890] CPU: 1 PID: 32682 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1039.066108] CR3 = 0x00000000fffbc000 [ 1039.067772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1039.067778] Call Trace: [ 1039.067797] dump_stack+0x1b2/0x283 [ 1039.067815] should_fail.cold+0x10a/0x154 [ 1039.067832] should_failslab+0xd6/0x130 [ 1039.071666] RSP = 0x00000000000000fb RIP = 0xe27746fc3beedacd [ 1039.080862] kmem_cache_alloc+0x28e/0x3c0 [ 1039.080875] alloc_vfsmnt+0x23/0x7c0 [ 1039.080887] clone_mnt+0x6c/0xef0 [ 1039.080895] ? copy_tree+0x29a/0x860 [ 1039.080905] copy_tree+0x33a/0x860 [ 1039.080921] copy_mnt_ns+0x112/0x8a0 [ 1039.080933] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1039.080941] ? kmem_cache_alloc+0x35f/0x3c0 [ 1039.080953] create_new_namespaces+0xc9/0x730 [ 1039.080964] ? security_capable+0x88/0xb0 [ 1039.080979] copy_namespaces+0x27b/0x310 [ 1039.091627] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 1039.095251] copy_process.part.0+0x2616/0x6fa0 [ 1039.095264] ? trace_hardirqs_on+0x10/0x10 [ 1039.095292] ? __cleanup_sighand+0x40/0x40 [ 1039.095299] ? lock_downgrade+0x6e0/0x6e0 [ 1039.095310] ? _raw_spin_unlock_irq+0x24/0x90 [ 1039.095323] _do_fork+0x180/0xc80 [ 1039.095335] ? fork_idle+0x270/0x270 [ 1039.095343] ? firmware_map_remove+0x18f/0x18f [ 1039.095359] ? do_syscall_64+0x4c/0x640 [ 1039.095366] ? sys_vfork+0x20/0x20 [ 1039.095376] do_syscall_64+0x1d5/0x640 [ 1039.095389] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1039.122670] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 1039.124204] RIP: 0033:0x45ca69 [ 1039.124210] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1039.124221] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1039.124226] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1039.124230] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1039.124235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1039.124239] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1039.159071] audit: type=1804 audit(1590845943.784:1644): pid=32667 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/677/file0/bus" dev="sda1" ino=17043 res=1 [ 1039.181438] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 13:39:04 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x1c, r2, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000800}, 0x4008095) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) read(r4, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, 0x0) fchdir(r5) ioctl$SCSI_IOCTL_START_UNIT(r5, 0x5) 13:39:04 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = socket$alg(0x26, 0x5, 0x0) dup2(r2, r0) 13:39:04 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) r1 = dup(r0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, r2}) ioctl$DRM_IOCTL_MODE_ATOMIC(r3, 0xc03864bc, &(0x7f0000000180)={0x100, 0x3, &(0x7f0000000080)=[0x8, 0xffff07bf, 0x1ff], &(0x7f00000000c0)=[0x833, 0x7ff, 0x31, 0x2, 0x4], &(0x7f0000000100)=[0x401, 0x2, 0x7, 0x0, 0x3, 0xfffff41e], &(0x7f0000000140)=[0x8, 0x62c7, 0x9, 0x8001, 0x1, 0x5], 0x0, 0x9}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = socket$tipc(0x1e, 0x2, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r4, 0x40106614, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="b7000000000000ff2c0000000000000007000000000000009500000c00000000"], &(0x7f0000003ff6)='GPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) [ 1039.389766] audit: type=1804 audit(1590845943.944:1645): pid=32667 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/677/file0/file0/bus" dev="sda1" ino=17032 res=1 [ 1039.446882] audit: type=1804 audit(1590845943.974:1646): pid=32678 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/677/file0/file0/bus" dev="sda1" ino=17032 res=1 [ 1039.494329] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1039.533830] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 13:39:04 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_SET_MPATH(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x50, 0x0, 0x100, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_MAC={0xa, 0x6, @dev={[], 0x27}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x1}}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x340400d5}, 0x24000804) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x1) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r5, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r6}]}, 0x24}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f00000000c0)={'team0\x00', r6}) connect$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0xf7, r7, 0x1, 0xff, 0x6, @multicast}, 0x14) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r8 = socket$alg(0x26, 0x5, 0x0) dup2(r8, r0) [ 1039.545772] audit: type=1804 audit(1590845943.974:1647): pid=32667 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/677/file0/file0/bus" dev="sda1" ino=17032 res=1 [ 1039.577347] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 13:39:04 executing program 5: pkey_alloc(0x0, 0x1) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) perf_event_open(&(0x7f00000010c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3f}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x2e) setsockopt$inet_int(r1, 0x0, 0xca, &(0x7f0000000000)=0x10001, 0x10) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x0, 0xcb, &(0x7f0000000000)=0x10001, 0x10) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={r5, 0x4}, 0x8) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) [ 1039.591703] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1039.601482] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 1039.611892] audit: type=1804 audit(1590845944.294:1648): pid=32695 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/678/file0/bus" dev="sda1" ino=17045 res=1 13:39:04 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x222181, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x9) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000300)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], 0x6, 0x7, 0x4, 0x2}) unlink(&(0x7f00000001c0)='./file0\x00') ioctl$TIOCNXCL(r1, 0x540d) socketpair(0x15, 0x0, 0x7ff, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:04 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x10100, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) [ 1039.658079] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1039.690284] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 13:39:04 executing program 2 (fault-call:10 fault-nth:70): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1039.746789] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 1039.767869] audit: type=1804 audit(1590845944.294:1649): pid=32695 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/678/file0/bus" dev="sda1" ino=17045 res=1 [ 1039.825264] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 1039.865479] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 1039.882807] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 13:39:04 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x0, 0xffffffffffffffff}) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) [ 1039.902559] audit: type=1804 audit(1590845944.294:1650): pid=32695 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/678/file0/bus" dev="sda1" ino=17045 res=1 [ 1039.940919] Interruptibility = 00000000 ActivityState = 00000000 [ 1040.000127] FAULT_INJECTION: forcing a failure. [ 1040.000127] name failslab, interval 1, probability 0, space 0, times 0 [ 1040.011474] CPU: 1 PID: 32740 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1040.019361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1040.023112] *** Host State *** [ 1040.028702] Call Trace: [ 1040.028721] dump_stack+0x1b2/0x283 [ 1040.028738] should_fail.cold+0x10a/0x154 [ 1040.028751] should_failslab+0xd6/0x130 [ 1040.028763] __kmalloc_track_caller+0x2bc/0x400 [ 1040.028773] ? kstrdup_const+0x35/0x60 [ 1040.028784] kstrdup+0x36/0x70 [ 1040.028796] kstrdup_const+0x35/0x60 [ 1040.044401] RIP = 0xffffffff811642af RSP = 0xffff8880289979d0 [ 1040.046232] alloc_vfsmnt+0xe0/0x7c0 [ 1040.046242] clone_mnt+0x6c/0xef0 [ 1040.046255] copy_tree+0x33a/0x860 [ 1040.050970] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 1040.054773] copy_mnt_ns+0x112/0x8a0 [ 1040.054785] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1040.054794] ? kmem_cache_alloc+0x35f/0x3c0 [ 1040.054808] create_new_namespaces+0xc9/0x730 [ 1040.054818] ? security_capable+0x88/0xb0 [ 1040.054832] copy_namespaces+0x27b/0x310 [ 1040.054845] copy_process.part.0+0x2616/0x6fa0 [ 1040.054855] ? trace_hardirqs_on+0x10/0x10 [ 1040.054869] ? check_preemption_disabled+0x35/0x240 [ 1040.065878] FSBase=00007f18279ed700 GSBase=ffff8880aec00000 TRBase=fffffe0000003000 [ 1040.067684] ? finish_task_switch+0x178/0x610 [ 1040.067705] ? __cleanup_sighand+0x40/0x40 [ 1040.071444] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 1040.074815] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1040.074825] ? finish_task_switch+0x14d/0x610 [ 1040.074833] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1040.074847] _do_fork+0x180/0xc80 [ 1040.074859] ? fork_idle+0x270/0x270 [ 1040.074869] ? firmware_map_remove+0x18f/0x18f [ 1040.074879] ? fput+0xb/0x140 [ 1040.074893] ? do_syscall_64+0x4c/0x640 [ 1040.074902] ? sys_vfork+0x20/0x20 [ 1040.083148] CR0=0000000080050033 CR3=0000000097d80000 CR4=00000000001426f0 [ 1040.084803] do_syscall_64+0x1d5/0x640 [ 1040.084820] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1040.084828] RIP: 0033:0x45ca69 [ 1040.084834] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1040.084843] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1040.084848] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1040.084853] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1040.084858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1040.084863] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1040.264097] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff864018c0 [ 1040.270856] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 1040.278721] *** Control State *** [ 1040.282212] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 1040.291128] EntryControls=0000d1ff ExitControls=002fefff [ 1040.296662] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 1040.306552] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1040.313336] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 1040.319936] reason=80000021 qualification=0000000000000000 [ 1040.332193] IDTVectoring: info=00000000 errcode=00000000 [ 1040.337768] TSC Offset = 0xfffffdd0b4f64cde [ 1040.342109] EPT pointer = 0x000000009270c01e [ 1040.354089] Virtual processor ID = 0x0001 13:39:05 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x4882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) write$UHID_INPUT(r1, &(0x7f0000000240)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r2 = socket$alg(0x26, 0x5, 0x0) r3 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ocfs2_control\x00', 0x242400, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) ioctl$TUNSETSNDBUF(r4, 0x400454d4, &(0x7f0000000100)) ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f00000000c0)={0xffff7fff, 0x100, 0x80000000, 0x4, 0x1, 0x5, 0xc000}) dup2(r2, r0) 13:39:05 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) r3 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) open_by_handle_at(r3, &(0x7f0000000040)={0x27, 0xc00, "90f8be672caded6aa928b8d7568cf6467c15650135cd29c2f0ee6b771528c9"}, 0x24000) 13:39:05 executing program 5: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x222181, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x9) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000300)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], 0x6, 0x7, 0x4, 0x2}) unlink(&(0x7f00000001c0)='./file0\x00') ioctl$TIOCNXCL(r1, 0x540d) socketpair(0x15, 0x0, 0x7ff, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:05 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:05 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) ioctl$SIOCX25SCUDMATCHLEN(r0, 0x89e7, &(0x7f0000000000)={0x4}) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000080)={'TPROXY\x00'}, &(0x7f00000000c0)=0x1e) 13:39:05 executing program 2 (fault-call:10 fault-nth:71): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:05 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./bus\x00', &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f00000001c0)='./bus\x00', 0x6, 0xc24301107cb92407) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) accept4$unix(r1, 0x0, &(0x7f0000000200), 0x80800) ftruncate(r0, 0x208200) move_pages(0x0, 0x5, &(0x7f0000000140)=[&(0x7f0000586000/0x2000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000009e000/0x1000)=nil, &(0x7f00003ac000/0x3000)=nil], &(0x7f0000000340)=[0x20400, 0x8000, 0x2, 0x80000001, 0x100], &(0x7f0000000300)=[0x0, 0x0, 0x0], 0x6) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r0, &(0x7f0000000180)=""/10, 0xffffffffffffff35) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:05 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x5]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:05 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x1a1882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(0xffffffffffffffff, &(0x7f0000000080)={0xf, 0x8, 0xfa00, {r3}}, 0x10) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x3ff, @ipv4={[], [], @rand_addr=0x64010101}, 0xffffffff}, {0xa, 0x4e23, 0x5, @dev={0xfe, 0x80, [], 0x39}, 0x7fffffff}, r3, 0xffffffff}}, 0x48) r4 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r4, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000000)=0x7fffffffffc) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f00000000c0)) r5 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x0, 0x2) ioctl$VIDIOC_G_INPUT(r5, 0x80045626, &(0x7f0000000140)) r6 = socket$alg(0x26, 0x5, 0x0) dup2(r6, r0) [ 1040.820401] audit: type=1804 audit(1590845945.694:1651): pid=324 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/682/file0/bus" dev="sda1" ino=17045 res=1 [ 1040.878119] FAULT_INJECTION: forcing a failure. [ 1040.878119] name failslab, interval 1, probability 0, space 0, times 0 [ 1040.889493] CPU: 1 PID: 329 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1040.897208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1040.906556] Call Trace: [ 1040.909144] dump_stack+0x1b2/0x283 [ 1040.912772] should_fail.cold+0x10a/0x154 [ 1040.916924] should_failslab+0xd6/0x130 [ 1040.920896] kmem_cache_alloc+0x28e/0x3c0 [ 1040.925044] alloc_vfsmnt+0x23/0x7c0 [ 1040.928757] clone_mnt+0x6c/0xef0 [ 1040.932212] copy_tree+0x33a/0x860 [ 1040.935746] copy_mnt_ns+0x112/0x8a0 [ 1040.939467] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1040.944552] ? kmem_cache_alloc+0x35f/0x3c0 [ 1040.948857] create_new_namespaces+0xc9/0x730 [ 1040.953334] ? security_capable+0x88/0xb0 [ 1040.957471] copy_namespaces+0x27b/0x310 [ 1040.961509] copy_process.part.0+0x2616/0x6fa0 [ 1040.966070] ? get_pid_task+0xb8/0x130 [ 1040.969936] ? proc_tid_io_accounting+0x20/0x20 [ 1040.974590] ? __cleanup_sighand+0x40/0x40 [ 1040.978804] ? lock_downgrade+0x6e0/0x6e0 [ 1040.982943] _do_fork+0x180/0xc80 [ 1040.986378] ? fork_idle+0x270/0x270 [ 1040.990072] ? fput+0xb/0x140 [ 1040.993156] ? SyS_write+0x14d/0x210 [ 1040.996847] ? SyS_read+0x210/0x210 [ 1041.000449] ? SyS_clock_settime+0x1a0/0x1a0 [ 1041.004837] ? do_syscall_64+0x4c/0x640 [ 1041.008792] ? sys_vfork+0x20/0x20 [ 1041.012310] do_syscall_64+0x1d5/0x640 [ 1041.016291] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1041.021455] RIP: 0033:0x45ca69 13:39:05 executing program 5: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f000001d0c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x1c, r2, 0x709, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, r2, 0x200, 0x70bd29, 0x25dfdbff, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000800}, 0x4008095) r3 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r3, 0x208200) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) read(r4, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, 0x0) fchdir(r5) ioctl$SCSI_IOCTL_START_UNIT(r5, 0x5) [ 1041.024619] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1041.032316] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1041.039561] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1041.046807] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1041.054068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1041.061324] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:06 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x1000007ffc) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:06 executing program 5: pkey_alloc(0x0, 0x1) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) perf_event_open(&(0x7f00000010c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3f}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x3, 