c1ef89a0e5b23") connect$inet6(r7, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r8, 0x29, 0x2d, &(0x7f0000000200)={0x1, {{0xa, 0x4e22, 0x7, @local, 0x3077b34a}}}, 0x88) ioctl$ION_IOC_HEAP_QUERY(r6, 0xc0184908, &(0x7f0000000080)={0x0, 0x3, 0x0}) getdents64(0xffffffffffffff9c, &(0x7f00000004c0)=""/69, 0x45) syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x7, 0x801) 21:29:51 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)) 21:29:51 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r2 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fstat(r3, &(0x7f00000000c0)) [ 270.978241] FAULT_INJECTION: forcing a failure. [ 270.978241] name failslab, interval 1, probability 0, space 0, times 0 [ 270.997686] CPU: 0 PID: 14811 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 271.005322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.014952] Call Trace: [ 271.017612] dump_stack+0x138/0x197 [ 271.021244] should_fail.cold+0x10f/0x159 [ 271.026083] should_failslab+0xdb/0x130 [ 271.030051] kmem_cache_alloc_node+0x287/0x780 [ 271.034626] ? save_trace+0x290/0x290 [ 271.038564] ? __ip_dev_find+0x2a2/0x4a0 [ 271.042796] __alloc_skb+0x9c/0x500 [ 271.046409] ? skb_scrub_packet+0x4b0/0x4b0 [ 271.050729] sock_wmalloc+0xae/0xf0 [ 271.054351] __ip_append_data.isra.0+0x196f/0x20c0 [ 271.059265] ? save_trace+0x290/0x290 [ 271.063115] ? raw_destroy+0x30/0x30 [ 271.066819] ? trace_hardirqs_on+0x10/0x10 [ 271.071057] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 271.076794] ? find_held_lock+0x35/0x130 [ 271.080861] ? raw_destroy+0x30/0x30 [ 271.084571] ip_append_data.part.0+0xde/0x150 [ 271.089079] ? raw_destroy+0x30/0x30 [ 271.092814] ip_append_data+0x5b/0x80 [ 271.096613] raw_sendmsg+0xe49/0x2450 [ 271.100422] ? dst_output+0x140/0x140 [ 271.104221] ? avc_has_perm_noaudit+0x420/0x420 [ 271.108893] ? process_measurement+0x58a/0xb80 [ 271.113466] ? process_measurement+0x58a/0xb80 [ 271.118041] ? sock_has_perm+0x1ed/0x280 [ 271.122094] ? save_trace+0x290/0x290 [ 271.125899] ? __lock_is_held+0xb6/0x140 [ 271.130042] inet_sendmsg+0x122/0x500 [ 271.133835] ? inet_recvmsg+0x500/0x500 [ 271.137800] sock_sendmsg+0xce/0x110 [ 271.141515] kernel_sendmsg+0x44/0x50 [ 271.145309] sock_no_sendpage+0x107/0x130 [ 271.149449] ? sock_kzfree_s+0x50/0x50 [ 271.153327] ? mark_held_locks+0xb1/0x100 [ 271.157508] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 271.162596] inet_sendpage+0x3b8/0x580 [ 271.166475] kernel_sendpage+0x92/0xf0 [ 271.170595] ? inet_sendmsg+0x500/0x500 [ 271.174569] sock_sendpage+0x8b/0xc0 [ 271.178269] ? kernel_sendpage+0xf0/0xf0 [ 271.182333] pipe_to_sendpage+0x242/0x340 [ 271.186475] ? direct_splice_actor+0x190/0x190 [ 271.191351] ? anon_pipe_buf_release+0x174/0x220 [ 271.196153] __splice_from_pipe+0x348/0x780 [ 271.200131] net_ratelimit: 16 callbacks suppressed [ 271.200137] protocol 88fb is buggy, dev hsr_slave_0 [ 271.200475] ? direct_splice_actor+0x190/0x190 [ 271.205486] protocol 88fb is buggy, dev hsr_slave_1 [ 271.210420] ? direct_splice_actor+0x190/0x190 [ 271.210430] splice_from_pipe+0xf0/0x150 [ 271.210443] ? splice_shrink_spd+0xb0/0xb0 [ 271.210461] ? security_file_permission+0x89/0x1f0 [ 271.210472] generic_splice_sendpage+0x3c/0x50 [ 271.242775] ? splice_from_pipe+0x150/0x150 [ 271.247101] SyS_splice+0xd92/0x1430 [ 271.251074] ? __sb_end_write+0xc1/0x100 [ 271.255138] ? compat_SyS_vmsplice+0x250/0x250 [ 271.259730] ? do_syscall_64+0x53/0x640 [ 271.263704] ? compat_SyS_vmsplice+0x250/0x250 [ 271.268321] do_syscall_64+0x1e8/0x640 [ 271.272225] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.277193] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 271.282510] RIP: 0033:0x459ef9 [ 271.285685] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 271.293387] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 271.300772] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 271.308028] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 271.315337] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 271.322610] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)) 21:29:52 executing program 5: write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4, 0xfa00, {r0}}, 0xc) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000140)=0x2, 0x4) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) getsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000200), &(0x7f0000000240)=0x4) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r5, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r6, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)) 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c") 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c") 21:29:52 executing program 4 (fault-call:9 fault-nth:49): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c") 21:29:52 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x2, {0x2, 0x7fffffff, 0x627, 0x2}}) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a") 21:29:52 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r7 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r7, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r7, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r8, 0x29, 0x2d, &(0x7f0000000200)={0x1, {{0xa, 0x4e22, 0x7, @local, 0x3077b34a}}}, 0x88) ioctl$ION_IOC_HEAP_QUERY(r6, 0xc0184908, &(0x7f0000000080)={0x0, 0x3, 0x0}) getdents64(0xffffffffffffff9c, &(0x7f00000004c0)=""/69, 0x45) 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a") [ 271.779790] FAULT_INJECTION: forcing a failure. [ 271.779790] name failslab, interval 1, probability 0, space 0, times 0 [ 271.813655] CPU: 1 PID: 14847 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 271.820720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.830083] Call Trace: [ 271.832685] dump_stack+0x138/0x197 [ 271.836340] should_fail.cold+0x10f/0x159 [ 271.840620] should_failslab+0xdb/0x130 [ 271.844596] kmem_cache_alloc_node_trace+0x280/0x770 [ 271.849722] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 271.855198] __kmalloc_node_track_caller+0x3d/0x80 [ 271.860154] __kmalloc_reserve.isra.0+0x40/0xe0 [ 271.864836] __alloc_skb+0xcf/0x500 [ 271.868455] ? skb_scrub_packet+0x4b0/0x4b0 [ 271.872772] sock_wmalloc+0xae/0xf0 [ 271.876745] __ip_append_data.isra.0+0x196f/0x20c0 [ 271.881689] ? save_trace+0x290/0x290 [ 271.885656] ? raw_destroy+0x30/0x30 [ 271.889436] ? trace_hardirqs_on+0x10/0x10 [ 271.893684] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 271.899500] ? find_held_lock+0x35/0x130 [ 271.903561] ? raw_destroy+0x30/0x30 [ 271.907277] ip_append_data.part.0+0xde/0x150 [ 271.911784] ? raw_destroy+0x30/0x30 [ 271.915514] ip_append_data+0x5b/0x80 [ 271.919307] raw_sendmsg+0xe49/0x2450 [ 271.923099] ? dst_output+0x140/0x140 [ 271.926887] ? avc_has_perm_noaudit+0x420/0x420 [ 271.931554] ? process_measurement+0x58a/0xb80 [ 271.936131] ? process_measurement+0x58a/0xb80 [ 271.940713] ? sock_has_perm+0x1ed/0x280 [ 271.944770] ? save_trace+0x290/0x290 [ 271.948562] ? __lock_is_held+0xb6/0x140 [ 271.952635] inet_sendmsg+0x122/0x500 [ 271.956443] ? inet_recvmsg+0x500/0x500 [ 271.960413] sock_sendmsg+0xce/0x110 [ 271.964375] kernel_sendmsg+0x44/0x50 [ 271.968179] sock_no_sendpage+0x107/0x130 [ 271.972321] ? sock_kzfree_s+0x50/0x50 [ 271.976444] ? mark_held_locks+0xb1/0x100 [ 271.980615] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 