0x2) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x2e) setsockopt$inet_int(r1, 0x0, 0xca, &(0x7f0000000000)=0x10001, 0x10) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_int(r2, 0x0, 0xcb, &(0x7f0000000000)=0x10001, 0x10) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000080)={r5}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={r5, 0x4}, 0x8) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 13:39:06 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) close(0xffffffffffffffff) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[@ANYRESHEX=r4, @ANYRES16], 0xfffffecc) socket$netlink(0x10, 0x3, 0x6) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:39:06 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x1a, 0x0, 0x1, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:06 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x3, 0x1, 0x2, 0x1000, &(0x7f0000ffe000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x1ff, 0x6, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0x0, 0x100000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:39:06 executing program 2 (fault-call:10 fault-nth:72): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:06 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x400, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1041.770039] FAULT_INJECTION: forcing a failure. [ 1041.770039] name failslab, interval 1, probability 0, space 0, times 0 [ 1041.781596] CPU: 0 PID: 393 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1041.789316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1041.798652] Call Trace: [ 1041.801224] dump_stack+0x1b2/0x283 [ 1041.804852] should_fail.cold+0x10a/0x154 [ 1041.808982] should_failslab+0xd6/0x130 [ 1041.812932] kmem_cache_alloc+0x28e/0x3c0 [ 1041.817071] alloc_vfsmnt+0x23/0x7c0 [ 1041.820761] clone_mnt+0x6c/0xef0 [ 1041.824195] copy_tree+0x33a/0x860 [ 1041.827716] copy_mnt_ns+0x112/0x8a0 [ 1041.831410] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1041.836401] ? kmem_cache_alloc+0x35f/0x3c0 [ 1041.840704] create_new_namespaces+0xc9/0x730 [ 1041.845179] ? security_capable+0x88/0xb0 [ 1041.849305] copy_namespaces+0x27b/0x310 [ 1041.853345] copy_process.part.0+0x2616/0x6fa0 [ 1041.857904] ? trace_hardirqs_on+0x10/0x10 [ 1041.862115] ? check_preemption_disabled+0x35/0x240 [ 1041.867110] ? finish_task_switch+0x178/0x610 [ 1041.871588] ? __cleanup_sighand+0x40/0x40 [ 1041.875802] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1041.880276] ? finish_task_switch+0x14d/0x610 [ 1041.884748] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1041.889222] _do_fork+0x180/0xc80 [ 1041.892653] ? fork_idle+0x270/0x270 [ 1041.896341] ? firmware_map_remove+0x18f/0x18f [ 1041.901084] ? fput+0xb/0x140 [ 1041.904180] ? do_syscall_64+0x4c/0x640 [ 1041.908132] ? sys_vfork+0x20/0x20 [ 1041.911647] do_syscall_64+0x1d5/0x640 [ 1041.915513] entry_SYSCALL_64_after_hwframe+0x46/0xbb 13:39:06 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) recvmmsg(r2, &(0x7f00000019c0)=[{{&(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private1}}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/4096, 0x1000}, {&(0x7f0000000140)=""/14, 0xe}, {&(0x7f0000001240)=""/193, 0xc1}, {&(0x7f0000000180)=""/10, 0xa}], 0x4, &(0x7f0000001340)=""/28, 0x1c}, 0x7}, {{0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000001380)=""/128, 0x80}, {&(0x7f0000001400)=""/153, 0x99}, {&(0x7f00000014c0)=""/33, 0x21}, {&(0x7f0000003440)=""/4096, 0x1000}], 0x4, &(0x7f0000001540)=""/47, 0x2f}, 0x6e27ad70}, {{&(0x7f0000001580)=@l2tp6, 0x80, &(0x7f00000016c0)=[{&(0x7f0000001600)=""/105, 0x69}, {&(0x7f0000001680)=""/48, 0x30}], 0x2, &(0x7f0000001700)=""/14, 0xe}, 0x3}, {{&(0x7f0000001740)=@caif=@dgm, 0x80, &(0x7f0000001940)=[{&(0x7f00000017c0)=""/174, 0xae}, {&(0x7f0000004440)=""/4096, 0x1000}, {&(0x7f0000001880)=""/168, 0xa8}], 0x3, &(0x7f0000001980)=""/64, 0x40}, 0xaf59d54}], 0x4, 0x1, &(0x7f0000001ac0)={0x0, 0x3938700}) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_GET(r4, &(0x7f00000005c0)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000300)={0x120, r5, 0x4, 0x70bd2b, 0x25dfdbfb, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}]}, 0x120}, 0x1, 0x0, 0x0, 0x80}, 0x20004804) sendmsg$DEVLINK_CMD_GET(r3, &(0x7f0000001c80)={&(0x7f0000001b00)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001c40)={&(0x7f0000001b40)={0xc8, r5, 0x0, 0x70bd2d, 0x25dfdbfb, {}, [@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}]}, 0xc8}, 0x1, 0x0, 0x0, 0x20000000}, 0x44000) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080), 0x10) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r6 = socket$alg(0x26, 0x5, 0x0) dup2(r6, r0) [ 1041.920677] RIP: 0033:0x45ca69 [ 1041.923842] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1041.931537] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1041.938784] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1041.946043] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1041.953288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1041.960533] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:06 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) write$UHID_INPUT(r4, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r5 = socket$alg(0x26, 0x5, 0x0) dup2(r5, r0) 13:39:07 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000240)='./bus/file0\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) fchdir(0xffffffffffffffff) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0xffffffffffffff12, 0xfa00, {0x0, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r3, &(0x7f0000000200)={0xf, 0x8, 0xfa00, {r4, 0x10}}, 0x10) write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000000), r4}}, 0x18) 13:39:07 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = gettid() ptrace$setopts(0x4200, r1, 0x0, 0x0) tkill(r1, 0x40) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x3) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/netlink\x00') fchdir(r2) write$P9_RRENAMEAT(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x4b, 0x2}, 0x7) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000000)=0x1) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r3 = socket$alg(0x26, 0x5, 0x0) dup2(r3, r0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r4, 0x408c5333, &(0x7f0000000240)={0x2, 0x43, 0x0, 'queue0\x00', 0x9}) r5 = msgget(0x3, 0x286) msgctl$MSG_STAT_ANY(r5, 0xd, &(0x7f00000000c0)=""/190) 13:39:07 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) write$UHID_INPUT(r4, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r5 = socket$alg(0x26, 0x5, 0x0) dup2(r5, r0) 13:39:07 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r3, 0x40806685, &(0x7f0000001140)={0x1, 0x3, 0x1000, 0x1000, &(0x7f0000000080)="a3553943fc645bd709aad32699cdbda9b33a6093ca2cff137a18b9c266c982c7a44dbc13c3d6725435caf1ffd5e88da850b95f11a0927aafba43222af8a75fb81f6a029c21b1bea325536ccb5adf7c867520001a133d0a91e475d4230817c98b353cb1ba81fbf108721a3fb11cc9c6895ac3b8a6bf76293c3482586f025a4a8a40b20bf7175a8c19fe575384b45e05c79207d121070e90007784c99a774e08b4b9e0baf0463d05070864911a66ac3c1e80587a53d11d9a5653aa284c960bcb75a2ade641ffb3aa8640f89de4ae398d92884b6bc79915f477d9f4518eccc622a257656ad37a3df05d0e24e3aaff22491db97d02a3164c7a428325970896b1d907dbdc7be3fd985deba85e765267ae8cec42c51da59749567a6189c9c508870879253a567212a0ad8154b5c63065223e15d5aed9853c0601ecc719181b1619efba1fd0e2d9341f791743df4f77b7720f228e6f59e65857fb14326de202d9dfef657bc5e5aecb83baa9252540a4bf51ddb91abd2b76f946b7bca292ae63b56509cb2daa09c5cce9ec7c39e286437d552695f6af22d1038f2fd40ef1d8d341e82656b099d0d7e79ed852505005ceb0a05432440126769c0a90999a46f130809436fcd38232a4362ba7979a99fabfe4519834cfaece8f3ec41c9d4fdc3b2eccc5938dfe267023d68b3e97993106b6b57baf3469a1748c784194406300f842a56f1e22ef1ea7f8d53f69d99d19f474a1a7276c7e0b55ca5fb17a32561e86e17126907dc85e796b1cee3d28cc3d274e201795aa1b004bb89b4dcf1d8536ba24eb91490c70ee3cb1003850acb36bea6d28460ccdc6176c9fa2eff9547e392de29936d3b278c8b3564bb32e05bf06937bd09789a3a0db59afdbcb9634c1dee8a66e42188207d7d1ee4d6b9aed869392834b420e59848dbcaa574698a6c05c0d7eebdc0d4500f94b4382c13255287bbc32b2bd6e9c76b1b4e414f130bdc824730ee5792c8a6ff5bba7728e1302b4daf80dfa461d91c08c29f11b5f67dc1af209fd192edbd8e7daa6e5e9cade1bf4a261f08dd18c2595cf487832678cb61b63cc7d04be2f69152492bac97e489ca4f51b5eeee28e9e7a697279166f95bc83c6658a806c1cca1a644c547e0a38bb2bf403351affb919c8342613801065161c1dcbf41542baec0f86d4c6f68cabdd4269e0ba4635af0289739253fd7b7ad4d14a73811e024ee7a941fb6a3700daa1b3f58c949025221578956e4b9fa12d908e88cb9c03d811aedef74e6b50894deaea870f4dc9ac57ee31e15c0df54e5862069faea89c3afc2e2a6767f1c9d15edc850fd3c4f1fafe9cb559dfa39a7dd665c20a7d9612a223ea625c5f7f67ce9b55e308c9335fc33347489a6cb4ed2a4ab595623ead7303124b3cc951f5db07dba1bea136865240c3d28809aba975199fec0ccc75a3d8b3283dbf66a62f170bbadc0621327d1e59f0746a3b9a2ec55917e3e395269bf224de6120ad0ea8a4bd0730567d8549dc19a1ec78e9f38b189aa787986722d0faae8cb73f3957fd9fbea8ff4722d4816fc577248e83124d078acc0ede3bab862a64579e20316b6892665418edc6bf1428466fccf3ff0c5a1cb23230c03ad6febb21a2ea73f2008a39dcc9facdb6d6ecb399832caf29afe9b920a6d221a4acfbdf12b8c8dd6e925d4645fb0ccdf10cd7efa908c345960709e0c326dd16b2f26dfac4ad776468b02a57c983956c56864d2d9b45c3c6bb0c3a4afd025c34cbaf377578463a1e1a89b9208817d14827e68af0825c97d9f874a93c74ad9cfecb2021636085c4cbd34d2e6aa86ec868c8ff286047509fee734abb2147c882017a2f18f74ae4606925e30dbdd85cccbedba320e210b69eee499f2a070c9922235f7b9f77b7f188c61fcfdd55f7b69b29f957b0a187d4228687b28a642b75c46214a0d93f9f2e8c48203edbcb50277004fa999968b803d20893ab81d72823d7df525140804510893140538a64546e5e24c46ff1fd743a6b1e9906819b9ef2e61898aaec2e6e8692b384efa57664fee93c015ff2308e14423b70c18fd9c119cc5740722bd93d91b20441003f09ba64d9d2a34783921dd9260cd2b34fcc8559111d37f28a263e4a23ba14275dc398e8ece4441878e3cc66771c7b277e0779eb1e70f7d083c5edb086ff40e93e7b9a5133acd290111c62fc3b1eab77e7ac400d31d3e55e11ca8432b2fb4df3b189bc9dab8bcbad8edb2a922cfbd5dad137078df12ffc891723f45cf2683f3f7a31e3ae58c359e6cddf3b8a7a9272c844f6f5e3c2689f9d3064cac493882cb7c9951e087be59491bf32301398c8e24f0435e3340a062b958cbe47192380163b4f3fdf597955659c2d592231897224cb6c250bdb06c647946aa0892b7aa57696a53f439d3a09ec1a1ab1a6921416c5d1f7304273dd24e8888957882c3574a7d854f62dd9069316559b72480a84b1109b1cf23cea2413a9a102a435074d190d5ded2b967f26c8f424a623a96bfa4d6afee17d6a6a0991903ff88a9c9443e5aed96ec40385b80f7ccebf2ccdb0f61d0749c901a17767e69e3f8bd6c9d961a3ced6cfb02fd57a8859338cac1048f86d08883eae8c19d1763a0222062265b146848ffb5a4ed8d61915867a99808c35eadde97befdf7fac24e47a492e6500554ddfa033ec64be4c8b67c7fd78b469b207d2e7d8115ea10af515ac880a16907cbeabef0cdc91aff2e6aa4c779c74e6076d1f40435cd9017cd9d10514e54baaf8a841012163dba705001df836f174abb1025801fbd1b407004ea9c659b9e032da3455a09d4757b378d7be82f0415a5b34c81f28b07d1a05b959e457d6e083d13bc4059b0071609b0fe8829a9e76dfa125e61f8ef88b1e7d98bf72e05215a93c1e7e3d1074457b54a70bf18370869eded0b3a73eb22fdecfdcf982a8a7fdbe7fb4371d465384657a4a0b2d21d2a8aff0e634571da3540a40f3b17ae459caf634020c95654cd69779fe158fb2e6ee6d99812c6e039674456c48ceea994b674a078b75d41b641540132b7fb4f597ac2ba01e01c5c74c73fa969131ea789182aa666500fb837194ae0a2cd5a2a388b39c438c52997d27136a83deee70c1706cf8674e47ac9a72260b31c5d6bf9fe44f6fc53d6a7185f717479e0fa49d4e5c00b50834deb9229619d930ed94e069f98acc79fbbd8459d6817c62b9a36c4a40385b7edb4b046f688fd6945b1ef512b0f8120d445f9071c10c4c6661577dec3a28a15a479c7dc5ce3b29598685d98d92f9a8bd53e3503440b6b958798f937bdaf9b3d352778bfc34e009e563f34e1e1af0074230c5d33a39906e8a8ef3ac30c607affc09f491444939d43108e7d521070336f1826d0b76e3b741a00b8f55873d8283b07f2f06dcc79af9fd7cc59ca9c61817402492bf9e1c058da8f9cabe40cb60858c44ecd794787b49741eeb647625a2caa3d46d883932feae808067d7c5aaab184d8910e194d776ec409df475ea5bf0f82d522b30278952a6b855a95109cd4a4fc5131d0ba4725cd59329766b9bc7116a680f06c69233f5bae326024168730f1b4937a6ad913668316e4963f0e4e6b51e63ecfb8c47cb4291536d2c2309f7fba30ab58561b1d59db351667f4fb3deafd3535d9f9d7896834329a7304b3346722b82f2a984ee7c9869322f371184bd3455e89c72a03b794ee5c23e484a25fe9dc143073560d3ab992b7e73118e4aa7a5a9d5e3288289d068b76df17bc82837b13f556fbf7d7fbc5f0ce8abfc12c60edb615364276db90ca569d6f7ff6d44a68498cb7842d912228280d8b326eb90e87b516cc09c097ae982bc3c2699cfbe411cd7cdaf69d3d510c977ac96101abdb41745997af81478091ce3340e878dc051a5f784a22647943dc965d2370a9fe8b5f9eb6dc6d8e457186df266c513effd1d7178cf680b8a3727e2ffe7b8c9a6ca1c0f53a79bd124d4a4a0ec105db9256051df1c6cab9895fe6ed67356292dcb085967c1e074270b59c81d3bc2f604cdabb494b7083216c134926fb431be889944bd12ec274077035a6ff8fa23d59c8252bc19b33034a0e108cb50e340e0335afa1d10aa05a397a722dff8008cd5f0fec9724800f07161ed51c5f9c13df2ca085b21df6f9338c0f4be3675b785773e77edc0c1afb4caf024a299158acdc9451d8834aec6c9914b7c12a2910d0fcb5f57b19898785a6051e053b4bdb4c524fcbbd7c1770d593abbdfb68c5169823cec98574037c8c4c981d5db1203195ffaab3153d968e51c1762c5649acb725e9cf54a6a493b85305a9e6d5dd362e210512a8a14a0e7144c3cf144bd36d563804e908e5075345dddb87c66fb4a91e18904d2a480514a0c6e98dbc01f51148ec9007b369953a92cd4fe80cc7eb59db16539619f94bc1efcc60ef8a9f5294c53da3300f10d54d85c24cded0839c3a0674387c6816907da7c9f2cc0e7ac4a5ca4506d043d52f6c01b608b04487dbf934a670c24a4dc78469c5d8f0fd983d50923696e3dfe4fce4d62623cbdae7156a0a7e7bd89c3352215aa4b266a2c9ef17ed7c915136a1c26f6f1cefef11f28acce0f80205aaafe57416d5c83e3dbb1bb6b2aa541ec25f28801cc7c18b73a9b15993a157f4eb2a633a18b2cec373ae1817cd9105f67f0d8d771345e5ef174e8e61ba42585878533e69aa746cc641956df909e08a921e9cb3077b4c4b60fc65586ad82f990684e4268baced8d5ccf56f172dc6f0119293f62549ceaf95e070fee9b6e6c6d49f63eb923e17f3ade2d7e4eba8047779285fbc0635ed64d19930d0d729330ba3d9cb0d1ca77ff7f5f1c2addaafb0c5fdad26d24824472838c1bf5683beb3ce7d380c96b9b8a18f88965d109afa56406bd9d058702f4ece7451436bf3893ae2f10782bb62ba74a2d93f181d6950c47d8440db7f4ed545deec0773f7eed4bfb7fd700e882dd1fb9565a614ff21ac5be5711e231c475731dfbd7034a0ab7da91d704a4747d1f794053c0d757111cd1fb254f73b7268e256551d10dad3f60c49a3567df024869e3ac5aada041779f32a6f85dc391ecb5ef40898adb7cd149455c20564f8aa433dd0ef7f96c653a7f030bee528bf8e7a317f9859aba80773318dc09c42e66c5e0b65e6125a440bca5b1483bb1f0aac27186e71911a40ab46cdb956a1033cffa41b812a56165666a63aa9829c322a41417a8437745bed0d3ebc38b597a12d781c5593e003f8e1106a1288b349b4d25f3fe58c9f10541413ae4c608fa20a6e8d776cf65dc61d466db846636de3e215d693bede4290e178dbbed1944b4305a9e359ca74729fd3b4be5393252cbb3ac2054848318799ae24d3926c14670a16fa9b63e3b4c1ef96f409a9cfe6175b6e991594335ad0c3eb7ecb11b9b5dd3b172c5d87122e7cc049aecb52cdd55fb6c199161a786c39b7c903b0e689744ac92fdb905f39ba78eb745e73393f3997af2a5781ac10bae9a6ba32dbece106af0d98cff330055e6cd0938c2a844c42ed288c1abedd9369c3d787432a266e80990a4152f047cf5e3bd5aa71203be5d662778ace6d7659e038391c6cdd1328343aeaea7593fc10525a0469cb043b04ac4a472b9753c1ea0528c074f6cac651d85c53ac9f649e56d83982e83900bcb2c3d9b802c775c264d1c8f6f7ed1e97ec520747aeef317e13b5d334538e538b6e9692f96ad7f108a0f3ac335e2a387c0761a265c8d07bbde9d8b91df7bfbecee8ad7f41da6e6acab2b228123202e893e4b1d71fdd29fbcf09d63310db08e81cd637391d16967a33cdf11a84", 0x9d, 0x0, &(0x7f0000001080)="a01285d3d0c549c7e7160dd2e0cbc8255d416ee668ed4c22e7901877e9201409f0e35ca9e1f67129794015f6f61c2c44a90c935aa6490b37d5875b7b7daa678236cdef996a18b1a05c1859149edb9ebc1e51de0676435f1d4f3cd7f7e88d7885b491a8dbc7703512aa474960ce007013ce43e71963aa79efc47ca8ab05ac713e35c9c4498c2e97f65e26d01783047fc025dbd4947b5d59c77d0dc76a54"}) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:39:07 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x200, 0x8000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x7}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = socket$alg(0x26, 0x5, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) getsockname$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000180)=0x1c) dup2(r2, r0) 13:39:07 executing program 2 (fault-call:10 fault-nth:73): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:07 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) write$UHID_INPUT(r4, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r5 = socket$alg(0x26, 0x5, 0x0) dup2(r5, r0) 13:39:07 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r0, 0x28, &(0x7f00000000c0)}, 0x10) chdir(&(0x7f0000000280)='./file0\x00') r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000200)='./bus\x00', 0x30000, 0x1) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r3 = socket$caif_seqpacket(0x25, 0x5, 0x1) connect$caif(r3, &(0x7f0000000000)=@rfm={0x25, 0x6, "38805d51420e7580427883326fe5d739"}, 0x18) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) 13:39:07 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa4000960) write$binfmt_misc(r2, &(0x7f0000000080)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r1, 0x0, 0x4ffe0, 0x0) [ 1042.703551] FAULT_INJECTION: forcing a failure. [ 1042.703551] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.714981] CPU: 1 PID: 452 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1042.722694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1042.732028] Call Trace: [ 1042.734599] dump_stack+0x1b2/0x283 [ 1042.738207] should_fail.cold+0x10a/0x154 [ 1042.742335] should_failslab+0xd6/0x130 [ 1042.746287] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 1042.750937] copy_utsname+0x10f/0x320 [ 1042.754719] create_new_namespaces+0x14a/0x730 [ 1042.759277] ? security_capable+0x88/0xb0 [ 1042.763404] copy_namespaces+0x27b/0x310 [ 1042.767446] copy_process.part.0+0x2616/0x6fa0 [ 1042.772009] ? get_pid_task+0xb8/0x130 [ 1042.775879] ? proc_tid_io_accounting+0x20/0x20 [ 1042.780531] ? __cleanup_sighand+0x40/0x40 [ 1042.784757] ? lock_downgrade+0x6e0/0x6e0 [ 1042.788886] _do_fork+0x180/0xc80 [ 1042.792340] ? fork_idle+0x270/0x270 [ 1042.796031] ? fput+0xb/0x140 [ 1042.799114] ? SyS_write+0x14d/0x210 [ 1042.802804] ? SyS_read+0x210/0x210 [ 1042.806408] ? SyS_clock_settime+0x1a0/0x1a0 [ 1042.810796] ? do_syscall_64+0x4c/0x640 [ 1042.814744] ? sys_vfork+0x20/0x20 [ 1042.818265] do_syscall_64+0x1d5/0x640 [ 1042.822136] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1042.827300] RIP: 0033:0x45ca69 [ 1042.830478] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1042.838161] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1042.845419] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1042.852663] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1042.859998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1042.867243] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:07 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r3}]}, 0x24}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r5, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r6}]}, 0x24}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x1000000010, 0x80002, 0x0) sendmmsg$alg(r8, &(0x7f0000000200), 0x10efe10675dec16, 0x0) getsockname$packet(r8, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=@ipv6_getroute={0x24, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_IIF={0x8, 0x3, r9}]}, 0x24}}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80130001}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x88, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x5e, 0x1, r6}]}, @ETHTOOL_A_LINKINFO_HEADER={0x4}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}]}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}]}, 0x88}}, 0x4000000) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:39:07 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) modify_ldt$read_default(0x2, &(0x7f0000000080)=""/150, 0x96) r2 = dup2(r1, r0) write$UHID_CREATE2(r2, &(0x7f0000000240)={0xb, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x2c, 0x4, 0x6, 0x8000, 0x7, 0x20, "fb9938ebb4b035cde7a99c95de63d5a107988f553271b1d9d35c25264a34384dd156a6e9fa47d2ac831e2cdf"}}, 0x144) 13:39:07 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) write$UHID_INPUT(r4, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) socket$alg(0x26, 0x5, 0x0) 13:39:07 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x422743, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x3, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:07 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x503c00, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:08 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) write$UHID_INPUT(r4, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e990000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000013c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) 13:39:08 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) 13:39:08 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x2, 0x0, 0x9, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000], 0x1000, 0x45800}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(0xffffffffffffffff, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:08 executing program 2 (fault-call:10 fault-nth:74): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:08 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) 13:39:08 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20d02, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f00000001c0)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') ioctl$TCSBRKP(r1, 0x5425, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000240)={{0x4, 0x6, 0x77, 0x8, '\x00', 0x7}, 0x1, [0x3f, 0x6, 0x1, 0x8, 0x6, 0x2, 0x9, 0x80000001, 0x6, 0x0, 0x38, 0x4, 0x1, 0x7fff, 0xffffffffffffff7f, 0x0, 0x2, 0x2, 0x1f, 0x4, 0x1f, 0x8, 0x5b56708a, 0x5, 0x14c3, 0x1f, 0x80, 0x7fff, 0x4a7, 0xff, 0x4, 0x55, 0xfffffffffffff232, 0x4, 0x2, 0x6, 0x5, 0x5532, 0x100000000, 0xffff, 0x7e55, 0x13fc40000000000, 0x5, 0x3, 0x8, 0x7, 0x5, 0xe1b, 0x3f, 0x1f, 0x400, 0x0, 0xaf4, 0x2, 0x1, 0x3ff, 0x400, 0x0, 0x10000, 0xfffffffffffeffff, 0x1, 0x200, 0x0, 0x800, 0x9, 0x0, 0x10001, 0x2, 0x800, 0x9, 0xa0, 0x2, 0x0, 0x93e, 0x4, 0x8, 0x58, 0x69, 0x5, 0xca, 0x1, 0x4, 0x0, 0x9, 0x10080000001, 0x81, 0x0, 0x8, 0x40, 0xffff, 0x80000001, 0x1, 0xad, 0x4, 0x7, 0x8, 0x88f, 0x1f, 0x2, 0x4, 0x9, 0x4, 0x4, 0x1, 0x0, 0x4, 0x9, 0xffffffffffffff01, 0x1e, 0x1, 0x80000000, 0x4, 0x100000000, 0x67f, 0x4d293481, 0x2, 0x4, 0xffffffffffff0001, 0x8, 0x0, 0xfffffffffffffffb, 0xe297, 0xffff, 0xffffffff, 0x1ff, 0x2, 0x7f, 0xbb3]}) fchdir(r1) pread64(r1, &(0x7f00000000c0)=""/178, 0xb2, 0xffffffffffff0f4b) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r3 = socket$alg(0x26, 0x5, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) mmap$dsp(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1000000, 0x80010, r5, 0x0) r6 = dup2(r3, r0) r7 = inotify_init1(0x800) sendfile(r6, r7, &(0x7f0000000180)=0x55c, 0x6e4a) 13:39:08 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(r0, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x400000000, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYRESHEX=r3]}}, 0x8040) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 1043.585339] FAULT_INJECTION: forcing a failure. [ 1043.585339] name failslab, interval 1, probability 0, space 0, times 0 [ 1043.596676] CPU: 1 PID: 533 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1043.604378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1043.613710] Call Trace: [ 1043.616284] dump_stack+0x1b2/0x283 [ 1043.619894] should_fail.cold+0x10a/0x154 [ 1043.624029] should_failslab+0xd6/0x130 [ 1043.627986] kmem_cache_alloc+0x28e/0x3c0 [ 1043.632114] copy_pid_ns+0x1b2/0xa70 [ 1043.635893] ? copy_ipcs+0x44/0x3f0 [ 1043.639502] create_new_namespaces+0x25f/0x730 [ 1043.644067] copy_namespaces+0x27b/0x310 [ 1043.648108] copy_process.part.0+0x2616/0x6fa0 [ 1043.652687] ? trace_hardirqs_on+0x10/0x10 [ 1043.656901] ? check_preemption_disabled+0x35/0x240 [ 1043.661900] ? finish_task_switch+0x178/0x610 [ 1043.666382] ? __cleanup_sighand+0x40/0x40 [ 1043.670607] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1043.675100] ? finish_task_switch+0x14d/0x610 [ 1043.679571] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1043.684048] _do_fork+0x180/0xc80 [ 1043.687482] ? fork_idle+0x270/0x270 [ 1043.691185] ? firmware_map_remove+0x18f/0x18f [ 1043.695744] ? fput+0xb/0x140 [ 1043.698832] ? do_syscall_64+0x4c/0x640 [ 1043.702799] ? sys_vfork+0x20/0x20 [ 1043.706329] do_syscall_64+0x1d5/0x640 [ 1043.710222] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1043.715396] RIP: 0033:0x45ca69 [ 1043.718563] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1043.726259] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1043.733505] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1043.740750] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1043.747998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1043.755245] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:08 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') 13:39:08 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = getpid() write$FUSE_LK(r0, &(0x7f0000000000)={0x28, 0x0, 0x4, {{0x10000, 0x4, 0x0, r1}}}, 0x28) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0xa3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) read(r3, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) 13:39:08 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x620102, 0xa2) sendmsg$FOU_CMD_ADD(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, 0x0, 0xc02, 0x70bd2a, 0x25dfdbfb, {}, [@FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_V6={0x14, 0x9, @empty}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e22}]}, 0x44}, 0x1, 0x0, 0x0, 0x844}, 0x40) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000080)={0x29, 0x6, 0x0, {0x2, 0x3}}, 0x29) dup2(r1, r0) 13:39:08 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000100)={0x1ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000], 0x3000}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:39:08 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) 13:39:08 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$IOC_PR_RELEASE(r2, 0x401070ca, &(0x7f0000000000)={0xb6, 0x2}) write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000600)='net/nf_conntrack_expect\x00') fchdir(r3) bind$unix(r3, &(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e) ioctl$int_in(r1, 0x5421, &(0x7f0000000080)) modify_ldt$read_default(0x2, &(0x7f0000000340)=""/185, 0xb9) fchdir(0xffffffffffffffff) ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000440)={0xfffffff, 0x2, 0x1, r1, 0x0, &(0x7f0000000400)={0x99096d, 0x7fff, [], @p_u8=&(0x7f00000001c0)=0x2}}) clock_gettime(0x0, &(0x7f0000000480)={0x0, 0x0}) sendmsg$can_bcm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x5, 0x301, 0x2, {r5, r6/1000+10000}, {0x77359400}, {0x4}, 0x1, @canfd={{0x3}, 0x10, 0x0, 0x0, 0x0, "1b2273cb29b3dcf99a8dcd415f116cec8d99075242a7e08da3f67f3386770f16417a4a70809ae6993d30ab55da48b83aff6a14e6722ebce84a1abd1e6990ee15"}}, 0x80}, 0x1, 0x0, 0x0, 0x4000}, 0x1) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000046c400000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r7 = socket$alg(0x26, 0x5, 0x0) dup2(r7, r0) 13:39:08 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = accept(0xffffffffffffffff, &(0x7f0000000100)=@in={0x2, 0x0, @empty}, &(0x7f0000000180)=0x80) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/76, 0x4c}], 0x1}, 0x40002002) r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000680)='NLBL_CIPSOv4\x00') r7 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r7) ioctl$RTC_WKALM_RD(r7, 0x80287010, &(0x7f00000004c0)) sendmsg$NLBL_CIPSOV4_C_LIST(0xffffffffffffffff, &(0x7f0000000a80)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000a40)={&(0x7f00000006c0)={0x18, r6, 0x20, 0x70bd28, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MLSCATLST={0x4}]}, 0x18}}, 0x0) sendmsg$NLBL_CIPSOV4_C_REMOVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x108, r6, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MLSCATLST={0xa4, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x934d}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6fa1}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9724}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x85f3686}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6c0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x9c2a}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8082}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2f49617e}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xfb3b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8714}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x62690c9b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6d53}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0xb031ffd}]}, {0x1c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x42cf}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x20454560}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x8cd2}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5f6b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1496fd4c}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x48, 0x8, 0x0, 0x1, [{0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x22d535da}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x67b1007d}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x684db36a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x7c}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xc68863b}]}]}]}, 0x108}}, 0x14) sendmsg$NLBL_CIPSOV4_C_LISTALL(r5, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)={0x1b8, r6, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x58, 0xc, 0x0, 0x1, [{0x54, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x29779d2b}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x28c103c6}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2eaba11f}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x3c386d3c}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x4608}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1ff}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xe6db}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6edacb8f}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x14dd}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x2c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x6}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0xc4, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x73f4930a}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x24}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xc02f3a5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe0}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x67}]}, {0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x66930173}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x30}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x38fdd5c6}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x48}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3cd74f43}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x21744924}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x64}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6694bbf5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa7}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x87}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x10}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x64}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xa2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x176b995d}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfa}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x2a7b5527}]}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x91}, 0x440) sendmsg$NLBL_CIPSOV4_C_LISTALL(r4, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x58, r6, 0x300, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_CIPSOV4_A_TAGLST={0x3c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}]}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000800}, 0x4008084) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000000)=0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x9, 0x5d, 0x7, 0x6, 0x0, 0x8, 0x1402, 0xd, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x3, 0x2, @perf_config_ext={0x4, 0xfffffffffffffff7}, 0x10, 0x4, 0x7fffffff, 0x3, 0x0, 0x84, 0x4}, r8, 0xb, 0xffffffffffffffff, 0x3) 13:39:08 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') 13:39:09 executing program 2 (fault-call:10 fault-nth:75): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:09 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x80000000000006, 0x0, 0x400000000000000], 0x100000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @broadcast}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:09 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) r3 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) fchdir(r2) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:09 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) [ 1044.287116] kauditd_printk_skb: 11 callbacks suppressed [ 1044.287124] audit: type=1804 audit(1590845949.164:1663): pid=581 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/689/file0/bus" dev="sda1" ino=17083 res=1 13:39:09 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x5c, 0x0, &(0x7f00000002c0)=[@reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x68, 0x18, &(0x7f0000000240)={@ptr={0x70742a85, 0x0, &(0x7f00000000c0)=""/125, 0x7d, 0x0, 0x1b}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/118, 0x76, 0x1, 0x11}, @flat=@binder={0x73622a85, 0xa}}, &(0x7f00000001c0)={0x0, 0x28, 0x50}}, 0x400}, @acquire={0x40046305, 0x2}, @enter_looper, @enter_looper], 0x1f, 0x0, &(0x7f0000000340)="8ed1327bece5ffa42e65ca4a243066791aecbd07366db3f3c208a97685bc28"}) [ 1044.331056] audit: type=1804 audit(1590845949.164:1664): pid=581 