271.985846] inet_sendpage+0x3b8/0x580 [ 271.989734] kernel_sendpage+0x92/0xf0 [ 271.993625] ? inet_sendmsg+0x500/0x500 [ 271.997665] sock_sendpage+0x8b/0xc0 [ 272.000146] protocol 88fb is buggy, dev hsr_slave_0 [ 272.001375] ? kernel_sendpage+0xf0/0xf0 [ 272.001387] pipe_to_sendpage+0x242/0x340 [ 272.001397] ? direct_splice_actor+0x190/0x190 [ 272.001409] ? anon_pipe_buf_release+0x174/0x220 [ 272.006463] protocol 88fb is buggy, dev hsr_slave_1 [ 272.010505] __splice_from_pipe+0x348/0x780 [ 272.010514] ? direct_splice_actor+0x190/0x190 [ 272.010527] ? direct_splice_actor+0x190/0x190 [ 272.010535] splice_from_pipe+0xf0/0x150 [ 272.010545] ? splice_shrink_spd+0xb0/0xb0 [ 272.010562] ? security_file_permission+0x89/0x1f0 [ 272.056754] generic_splice_sendpage+0x3c/0x50 [ 272.061465] ? splice_from_pipe+0x150/0x150 [ 272.065788] SyS_splice+0xd92/0x1430 [ 272.069683] ? __sb_end_write+0xc1/0x100 [ 272.073765] ? compat_SyS_vmsplice+0x250/0x250 [ 272.078374] ? do_syscall_64+0x53/0x640 [ 272.082352] ? compat_SyS_vmsplice+0x250/0x250 [ 272.087053] do_syscall_64+0x1e8/0x640 [ 272.090947] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 272.095808] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 272.101578] RIP: 0033:0x459ef9 [ 272.104917] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 272.112657] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 272.120128] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 21:29:52 executing program 0: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f00000000c0)) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r2 = socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r3, &(0x7f0000000280)="f270efded5cb8a351493563a14e4401f32861252ee28802547eee55022a3a8f6068911b0b900afa442d047657386ae19d8e4e86dd42459a280c4a5983e5de42ff8fe72a631c3e7e4b987293cdca8aa0511f2684e97cbab32b9799b74062efa7b73e3f379e9be1f26b442bc9bc2ba74de87aca68f1e88edb0d21fdd4a1ffb3a5e44d873a967af94c2f97742b4de9030be0a11caa8db7f499f855aca1c1b45e5076775590215fa9d417a1ed250393854d9c65ff04b160e64239d5c65cfaed7b9bf1764f9c07194c1eb5a4ebec29026356dbeb416b45bf948cc89cd5fec745eafc6265334c36131f91822c49075c91db103bb2da9e252336227eef6791f544b8c09c0", 0x101, 0x2000403d, &(0x7f0000618000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r4 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000040)={0x3, @dev={[], 0xe}}) ioctl$TCSETX(r4, 0x5433, &(0x7f0000000000)={0x1f, 0x7fff, [0xb2ea, 0x5, 0xfff7, 0x1ff, 0x5]}) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x0, 0x0) fremovexattr(r5, &(0x7f0000000140)=@random={'os2.', '/dev/snd/pcmC#D#c\x00'}) ioctl(r4, 0xc1004110, &(0x7f0000000580)) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) sendfile(r2, r6, 0x0, 0x9) 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a") 21:29:52 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0xfffffe5d, 0xfa00, {r1, 0x0, '\x00', "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x8cef, 0x2100) [ 272.127405] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 272.134683] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 272.142123] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 [ 272.150097] protocol 88fb is buggy, dev hsr_slave_0 [ 272.155643] protocol 88fb is buggy, dev hsr_slave_1 [ 272.160898] protocol 88fb is buggy, dev hsr_slave_0 [ 272.165990] protocol 88fb is buggy, dev hsr_slave_1 [ 272.171201] protocol 88fb is buggy, dev hsr_slave_0 [ 272.176391] protocol 88fb is buggy, dev hsr_slave_1 21:29:52 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b") 21:29:53 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b") 21:29:53 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_SOCK_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0xcc, r3, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_BEARER={0x84, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @local, 0x6}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x6, @remote}}}}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xbba}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1000}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x2000800}, 0x24044844) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:53 executing program 4 (fault-call:9 fault-nth:50): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:29:53 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b") 21:29:53 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x2, {0x2, 0x7fffffff, 0x627, 0x2}}) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:53 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x1000) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0xffffffff7fffffff, 0xc0000) linkat(r2, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x400) 21:29:53 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) r6 = openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r7 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r7, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r7, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r8, 0x29, 0x2d, &(0x7f0000000200)={0x1, {{0xa, 0x4e22, 0x7, @local, 0x3077b34a}}}, 0x88) ioctl$ION_IOC_HEAP_QUERY(r6, 0xc0184908, &(0x7f0000000080)={0x0, 0x3, 0x0}) 21:29:53 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 272.605191] FAULT_INJECTION: forcing a failure. [ 272.605191] name failslab, interval 1, probability 0, space 0, times 0 [ 272.623033] CPU: 1 PID: 14897 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 272.630092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.639724] Call Trace: [ 272.642309] dump_stack+0x138/0x197 [ 272.645951] should_fail.cold+0x10f/0x159 [ 272.650211] should_failslab+0xdb/0x130 [ 272.654210] kmem_cache_alloc+0x47/0x780 [ 272.658296] ? __lock_is_held+0xb6/0x140 [ 272.662389] ? check_preemption_disabled+0x3c/0x250 [ 272.667425] dst_alloc+0xf3/0x1a0 [ 272.670913] rt_dst_alloc+0x73/0x440 [ 272.674658] ip_route_output_key_hash_rcu+0x731/0x2750 [ 272.679926] ? check_preemption_disabled+0x3c/0x250 [ 272.684957] ip_route_output_key_hash+0x1c0/0x2e0 [ 272.689819] ? ip_route_output_key_hash_rcu+0x2750/0x2750 [ 272.695366] ? raw_sendmsg+0x573/0x2450 [ 272.699347] ip_route_output_flow+0x27/0xa0 [ 272.703679] raw_sendmsg+0x87b/0x2450 [ 272.707510] ? dst_output+0x140/0x140 [ 272.711311] ? avc_has_perm_noaudit+0x420/0x420 [ 272.715980] ? process_measurement+0x58a/0xb80 [ 272.720575] ? process_measurement+0x58a/0xb80 [ 272.725168] ? sock_has_perm+0x1ed/0x280 [ 272.729226] ? save_trace+0x290/0x290 [ 272.733031] ? __lock_is_held+0xb6/0x140 [ 272.737092] inet_sendmsg+0x122/0x500 [ 272.740890] ? inet_recvmsg+0x500/0x500 [ 272.744868] sock_sendmsg+0xce/0x110 [ 272.748584] kernel_sendmsg+0x44/0x50 [ 272.752395] sock_no_sendpage+0x107/0x130 [ 272.756563] ? sock_kzfree_s+0x50/0x50 [ 272.760446] ? mark_held_locks+0xb1/0x100 [ 272.764617] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 272.770073] inet_sendpage+0x3b8/0x580 [ 272.773963] kernel_sendpage+0x92/0xf0 [ 272.777948] ? inet_sendmsg+0x500/0x500 [ 272.781927] sock_sendpage+0x8b/0xc0 [ 272.785626] ? kernel_sendpage+0xf0/0xf0 [ 272.789745] pipe_to_sendpage+0x242/0x340 [ 272.793912] ? direct_splice_actor+0x190/0x190 [ 272.798493] ? anon_pipe_buf_release+0x174/0x220 [ 272.803497] __splice_from_pipe+0x348/0x780 [ 272.807809] ? direct_splice_actor+0x190/0x190 [ 272.812382] ? direct_splice_actor+0x190/0x190 [ 