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/689/file0/bus" dev="sda1" ino=17083 res=1 13:39:09 executing program 4: ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000001c0)={0x16, 0xa, 0x4, 0x100, 0x9, {}, {0x1, 0x2, 0x0, 0x0, 0x0, 0x0, "79ad97c8"}, 0x4, 0x1, @userptr=0x7, 0x9, 0x0, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), &(0x7f0000000240)=0x4) sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(0xffffffffffffffff, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x2, 0x0) ioctl$SIOCNRDECOBS(r2, 0x89e2) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x2, 0x0, 0x6, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0xa, &(0x7f0000000080)=0x4, 0x4) gettid() r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) [ 1044.416771] FAULT_INJECTION: forcing a failure. [ 1044.416771] name failslab, interval 1, probability 0, space 0, times 0 [ 1044.428143] CPU: 1 PID: 594 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1044.435858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.445204] Call Trace: [ 1044.447796] dump_stack+0x1b2/0x283 [ 1044.451427] should_fail.cold+0x10a/0x154 [ 1044.455576] should_failslab+0xd6/0x130 [ 1044.459557] kmem_cache_alloc+0x28e/0x3c0 [ 1044.463708] copy_pid_ns+0x1b2/0xa70 [ 1044.467420] ? copy_ipcs+0x44/0x3f0 [ 1044.470027] audit: type=1804 audit(1590845949.164:1665): pid=581 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/689/file0/bus" dev="sda1" ino=17083 res=1 [ 1044.471041] create_new_namespaces+0x25f/0x730 [ 1044.471058] copy_namespaces+0x27b/0x310 [ 1044.471071] copy_process.part.0+0x2616/0x6fa0 [ 1044.471082] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1044.471095] ? finish_task_switch+0x178/0x610 13:39:09 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000)={r0}) sync_file_range(r1, 0x2, 0xf92, 0x3) sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r2, 0x208200) r3 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r3, 0x0) read(r3, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0xa, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000240)={0x8, 0x5, 0x2, 0x22, &(0x7f00000000c0)=""/34, 0x77, &(0x7f00000001c0)=""/119, 0x48, &(0x7f00000002c0)=""/72}) [ 1044.517338] ? finish_task_switch+0x14d/0x610 [ 1044.521830] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1044.526326] ? __schedule+0x8ae/0x1d70 [ 1044.530226] ? __cleanup_sighand+0x40/0x40 [ 1044.534456] ? lock_downgrade+0x6e0/0x6e0 [ 1044.538606] _do_fork+0x180/0xc80 [ 1044.542060] ? fork_idle+0x270/0x270 [ 1044.545772] ? fput+0xb/0x140 [ 1044.548875] ? SyS_write+0x14d/0x210 [ 1044.552582] ? SyS_read+0x210/0x210 [ 1044.556218] ? SyS_clock_settime+0x1a0/0x1a0 [ 1044.560624] ? do_syscall_64+0x4c/0x640 13:39:09 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x6) sendmsg$NL80211_CMD_SET_KEY(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="20000090e105bc00", @ANYRES16=0x0, @ANYBLOB="02002abd7000fcdbdf250a0000000a000600ffffffffffff0000969bd187ba31409db9cb267fc02d557c0f7ad4d34f7a3ca84d00539a28a5907c53c90afb054ba1cc0ed523b445efe59bd1cef503635e401678784d6d86a12d2f5241d86c24e2069861f708680dd63486e81036cf520ad896c31a7cb1ea108dfdca71630133bbb5620d0113d59d8a24212bb5ea6f71a03b181d53f07ffcf243359e00000000000000000000fd277dfe627c870a0494066aa09b170da8b1e08ba7474a3363c6c5849ddbb35e683f0a8f8b9743914b46a6ca1cdf1150b215df1bc20a10a62aa89ab957351ed07fa3a3d430e51f4d654faa8a921a4cebc71b05c0d6388dade9dc8d865c17f9976b248a26d4ca3d516c7745633c83761f41ec8605709717cd7496471242940e966d8c74e2b909550c668095458686c3849d5d67a30f629bcc2e44843249765dae1f403dad84b65a2bafdc1d5ed7ccbc2a3ada15774477918bd522d4354680461b5c086b7245fd4c67bd06ff7f99a14e1cdaa8a7b64398fb0cf3634b35c90267a5ec702f2198a5a92309c7a5bca48dd31ef66a1ee7f116a73174d0a6be005b35c0b2af7020226ba2e9db3d1d157b506e8b5ba15367346e05cb1475911135e843b4ca00"/466], 0x20}, 0x1, 0x0, 0x0, 0xc000}, 0xc080) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) setsockopt$nfc_llcp_NFC_LLCP_RW(r3, 0x118, 0x0, &(0x7f0000000240)=0x9a, 0x4) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) ioctl$KVM_TRANSLATE(0xffffffffffffffff, 0xc018ae85, &(0x7f00000002c0)={0x4000, 0x4, 0x1, 0xf8}) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) [ 1044.564601] ? sys_vfork+0x20/0x20 [ 1044.568141] do_syscall_64+0x1d5/0x640 [ 1044.572034] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1044.577216] RIP: 0033:0x45ca69 [ 1044.580395] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1044.588100] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1044.595364] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1044.602628] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1044.609890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1044.612488] audit: type=1804 audit(1590845949.484:1666): pid=610 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/692/file0/bus" dev="sda1" ino=17077 res=1 [ 1044.617150] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:09 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r2, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) fchdir(r1) [ 1044.850833] audit: type=1804 audit(1590845949.624:1667): pid=610 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/692/file0/bus" dev="sda1" ino=17077 res=1 [ 1044.885263] audit: type=1804 audit(1590845949.664:1668): pid=610 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/692/file0/bus" dev="sda1" ino=17077 res=1 13:39:09 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r1 = syz_open_dev$media(&(0x7f0000000080)='/dev/media#\x00', 0x3ff, 0x10400) getsockopt$rose(r1, 0x104, 0x5, &(0x7f00000000c0), &(0x7f0000000100)=0x4) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = socket$alg(0x26, 0x5, 0x0) dup2(r2, r0) 13:39:09 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000300)={0x10003, 0x1, 0x100000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x40012003, &(0x7f0000000440)={0x2, 0x4e20, @multicast2}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000000180)={0x5, 0xfffffffffffffffd, 0x8, 0x3ff, 0x6}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:09 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x1c92be, 0xa) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x6000, 0x1) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) ioctl$IMHOLD_L1(r1, 0x80044948, &(0x7f0000000000)=0xffff) [ 1045.015803] audit: type=1804 audit(1590845949.894:1669): pid=633 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/693/file0/bus" dev="sda1" ino=17076 res=1 13:39:10 executing program 2 (fault-call:10 fault-nth:76): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:10 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:10 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$TIOCMBIC(r2, 0x5417, &(0x7f0000000000)=0x5) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:10 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r4, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r4, 0xfff}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f0000000180)={r4, 0x4, 0x56dd, 0x8}, &(0x7f00000001c0)=0x10) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) r5 = socket(0x0, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=ANY=[@ANYBLOB="ea66bcf677a063a76dda0319fd2f24ce0b0eea5d708e56f24cc2cd17db32e3f2ef827ee9a19dd5392ad44a2576f57edc7b08cc766f38796488aaafa5400e8f454b741ecd2d4051b1ca6d22e8675dc46ad4609806371fb260ae6132630c0b894002a5a867345fc031ca32d91c5b1d96aa16c929e69f02153a2e35f475dbe1d1fa9e8eeb7481c15709392f45cca6a132edaaec6aadd3b552a1876ea99268413f9e4a6f5032d2996bd0671732b30f669f3bd42b4b275d69ac8854e9f5b78bb2673cac3890ade47cc0423c13b8bf92e9ec344adeab81fd27aa72c2783b", @ANYRESOCT, @ANYBLOB="0f00030000000b00e0ff0a000600050006800000"], 0x2c}}, 0x0) r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000240)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_LISTDEF(r5, &(0x7f0000000380)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x54, r6, 0x300, 0x70bd2a, 0x0, {}, [@NLBL_MGMT_A_IPV4ADDR={0x8}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_DOMAIN={0x9, 0x1, 'TIPC\x00'}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @local}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @private=0xa010100}]}, 0x54}}, 0x0) sendmsg$NLBL_MGMT_C_PROTOCOLS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x80, r6, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private2={0xfc, 0x2, [], 0x1}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xf}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x2}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x29}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @loopback}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x64010100}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x23}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000800}, 0x4000840) 13:39:10 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x2000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:10 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) fchdir(r1) getsockopt$netrom_NETROM_T4(r1, 0x103, 0x6, &(0x7f0000000080)=0x200, &(0x7f00000000c0)=0x4) socket$alg(0x26, 0x5, 0x0) accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000100)) r2 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r2, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r3, r4) [ 1045.199855] audit: type=1804 audit(1590845949.924:1670): pid=633 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/693/file0/bus" dev="sda1" ino=17076 res=1 13:39:10 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000000)=@abs={0x1}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:10 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f00000000c0)=&(0x7f0000000080)) prctl$PR_SET_UNALIGN(0x6, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000100)=""/187) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = socket$alg(0x26, 0x5, 0x0) dup2(r2, r0) [ 1045.260746] audit: type=1804 audit(1590845949.924:1671): pid=633 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/693/file0/bus" dev="sda1" ino=17076 res=1 13:39:10 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000000)=@abs={0x1}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1045.383374] FAULT_INJECTION: forcing a failure. [ 1045.383374] name failslab, interval 1, probability 0, space 0, times 0 [ 1045.391158] audit: type=1804 audit(1590845950.164:1672): pid=665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/694/file0/bus" dev="sda1" ino=16990 res=1 [ 1045.419520] CPU: 1 PID: 682 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1045.427239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1045.436590] Call Trace: [ 1045.439182] dump_stack+0x1b2/0x283 [ 1045.442815] should_fail.cold+0x10a/0x154 [ 1045.446973] should_failslab+0xd6/0x130 [ 1045.450949] kmem_cache_alloc_trace+0x2b7/0x3f0 [ 1045.455616] ? kmem_cache_alloc+0x35f/0x3c0 [ 1045.459938] copy_pid_ns+0x1f8/0xa70 [ 1045.463649] ? copy_ipcs+0x44/0x3f0 [ 1045.467273] create_new_namespaces+0x25f/0x730 [ 1045.471855] copy_namespaces+0x27b/0x310 [ 1045.475916] copy_process.part.0+0x2616/0x6fa0 13:39:10 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000000)=@abs={0x1}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1045.480500] ? get_pid_task+0xb8/0x130 [ 1045.484385] ? proc_tid_io_accounting+0x20/0x20 [ 1045.489064] ? __cleanup_sighand+0x40/0x40 [ 1045.493292] ? lock_downgrade+0x6e0/0x6e0 [ 1045.497445] _do_fork+0x180/0xc80 [ 1045.500898] ? fork_idle+0x270/0x270 [ 1045.504609] ? fput+0xb/0x140 [ 1045.507741] ? SyS_write+0x14d/0x210 [ 1045.511452] ? SyS_read+0x210/0x210 [ 1045.515079] ? do_syscall_64+0x4c/0x640 [ 1045.519050] ? sys_vfork+0x20/0x20 [ 1045.522587] do_syscall_64+0x1d5/0x640 [ 1045.526476] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1045.531658] RIP: 0033:0x45ca69 [ 1045.534835] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1045.542528] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1045.549790] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1045.557085] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1045.564346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1045.571601] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:10 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:10 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) ioctl$DRM_IOCTL_GET_STATS(r0, 0x80f86406, &(0x7f00000001c0)=""/173) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x80000, 0x800000, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000000)=0x1) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:10 executing program 2 (fault-call:10 fault-nth:77): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:10 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x24882, 0x0) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r2, r1, 0x0, 0x9, &(0x7f00000000c0)='/dev/dsp\x00', 0xffffffffffffffff}, 0x30) r4 = syz_open_procfs(r3, &(0x7f0000000100)='net/ipx\x00') ioctl$RTC_WIE_OFF(r4, 0x7010) fchdir(r4) ioctl$SNDCTL_DSP_SETTRIGGER(r4, 0x40045010, &(0x7f0000000040)=0x80000000) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)=0x5) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r5 = socket$alg(0x26, 0x5, 0x0) dup2(r5, r0) 13:39:10 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:10 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xa8, 0x0, 0x1, 0x301, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_LABELS_MASK={0x2c, 0x17, [0x9, 0x7, 0x1f, 0x9, 0x0, 0x7, 0x5, 0x27, 0x8b, 0x7fffffff]}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x9}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_NAT_DST={0x34, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @private0={0xfc, 0x0, [], 0x1}}, @CTA_NAT_V4_MINIP={0x8, 0x1, @multicast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @ipv4={[], [], @remote}}]}]}, 0xa8}, 0x1, 0x0, 0x0, 0x200480d0}, 0x44855) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 13:39:10 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x401200) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) 13:39:10 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) r2 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc6, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000200)={r2, r2}, &(0x7f00000000c0)=""/83, 0x53, 0x0) r3 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$setperm(0x5, r3, 0x0) keyctl$search(0xa, r2, &(0x7f0000000000)='cifs.idmap\x00', &(0x7f00000000c0)={'syz', 0x1}, r3) socketpair(0x0, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) ioctl$SCSI_IOCTL_START_UNIT(r4, 0x5) 13:39:11 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1046.242326] FAULT_INJECTION: forcing a failure. [ 1046.242326] name failslab, interval 1, probability 0, space 0, times 0 [ 1046.253766] CPU: 0 PID: 742 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1046.261659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1046.271011] Call Trace: [ 1046.273602] dump_stack+0x1b2/0x283 [ 1046.277233] should_fail.cold+0x10a/0x154 [ 1046.281385] should_failslab+0xd6/0x130 [ 1046.285362] kmem_cache_alloc+0x28e/0x3c0 13:39:11 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x361082, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) setsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000000200), 0x4) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x1f) open_by_handle_at(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="850000006c3300008094acfd84856f9493d643989a33e7ae9c572940e8e04405ab5962171110121ed08768933db29bdd3d238fb9f19da5f8786d487fb024147809fd66cc65413c0eafc04d6440d74ffbfadc66933a3e882e4c5bf3a070c905bb1661c8eef101047fea54cea0187d1750c4cae698685864e2f3ee00"/133], 0x40801) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff}) r6 = inotify_init1(0x0) inotify_add_watch(r6, &(0x7f0000000040)='./control\x00', 0xa4000960) sendfile(r5, r6, &(0x7f0000000180)=0x9, 0x1) dup2(r3, r0) 13:39:11 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000080)={'team0\x00', {0x2, 0x4e21, @local}}) [ 1046.289515] alloc_pid+0x5a/0xc40 [ 1046.292973] ? create_new_namespaces+0x3ab/0x730 [ 1046.297727] ? memcpy+0x35/0x50 [ 1046.301016] ? copy_thread_tls+0x3c2/0x7a0 [ 1046.305257] copy_process.part.0+0x27e8/0x6fa0 [ 1046.309840] ? get_pid_task+0xb8/0x130 [ 1046.313837] ? proc_tid_io_accounting+0x20/0x20 [ 1046.318513] ? __cleanup_sighand+0x40/0x40 [ 1046.322744] ? lock_downgrade+0x6e0/0x6e0 [ 1046.326895] _do_fork+0x180/0xc80 [ 1046.330348] ? fork_idle+0x270/0x270 [ 1046.334061] ? fput+0xb/0x140 [ 1046.337164] ? SyS_write+0x14d/0x210 [ 1046.340872] ? SyS_read+0x210/0x210 [ 1046.344491] ? SyS_clock_settime+0x1a0/0x1a0 [ 1046.348895] ? do_syscall_64+0x4c/0x640 [ 1046.352865] ? sys_vfork+0x20/0x20 [ 1046.356403] do_syscall_64+0x1d5/0x640 [ 1046.360292] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1046.365473] RIP: 0033:0x45ca69 [ 1046.368656] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1046.376361] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1046.383623] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 13:39:11 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$KVM_SET_TSC_KHZ(r2, 0xaea2, 0x95) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000000c0)={'wg1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r2, 0x8933, &(0x7f0000000100)={'wg1\x00', r3}) write$UHID_INPUT(r1, &(0x7f0000000240)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e9900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dabd759c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000fba110660000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d86000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d80000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000a8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) r4 = socket$alg(0x26, 0x5, 0x0) dup2(r4, r0) [ 1046.390886] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1046.398150] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1046.405443] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:11 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:11 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r1, &(0x7f0000000180)=""/3, 0x3) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:11 executing program 2 (fault-call:10 fault-nth:78): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:11 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r0) r1 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0xc03d, 0x12000) ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, &(0x7f0000000240)) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r2, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r3 = socket$alg(0x26, 0x5, 0x0) dup2(r3, r2) 13:39:11 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:11 executing program 4: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) sched_setscheduler(r0, 0x1, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r1, 0x208200) r2 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) read(r2, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) 13:39:11 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x511080, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x0, 0x0, 0x0, 0x0, 0xff, 0x2, 0x6, 0x6, 0x0, 0x400000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffe], 0x0, 0x100400}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}, 0x1, 0x0, 0x0, 0x4040011}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:11 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000080)={r3, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000001c0)=0x9c) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000003c0)={r3, 0xfff}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0xccb5, 0x800d, 0x4, 0x400, r3}, &(0x7f00000000c0)=0x10) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) mmap$snddsp_control(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x3000005, 0x100010, r4, 0x83000000) 13:39:11 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:11 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000080)=0x8) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = socket$alg(0x26, 0x5, 0x0) dup2(r2, r0) [ 1047.152102] FAULT_INJECTION: forcing a failure. [ 1047.152102] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1047.164083] CPU: 1 PID: 803 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1047.171784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1047.181119] Call Trace: [ 1047.183690] dump_stack+0x1b2/0x283 [ 1047.187298] should_fail.cold+0x10a/0x154 [ 1047.191447] __alloc_pages_nodemask+0x22b/0x2730 [ 1047.196188] ? lock_downgrade+0x6e0/0x6e0 [ 1047.200314] ? check_preemption_disabled+0x35/0x240 [ 1047.205310] ? __mutex_unlock_slowpath+0x75/0x780 [ 1047.210128] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1047.214951] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1047.219953] ? pcpu_alloc+0xe1/0xf70 [ 1047.223651] alloc_pages_current+0xe7/0x1e0 [ 1047.227951] ? __lockdep_init_map+0x100/0x560 [ 1047.232432] __get_free_pages+0xb/0x40 [ 1047.236298] mount_fs+0x1c7/0x2a0 [ 1047.239731] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1047.244205] ? alloc_pid+0x5a/0xc40 [ 1047.247810] kern_mount_data+0x51/0xb0 [ 1047.251676] pid_ns_prepare_proc+0x1a/0x80 [ 1047.255889] alloc_pid+0x9be/0xc40 [ 1047.259415] copy_process.part.0+0x27e8/0x6fa0 [ 1047.263979] ? get_pid_task+0xb8/0x130 [ 1047.267845] ? proc_tid_io_accounting+0x20/0x20 [ 1047.272496] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1047.277240] ? __cleanup_sighand+0x40/0x40 [ 1047.281452] ? lock_downgrade+0x6e0/0x6e0 [ 1047.285696] _do_fork+0x180/0xc80 [ 1047.289145] ? fork_idle+0x270/0x270 [ 1047.292848] ? fput+0xb/0x140 [ 1047.296020] ? SyS_write+0x14d/0x210 [ 1047.299722] ? SyS_read+0x210/0x210 [ 1047.303328] ? SyS_clock_settime+0x1a0/0x1a0 [ 1047.307715] ? do_syscall_64+0x4c/0x640 [ 1047.311665] ? sys_vfork+0x20/0x20 [ 1047.315183] do_syscall_64+0x1d5/0x640 [ 1047.319058] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1047.324225] RIP: 0033:0x45ca69 [ 1047.327394] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1047.335087] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1047.342335] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1047.349594] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1047.356840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1047.364086] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:12 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r1, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r1, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r1, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:12 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x1ff, 0x2, 0x0, 0x0, 0x0, 0x8, 0x80000fb, 0x0, 0x6, 0x2, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @empty}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:12 executing program 5: openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:12 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:12 executing program 2 (fault-call:10 fault-nth:79): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:12 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:12 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x280000, 0x0) 13:39:12 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000080)=0xd5, 0x4) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r2 = socket$alg(0x26, 0x5, 0x0) dup2(r2, r0) 13:39:12 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1048.090158] FAULT_INJECTION: forcing a failure. [ 1048.090158] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1048.102087] CPU: 0 PID: 847 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1048.109801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1048.119152] Call Trace: [ 1048.121744] dump_stack+0x1b2/0x283 [ 1048.125375] should_fail.cold+0x10a/0x154 [ 1048.129531] __alloc_pages_nodemask+0x22b/0x2730 [ 1048.134291] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1048.139737] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1048.144754] ? __alloc_pages_nodemask+0x1a8a/0x2730 [ 1048.149769] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1048.154529] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1048.159372] ? _find_next_bit+0x1b/0x100 [ 1048.163428] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1048.168274] alloc_pages_current+0xe7/0x1e0 [ 1048.172592] __get_free_pages+0xb/0x40 [ 1048.176475] selinux_sb_copy_data+0x28/0x380 [ 1048.180884] security_sb_copy_data+0x6e/0xa0 [ 1048.185290] mount_fs+0x1e7/0x2a0 [ 1048.188743] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1048.193240] kern_mount_data+0x51/0xb0 [ 1048.197127] pid_ns_prepare_proc+0x1a/0x80 [ 1048.201357] alloc_pid+0x9be/0xc40 [ 1048.204906] copy_process.part.0+0x27e8/0x6fa0 [ 1048.209493] ? get_pid_task+0xb8/0x130 [ 1048.213377] ? proc_tid_io_accounting+0x20/0x20 [ 1048.218052] ? __cleanup_sighand+0x40/0x40 [ 1048.222283] ? lock_downgrade+0x6e0/0x6e0 [ 1048.226435] _do_fork+0x180/0xc80 [ 1048.229893] ? fork_idle+0x270/0x270 [ 1048.233605] ? fput+0xb/0x140 [ 1048.236709] ? SyS_write+0x14d/0x210 [ 1048.240420] ? SyS_read+0x210/0x210 [ 1048.244043] ? SyS_clock_settime+0x1a0/0x1a0 [ 1048.248458] ? do_syscall_64+0x4c/0x640 [ 1048.252458] ? sys_vfork+0x20/0x20 [ 1048.256000] do_syscall_64+0x1d5/0x640 [ 1048.259907] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1048.265094] RIP: 0033:0x45ca69 [ 1048.268276] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1048.276087] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1048.283349] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1048.290614] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1048.297877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1048.305140] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:13 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:13 executing program 5: socketpair$unix(0x1, 0x2, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:13 executing program 0: ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, &(0x7f0000000040)) ioctl$int_in(0xffffffffffffffff, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r0 = socket$alg(0x26, 0x5, 0x0) r1 = shmget$private(0x0, 0x2000, 0x1, &(0x7f0000ffb000/0x2000)=nil) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) ioctl$TIOCL_GETSHIFTSTATE(r2, 0x541c, &(0x7f0000000180)={0x6, 0x1}) shmctl$SHM_LOCK(r1, 0xb) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r3) ioctl$KVM_TRANSLATE(r3, 0xc018ae85, &(0x7f0000000140)={0x3000, 0x2, 0x8, 0x3f, 0x1}) r4 = dup2(r0, 0xffffffffffffffff) r5 = accept4$tipc(r4, 0x0, &(0x7f0000000080), 0x1800) read(r5, &(0x7f00000000c0)=""/81, 0x51) 13:39:13 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000, 0x0, 0x6]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000380)={[0x6a72, 0x0, 0x0, 0x2aa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:13 executing program 5: socketpair$unix(0x1, 0x2, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:13 executing program 5: socketpair$unix(0x1, 0x2, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:13 executing program 2 (fault-call:10 fault-nth:80): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:13 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:13 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) connect$l2tp(r4, &(0x7f0000000000)={0x2, 0x0, @remote, 0x3}, 0x10) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) write$binfmt_misc(r1, &(0x7f0000000480)=ANY=[@ANYRESDEC=r3, @ANYBLOB="25caed9276a1545706eb4990e2c0b2c9812da6b33ff56d01ff1641172b9390ca4cd57ba6e47204d5bd0ec838cd3fc99fc1f00b45418442037835566179082f4e4aa83eff15d5bf469520d4e1e4a1a496145c3935e88f8c53ad9c2f4babcca81a4250ba9eac8f6a69b6cc74f0cd4660e711ccf1eed0d9e931b194bdf0aa7f6a467e492c7b35925828d5e4b746a3ecd35471f4137471d1d7a9f3f30486153488e35fd8f25874462ce18b0561fe1ca6d044605ddc9841ccb165d28f8778fb2d88c4550eaacdd99f1168294584c798558abc7cd334defe1cc12dda012dc9866f457022e40f89cacede00"/242, @ANYRESOCT=r1, @ANYRES16=r5, @ANYRES16], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) splice(r0, 0x0, r2, 0x0, 0x7f, 0x7) [ 1049.029916] FAULT_INJECTION: forcing a failure. [ 1049.029916] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1049.042041] CPU: 1 PID: 900 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1049.049755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.059102] Call Trace: [ 1049.061689] dump_stack+0x1b2/0x283 [ 1049.065321] should_fail.cold+0x10a/0x154 [ 1049.069472] __alloc_pages_nodemask+0x22b/0x2730 [ 1049.074228] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1049.079688] ? rcu_read_lock_sched_held+0x10a/0x130 [ 1049.084706] ? __alloc_pages_nodemask+0x1a8a/0x2730 [ 1049.089733] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1049.097520] ? lock_downgrade+0x6e0/0x6e0 [ 1049.101666] ? check_preemption_disabled+0x35/0x240 [ 1049.106683] ? __mutex_unlock_slowpath+0x75/0x780 [ 1049.111529] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1049.116386] alloc_pages_current+0xe7/0x1e0 [ 1049.120706] __get_free_pages+0xb/0x40 [ 1049.124591] selinux_sb_copy_data+0x28/0x380 13:39:13 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x2, 0x3, 0x3000, 0x2000, &(0x7f0000001000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x7c, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffd]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1049.128999] security_sb_copy_data+0x6e/0xa0 [ 1049.133405] mount_fs+0x1e7/0x2a0 [ 1049.136858] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1049.141347] ? alloc_pid+0x5a/0xc40 [ 1049.144972] kern_mount_data+0x51/0xb0 [ 1049.148864] pid_ns_prepare_proc+0x1a/0x80 [ 1049.153091] alloc_pid+0x9be/0xc40 [ 1049.156639] copy_process.part.0+0x27e8/0x6fa0 [ 1049.161215] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1049.165712] ? finish_task_switch+0x178/0x610 [ 1049.170202] ? finish_task_switch+0x14d/0x610 [ 1049.174692] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1049.179217] ? __cleanup_sighand+0x40/0x40 [ 1049.183450] ? lock_downgrade+0x6e0/0x6e0 [ 1049.187601] _do_fork+0x180/0xc80 [ 1049.191055] ? fork_idle+0x270/0x270 [ 1049.194762] ? fput+0xb/0x140 [ 1049.197862] ? SyS_write+0x14d/0x210 [ 1049.201571] ? SyS_read+0x210/0x210 [ 1049.205194] ? SyS_clock_settime+0x1a0/0x1a0 [ 1049.209597] ? do_syscall_64+0x4c/0x640 [ 1049.213569] ? sys_vfork+0x20/0x20 [ 1049.217106] do_syscall_64+0x1d5/0x640 [ 1049.220994] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1049.226180] RIP: 0033:0x45ca69 [ 1049.229360] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1049.237061] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1049.244322] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1049.251582] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1049.258846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1049.266108] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:14 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:14 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(0xffffffffffffffff, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:14 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000200)={0x80, 0x5, 0x0, 0x8, 0xffffffff}) pkey_alloc(0x0, 0x0) socket$bt_bnep(0x1f, 0x3, 0x4) r2 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[], 0xfffffecc) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000080)) socket$netlink(0x10, 0x3, 0xa) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/hci\x00') fchdir(r3) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) ioctl$KDSKBMETA(r4, 0x4b63, &(0x7f0000000000)=0x2) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpu.stat\x00', 0x0, 0x0) setsockopt$netrom_NETROM_N2(r5, 0x103, 0x3, &(0x7f0000000280)=0x7f8, 0x4) ioctl$KVM_SET_PIT2(r3, 0x4070aea0, &(0x7f0000000180)={[{0x0, 0x1, 0x4, 0x1, 0x9, 0x4, 0x2, 0x8, 0x3, 0x5, 0x2, 0x40, 0x3ff}, {0xc8e, 0x9, 0x9, 0x3, 0x3, 0x1, 0x4b, 0x1, 0x3f, 0xba, 0x2, 0x4, 0xd065}, {0x1, 0x4, 0xff, 0x26, 0x0, 0x7f, 0x0, 0x5, 0xe5, 0x2, 0x6, 0x3, 0x4d}]}) splice(r0, 0x0, r1, 0x0, 0x4ffe0, 0x0) ioctl$SIOCX25CALLACCPTAPPRV(r0, 0x89e8) 13:39:14 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, 0x0, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:14 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x111e80, 0x1c1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:14 executing program 2 (fault-call:10 fault-nth:81): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:14 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, 0x0, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1049.919321] FAULT_INJECTION: forcing a failure. [ 1049.919321] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1049.931138] CPU: 1 PID: 958 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1049.938842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.948186] Call Trace: [ 1049.950775] dump_stack+0x1b2/0x283 [ 1049.954412] should_fail.cold+0x10a/0x154 [ 1049.958561] __alloc_pages_nodemask+0x22b/0x2730 [ 1049.963318] ? check_preemption_disabled+0x35/0x240 13:39:14 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, 0x0, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:14 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1049.968338] ? finish_task_switch+0x178/0x610 [ 1049.972832] ? lock_downgrade+0x6e0/0x6e0 [ 1049.976979] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1049.981820] ? trace_hardirqs_on+0x10/0x10 [ 1049.986057] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1049.990553] ? __schedule+0x8ae/0x1d70 [ 1049.994443] cache_grow_begin+0x91/0x410 [ 1049.998505] cache_alloc_refill+0x28c/0x360 [ 1050.002829] kmem_cache_alloc_trace+0x35b/0x3f0 [ 1050.007495] ? proc_get_inode+0x620/0x620 [ 1050.011637] sget_userns+0x102/0xc30 [ 1050.015345] ? get_empty_filp.cold+0x37/0x37 [ 1050.019750] ? set_anon_super+0x20/0x20 [ 