272.816951] splice_from_pipe+0xf0/0x150 [ 272.821045] ? splice_shrink_spd+0xb0/0xb0 [ 272.825348] ? security_file_permission+0x89/0x1f0 [ 272.830451] generic_splice_sendpage+0x3c/0x50 [ 272.835034] ? splice_from_pipe+0x150/0x150 [ 272.839363] SyS_splice+0xd92/0x1430 [ 272.843247] ? __sb_end_write+0xc1/0x100 [ 272.847483] ? compat_SyS_vmsplice+0x250/0x250 [ 272.852117] ? do_syscall_64+0x53/0x640 [ 272.856087] ? compat_SyS_vmsplice+0x250/0x250 [ 272.860783] do_syscall_64+0x1e8/0x640 [ 272.864996] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 272.870058] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 272.875255] RIP: 0033:0x459ef9 [ 272.878442] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 272.886240] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 272.893595] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 272.900879] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 272.908156] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 272.915428] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:53 executing program 2: openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r3 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dcac13b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b98147ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff6b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b118fb3ac06879c84e322122784fe00c44b292dce26da8813d107826cc09291f8ec178d2b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a"], 0x24c}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x9, 0x2, &(0x7f0000000000)=@raw=[@ldst={0x606785d648841ce3, 0x3, 0x1, 0x4, 0x1, 0x0, 0x10}, @alu={0x4, 0x0, 0x4, 0x2, 0xb, 0x50}], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xb7, &(0x7f0000000140)=""/183, 0x40f00, 0x4, [], r2, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000200)={0xa, 0x5}, 0x8, 0x10, &(0x7f0000000240)={0x3, 0xc, 0x0, 0x3}, 0x10}, 0x70) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffffff, 0xc080661a, &(0x7f0000000080)={{0x1, 0x0, @identifier="44b75ec8ae8e630d4fcaa5f2a21b7077"}}) 21:29:53 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) mlockall(0x470274a5eda0b910) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r8}}, 0x18) ioctl$PPPIOCGIDLE(r6, 0x8010743f, &(0x7f0000000100)) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) ioctl$TIOCNOTTY(r3, 0x5422) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x2, 0xfa00, {0x2, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0xfffffffffffffeb8) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r9, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:53 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, [], 0x29}}, 0x1c) getdents64(r2, &(0x7f0000000000)=""/104, 0x68) getsockopt$inet_int(r0, 0x0, 0x7, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SIOCRSGCAUSE(r3, 0x89e0, &(0x7f0000000140)) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r6, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r6, &(0x7f0000000280)="38e87f6d71b40d53078212bd054ab87775673eecf24ecad0ec6e96b8", 0x1c, 0x40000, &(0x7f00000002c0)={0xa, 0x4e21, 0x3, @local, 0x6}, 0x1c) r7 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r10}}, 0x2de) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000340)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f00000003c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x2, @mcast1, 0x3}, {0xa, 0x4e24, 0xc9, @local}, r11, 0x3ba}}, 0x48) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r12}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r12}}, 0x18) ioctl$TCSETXW(r4, 0x5435, &(0x7f0000000300)={0x0, 0x8, [0xd60a, 0x8, 0x5, 0x3, 0x1ff], 0xdb0}) recvfrom$unix(r4, &(0x7f0000000180)=""/24, 0x18, 0x20002000, &(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @empty}, 0x10) r13 = syz_open_dev$sndpcmc(0x0, 0x8, 0x4c6002) ioctl(r13, 0xc1004110, &(0x7f0000000580)) 21:29:53 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x802, 0x0) dup2(r1, r2) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)) 21:29:53 executing program 2 (fault-call:4 fault-nth:0): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 273.169878] FAULT_INJECTION: forcing a failure. [ 273.169878] name failslab, interval 1, probability 0, space 0, times 0 [ 273.181861] CPU: 0 PID: 14924 Comm: syz-executor.2 Not tainted 4.14.150 #0 [ 273.188891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.198831] Call Trace: [ 273.201430] dump_stack+0x138/0x197 [ 273.205201] should_fail.cold+0x10f/0x159 [ 273.209417] should_failslab+0xdb/0x130 [ 273.213519] kmem_cache_alloc_trace+0x2e9/0x790 [ 273.218204] snd_pcm_common_ioctl+0xe4e/0x1da0 [ 273.222826] ? snd_pcm_status_user+0x140/0x140 [ 273.227402] ? __might_sleep+0x93/0xb0 [ 273.231289] ? __fget+0x210/0x370 [ 273.234758] snd_pcm_ioctl+0x73/0xb0 [ 273.238600] ? snd_pcm_common_ioctl+0x1da0/0x1da0 [ 273.243447] do_vfs_ioctl+0x7ae/0x1060 [ 273.247535] ? selinux_file_mprotect+0x5d0/0x5d0 [ 273.252311] ? lock_downgrade+0x740/0x740 [ 273.256462] ? ioctl_preallocate+0x1c0/0x1c0 [ 273.260863] ? __fget+0x237/0x370 [ 273.264314] ? security_file_ioctl+0x89/0xb0 [ 273.268713] SyS_ioctl+0x8f/0xc0 [ 273.272077] ? do_vfs_ioctl+0x1060/0x1060 [ 273.276226] do_syscall_64+0x1e8/0x640 [ 273.280102] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 273.284952] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 273.290148] RIP: 0033:0x459ef9 [ 273.293339] RSP: 002b:00007fabccef4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.301201] RAX: ffffffffffffffda RBX: 00007fabccef4c90 RCX: 0000000000459ef9 [ 273.308726] RDX: 0000000020000580 RSI: 00000000c1004110 RDI: 0000000000000003 21:29:54 executing program 2 (fault-call:4 fault-nth:1): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:54 executing program 4 (fault-call:9 fault-nth:51): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 273.316002] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 273.323266] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabccef56d4 [ 273.330560] R13: 00000000004c14bd R14: 00000000004d4c80 R15: 0000000000000006 [ 273.378672] FAULT_INJECTION: forcing a failure. [ 273.378672] name failslab, interval 1, probability 0, space 0, times 0 [ 273.395072] CPU: 1 PID: 14930 Comm: syz-executor.2 Not tainted 4.14.150 #0 [ 273.402124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.411476] Call Trace: [ 273.414061] dump_stack+0x138/0x197 [ 273.417703] should_fail.cold+0x10f/0x159 [ 273.421847] should_failslab+0xdb/0x130 [ 273.426733] __kmalloc_track_caller+0x2ec/0x790 [ 273.431597] ? snd_pcm_common_ioctl+0xe4e/0x1da0 [ 273.436525] ? rcu_read_lock_sched_held+0x110/0x130 [ 273.441581] ? kmem_cache_alloc_trace+0x623/0x790 [ 273.446431] ? snd_pcm_common_ioctl+0xe70/0x1da0 [ 273.448131] FAULT_INJECTION: forcing a failure. [ 273.448131] name failslab, interval 1, probability 0, space 0, times 0 [ 273.451194] memdup_user+0x26/0xa0 [ 273.451209] snd_pcm_common_ioctl+0xe70/0x1da0 [ 273.451223] ? snd_pcm_status_user+0x140/0x140 [ 273.451235] ? __might_sleep+0x93/0xb0 [ 273.451244] ? __fget+0x210/0x370 [ 273.451262] snd_pcm_ioctl+0x73/0xb0 [ 273.486376] ? snd_pcm_common_ioctl+0x1da0/0x1da0 [ 273.491224] do_vfs_ioctl+0x7ae/0x1060 [ 273.495107] ? selinux_file_mprotect+0x5d0/0x5d0 [ 273.499856] ? lock_downgrade+0x740/0x740 [ 273.503999] ? ioctl_preallocate+0x1c0/0x1c0 [ 273.508424] ? __fget+0x237/0x370 [ 273.511880] ? security_file_ioctl+0x89/0xb0 [ 273.516285] SyS_ioctl+0x8f/0xc0 [ 273.519645] ? do_vfs_ioctl+0x1060/0x1060 [ 273.523795] do_syscall_64+0x1e8/0x640 [ 273.527674] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 273.532539] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 273.537807] RIP: 0033:0x459ef9 [ 273.541006] RSP: 002b:00007fabccef4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.549320] RAX: ffffffffffffffda RBX: 00007fabccef4c90 RCX: 0000000000459ef9 [ 273.556726] RDX: 0000000020000580 RSI: 00000000c1004110 RDI: 0000000000000003 [ 273.564009] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 273.571276] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fabccef56d4 [ 273.578574] R13: 00000000004c14bd R14: 00000000004d4c80 R15: 0000000000000006 [ 273.585874] CPU: 0 PID: 14931 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 273.593084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.602449] Call Trace: [ 273.605053] dump_stack+0x138/0x197 [ 273.608844] should_fail.cold+0x10f/0x159 [ 273.613001] should_failslab+0xdb/0x130 [ 273.616994] kmem_cache_alloc+0x47/0x780 [ 273.621067] ? __lock_is_held+0xb6/0x140 21:29:54 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000180)={0x2, {0x2, 0x7fffffff, 0x627, 0x2}}) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:54 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(r7, 0x29, 0x2d, &(0x7f0000000200)={0x1, {{0xa, 0x4e22, 0x7, @local, 0x3077b34a}}}, 0x88) [ 273.625146] ? check_preemption_disabled+0x3c/0x250 [ 273.630179] dst_alloc+0xf3/0x1a0 [ 273.633653] rt_dst_alloc+0x73/0x440 [ 273.637398] ip_route_output_key_hash_rcu+0x731/0x2750 [ 273.642777] ? check_preemption_disabled+0x3c/0x250 [ 273.648002] ip_route_output_key_hash+0x1c0/0x2e0 [ 273.652856] ? ip_route_output_key_hash_rcu+0x2750/0x2750 [ 273.658432] ? raw_sendmsg+0x573/0x2450 [ 273.662422] ip_route_output_flow+0x27/0xa0 [ 273.666745] raw_sendmsg+0x87b/0x2450 [ 273.670554] ? dst_output+0x140/0x140 [ 273.674367] ? avc_has_perm_noaudit+0x420/0x420 [ 273.679055] ? process_measurement+0x58a/0xb80 [ 273.683725] ? process_measurement+0x58a/0xb80 [ 273.688326] ? sock_has_perm+0x1ed/0x280 [ 273.692412] ? save_trace+0x290/0x290 [ 273.696222] ? __lock_is_held+0xb6/0x140 [ 273.700417] inet_sendmsg+0x122/0x500 [ 273.704213] ? inet_recvmsg+0x500/0x500 [ 273.708183] sock_sendmsg+0xce/0x110 [ 273.711899] kernel_sendmsg+0x44/0x50 [ 273.715702] sock_no_sendpage+0x107/0x130 [ 273.719850] ? sock_kzfree_s+0x50/0x50 [ 273.723738] ? mark_held_locks+0xb1/0x100 [ 273.727915] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 273.733043] inet_sendpage+0x3b8/0x580 [ 273.736965] kernel_sendpage+0x92/0xf0 [ 273.740865] ? inet_sendmsg+0x500/0x500 [ 273.744852] sock_sendpage+0x8b/0xc0 [ 273.748615] ? kernel_sendpage+0xf0/0xf0 [ 273.752824] pipe_to_sendpage+0x242/0x340 [ 273.756968] ? direct_splice_actor+0x190/0x190 [ 273.761550] ? anon_pipe_buf_release+0x174/0x220 [ 273.766309] __splice_from_pipe+0x348/0x780 [ 273.770639] ? direct_splice_actor+0x190/0x190 [ 273.775346] ? direct_splice_actor+0x190/0x190 [ 273.780047] splice_from_pipe+0xf0/0x150 [ 273.784109] ? splice_shrink_spd+0xb0/0xb0 [ 273.788446] ? security_file_permission+0x89/0x1f0 [ 273.793367] generic_splice_sendpage+0x3c/0x50 [ 273.797945] ? splice_from_pipe+0x150/0x150 [ 273.802288] SyS_splice+0xd92/0x1430 [ 273.806009] ? __sb_end_write+0xc1/0x100 [ 273.810094] ? compat_SyS_vmsplice+0x250/0x250 [ 273.814767] ? do_syscall_64+0x53/0x640 [ 273.818853] ? compat_SyS_vmsplice+0x250/0x250 [ 273.823442] do_syscall_64+0x1e8/0x640 [ 273.827425] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 273.832526] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 273.837709] RIP: 0033:0x459ef9 [ 273.840893] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 273.848729] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 273.856128] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 273.863612] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 273.870880] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 21:29:54 executing program 2 (fault-call:4 fault-nth:2): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:54 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x20000000000, 0x0) prctl$PR_CAP_AMBIENT(0x2f, 0x1, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 273.878270] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:54 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 21:29:54 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x8) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) sendmsg$nfc_llcp(r1, &(0x7f0000000540)={&(0x7f00000001c0)={0x27, 0x0, 0x2, 0x1, 0x6, 0x3, "6fbde08fbe73d6c80eaa3107039e22e7f4ec0996f0050986b9e680ee772579f2b83e3bf8893fd4fa32a9e28054f3d57bfcdd215d5c1170143cf20912866060", 0x10}, 0x60, &(0x7f0000000500)=[{&(0x7f0000000240)="9418cae5c18f3cf9f32ef6c5b5b6d48fcc11a998ac7296948f3e5a0ef7348a1cf45126fe9b53fe3a6266c83cec37cba31f4a712debd7bb3edd971a31f7bdb8f4f6c21d1bce4be3fb5b36bd25048ad7ec54865bd5c06d9f8fc0110c166270ad3684a08754db948fd0325ccec474548cb93176793cbc6e1e4b6cdf8c1fb85e6f27fd5a7c65b6345a3c2cc35d", 0x8b}, {&(0x7f0000000140)="8af56ca49c6d762d37260262e111f9a2b2c5d470e2c9edc657c1263b9e88728d772ddfd266fb405571b3", 0x2a}, {&(0x7f0000000300)="65e3dd7a9db909a7923c22db8dc846f790a0df7a8ada98aae4371779ef219429225fd8df4afc7d1210148b7e0faf661767ac67c1fea7bf1f7271710164b6c9c0dcc908abdc6600bf8dfbcab94188bc781d9ec07ce894b3c6aaba329ff635fabaca344d2ce9a1bd070abb3f4cc943b1d2f4743ec31fec5528b5", 0x79}, {&(0x7f00000004c0)="6072b07254e2ab861ae5ee14a7ab8a9bfb81ec5404b84317658aa490d87c8bd0c9c4009e1a3be2c40582c8c07a45f26571", 0x31}], 0x4, &(0x7f00000005c0)={0xf8, 0x115, 0x5, "f0e9a5b81aa02c5fdaf358132138ccfb3d742e19bff78c36336a563822c7e3f33a1c5d460c3b277877979129f1d4f89a6a64a2308fbc6071974c93db200a8dc68479b57e7ee5bcbc88cbddcd50065f8a980fa4ab5c111e66615c6a46b123cf8bc1fa05269dbc65e75d6f1c261ffb0345383d7fa9b9944277faf72e635045d8d143d0fa2162db79148fffd0f4cdc4c1c6495ca179af2147bb15274adee62e3b2e4bdb5a77b45f8587c7d0c88087b79aba96c3c88ffb3e8174b0b43ca40e1bafc049f737d60817ab059e57be1812c1d02592aedb8e72e3c5ae46ecbd0c7b468938d59b"}, 0xf8, 0x8011}, 0x20000880) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r4, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r5 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) setsockopt$TIPC_IMPORTANCE(r5, 0x10f, 0x7f, &(0x7f0000000040)=0x5, 0x4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r6, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x7, 0x0, "daf2c82ef0aaa7fc37bd440c2ea6599e24d66405bb48bcfa98288ee8607032d55e3c40d11ab81fef5bb7f7d17e688c345d496f6975ffe9d2ff6bb2e38910798fc7454ae92070dbaa7e5e92da22101700"}, 0xd8) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000ad7000)={0x1, &(0x7f0000acbff8)=[{0x6, 0x0, 0x0, 0x6}]}, 0x10) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) sendto$inet6(r6, 0x0, 0x0, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000000000)="80", 0x1, 0x0, 0x0, 0x0) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x8}, 0x294) close(r6) ioctl(r5, 0xc1004110, &(0x7f0000000580)) setsockopt$IP6T_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x29, 0x41, &(0x7f00000000c0)=ANY=[@ANYBLOB="7365637572697479000000000000000000000000000000000000000000000000050000000000000000000000008000000000000000000000000044335f9a0000000000000000000000000000000000000000000000000000000000000000187b00"/120], 