1050.023723] ? proc_get_inode+0x620/0x620 [ 1050.027866] mount_ns+0x65/0x180 [ 1050.031229] mount_fs+0x92/0x2a0 [ 1050.034598] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1050.039089] ? alloc_pid+0x5a/0xc40 [ 1050.042715] kern_mount_data+0x51/0xb0 [ 1050.046599] pid_ns_prepare_proc+0x1a/0x80 [ 1050.050828] alloc_pid+0x9be/0xc40 [ 1050.054376] copy_process.part.0+0x27e8/0x6fa0 [ 1050.058957] ? trace_hardirqs_on+0x10/0x10 [ 1050.063184] ? _raw_spin_unlock_irq+0x24/0x90 [ 1050.067674] ? __cleanup_sighand+0x40/0x40 [ 1050.071886] ? lock_downgrade+0x6e0/0x6e0 [ 1050.076013] ? _raw_spin_unlock_irq+0x24/0x90 [ 1050.080490] _do_fork+0x180/0xc80 [ 1050.083927] ? fork_idle+0x270/0x270 [ 1050.087618] ? firmware_map_remove+0x18f/0x18f [ 1050.092182] ? do_syscall_64+0x4c/0x640 [ 1050.096141] ? sys_vfork+0x20/0x20 [ 1050.099662] do_syscall_64+0x1d5/0x640 [ 1050.103545] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1050.108710] RIP: 0033:0x45ca69 [ 1050.111877] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 13:39:15 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1050.119561] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1050.126807] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1050.134063] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1050.141310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1050.148557] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:15 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:15 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f000000b180)=[{{0x0, 0x0, &(0x7f0000002e00)=[{&(0x7f00000002c0)=""/163, 0xa3}], 0x1}}], 0x1, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000140)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r1, &(0x7f00000017c0), 0x1d0, 0xf0ff7f) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)={0x8000}) r3 = open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r2, 0x208200) r4 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r4, 0x0) read(r3, &(0x7f0000000180)=""/51, 0x6) socketpair(0x0, 0x0, 0x0, 0x0) r5 = syz_open_procfs(0x0, 0x0) fchdir(r5) 13:39:15 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000080)=0xaee) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) r3 = syz_genetlink_get_family_id$ethtool(0x0) setuid(0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r4) fstat(r4, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f0000000400)={0x90, 0xffffffffffffffda, 0x1, {0x2, 0x0, 0x8001, 0x6, 0x794f, 0x800, {0x4, 0x80000001, 0x401, 0xffffffffffffff69, 0x4, 0xd8, 0x8001, 0x40, 0x1, 0x0, 0xffffffff, 0x0, r5, 0x8, 0xfff}}}, 0x90) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="00c127bdd400fbdb00040001800000000000"], 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_SET(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x3}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x1}]}, 0x24}}, 0x10) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r6 = socket$alg(0x26, 0x5, 0x0) dup2(r6, r0) 13:39:15 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1050.537906] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=978 comm=syz-executor.0 13:39:15 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:15 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0xfffffecc) socket$netlink(0x10, 0x3, 0xa) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x131000, 0x0) splice(r3, 0x0, r1, 0x0, 0x4ffe0, 0x0) 13:39:15 executing program 2 (fault-call:10 fault-nth:82): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 1050.586889] kauditd_printk_skb: 15 callbacks suppressed [ 1050.586898] audit: type=1804 audit(1590845955.465:1688): pid=983 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/699/bus" dev="sda1" ino=17006 res=1 [ 1050.672611] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=984 comm=syz-executor.0 [ 1050.739242] audit: type=1804 audit(1590845955.505:1689): pid=983 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/699/bus" dev="sda1" ino=17006 res=1 13:39:15 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1050.862126] FAULT_INJECTION: forcing a failure. [ 1050.862126] name failslab, interval 1, probability 0, space 0, times 0 [ 1050.874352] CPU: 1 PID: 1010 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1050.882158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1050.891512] Call Trace: [ 1050.894086] dump_stack+0x1b2/0x283 [ 1050.897712] should_fail.cold+0x10a/0x154 [ 1050.901844] should_failslab+0xd6/0x130 [ 1050.905799] __kmalloc+0x2c1/0x400 [ 1050.909322] ? __list_lru_init+0x67/0x650 [ 1050.913542] __list_lru_init+0x67/0x650 [ 1050.917503] sget_userns+0x4e4/0xc30 [ 1050.921207] ? get_empty_filp.cold+0x37/0x37 [ 1050.925598] ? set_anon_super+0x20/0x20 [ 1050.929555] ? proc_get_inode+0x620/0x620 [ 1050.933684] mount_ns+0x65/0x180 [ 1050.937034] mount_fs+0x92/0x2a0 [ 1050.940386] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1050.944861] ? alloc_pid+0x5a/0xc40 [ 1050.948481] kern_mount_data+0x51/0xb0 [ 1050.952352] pid_ns_prepare_proc+0x1a/0x80 [ 1050.956565] alloc_pid+0x9be/0xc40 [ 1050.960099] copy_process.part.0+0x27e8/0x6fa0 [ 1050.964671] ? check_preemption_disabled+0x35/0x240 [ 1050.969670] ? perf_trace_lock+0x109/0x4b0 [ 1050.973887] ? perf_trace_lock_acquire+0x4b0/0x4b0 [ 1050.978808] ? __cleanup_sighand+0x40/0x40 [ 1050.983023] ? lock_downgrade+0x6e0/0x6e0 [ 1050.987161] _do_fork+0x180/0xc80 [ 1050.990597] ? fork_idle+0x270/0x270 [ 1050.994295] ? fput+0xb/0x140 [ 1050.997382] ? SyS_write+0x14d/0x210 [ 1051.001076] ? SyS_read+0x210/0x210 [ 1051.004687] ? SyS_clock_settime+0x1a0/0x1a0 [ 1051.009074] ? do_syscall_64+0x4c/0x640 [ 1051.013038] ? sys_vfork+0x20/0x20 [ 1051.016561] do_syscall_64+0x1d5/0x640 [ 1051.020437] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1051.025605] RIP: 0033:0x45ca69 [ 1051.028772] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1051.036461] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1051.043710] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1051.050959] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1051.058209] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1051.065456] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1051.186571] audit: type=1804 audit(1590845955.515:1690): pid=983 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/699/bus" dev="sda1" ino=17006 res=1 13:39:16 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = ioctl$TIOCGPTPEER(r1, 0x5441, 0x18e0) r3 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r3, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r3, 0x0) dup2(r2, r3) 13:39:16 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:16 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x9, 0xfffffffffffffffd, 0x0, 0x2000, 0x84a6]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:16 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:16 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') r3 = inotify_init1(0x0) inotify_add_watch(r3, &(0x7f0000000040)='./control\x00', 0xa4000960) r4 = inotify_init1(0x800) fchdir(r4) sendmsg$AUDIT_TTY_GET(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f8, 0x100, 0x70bd28, 0x25dfdbfd, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x48001}, 0x20000080) dup2(r1, r0) 13:39:16 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) listxattr(&(0x7f0000000000)='./bus\x00', &(0x7f0000000440)=""/4096, 0x1000) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) sendmsg$kcm(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000002600)=[{&(0x7f00000000c0)="f78b77a97160df", 0x7}, {&(0x7f00000002c0)="aa6966443ae407689ed687d6cefb6538701b201ea3811b7a8f267560dd39fcc2f00c3f222224d1d58e573126fa204a7f1b8bd0a70ebc1b0ed2cb5420171e0452d09f61bae9b8092156069f73fed3883e9773f46514e45e423b515df085c76f98607c51d73dc86936ed9b3abb278d6001bb846e89f7d93c50f9fd06be447bd1be3b1e6cb6380542c34bee886c328eb5bd7529c2d65ee51f69b0c3904f6f68adfc7bf8113b146c55a616a0278f0ba51418dc5dc6cccda2ae820353320e5c4b1d2ca7eb8a81b9109979d9dd34876d0b0d2a6b", 0xd1}, {&(0x7f00000001c0)="8d2f4b0a4cb41081f0663a8484c1b2d6d1ea817399d41698d8a0b5d4e206a4b14256e225bfbdf80d513e9bbf74ef4b4b80b0a5e466bf707a9ec8adb3ccb9452c520c5489df617e82a520e51da61b85543da1bdde1c467b96be1a09a4ac8f5297d59284c7f476388406a37c5ca00b1d5c3e", 0x71}, {&(0x7f0000000240)="c3c1a7083ed7cf2362ff6142fa68293657bf00", 0x13}, {&(0x7f0000001440)="fd4080043c5599ffdc8e28da42324dc3d8e7d19cb5f39ebc63f004a8c8f0e2e9db3ef8d9a9068fc249174a8670485cf9503364d75e7f9f0bd80b1cd5894e1b893c2a5b1f6793dd4204fbfde3595be2aa5c5be8082f034d7724d047ab689f53d991c2038d68c7eb4ef4be62fd5be6f286b0f2cf25c6f9d9b7441681508d73a58c223a0edbe048189e403869854148", 0x8e}, {&(0x7f0000001500)="be812cbff4d244ad7903687e741093e609b7c6bf1c7d507986412ebfab7e30b3f70b9f9793bcfdabb0e99f29124e61c47c81ce48c4bfb643c258c70720e38c17217b9d5dfee9dc491d0a01931c0c4ceba95c3124d1264d1e6ecc65ca46a28af838079b3015633672e2bd342186b3f0a9798dc8439c2601d1c80ddf95cf74bbc66e5ba122e0d7b57a6cb49e3b1f6b4985c8f410bed7176f92f24836cfc2112d69f7cac880b8c2aad11ce39ea78866614c20d2c5924737a82d2f12bc488821a4c7d49e4f847c773b853f4c5bd4df235243bcd739df6dcbb6ae126b8266902cb3", 0xdf}, {&(0x7f0000001600)="711660a1279eedbc68bc9f61c445eb113bdcffff1b7a8f040abcc0025a4a9764d0b13f2d3808f1fbf9d5b1b17ace5bb69268d46128eac31a2bf88a1924abc2677d938cbe2bd37cda733d1bf69b5d5ae3962150a45577848d1d27971e5b8b302b5c40d5f40bc090766949f8861e109ce22d742ee96a4fe2f120996cbdc221cdaf00e267280972dd2cc4721b853e4a6c2853e6b1c5081ad9a12eaec04f60a47533d3f495a87b8ab0298b623bef59d96c8ae0f66082949396b23034f93a74ed315847a7936a9b37866881bad5658e890a02e825bfa02cbe94dd8ba7e5603584ae1f33078cb061de85ee13359e161fe447d8daa51e7b54caad198e8d21a2fb3914588d2c7e292fa7b3ba3372497908f1d326f077a622eb3fe8742db11999b1f7a9c36fbb7b0bd72797658e58d8493f84a5b6cc648e82323305d45555b75b0dd5b663e596b54c85f8326e83ca4b63aae7ae50cf457edab3ea357a355a2fa2a78d2c80aa90fa07e86cf8d51b91cc2440969a0b0ca4597434432916b8b115ca66dc91c9a222477396e4534b6f94aaffa3ccd8936e1d5fb7a290b40cec70f04c3836560cbfe6a3af71b80478cb41fd2214dc25447b98b44cec3de37731ab45c7077a540ae7dfdf3ccbb29d98464d4146251d4a627c18cee1890a04ec33c75d5f5ec690a633fd88f6130f7bc9ff125ad509af127663d02e8d812aeb6484e2a959dc8e40e9fbbb7cd3f6c17f4c55adf96a27c42e24176443eebc21efe989f68376e300bc9ca6a93950f40722871bb5177be6d2c96f56b7f32338073953ad177a7c111322f53b48dcca07717f61a934790a9ec9adf04352626cfa9763b4d513f7ff3ff72e206630e7a579a0a79e37d5bbf4e7939e685ca98f168278710392db93266ed8fb6bbc4cd2917c253f23eb6a639098c293243277836f5d5afe7e44faaeceab66335626fbdb8a8a1f6a284908668caa9319ec2e108bf826f646229f625f59ad44088284518cc00d7db44dc0293264d8a45d817e16c84a8caea3bd32b30a0367f2cd4b44e341d8546636c95e4f4c9ca9cbefe38ce4c39110ecb1aa78c061ba797fe3e56bf878aa18315376c6bfd20332491820df5b3d11668c74af804ee76d58591c75ccabcfdf25428a70a45f5c12ffee03a4c2664a660f89e5ae2e00154d0094f2fd77e2675502bdf54c884c2d9a6159ecfd9a59c43194b58b0eefcad77544b3223a1cc17c9113ae5297271f8c00f0131d1f980d52d2e46115d44f516f6deb91570e24d7b5673d19ddff5c6a25d3ab148fc8cf4bce04c482fa9479a3c570654f2578bae7c309678fc981498f5d59b55ab6039ca5d68e75c09aa08279aa0e1ad613c47d281873651fcc62b36c86a0ef484f1426ddc6c00337936cffd6f499406a6dffa4c5895f2fdff91351dcb3adcf40863c68a39be368087323394f9c85d2ffd8aeca3094344a15657ceb75e276979fc45e7d1f4565e7fca985220c87d97d86540000bf9808c30325bafcc1940d8ba3bb998d9a8c58e9292ebd3801bebad8909436a14b5c5d768b52e4c089d61ffc120b55cda66fe97fee22792f31a50a29a142e7b9162dbaf21401e0bbe835ff3972d8399f5faf38b30397dc8dab957001adb0c4c9d25d47d907e9308966cc5540b501adc517fbed6e776c8b16d6e736e6ce0aca11ac15d57643e4a3c9f2ad6439133f69cb1c54bea0cb449e94418e9d50e47a1d33834a4f2f1c5ed1753e6d92a1b93f6f6e0d3f9aebd6225e3e4792f578ebb30c60f96e43e6425a7fd662668d5bd38e9f762835e6ba2d5e3d0d00ab5e140296ac38442e2602d231bd2ba0db4619ecec06be5529ba2b913704df4ace90ba9f2148b00ae052e29c496aae55705f7edb08d216c90924b667c0586e07c4fbff59ef007dcf72e0bf20f28d0c859d6886c874211b65dd6d492735cba52243509fdff8764e4650881ad364e9390135d75441c22143f628934766c4812fa3568e5856e7a4e46e3fd57b3d733b3be9bd955e0452722a13396dd0beb517319fb3ccea32b2788f2d6cfeab64c4f5d744714990d3cca424d5ddaa8a0151d36ea167f1185c4d5c2a48ae676cf3626bbd21427fb06e03132a86562fb145f0ad23e5ac5923f9c7634723747cb4c8d67ec8641a3e0a07b383572efe33c6e1d7d4229cd2ccdc814c48873a319d7683afa7cd6b5960b9ca0632520ed3a3e69d72b437d6aef51d2cb0692fd7c98edaf7f4ea7166eabed809b3482677cae38975094841a2eeb1c9ebdaad98a0283803b07b123521b5943b859658a418b2dae933432cdda90a6f675e763f51af992782aea420408898dbef633e769693ab3884c45887f6c0dbb35ea842c2e1dbffeb976d21c142c3b0e13114f0753e70c728feaafbab3dfaa39625f33af4bd8770aff823a375a007beb0dff688801fff16ececceddf3277c4f9aead2bb85bb5190cfbf8be10dbba3a0a164f096edbbda81616a04cfef165392432d6033cce588cd2f369a767914ef3bec0e25a68d7a4311e3f42153ed55b09b010d14d2c42f6d037477aa85a1c7d0010ce01cea1865dbf9d268ba2244e85c09aa4434e839b69c5e02c0446ee8f3a46850af5c9c1e766e71b464fc553231045b63a98c16144295bab126e4f4dfaaa8304a85588b51d5ce87e36661ee8913e080c997d232ce9cd33eb5ad1af06fccb8ef245c546535957a6ac5b9b9b3846b0f19527a11acef8077e58dd4cd2e07dc6720598e677b598beaffb65358c68fc807bfb03b21156d44b1518749f1380831db622a5e9a1456599af4bad72dee4997e4585d90d76dd6c66f8831bf51b817f45c54a3dcadf4fe7ce3e5d835830d11b11231f8f84b947a5cfbaffc9fde3f0bd9d4e8f0477fd35edf1ef59deeebb2a719c8bc261ec19d36bbe741bc47b8162b31c7f92bd4d9b9f69a0d188e75c87df3422fc219682d781561134365c5cb26e0662adcb919484712bf0ccb0f47b0f291cd9ffe8c4976bfe441ebeb267d3b7b1e964c42656b5d106e4240c88092feb8177c7d750ccbd2a0138c076bfd661609bcf56c413a949d0584dd6f7625521fcf27457bae0c500cbd950c5e0844bcaea325ea56cdf25c2e5ad2664b5b6f03dd166faacb19ea45691413f9b4230366ce6bfbb17d9cfb36d179b986f78b3aba8d1e15b13c4bca88d4d96505f2c277687c4e2ed22fbf47c0cf4d046a72a80cf517d9aed7d00fb34b1e6fd5d97bcf7c4656444fd562f4630de8c0d3eb2324aea79b897d057d6a0de3827390e550cdeec0926153afd7799b1ca741bd36d1d42e8b25ab3da88061e4fe8f5f75482bdcd71957d63996e2d1260afe1b34efe275ad6a95bb3d33f86e091a4c142c9a8d3c02a9be2a0781088b0cb1f0043a2752cfe047d128d0cf324d50793d2240db46b4402a18a080e87e895529b6eb06ee85d9d4b8895af218fe17856e7cd7bb213b72366ac107c2ccadcb5d68ed2b34037e136d4011e0d52945b9777e72429c6820fc8153f8bdc118da159e42d1bbe9e281978a6555577edb324733ce68a0158cc5ac3854abfceacea060a71eee0a6ee06fb77c301c00b93eeb813a596cbecd7b4fff7dda231fb516f8299d1ac677fbc0d93222d40ce60d5795122f84225505843dab6da0dfa3bb5867a7c8a8f8d8cc2bda0aa51cafdcf83707340a738a7d082dbe02937f433da099fc243e91f28ddc592e04125a2668874bc8dbc9729e79772f9ede148baaa094111ce9b589edaaf44b902a2bee5b6543cf3d2eaace4f26bf22690f17985dfc5997c85d22293334bc4df4d42908a80be2afaa98f283a2cb4c1932eb9f9fde69c11df5b830ceb58e97c8ed4bbae75c53d561ca3915d428d16d20efa491a8bb3077226cab24d58fe085dc31a18f800c0f3a3e8de7e171e3e447f04d7ffea06e114dea1c6cdbd1d3ed7d8503eaff5824d241667cadb0b3dc8316cde8b3742ad441eb0f0bdddd68b33f2518d6be035bf193c9802fe26f072eda71b0e4dd98f13f07988af3904801fddcdbfc0f7765fbbef455f7a331309d815dddbfed5173216addae28f74ff5d9c08ee77ad5cbf8ab58f21470a9af705c01c8675828aa4a699f763de9402be9b13371659b534d86af1527a6117b2acd38fc7e9044197eebbd4fae151a48d94b51100c5d91f6979a3d449aa4daf9ad5bb189a87ce829ccee81dfe2a2c581d1a2f19ed6ba2e8fdf55355b1b9db98bfed37ce3e2292404f0f5781163d4deedd7eb05d863f8bfefd0eb62d08cffaa70bc2561f7cfbbcb9171cba7208cf8b8c7e210975de9d3ccca213787fb61294b02a2db57a88f0fb9f73a54c060e69fef31da169ddf118795e156f4860baa6a30c9835b4fab50a846155812fb18b2aca396ce2440c218bcf2476e42ed49bde3cad2275fb1a11269a1a948cc10f7a9c2f6574b501ea8f03d4d7769818f22241b99a931a861988e0a377a52a51cca0e080d9a46ca36d4fc89418a4b7f574facced2fc6faf0c0638f5a246c1ed6553d0800db944d2c510c8a96a4ebe9b9a9947e61d4f524cd5cf18391b948a17de7ae434a1fe373e4e3f6501aaec3c2614e9672e6aa14a43416b1506590da36bffd5f02db9a24187c027d72eb94f2fde51de5433120d98a63a2c988661cf0768495f2a24c80792e65895b31cb0a0bb7a74b3033ca251ba65b262a90305b86ac116f1bd7e1e03327091e53f57fd05b221b11436476a2846af3f6e4c31773972ffafb683ccd7dcee58ea30302dd9e7a4d91e0b53f0398b7740082509090a72460fb1ff96a80037adf8329f1f986c8ba8a1f0e3390f3fa408ff2ca1bfbe2600eb9456d10d342776879a5ca1bda6e0f67dad97b0948f38ef094ef81146ac6d1e233cbf5fe737c2634471ade8e235051aacbcab5aa9c7233fe9e25323ee8897bcc2e00578486fdd6c442c0c63b7930fe68c3670d18f55dd516e943f17a7bd2a5537a5c68b27516e968bfb77b3d0b059a6945380277b02a8e37079843fb71c47383aed2dfff36f7ceb58eab64789297df96a44ace403051d7563436f00129c467c8e3c595755c9bd74f4ab04891dd892e40d9f1d328e760a1dd6af53730f645cedfa2a3314e9143542144c88a3670c214724d5cf3cb52d3c93014f4fbaecfcbe4bb34cfaab030cb71c9b0e9df1f8d6d42ca9ce0b1228e1aba21204a1c2aed990a7e06901d68328401abaa5de3d28549f7df5719f003c3efeaad2d745ac4903bb390878c6495c382506144a1011ce39f4dc6111867d42b209e9c2f612c05183de4ee6bdb3541c9f1f6e90078b44613cff013e51032a94e1190f15a6c59a6dee0d628ca8007fd99cef241ba5693ca0e94875d48ff57259fa4dde469702afa973f71a94f9a751a789bbedb5358a4de9226b05d3d58774e610bfcf382db9cf81a5be071049be9118a50455b4b183d502bd8882a3a326c185c06b08b835161a8f77e6364f0d750d5f48194ba597d62ba1c9b38ccb4b088848fb21cde84e792029c9db28af6d34fa607e34ce7959e503d69c9c79c527fffee7a65d72824e7147f5fd8e3eeec0c0c89147e5dd13a3eae11aabde42c9917d381eed5087c9f9142a6f9f8d127ca42722cc131aec02bd0776d922eb60122684193995c39c471d6f191ad9ab3bec12101c2642e9b6e2f5953258be0f86efd6a0ec645c44276dbca84a02883deb959423115fbc58a1a9714782414ee58b102358950e128cf97213b7b0e80e076bb293eedca91b5e924ff380e5e4ae8da3d73f535118cbc9a4d0095979d580de2de6d94ecfe4c47d03fb44917162918b4a3d811a4de7f6f672eaf4c92a922c", 0x1000}], 0x7, &(0x7f0000002680)=[{0xe0, 0x10c, 0x40, "e81d7a8ad035f10f082b89c529d78e48e901ee7af84bfcf8c4e779b79e96024aa6c2466c5c5138ff7ef39812e85af89f1d182bb51f7e55c7a51a511d86d78e1f88e29cdd0bf24e3f9b65bc8d6717f9457798d96cfca6664c542f65d4519c7c3690e6b2e74ce1dd4f09a61b3c5277f372976e9ead0cd28726f1b15fabe40f67f0ee055509f72438fdd1e5fcbb83b8440ce865f0f0f1ad2315a576fecd4cfad19ea205325c34945f4f5d662a79ef1d9186fd87ed04d76cb5cd3319a144832586e9ddea687c3811318fb30521"}, {0x1010, 0x88, 0x16, "f1373a59ac5b4dbab6d5811c7fea04e2b1fed392aac0dfff6070f318f33e00f4e9d71b111854306913daa1e74f1ddc87485fd29d8e06de925ac203b1743121dc7acaf5e0bf5076c0b1b3efd5c3016d310db7931fa7716d18a708aed38f2aee6add03d3a84a95be5cb5279fbbcedbe0041633add28734a0660506be32aa5219519659e60b536493b9c2f80364247585ef626d2117b44d72c64512b896201b46415b84d8207521554e900f1133c5ad0aba2e836333ad1c2b04657f2df315c9c0b580e3aff89fa565d2efeb2a2f816d2acc11662c40f8e27669712cb581d7845761726a4969e88065f7b3725e9a1488f1a64a91d060beb39d3f5f9518d67b8c5537747869e7171e940c907949ed4a0178f8cc355fa71655a55042f3c016b1a2fb639e099f7d03f143214e45fc043b4cd40e0676d18d25d00419781b46547b3efa86a3a6f121900eebc340e765dbf1c7823aa7446fc6ea19c94c418fe0d5af11d152f68aba8f6438e2d0a93353ec54a978d560d376be9c13c05088c7e8c825fc29f2f96d2ab102701b6b4f23814803df43285ac2e3ac342bf2dba2c4e67e5c70727db34ae7d9b64a50bd6d085925f3725346bf4f1cea09cf1af46ba83ac6534403d25f49d581b984aa4b8c481b0aff08180051e69f3c60b79faa4988c4972c28d4762040cb0192955eadf957df9cceb862a66b198586bb5f74d78f21100ba6e6101797fcf07c44cd1b8d2e64ea22cea0c553085a74256bcf62a1f4f6693adff8248d9d43332cf3102644f348251d4b46014ac10533186c2182ca1ed53200dba801a1421f1715104a56edf66284c28d8c708939a8c77a8344e054863e5bc56685387472e19d1b2138d38021c2ac5fc0b4f48250ca1c644f443842419d4c462a559e61ac7be58f12cd7dd42b2aaf37e501847252cb0ab8b7e002762d53d5f57a25bbbef34fa3a2fcabeba38e929aaa7fcaa17f34466a8e4a2462f8c51bdce850e1dc314a93f76780c72ccf1b0b6409a2344919050d1c5db55aebb0524b7bc55d185aaf5937f1f3a0f37162a34dede80db11737e442577f4f045ba4c0b2ee00b815f9be2b4339fba810ad05e7a055d6b9b1a03e9afb2f9d9870d2810c5b5800eb8e554636b75314cbd0a2528c1f25eba809c435f3ca832c0e6a799771a8cafda2a2a873b40b6f1b99d118363c7d704689cc4f4c32137fd5c9ae8ab5820f39ff4ee2c3e401a38fde98185070ced02ba6c6de7e04a9d189b370c7881673e2d95e01bb18938bef472056936686883ea18893fe63a4d87d090a5f16e7f5f0717f2a75df87271844ed9bc7a3a4435e932ec6bdfd5f630263168dbcc6f82c336f684abc511c980aefd6cfc72df40b2c19083092c8b63d05c151947a4118b49704d38a05cc27428630bf1eced1c63bd3d3937ea4a141b4713ce3261e93ce13278acb4a587f2ecb81cb1b0ec99fc1c9ad19d8e1720b5bb90d482d42cac20519ae2267a81abc840087707ce92243bc5eca28665709048fa72cd5f4b3cb6a7becdb50b751147c7fe576becb15c16d1873ef504498b50548138c3a912a7b0ea9a7584c88172c99e4e648228fc4a3e53bb8196d31079f1335cc3f76c8fbaefab94566370a0b9feb6b1b47dcfd7dc3970c7c5f99ff24a40306d998bf08b441d95d845cba3f7d3095a0a6c4ef921a55b504de5874340cb6e668c1d0e0be71dfa7f82b82ba59944cf571d244a07e38c58f461aefe0ce28feb0d36c6227542513ff7036a978603285312a62b9ea506461f71543df463bb88c8a3e790e91e976ffd147f38fa8c90ea3605f340414dfe0d20a375ca6c2344b14faff6312ec5966322c9887e5890228c24f3da64c05afae09f6922124122b09dc64d58a0da3ce32440df30ea945edc47063b3e8de1dc894a63ccd1e39c839c4022bb46327ce3d1b1a1d11d825dd50fcadafc37457c6353a3b29139147ae2242c8cdd87ee178c0283575674814726d1d96f5596b83928b93cb504d46658c22b21463215ee5cb080ce83d2f7d242996a2c64c77bbe507dba18659109902cc01c8497fe1d3b944c55cc8df6b87ed917482ef7acb6a6460bf578a3018c6fbad601f72cafa1aa3ce53efff4ea6bafcc83ed0e316435f5caa47aab87985f8744a00f331e9d502e0c3f5af7b48ed05b55f70b19813b257befb2cb01aa314a687bd6f870c03c362981aa29ba6ca366acb0e0cf09c31930a52e8bb21942738c4a0edba95f0798d42679e992aef21ab2925f79d31d604a65cbaccc29c030a49c7e23dc49265b1182524c244e7277450f4a90512924431f6362f42dc06bbdbe6bef2febfc3080968d1bd850800fc4142c1b3ae573dfe4dcd60ef5e61e26bf1d431707bca7621259c8641774557fe473c28961cde362f9449971cb1e0ca7900b01ece69c14ca70f6004f5763256b0300069e68be32e622d6629f649086841049885f41e98139624460ae12d5b6d5244767ffd06b8ff0bdee542f7a14b17870bca0653fcede3d4e9f0dc1e655e898416fee1b3b3c73188d29099f173de4a657f26457ae96b279701d482387c6d0c5812ce9760e052bb7d7dd508021752682bece4264b9a360ba1709ef531a60ece20045de13c00203fc61adc472db702fb2205658b7060b029bb157db5eda343c16d4bfed870ab4c68f2c5e61c3a04a316f15ed1f6b7dd50278d4494092289a90e335363cb48f426811245afb5d76c3311f78e6267d4dfb834a1d3d7da04bd90a5f05f007d775e3f3adad50d7ba40a0ceb93cb6576f1cfe1e162e4f8706659ccfae78bd8d6fc1f656ffb6b84b7ca2bb06e7fc3c1481709cdacfb3aac48a2b6713edea84cadf7623b2e09f090c99c6cc027be9f8adb0b20b9cd632c3ccb0d00ad3454b689ee2fea9eb32f4ba4d5e3f907e4e395b000adb47c11b06aa54addb7cfa629d00714d6ee6c5ba1626c39e2f8d4f73d71d9ca44c000c585779879d6560652b6d2a7e0ef8a6b1922e5cffb9f7951c748a6fdd22c3df452299c1cbc0a22677d440f0a1aeae112483d6d6d3bb019545e6482f18596df33586cb6277e37dca049e027c99c05c4ceed58204ee6f1ddaa3d356b1803b9028a17faa088165370972233a3b8875f71118f38482f91a7c65a94b03927e2bb3bf0a5ecf2fa323ee8f13360e4c00f7b03612612591a27b3426088d6ce4acad4bbe26e78633c413cd22badafc28475f66e46cbf9c89b9ca60399dc30b2d9bc28c1d95d54a576d241e1c3bf6efac820f7ea57e961acc4597ceeca273405d55758f13645c2904f9a4c1650b714e3fe968c91e3de3f17949c93e61f11aac155fc326f010280e76d4d663d65263bb3f0d6d0fdc00ba36bb9901a226d8e5e80d8fadcdc6d3f0312c1ee60fd02d5dd4787b086f36e7d24b9350e2fe86cccfd6b5485045608aa4912efa5b81d25ad7133195265e89bb0d641be29958a44cb36c54e15373bd0705ef715808dffaccb42934c5504d9425031d6e7b5cd556cb928982e28e80f9bcca4b5fe1c35eb87c7dfae12978e07a4e36ad20f3537e1fee29231db78eccc2bee6aa7623db05c5093db399992bffb3df5b4271814ae6fe4223b11295954afa2e89fd1a39f5a37a98a3c3030511a68fbb43262211adc4dcd578bd470b9f0d9cbb9cd591d2ab249e8b2b20ddbd276be6131b1464719c5fc84cf7ad62c15a0593ede19ec5f36530425feb9f76e4c5f6e9d0af211b109ba276424c6c58efcf789cb2438df36c690c856c244e86f07e57b8f9d8aa8e7a4e868e2e56a8d48356503051fe7ca0413c5ff8f959c047f2b7370b1aa0cb54bd29d8d15621e4afd5e1266ae21276eba957f9cddfb9ddda53d9fa255f2552df2b5f9dec6f5713f657892f82b6bec4e93f1d734d3b0c832b31909fa58d83a11f1ae368a49ec4ad134a877c15f109a91504711d72adf0a5ccee03cbbb9840eb98e531b5b9a85fff43d5294491237953d3d6c85459217c5f49989ca663eda31cf634b65b4cc59c36312eb8d0b0de8a72d955f02cd812e3c4be3ecbd51ffdd12e881d06c13d1bf80fcd7b08d592cd995ee8883ebf1aa3492ff4b2383e62538a7b489063aece155b093b3970e38cbf2b069e3f3eb7ee6d31f8ee686e64e732cd0fd38b3b45bef8bc71a3fc8f91bc0522dd94233bb381ff6c96824d4c748e145367b6697fae5103a57f200b29a757332917903b20f03b350160e21ce5cd371518ce1ffd5b8ed2a3b7b75d882190de25804161c53b3fcb4a43cf9f0ec6c00755025225cc2da4401d01c1db8b76f12a5a2ea2ab7aacc5c37ba1f642399911271355259bbe6d256a261a45871051c0c2b177b243a1b53c726dc194c49422cd699430e7cf20bc2f1febaaff41c82986532e2902fec9837ed7cab08d6faa1f331ee77bab762cc4001b0145f18c4d0b8e8406a857525312dbda7adf81a8e97abcb4ee101ae0236f3cf13e645bc58a0d226cfc4094b53e33ee3761e85e0e4ceff0aedfe54d183c040b9d671a79047d660b1074086ed27ebfc9d0da198a3ecb6865a4d729974f308303f089acdf67ec42d0527fb3196b2ba9c20e3c931c63e6020388066434383bed974277916a50b185727f7a931c3a8909d0faf6e23eb7dbdfda8aa6d01ecbb04bb95e21e31842e56ef721f5d1a293622c16ada9dd59b482b2821bcb15835fc5437e2bf55051dc236ff3f3499a40cee3b82af51403e499511a871ff80456ed933f919bd971c7ec4db3a57428692a16eca4095a2c6ed620d267cf03d6df481de222380d9c77d3c7e7262524288090bfe74a36be0ba702ef9008b726c4f2413c9408cc743a6a1366d23e0bd03e31e3f1a877b86e6d9dadf452306110000936c96b9980a3d3a8198cc71d90df2942be931868ec2e712bd8b7c04275f8f1a2907be94ffce5c8d9e70537a10b234e26021f8def9db739a9a181902ab523dcfafba9deca67e75945de55e4d99ec2a31cf26366e3cbf474607fc2cf166cb54c8a66a765deb8c9a778863b377d9befbd7464320763cdb8cac875658f69fd1b756d981c13108d1a4328fd64ee3a19b534e2b5be70c58ea32d56426eb1f0a7190c07aa4e1a728acebcdb617ccae1e8bca049762c18c30adbdf9900d6b31dcb0a767a9ef64490f4166bee4a5197d3821922898ab2bab7e5a3bf92ba1d60f84d48894e1c4f1d1ca46cc8413e234150db789e8735e2e1c08b3a45cf2ea7899f97a011160114adc78794096cef661de8939f390308005cea615b645107c39bfa3c784ac4c8db671873ed7462a815b34ec68ca148f4e39eb52a67b55a72d07fe455e9435906257ecae0dc1b957f2b9ec287b17471a039edbd01d9cfb7542b35d5786ea7f0253e677271231efd74fd28ca36e0bdab6ce5573faf92e331a751a3ad12730944c3a4b51b6447559a2061b86fbc7cce8ec8b3b5d51eb9bd5f8ce366f1b21029691af1ac1807f64487a6f3e4347011bc18322347fb6d81b0fb934d4c957c8f8cbf052667c2212ccef7ebf635ba3fc0ec291e01126b3e9df3b5a2dd1429ef4d3ea5d95ff638d3eaf4016eed8d64eb86d2da1d0ff74801b870bcea8f4dc860c38cf564d922836c64bc0dbb7c6b3f13c0193b3cfdc8b721b402ef8dc1cdecec7a7e8120fa3284e7fdc34818fee9b12e6508eb84b015add67f847742482e7a759b7ee27588fc6b3954c1c8b1550e8bc4842b274abead37295e79b999c16bffd297babb3b1bc36e50d581e9342b48c6b491b156933da74390e25ee7b5353faec328934e2746354415786cca36def2aec060991b64519452c2adf0f71bb08c7d839967ba38978e2"}, {0xe8, 0x0, 0x80000001, "bdc71d5681c8c66c45a661a50e9bcac22bfa7f1f0c514fa4736dabae8853a03f0e11c9a358aebf5446d7b5032c5a52e743521119f8571b6f12a81073ddf142ff4645a1584ec0131467020de247df79e8d1837728216ce83d229a5712685010cf3118dac2d6f4bfdbce46e8a26498a4ab821718ebccd8d924d41259540061ef3f933eba22828a7908d5579e73709b7a3252a91ccca1a9ec0b2aa839909f31422b4c5675987957f23f0704ae4a63bd59a2c4bf87634cb32bb592fa7a9ff9f1baac2bb97f624c9b53699acc015754f0f667a3"}, {0x98, 0x6, 0x4, "4062b64719831b60b5fbbcac2ef9ab6c3489813b9af30e31c752ede436022aa73042ef81b17e4165480079c2f53b6eb4735645c55525a43e4569b2b89ebb173305141a768091816d7a183a8469198da77dd5b9e8ed795a637fe7cd07615a625db1caf8433f737fb06305932d143d48172b95e088d3ae600722d8b2098e83a64554e463a0fd0b0502"}, {0x30, 0x1, 0x1f, "01229895fcd5a3e33e9b32a18c9f725a358b943dccd4ab143352a6"}, {0x48, 0x10f, 0x10001, "cb8ff6ad2eed2cdec91c03521d9de728b4bab41e85c09cd7009978de7fab5ec418cdf6cdb79f8664500d72a04af97e8de124"}, {0xe0, 0x117, 0x5, "e1cee129cfd4f88968143ea57eaeb2a57982c9ac58ca74f2be2f991aa46e7213e1134b48d938434a94287ccb33af45dee1a35d39897dd318eaa459be9a34633a784a5658975538effa1fbc715b2e89ff1978548ea133f10f121f379d4f58f4f4d6aed19f0728d709b89483df4a9e32929f90aac7dd791c622a36eb6174e6c9eb618d2a858ce96a59187271e8b1459bccb788eb9f1f4e34e54c54f0ae25ccf78a250e8050e1ee0f1da5ed027c9f2a13ec3bedab94f72a155135cee6f2599e889cad3524f01a26dc621932ea8cd393"}, {0x18, 0x88, 0x6, "9075cca5"}], 0x13e0}, 0xc004) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, 0x0, 0x0, 0x0) ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000003a80)) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) 13:39:16 executing program 2 (fault-call:10 fault-nth:83): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:16 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:16 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r1 = socket$alg(0x26, 0x5, 0x0) dup2(r1, r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3, @ANYBLOB="0100000000000000000000636173742d6c696e6afffffffff200"/35], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_NODES(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc10c00}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x0, 0x70bd2c, 0x25dfdbfc, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x20000804) 13:39:16 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = dup2(r4, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) accept4$unix(r3, &(0x7f0000000180)=@abs, &(0x7f0000000080)=0x6e, 0x80000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:39:16 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$kcm(0x10, 0x2, 0x10) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f0000000240)={0x0, 0x32344d59, 0x138a, 0x2, 0x2, @stepwise={{0x223}, {0xff, 0x7}, {0xfffffffa, 0x4}}}) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') r4 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r4, 0xc0305616, &(0x7f0000000200)={0x0, {0x8001, 0x3428}}) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x50, r3, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipvlan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x8, @mcast2}]}]}, 0x50}}, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x78, r3, 0x100, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x14, 0x10}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e22}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x25}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x761}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa70c}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000091}, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffff3) splice(r0, 0x0, r5, 0x0, 0x4ffe0, 0x0) [ 1051.688261] audit: type=1804 audit(1590845956.565:1691): pid=1053 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/700/file0/bus" dev="sda1" ino=17105 res=1 13:39:16 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:16 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') r1 = memfd_create(&(0x7f0000000240)='\x00<\xd2\xc8\xf8\xb3!\xf2\x81\xc6\xaa\xbc\b\x9e\xd2\xd6\xe1\x10\xf0\x8c}\x8a\x10`\xa11\xcb\xaf\xf1\xe6\xe1d[\x12a\xde\x89[\xc2+Gx9\x9f\'\xb7\xbc\x1bw\xaf}QD#L\xaf\xe3\x00\xbb\xe1T\xad\x9d\xff\xfek\xc3X\xd6\x84\xc5\xb6Z}\x19f\x86\xbb#\xc0\x03_\xe4+\xa3T\x033X\x95\xc2v\x83\x93\x81\xc7n\xd8\x80\xa2\xa3M\xbaSN\xc3\xaa\xe9\xdd\x9bC$\xf0\xcc\xa7\x0e\x95\xffW\x7f\x17^\xed\xfa\x04\xa9`\xc6\xdf\xe26\x9f\x05\xed\xf4x2\x04\xa5\x16\xc5\xfe\xb6\tr[\x19\xce+\x8cx\xf7,z\xd7D\xadEvv6(\xf1n\x04y\xbbK{\r\"N\x7f\x9a\x19\xaa\xe1\xa3\x14\xec\x13\x7f\xc7e\x8cA\x7fT#)\x033V', 0x0) write(r1, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) fcntl$F_SET_RW_HINT(r1, 0x40c, &(0x7f0000000100)=0x1) fchdir(r0) setsockopt$EBT_SO_SET_COUNTERS(r0, 0x0, 0x81, &(0x7f0000000240)={'broute\x00', 0x0, 0x0, 0x0, [], 0xa, &(0x7f0000000080)=[{}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x118) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x40882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x1, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r2, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r3 = socket$alg(0x26, 0x5, 0x0) dup2(r3, r2) [ 1051.832966] audit: type=1804 audit(1590845956.595:1692): pid=1053 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/700/file0/bus" dev="sda1" ino=17105 res=1 [ 1051.866002] FAULT_INJECTION: forcing a failure. [ 1051.866002] name failslab, interval 1, probability 0, space 0, times 0 [ 1051.877308] CPU: 0 PID: 1090 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1051.885108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.894456] Call Trace: [ 1051.897047] dump_stack+0x1b2/0x283 [ 1051.900675] should_fail.cold+0x10a/0x154 [ 1051.904825] should_failslab+0xd6/0x130 [ 1051.908797] __kmalloc+0x2c1/0x400 [ 1051.910508] audit: type=1804 audit(1590845956.595:1693): pid=1053 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/700/file0/bus" dev="sda1" ino=17105 res=1 [ 1051.912330] ? __list_lru_init+0x67/0x650 [ 1051.940591] __list_lru_init+0x67/0x650 [ 1051.944578] sget_userns+0x504/0xc30 [ 1051.948290] ? get_empty_filp.cold+0x37/0x37 [ 1051.952698] ? set_anon_super+0x20/0x20 [ 1051.956663] ? proc_get_inode+0x620/0x620 [ 1051.960788] mount_ns+0x65/0x180 [ 1051.964135] mount_fs+0x92/0x2a0 [ 1051.967504] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1051.971979] ? alloc_pid+0x5a/0xc40 [ 1051.975586] kern_mount_data+0x51/0xb0 [ 1051.979454] pid_ns_prepare_proc+0x1a/0x80 [ 1051.983669] alloc_pid+0x9be/0xc40 [ 1051.987204] copy_process.part.0+0x27e8/0x6fa0 [ 1051.991766] ? get_pid_task+0xb8/0x130 [ 1051.995630] ? proc_tid_io_accounting+0x20/0x20 [ 1052.000283] ? __cleanup_sighand+0x40/0x40 [ 1052.004494] ? lock_downgrade+0x6e0/0x6e0 [ 1052.008626] _do_fork+0x180/0xc80 [ 1052.012061] ? fork_idle+0x270/0x270 [ 1052.015753] ? fput+0xb/0x140 [ 1052.018834] ? SyS_write+0x14d/0x210 [ 1052.022542] ? SyS_read+0x210/0x210 [ 1052.026142] ? SyS_clock_settime+0x1a0/0x1a0 [ 1052.030533] ? do_syscall_64+0x4c/0x640 [ 1052.034485] ? sys_vfork+0x20/0x20 [ 1052.038004] do_syscall_64+0x1d5/0x640 [ 1052.041876] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.047056] RIP: 0033:0x45ca69 [ 1052.050225] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1052.057909] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1052.065156] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1052.072404] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 13:39:16 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1052.079650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1052.086895] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 13:39:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:17 