0x78) ioctl$int_out(0xffffffffffffffff, 0x5460, &(0x7f0000000000)) 21:29:54 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = getpid() sched_setattr(r3, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$cont(0x18, r3, 0x4, 0x74f) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:54 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x8, 0x7}) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000200)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec940658e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6ba397f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9edaced8739ba00"}}, 0x110) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) r4 = creat(&(0x7f00000010c0)='./file1\x00', 0x8a) ioctl(r4, 0x7ec, &(0x7f0000001100)="48bcc8ab3b00009b962632c78a0a1cddbfd222b8f45bea7bd7188a4fae50ca917b2cd7cb50988c06d1df8df25f485027f24a263d93d9f64771337d91c0d36be1c959ac71b504267e001d1ad1051e80923aed481eece0a4d8c39a2851c3e1") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={r2, 0x28, &(0x7f0000000400)}, 0x10) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x300, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000640)={0x11, 0x11, r9, 0x1, 0x9, 0x6, @link_local}, 0xfffffe1c) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r11 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r10, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dcac13b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b981376c88569f93e77d0bc762bc8764e847ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff699b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b118fb3ac06879c84e322122784fe00c44b292dce26da8813d107826cc09291f8ec178d2b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a0f6061cea882ab8976464d0d850c2431bbc9722f143485161db80c7bffc80b96d2ae355024c418e3a58d18559714e30a06c7ac137f59e9fb4051bd5f01e03990f2a0c524b843c073ceaf852a393930f17aa6ed9e97437e8d41c68b174c441918638406ca29d7b0338f71da8f1c2d477d4b3fafb2bbdaf49a9504f7fba4bcbd959e529879137d6a38a7d6b36e0d2573544bdb50ce8540badcebd1477de5157afbe410fd7dd230add50071b8393d2df3f33803e7cbf2bdfd150e4f87d62b6d7ddf68349402fe25659ae400a1f7fd442f6cd9b22acbbbedfaec61e4"], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x0) r12 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r12, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r13, 0x0) sendmsg$nl_route(r5, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)=@can_newroute={0x7c, 0x18, 0x300, 0x70bd2a, 0x25dfdbfd, {0x1d, 0x1, 0x8}, [@CGW_SRC_IF={0x8, 0x9, r10}, @CGW_MOD_XOR={0x18, 0x3, {{{0x3, 0x0, 0x1}, 0x5, 0x0, 0x0, 0x0, "7ed579f9832b8b0a"}, 0x4}}, @CGW_MOD_AND={0x18, 0x1, {{{0x4, 0x1, 0x0, 0x1}, 0x7f, 0x2, 0x0, 0x0, "39d6b9f433e1d609"}, 0x4}}, @CGW_MOD_OR={0x18, 0x2, {{{0x1, 0x0, 0x1}, 0x4, 0x0, 0x0, 0x0, "b16f5f635be7867f"}, 0x2}}, @CGW_MOD_UID={0x8, 0xe, r13}, @CGW_LIM_HOPS={0x8, 0xd, 0x8}, @CGW_LIM_HOPS={0x8, 0xd, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000000) ioctl$BINDER_SET_MAX_THREADS(r5, 0x40046205, &(0x7f0000000180)=0x5198648d) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x4e22, 0x0, @dev}, r7}}, 0x48) r14 = openat$zero(0xffffffffffffff9c, &(0x7f0000000340)='/dev/zero\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r14, 0x4058534c, &(0x7f0000000380)={0x2, 0x1f, 0xffff, 0xc20e, 0x3, 0x40}) ioctl$FITRIM(r6, 0xc0185879, &(0x7f0000000140)={0x0, 0x6, 0x9}) ioctl$BLKTRACESTART(r5, 0x1274, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f0000000100)={@my=0x0}) 21:29:54 executing program 2: pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) ioctl$BLKFRASET(r0, 0x1264, &(0x7f0000000000)=0xe) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x803, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl(r3, 0x800000c1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:54 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) write$cgroup_pid(r5, 0x0, 0x0) r6 = getpgrp(0x0) waitid(0x0, r6, &(0x7f00000002c0), 0x5, 0x0) ptrace$getregs(0xe, r6, 0x9, &(0x7f00000001c0)=""/68) r7 = getpgid(r6) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/ip_vs_stats_percpu\x00') ioctl$sock_SIOCGPGRP(r8, 0x8904, &(0x7f0000000000)=0x0) r10 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000500)='./cg\xab.\xc4\xd0\xcex\x177\x84\x0e\x95q\xd7\xf7d\xd2\x1di\x04\x18\xa9\xe5%\x12Z\xfdH\xd2\x8cp\xcc\xc4=\'\x00\xab\x1d\x99\x03\x91Kt\x98Q\x8eB\x92\x02p\xc8\\6\x86T\xb1\xfa\xaf\x8c\x8b\x94\xa5\xa2\x8aU\x14&\xab\x9c%\xd0>|\xbc\xe0\xab\xdd\xdd\x93\xf9q\x19\x86F\xd7Y\x19\v\x13\x17\xc0\x1brd.\x17\xad\xd5\x00$\x01\x87\x96\xd3XA\xb3\xb7\x81\xcd6\xd3\xe2\x8e\x8c\xd0\xf4y\xc5\x1e2\xd25\xdc\x0f\xd9\x8f~\'\xe2\xc9mCmA~\x0e\xfch\x94<(\xd3f\xbd\xc3\x91\x017L\x14X\xaf\x99\x90\x8bv\x9b#|z\x9a\x99\xaf\xbd\xb7{qJ>\"\x90\xc8\b\xc6~\rN\x16\xa5\xde\x98\xb3\xb2\xb5\xees]$\x12\xfb\xd1\n\xd5\xbe\xe4\xc4\xfd\x8c\x9e\xa6\x86WQ\xae\xaf\xf8(,\xff#\xe8|f\xcb\xaa\x1e,\xfc\xfa\xefI\x9d=$\x14\x8aI\x85_\xa6\n6\xabZ\xc5N\xa6\x1c\x8c\xd4\xf8z\xcd\\\x98gq\xc8\'\xd3\xb5\xb7\x98s\xd8\x9e}\xbbS\x98\xdc\xfa\xd1\x9b\xdcW\xaa\xe6{q\xae\xfc\b\xf1\xc4\xd9R#<\x1e\x1d2}!\xc1\xfd\xbdS\r\x8a\x11P(\xf5\xdf\xde\xde\x03g\'\x8b\xab7\\\n\x9e\xa8\xe2\x80@\x9f]\x1f,\x88\xfc\xc5\xad\x94\x00V\x8a-\xfbH\xd4\xa4\x9f\xda\x8e\x93\xc0\xbd\xd9qV}B{\xc3\xc6oT\xa9!3\xa9\xe3\x98\x99$d\xec\x9c5\xdd\xea', 0x200002, 0x0) r11 = openat$cgroup_ro(r10, &(0x7f0000000240)='cpuset.memory_pressure\x00', 0x0, 0x0) r12 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r13 = inotify_init1(0x0) r14 = gettid() fcntl$setown(r13, 0x8, r14) r15 = getpid() r16 = socket(0xa, 0x3, 0x8) r17 = syz_open_dev$amidi(&(0x7f0000000340)='/dev/amidi#\x00', 0x9c4, 0x70000) ioctl$sock_inet_SIOCSIFFLAGS(r16, 0x89a2, &(0x7f0000000180)={'bridge0\x00\x00\x01\x00', 0x4}) write$RDMA_USER_CM_CMD_CREATE_ID(r17, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}}}, 0x20) sendmsg$key(r16, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0) r19 = gettid() waitid(0x83b895581628fca4, r19, &(0x7f00000007c0), 0x8, &(0x7f0000000480)) sendmsg$key(r16, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYPTR64=&(0x7f0000000640)=ANY=[@ANYRES64, @ANYRESHEX=r18, @ANYRESDEC=r19]], 0xfffffffffffffe56}}, 0x20004850) r20 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r21 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x0) r22 = dup2(r21, r20) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r22, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r22, 0xc08c5334, &(0x7f0000000200)) r23 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r23) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @tid=r23}, 0x0) kcmp(r23, r23, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r23, 0x0, 0x0) r24 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2}, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r23, r24, 0x0, 0xc, &(0x7f0000000180)='/dev/amidi#\x00', r25}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={r19, r22, 0x0, 0xd, &(0x7f0000001880)='bond_slave_0\x00', r25}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r25}, 0xc) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={r25}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r15, 0xffffffffffffffff, 0x0, 0x5, &(0x7f0000000000)='comm\x00', r25}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={r25}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r14, 