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000480)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x30, r2, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x11}, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000000)) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) getrusage(0xffffffffffffffff, &(0x7f0000000580)) r3 = socket$alg(0x26, 0x5, 0x0) ioctl$FS_IOC_SETFSLABEL(r3, 0x41009432, &(0x7f0000000300)="5ce8d03e5bda3d2df0a3991eb71b539c14673edc32700adc727143f37be89bb45fa99e9f00ab5e66a1653220a7d2c47c372d77cff63e6cbbdd257797ac872f2ee7f4886cd0efa33eae81f9986df6550d9010992af8724965c18b74d307a2debed574ca2087166a764e006934247ac846d501e1eea94e76af6991045323b524bd9591306f1db60bd581f1065d7ef08fac68c05cb1132d4672dc934f8121b9c567d1aa09cf44c8b547ba785791bbcc983dfab40ccb9c276a8359017a682e4d0583ff24374f984d04ef8797a6b88a08877dbf57fee0ba63c8d7566be9ad419dcda536fd8e333391172b874929fb16e2a7c951dee1ded8461e50fbdaaa1f0e6eb27f") dup2(r3, r0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0)='batadv\x00') sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x4c, r4, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x7f}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x82}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000}, 0x40084) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r5) write$P9_RREMOVE(r5, &(0x7f0000000400)={0x7, 0x7b, 0x1}, 0x7) 13:39:17 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0x0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, 0x0) fchdir(r2) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_bt_hidp_HIDPGETCONNINFO(r2, 0x800448d3, &(0x7f00000002c0)={@none, 0x3, 0xa47, 0x7f, 0x3, 0x5, "04fd2198f424d46345c8c26e43d2d7c0e7b10555de2b25fa9a4be02a825eb30353d0e5a019719367b18ea0505b186db1c0b4bf250c0d09dae4a5e7829f9517c26d55845d1ce550311afab46833e8f672fa0339dda3c4f9e4d7696eeb20668ffaa4a5309fba1effd4e7291f8ec6844c6238e276be3f224f61de8693d133266302"}) sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f00000001c0)={&(0x7f0000000440)={0x2ac, r3, 0x8, 0x70bd26, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x134, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @private=0xa010102}}, {0x14, 0x2, @in={0x2, 0x4e23, @broadcast}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x7, @private1, 0x5}}, {0x14, 0x2, @in={0x2, 0x4e21, @multicast1}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @local}}, {0x14, 0x2, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x7fffffff}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xe2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x9}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x16, 0x1, @l2={'eth', 0x3a, 'veth0_to_team\x00'}}]}, @TIPC_NLA_LINK={0xac, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_MEDIA={0x3c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xe547}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}]}, @TIPC_NLA_BEARER={0x70, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @local}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x0, @empty, 0x3}}}}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe38}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb77}]}, @TIPC_NLA_BEARER_NAME={0x8, 0x1, @l2={'ib', 0x3a, '\x00'}}]}]}, 0x2ac}, 0x1, 0x0, 0x0, 0x44000}, 0x20008040) ioctl$SCSI_IOCTL_START_UNIT(r2, 0x5) [ 1052.440616] audit: type=1804 audit(1590845957.315:1694): pid=1118 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/701/file0/bus" dev="sda1" ino=17102 res=1 13:39:17 executing program 2 (fault-call:10 fault-nth:84): prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) clone(0x24221500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 13:39:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) 13:39:17 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000100)={0x207, 0x1, 0x4, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x6, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x2, 0x4e20, @remote}, 0x10) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[]}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x42f8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x9, 0x1, 0x2], 0x100000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1052.503118] audit: type=1804 audit(1590845957.315:1695): pid=1118 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/701/file0/bus" dev="sda1" ino=17102 res=1 13:39:17 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0x0, 0x0}) bind$unix(r0, &(0x7f0000000000)=@abs={0x1}, 0x6e) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg(0xffffffffffffffff, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}, {{&(0x7f00000072c0)=@un=@file={0x1, './file0\x00'}, 0xa, &(0x7f0000007380), 0x0, &(0x7f0000000600)}}], 0x2, 0x0) [ 1052.647549] audit: type=1804 audit(1590845957.315:1696): pid=1118 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.4" name="/root/syzkaller-testdir235404502/syzkaller.nNkB3r/701/file0/bus" dev="sda1" ino=17102 res=1 13:39:17 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dsp\x00', 0x20882, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') fchdir(r1) r2 = socket$kcm(0x10, 0x2, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x50, r3, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ipvlan0\x00'}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x8, @mcast2}]}]}, 0x50}}, 0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x11c, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffff7}, @IPVS_CMD_ATTR_SERVICE={0x4}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x81}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x2}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1={0xfc, 0x1, [], 0x1}}]}, @IPVS_CMD_ATTR_DAEMON={0x54, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @remote}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gre0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_hsr\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x2}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0x60, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private0}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x3b}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2b}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x14, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e24}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4040}, 0x4004041) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000040)='./control\x00', 0xa4000960) r5 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x0, 0x0) ioctl$int_in(r5, 0x5421, &(0x7f0000000080)=0xfffffffffffffffe) write$UHID_INPUT(r0, &(0x7f0000002400)={0x8, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f97cdc68a1511e99000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000ba4111560200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006d8600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x98) r6 = socket$alg(0x26, 0x5, 0x0) dup2(r6, r0) [ 1052.744530] FAULT_INJECTION: forcing a failure. [ 1052.744530] name failslab, interval 1, probability 0, space 0, times 0 [ 1052.756196] CPU: 1 PID: 1146 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1052.763993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.773419] Call Trace: [ 1052.775996] dump_stack+0x1b2/0x283 [ 1052.779607] should_fail.cold+0x10a/0x154 [ 1052.783735] should_failslab+0xd6/0x130 [ 1052.787687] __kmalloc+0x2c1/0x400 [ 1052.791205] ? register_shrinker+0x1ab/0x220 [ 1052.795589] register_shrinker+0x1ab/0x220 [ 1052.799818] sget_userns+0x9c5/0xc30 [ 1052.803508] ? get_empty_filp.cold+0x37/0x37 [ 1052.807897] ? set_anon_super+0x20/0x20 [ 1052.811850] ? proc_get_inode+0x620/0x620 [ 1052.815974] mount_ns+0x65/0x180 [ 1052.819327] mount_fs+0x92/0x2a0 [ 1052.822672] vfs_kern_mount.part.0+0x5b/0x3c0 [ 1052.827148] ? alloc_pid+0x5a/0xc40 [ 1052.830751] kern_mount_data+0x51/0xb0 [ 1052.834617] pid_ns_prepare_proc+0x1a/0x80 [ 1052.838827] alloc_pid+0x9be/0xc40 [ 1052.842352] copy_process.part.0+0x27e8/0x6fa0 [ 1052.846911] ? retint_kernel+0x2d/0x2d [ 1052.850774] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1052.855768] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1052.860510] ? __cleanup_sighand+0x40/0x40 [ 1052.864723] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1052.869194] ? finish_task_switch+0x14d/0x610 [ 1052.873665] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1052.878153] _do_fork+0x180/0xc80 [ 1052.881585] ? fork_idle+0x270/0x270 [ 1052.885291] ? firmware_map_remove+0x18f/0x18f [ 1052.889849] ? fput+0xb/0x140 [ 1052.892939] ? do_syscall_64+0x4c/0x640 [ 1052.896887] ? sys_vfork+0x20/0x20 [ 1052.900404] do_syscall_64+0x1d5/0x640 [ 1052.904272] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1052.909442] RIP: 0033:0x45ca69 [ 1052.912621] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1052.920305] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1052.927550] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1052.934797] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1052.942042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1052.949290] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1053.003179] ================================================================== [ 1053.010902] BUG: KASAN: use-after-free in put_pid_ns+0xf7/0x110 [ 1053.016956] Read of size 8 at addr ffff888037c27290 by task syz-executor.2/1146 [ 1053.024391] [ 1053.026021] CPU: 1 PID: 1146 Comm: syz-executor.2 Not tainted 4.14.182-syzkaller #0 [ 1053.033801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.043148] Call Trace: [ 1053.045735] dump_stack+0x1b2/0x283 [ 1053.049369] ? put_pid_ns+0xf7/0x110 13:39:17 executing program 4: sched_setscheduler(0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, 0x0, &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000280)='./file0\x00') r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) open(&(0x7f0000000040)='./bus\x00', 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x0, &(0x7f00000013c0)=[{0x0}, {0x0}, {0x0}], 0x3, &(0x7f0000002100)=ANY=[@ANYBLOB="340800004b81aefe2a8a5d9cf054572009d1b4a81644d63fb8ff6d84d1b1e658e8932ab268ca6bfd278e0e8d1c520a3421ecbb655405444491a1ab15dadc23f5dd7c133cdeda33d54d8878e0e30fdfd95c82fcb1465b07000000f40c891879ae1de149b9d3ec23c6fd1050da5cb8c02e5ca347170b01cbb22cae340ce6", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000020000011b0000", @ANYRES32, @ANYRES32=0xee01, @ANYRES32], 0x58}, 0x0) setxattr$system_posix_acl(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='system.posix_acl_default\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02000000010004000000000002000500", @ANYRES32=0x0, @ANYBLOB="12a5cb6a", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=0x0, @ANYBLOB="0400000000", @ANYRES32=0x0, @ANYBLOB="10000500000000002000070000000000"], 0x44, 0x2) prctl$PR_SET_TIMERSLACK(0x1d, 0x0) ftruncate(r0, 0x208200) r1 = open(&(0x7f0000000400)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) read(r1, &(0x7f0000000180)=""/19, 0xfffffe47) socketpair(0xb, 0x0, 0x400, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo\x00') openat$cgroup_int(r2, &(0x7f0000000000)='io.weight\x00', 0x2, 0x0) r3 = syz_open_procfs(0x0, 0x0) fchdir(r3) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) [ 1053.053084] print_address_description.cold+0x54/0x1dc [ 1053.058361] ? put_pid_ns+0xf7/0x110 [ 1053.062074] kasan_report.cold+0xa9/0x2b9 [ 1053.066223] put_pid_ns+0xf7/0x110 [ 1053.069767] free_nsproxy+0xf7/0x1f0 [ 1053.073481] switch_task_namespaces+0x8f/0xb0 [ 1053.077972] copy_process.part.0+0x3f47/0x6fa0 [ 1053.082543] ? retint_kernel+0x2d/0x2d [ 1053.086410] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1053.091403] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1053.096150] ? __cleanup_sighand+0x40/0x40 [ 1053.100364] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1053.104838] ? finish_task_switch+0x14d/0x610 [ 1053.109312] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1053.113790] _do_fork+0x180/0xc80 [ 1053.117225] ? fork_idle+0x270/0x270 [ 1053.120915] ? firmware_map_remove+0x18f/0x18f [ 1053.125474] ? fput+0xb/0x140 [ 1053.128559] ? do_syscall_64+0x4c/0x640 [ 1053.132508] ? sys_vfork+0x20/0x20 [ 1053.136027] do_syscall_64+0x1d5/0x640 [ 1053.139895] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.145060] RIP: 0033:0x45ca69 [ 1053.148228] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1053.155912] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1053.163183] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1053.170435] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1053.177700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1053.184947] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1053.192295] [ 1053.193900] Allocated by task 1146: [ 1053.197506] kasan_kmalloc.part.0+0x4f/0xd0 [ 1053.201803] kmem_cache_alloc+0x124/0x3c0 [ 1053.205925] copy_pid_ns+0x1b2/0xa70 [ 1053.209617] create_new_namespaces+0x25f/0x730 [ 1053.214178] copy_namespaces+0x27b/0x310 [ 1053.218214] copy_process.part.0+0x2616/0x6fa0 [ 1053.222780] _do_fork+0x180/0xc80 [ 1053.226214] do_syscall_64+0x1d5/0x640 [ 1053.230078] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.235251] [ 1053.236864] Freed by task 6345: [ 1053.240119] kasan_slab_free+0xaf/0x190 [ 1053.244070] kmem_cache_free+0x7c/0x2b0 [ 1053.248022] rcu_process_callbacks+0x78d/0x1180 [ 1053.252667] __do_softirq+0x254/0x9bf [ 1053.256439] [ 1053.258045] The buggy address belongs to the object at ffff888037c26a58 [ 1053.258045] which belongs to the cache pid_namespace of size 2264 [ 1053.271031] The buggy address is located 2104 bytes inside of [ 1053.271031] 2264-byte region [ffff888037c26a58, ffff888037c27330) [ 1053.283061] The buggy address belongs to the page: [ 1053.287977] page:ffffea0000df0980 count:1 mapcount:0 mapping:ffff888037c26100 index:0x0 compound_mapcount: 0 [ 1053.298031] flags: 0xfffe0000008100(slab|head) [ 1053.302594] raw: 00fffe0000008100 ffff888037c26100 0000000000000000 0000000100000003 [ 1053.310454] raw: ffffea00025b76a0 ffffea00026f22a0 ffff88821aa86940 0000000000000000 [ 1053.318310] page dumped because: kasan: bad access detected [ 1053.323994] [ 1053.325596] Memory state around the buggy address: [ 1053.330504] ffff888037c27180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1053.337858] ffff888037c27200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1053.345366] >ffff888037c27280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1053.352709] ^ [ 1053.356576] ffff888037c27300: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc [ 1053.363909] ffff888037c27380: fc fc fc fc fc fc 00 00 00 00 00 00 00 00 00 00 [ 1053.371243] ================================================================== [ 1053.378574] Disabling lock debugging due to kernel taint [ 1053.384277] Kernel panic - not syncing: panic_on_warn set ... [ 1053.384277] [ 1053.391643] CPU: 1 PID: 1146 Comm: syz-executor.2 Tainted: G B 4.14.182-syzkaller #0 [ 1053.400639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.409968] Call Trace: [ 1053.412550] dump_stack+0x1b2/0x283 [ 1053.416160] panic+0x1f9/0x42d [ 1053.419337] ? add_taint.cold+0x16/0x16 [ 1053.423304] ? preempt_schedule_common+0x4a/0xc0 [ 1053.428043] ? put_pid_ns+0xf7/0x110 [ 1053.431736] ? ___preempt_schedule+0x16/0x18 [ 1053.436127] ? put_pid_ns+0xf7/0x110 [ 1053.439825] kasan_end_report+0x43/0x49 [ 1053.443781] kasan_report.cold+0x12f/0x2b9 [ 1053.447995] put_pid_ns+0xf7/0x110 [ 1053.451516] free_nsproxy+0xf7/0x1f0 [ 1053.455210] switch_task_namespaces+0x8f/0xb0 [ 1053.459683] copy_process.part.0+0x3f47/0x6fa0 [ 1053.464244] ? retint_kernel+0x2d/0x2d [ 1053.468123] ? trace_hardirqs_on_caller+0x3a8/0x580 [ 1053.473133] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 1053.478479] ? __cleanup_sighand+0x40/0x40 [ 1053.482690] ? _raw_spin_unlock_irq+0x5a/0x90 [ 1053.487166] ? finish_task_switch+0x14d/0x610 [ 1053.491641] ? switch_mm_irqs_off+0x2cd/0xec0 [ 1053.496130] _do_fork+0x180/0xc80 [ 1053.499575] ? fork_idle+0x270/0x270 [ 1053.503266] ? firmware_map_remove+0x18f/0x18f [ 1053.507826] ? fput+0xb/0x140 [ 1053.510913] ? do_syscall_64+0x4c/0x640 [ 1053.514864] ? sys_vfork+0x20/0x20 [ 1053.518381] do_syscall_64+0x1d5/0x640 [ 1053.522249] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1053.527411] RIP: 0033:0x45ca69 [ 1053.530587] RSP: 002b:00007f1147861c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1053.538269] RAX: ffffffffffffffda RBX: 00000000004dac00 RCX: 000000000045ca69 [ 1053.545511] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000024221500 [ 1053.552756] RBP: 000000000078c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1053.560001] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1053.567248] R13: 0000000000000076 R14: 00000000004c335e R15: 00007f11478626d4 [ 1053.575674] Kernel Offset: disabled [ 1053.579285] Rebooting in 86400 seconds..