0xffffffffffffffff, 0x0, 0xe, &(0x7f0000000000)='ppp0eth1]*em0\x00', r25}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r12, 0x0, 0xd, &(0x7f0000000080)='trusted\\#&>#\x00', r25}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r11, 0x0, 0x13, &(0x7f0000000280)='em1{bdevbdevvmnet1\x00', r25}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={r9, r8, 0x0, 0x17, &(0x7f0000000040)='net/ip_vs_stats_percpu\x00', r25}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r7, r5, 0x0, 0x24, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', r25}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={r25}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, r2, 0x0, 0x18, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', r25}, 0x30) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000100)={r26}, 0xc) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:54 executing program 4 (fault-call:9 fault-nth:52): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 274.253425] FAULT_INJECTION: forcing a failure. [ 274.253425] name failslab, interval 1, probability 0, space 0, times 0 [ 274.262453] bridge0: port 3(gretap0) entered blocking state [ 274.265050] CPU: 1 PID: 14978 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 274.275365] bridge0: port 3(gretap0) entered disabled state [ 274.278009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 274.278015] Call Trace: [ 274.278037] dump_stack+0x138/0x197 [ 274.278056] should_fail.cold+0x10f/0x159 [ 274.278072] should_failslab+0xdb/0x130 [ 274.278086] kmem_cache_alloc_node+0x287/0x780 [ 274.278096] ? __kmalloc_node_track_caller+0x51/0x80 [ 274.278115] __alloc_skb+0x9c/0x500 [ 274.294488] ? skb_scrub_packet+0x4b0/0x4b0 [ 274.294503] sock_wmalloc+0xae/0xf0 [ 274.294517] __ip_append_data.isra.0+0x196f/0x20c0 [ 274.294528] ? save_trace+0x290/0x290 [ 274.294544] ? raw_destroy+0x30/0x30 [ 274.294555] ? trace_hardirqs_on+0x10/0x10 [ 274.294569] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 274.294578] ? find_held_lock+0x35/0x130 [ 274.294586] ? raw_destroy+0x30/0x30 [ 274.294596] ip_append_data.part.0+0xde/0x150 [ 274.294607] ? raw_destroy+0x30/0x30 [ 274.294623] ip_append_data+0x5b/0x80 [ 274.302229] device gretap0 entered promiscuous mode [ 274.305573] raw_sendmsg+0xe49/0x2450 [ 274.305597] ? dst_output+0x140/0x140 [ 274.305611] ? avc_has_perm_noaudit+0x420/0x420 [ 274.305622] ? __lock_is_held+0xb6/0x140 [ 274.305636] ? save_trace+0x290/0x290 [ 274.311928] bridge0: port 3(gretap0) entered blocking state [ 274.314232] ? trace_hardirqs_on+0x10/0x10 [ 274.314249] ? sock_has_perm+0x1ed/0x280 [ 274.314266] ? save_trace+0x290/0x290 [ 274.314282] ? __lock_is_held+0xb6/0x140 [ 274.314296] inet_sendmsg+0x122/0x500 [ 274.319531] bridge0: port 3(gretap0) entered forwarding state [ 274.323015] ? inet_recvmsg+0x500/0x500 [ 274.323024] sock_sendmsg+0xce/0x110 [ 274.323033] kernel_sendmsg+0x44/0x50 [ 274.323046] sock_no_sendpage+0x107/0x130 [ 274.323054] ? sock_kzfree_s+0x50/0x50 [ 274.323065] ? mark_held_locks+0xb1/0x100 [ 274.331001] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 274.331017] inet_sendpage+0x3b8/0x580 [ 274.331035] kernel_sendpage+0x92/0xf0 [ 274.331042] ? inet_sendmsg+0x500/0x500 [ 274.331053] sock_sendpage+0x8b/0xc0 [ 274.339764] ? kernel_sendpage+0xf0/0xf0 [ 274.339775] pipe_to_sendpage+0x242/0x340 [ 274.339788] ? direct_splice_actor+0x190/0x190 [ 274.339803] ? anon_pipe_buf_release+0x174/0x220 [ 274.339815] __splice_from_pipe+0x348/0x780 [ 274.339825] ? direct_splice_actor+0x190/0x190 [ 274.339839] ? direct_splice_actor+0x190/0x190 [ 274.506521] splice_from_pipe+0xf0/0x150 [ 274.510695] ? splice_shrink_spd+0xb0/0xb0 [ 274.515067] ? security_file_permission+0x89/0x1f0 [ 274.520006] generic_splice_sendpage+0x3c/0x50 [ 274.524586] ? splice_from_pipe+0x150/0x150 [ 274.529108] SyS_splice+0xd92/0x1430 [ 274.532820] ? __sb_end_write+0xc1/0x100 [ 274.536983] ? compat_SyS_vmsplice+0x250/0x250 [ 274.541553] ? do_syscall_64+0x53/0x640 [ 274.545532] ? compat_SyS_vmsplice+0x250/0x250 [ 274.550120] do_syscall_64+0x1e8/0x640 [ 274.554016] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 274.558885] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 274.564062] RIP: 0033:0x459ef9 [ 274.567243] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 274.574971] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 274.582250] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 274.589522] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 274.596779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 21:29:55 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sequencer\x00', 0x0, 0x0) 21:29:55 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") [ 274.604038] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:55 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, r2) keyctl$get_security(0x11, r2, &(0x7f00000000c0)=""/180, 0xb4) r3 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)) 21:29:55 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x2, 0x103000) getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000300), &(0x7f0000000340)=0x4) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r3 = syz_open_dev$sndpcmc(0x0, 0x0, 0x288802) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$getsig(0x4202, r5, 0x400, &(0x7f0000000380)) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r6, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_udp_int(r4, 0x11, 0xb, &(0x7f0000000000)=0x400, 0x4) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000000)=[{&(0x7f00000000c0)}], 0x1, 0x2) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r9}}, 0x18) ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0xffff0908, 0xa, 0x3, "755f684b9d569e6d10cad94ad6a931e90f6e45a047aa546126763d996c868dcb", 0x50424752}) 21:29:55 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x50002800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, r3, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, 0x0, 0x4107, 0x0, {0x1c, 0x18, {0x7fff, @bearer=@l2={'eth', 0x3a, 'team_slave_0\x00'}}}}, ["", "", "", ""]}, 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x40000) 21:29:55 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x1, 0x8000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000000)="cae1b4ab42491c1efa9223c5f3756a1b044d7df49c9ea5d9e2f0ddf29a7fc4f03edefea6c3ac5a11607e16d14874a556df91865886f2b2de77810e856b84884e2f3f0700000000000000") 21:29:55 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) write$apparmor_exec(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB='stack d/pcmC#D#c\x00'], 0x18) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) r2 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x2) ioctl(r2, 0xc1004110, &(0x7f0000000580)) 21:29:55 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$TIOCLINUX3(r0, 0x541c, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:55 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$P9_RWALK(r0, &(0x7f00000000c0)={0x4a, 0x6f, 0x1, {0x5, [{0x2c, 0x2, 0x1}, {0x3, 0x4, 0x6}, {0x80, 0x0, 0x5}, {0x80, 0x1, 0x7}, {0x2, 0x3, 0x8}]}}, 0x4a) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) fsetxattr(r4, &(0x7f0000000000)=@known='system.posix_acl_default\x00', &(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x12, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r6 = socket$inet6(0xa, 0x2, 0x0) r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) setsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f0000000180)=0x2, 0x4) setsockopt$inet6_int(r6, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f00000005c0)={0x1, {{0xa, 0x4e23, 0x1, @remote, 0x400}}, 0x1, 0x7, [{{0xa, 0x4e24, 0x8, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1eb3}}, {{0xa, 0x4e20, 0x5, @mcast2, 0x6}}, {{0xa, 0x4e24, 0x8, @local, 0x3}}, {{0xa, 0x4e20, 0x3, @mcast1, 0x3}}, {{0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}, {{0xa, 0x4e23, 0x0, @ipv4={[], [], @local}, 0x5}}, {{0xa, 0x4e23, 0x1000000, @empty, 0xfffffff9}}]}, 0x410) 21:29:55 executing program 4 (fault-call:9 fault-nth:53): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:29:55 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x3e, 0xfa00, {r1, 0x89, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d816e6d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e015047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:55 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x40222, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 275.136364] FAULT_INJECTION: forcing a failure. [ 275.136364] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 275.148206] CPU: 0 PID: 15028 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 275.155224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.164587] Call Trace: [ 275.164610] dump_stack+0x138/0x197 [ 275.164629] should_fail.cold+0x10f/0x159 [ 275.164646] __alloc_pages_nodemask+0x1d6/0x7a0 [ 275.164660] ? __alloc_pages_slowpath+0x2930/0x2930 [ 275.164680] cache_grow_begin+0x80/0x400 [ 275.164693] kmem_cache_alloc_node_trace+0x697/0x770 [ 275.164710] __kmalloc_node_track_caller+0x3d/0x80 [ 275.170928] __kmalloc_reserve.isra.0+0x40/0xe0 [ 275.170941] __alloc_skb+0xcf/0x500 [ 275.170952] ? skb_scrub_packet+0x4b0/0x4b0 [ 275.170968] sock_wmalloc+0xae/0xf0 [ 275.170981] __ip_append_data.isra.0+0x196f/0x20c0 [ 275.170991] ? save_trace+0x290/0x290 [ 275.171006] ? raw_destroy+0x30/0x30 [ 275.171016] ? trace_hardirqs_on+0x10/0x10 [ 275.231875] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 275.237588] ? find_held_lock+0x35/0x130 [ 275.241659] ? raw_destroy+0x30/0x30 [ 275.245384] ip_append_data.part.0+0xde/0x150 [ 275.249904] ? raw_destroy+0x30/0x30 [ 275.253668] ip_append_data+0x5b/0x80 [ 275.257460] raw_sendmsg+0xe49/0x2450 [ 275.261366] ? dst_output+0x140/0x140 [ 275.265156] ? avc_has_perm_noaudit+0x420/0x420 [ 275.269835] ? process_measurement+0x58a/0xb80 [ 275.274535] ? process_measurement+0x58a/0xb80 [ 275.279152] ? sock_has_perm+0x1ed/0x280 [ 275.283208] ? save_trace+0x290/0x290 [ 275.287007] ? __lock_is_held+0xb6/0x140 [ 275.291096] inet_sendmsg+0x122/0x500 [ 275.294913] ? inet_recvmsg+0x500/0x500 [ 275.298884] sock_sendmsg+0xce/0x110 [ 275.302587] kernel_sendmsg+0x44/0x50 [ 275.306378] sock_no_sendpage+0x107/0x130 [ 275.310542] ? sock_kzfree_s+0x50/0x50 [ 275.314627] ? mark_held_locks+0xb1/0x100 [ 275.318783] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 275.323883] inet_sendpage+0x3b8/0x580 [ 275.327809] kernel_sendpage+0x92/0xf0 [ 275.331682] ? inet_sendmsg+0x500/0x500 [ 275.335654] sock_sendpage+0x8b/0xc0 [ 275.339399] ? kernel_sendpage+0xf0/0xf0 [ 275.343450] pipe_to_sendpage+0x242/0x340 [ 275.347591] ? direct_splice_actor+0x190/0x190 [ 275.352182] ? anon_pipe_buf_release+0x174/0x220 [ 275.356927] __splice_from_pipe+0x348/0x780 [ 275.361242] ? direct_splice_actor+0x190/0x190 [ 275.365830] ? direct_splice_actor+0x190/0x190 [ 275.370404] splice_from_pipe+0xf0/0x150 [ 275.374474] ? splice_shrink_spd+0xb0/0xb0 [ 275.378707] ? security_file_permission+0x89/0x1f0 [ 275.383767] generic_splice_sendpage+0x3c/0x50 [ 275.388353] ? splice_from_pipe+0x150/0x150 [ 275.392946] SyS_splice+0xd92/0x1430 [ 275.396657] ? __sb_end_write+0xc1/0x100 [ 275.400714] ? compat_SyS_vmsplice+0x250/0x250 [ 275.405281] ? do_syscall_64+0x53/0x640 [ 275.409264] ? compat_SyS_vmsplice+0x250/0x250 [ 275.413855] do_syscall_64+0x1e8/0x640 [ 275.417751] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 275.422607] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 275.427977] RIP: 0033:0x459ef9 21:29:56 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_mtu(r6, 0x0, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) 21:29:56 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) readahead(r2, 0x3, 0x50b) 21:29:56 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r5 = syz_open_dev$audion(&(0x7f00000002c0)='/dev/audio#\x00', 0xd1, 0x80000) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) write$RDMA_USER_CM_CMD_NOTIFY(r5, &(0x7f0000000300)={0xf, 0x8, 0xfa00, {r7, 0x1}}, 0x10) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8080200}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x88, r4, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x14, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x8001}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x10001}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_NET={0x44, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xfff}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x4040000}, 0x4) r8 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r8, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r9 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r9, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r9, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @remote}, 0xfffffffffffffe8a) lsetxattr$security_capability(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='security.capability\x00', &(0x7f00000003c0)=@v1={0x1000000, [{0x5, 0x63}]}, 0xc, 0x2) connect$vsock_dgram(r9, &(0x7f0000000280)={0x28, 0x0, 0x0, @my=0x0}, 0x10) r10 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r10, 0xc1004110, &(0x7f0000000580)) 21:29:56 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infinibanx/\x01\x80\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) ioctl$KDGKBLED(r3, 0x4b64, &(0x7f0000000000)) 21:29:56 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") [ 275.431154] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 275.438974] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 275.446238] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 275.453505] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 275.460804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 275.468070] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:56 executing program 3: pipe(&(0x7f0000000180)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:56 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0xffffffffffffff5f, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x88, 0xa}}, 0x11d) pipe(&(0x7f0000000180)={0xffffffffffffffff}) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x140400) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) r8 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) write$RDMA_USER_CM_CMD_NOTIFY(r6, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {r9, 0x11}}, 0x10) write$RDMA_USER_CM_CMD_REJECT(r5, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6116ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0xfffffffffffffd3f) 21:29:56 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:56 executing program 3: r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:56 executing program 4 (fault-call:9 fault-nth:54): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:29:56 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) fgetxattr(r0, &(0x7f0000000040)=@known='user.syz\x00', &(0x7f00000000c0)=""/143, 0x8f) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000002c0)={@broadcast, @dev={0xac, 0x14, 0x14, 0x20}, r3}, 0xc) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$TIOCGSID(r6, 0x5429, &(0x7f0000000300)) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) ioctl$KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a2fef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:56 executing program 3: r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") [ 275.942478] FAULT_INJECTION: forcing a failure. [ 275.942478] name failslab, interval 1, probability 0, space 0, times 0 [ 275.953888] CPU: 1 PID: 15078 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 275.960928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.970977] Call Trace: [ 275.973595] dump_stack+0x138/0x197 [ 275.977229] should_fail.cold+0x10f/0x159 [ 275.981533] should_failslab+0xdb/0x130 [ 275.985505] kmem_cache_alloc+0x47/0x780 [ 275.989769] ? __lock_is_held+0xb6/0x140 [ 275.993834] ? check_preemption_disabled+0x3c/0x250 [ 275.998859] dst_alloc+0xf3/0x1a0 [ 276.002465] rt_dst_alloc+0x73/0x440 [ 276.006188] ip_route_output_key_hash_rcu+0x731/0x2750 [ 276.011560] ? check_preemption_disabled+0x3c/0x250 [ 276.016922] ip_route_output_key_hash+0x1c0/0x2e0 [ 276.021798] ? ip_route_output_key_hash_rcu+0x2750/0x2750 [ 276.027331] ? raw_sendmsg+0x573/0x2450 [ 276.031305] ip_route_output_flow+0x27/0xa0 [ 276.035642] raw_sendmsg+0x87b/0x2450 [ 276.039452] ? dst_output+0x140/0x140 [ 276.043408] ? avc_has_perm_noaudit+0x420/0x420 [ 276.048071] ? process_measurement+0x58a/0xb80 [ 276.052655] ? process_measurement+0x58a/0xb80 [ 276.057340] ? sock_has_perm+0x1ed/0x280 [ 276.061392] ? save_trace+0x290/0x290 [ 276.065187] ? __lock_is_held+0xb6/0x140 [ 276.069362] inet_sendmsg+0x122/0x500 [ 276.073180] ? inet_recvmsg+0x500/0x500 [ 276.077360] sock_sendmsg+0xce/0x110 [ 276.081245] kernel_sendmsg+0x44/0x50 [ 276.085040] sock_no_sendpage+0x107/0x130 [ 276.089187] ? sock_kzfree_s+0x50/0x50 [ 276.093075] ? mark_held_locks+0xb1/0x100 [ 276.097223] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 276.102333] inet_sendpage+0x3b8/0x580 [ 276.106378] kernel_sendpage+0x92/0xf0 [ 276.110280] ? inet_sendmsg+0x500/0x500 [ 276.114247] sock_sendpage+0x8b/0xc0 [ 276.117950] ? kernel_sendpage+0xf0/0xf0 [ 276.121999] pipe_to_sendpage+0x242/0x340 [ 276.126135] ? direct_splice_actor+0x190/0x190 [ 276.130709] ? anon_pipe_buf_release+0x174/0x220 [ 276.135455] __splice_from_pipe+0x348/0x780 [ 276.139787] ? direct_splice_actor+0x190/0x190 [ 276.144376] ? direct_splice_actor+0x190/0x190 [ 276.148955] splice_from_pipe+0xf0/0x150 [ 276.153023] ? splice_shrink_spd+0xb0/0xb0 [ 276.157272] ? security_file_permission+0x89/0x1f0 [ 276.162199] generic_splice_sendpage+0x3c/0x50 [ 276.166793] ? splice_from_pipe+0x150/0x150 [ 276.171103] SyS_splice+0xd92/0x1430 [ 276.174818] ? __sb_end_write+0xc1/0x100 [ 276.178870] ? compat_SyS_vmsplice+0x250/0x250 [ 276.183468] ? do_syscall_64+0x53/0x640 [ 276.187437] ? compat_SyS_vmsplice+0x250/0x250 [ 276.192017] do_syscall_64+0x1e8/0x640 [ 276.195906] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 276.200758] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 276.205959] RIP: 0033:0x459ef9 [ 276.209134] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 276.216841] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 276.224112] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 276.231399] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 276.238863] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 276.246148] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 [ 276.260218] net_ratelimit: 16 callbacks suppressed [ 276.260223] protocol 88fb is buggy, dev hsr_slave_0 [ 276.270340] protocol 88fb is buggy, dev hsr_slave_1 21:29:57 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) 21:29:57 executing program 3: r0 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") [ 276.320116] protocol 88fb is buggy, dev hsr_slave_0 [ 276.325262] protocol 88fb is buggy, dev hsr_slave_1 [ 276.330428] protocol 88fb is buggy, dev hsr_slave_0 [ 276.337011] protocol 88fb is buggy, dev hsr_slave_1 [ 276.342195] protocol 88fb is buggy, dev hsr_slave_0 [ 276.347282] protocol 88fb is buggy, dev hsr_slave_1 21:29:57 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pamC#D#c\x00', 0x3f, 0x300380) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:57 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:57 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000000000003409000000000000060000000000000097080000000000009b090000000000"]) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1) socket$inet(0x2, 0x4000000805, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x1, 0x183c00) ioctl(r5, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r8}}, 0x18) setsockopt$bt_BT_FLUSHABLE(r6, 0x112, 0x8, &(0x7f0000000040)=0x6, 0x4) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r5, 0x84, 0x4, &(0x7f0000000000)=0x5, 0x4) r9 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r9, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r10 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r10, 0xc1004110, &(0x7f0000000580)) 21:29:57 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) write$P9_RMKNOD(r3, &(0x7f0000000000)={0x14, 0x13, 0x1, {0x0, 0x2, 0x4}}, 0x14) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:57 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:57 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:57 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:57 executing program 4 (fault-call:9 fault-nth:55): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 276.650136] protocol 88fb is buggy, dev hsr_slave_0 [ 276.655299] protocol 88fb is buggy, dev hsr_slave_1 21:29:57 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='wp.g\x00', 0x301000, 0x0) sendmsg$alg(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000000c0)="7384a2f091452903e1ac8aea9b446037014fcb9036704cdff94a37c6ab85c112c721c0cd67c0fd90d88a40312e027cb639da1eb81486778150a9f5c0ae9e8fbb198a370caf840a14b838d0108a56ba0f9b28daef0136907ffa306fc06cfdcfbc9117233e06cf667b77db04bf7d969cfd381b8fceb2fcdfc987e212317f0c21c421999e4ad220eb83ef34de748ff4b4d0789f748c29a24ef6853f87b5c5897198748f4ae2e49a5e814ee6585e32", 0xad}], 0x1, &(0x7f00000005c0)=[@iv={0x1018, 0x117, 0x2, 0x1000, "b426dffc0daa52b36d1056731e9e36b7eedc6d6be2ad656f31ef3775dce7f8e0bf35d3f134fc7e7a95c213ac9a124c1985c39bb9f6d5a385539f713b99360d8f93bfcc5eebb1506f34e6b2614da00b3e8b1c30f135381a4caa5e35b81409691e840114972ed6fd25508f8a04382a3bc793b496c1e57d747dd1f03b7d40147a6ec82ae9125415225b86d9311a7701301bb6eb9abf02258068bc5581de83176410f760870834b2418aec00347c073e70a8398b0de070ea8b19d805ff5e65cfdab853af8d69ffac720fa97903fb0f5d5f36fd0c48ab625bd54b3e737d714a9d18a7fbf9b96cf4bc3e9e36ec6edfe24efef06d83878436f301bad42beac4080a318242e0f12e49a90bbc03eb72417289eeeb28c1d327ab1e63c504d2a269467917732981f0d892e71bd9bce117205e3239ab7a380186ff1709adb7136a27405908e640b09dbbe1dc2db471c9c0d55ee25238c917fb549ec93f7f347d990c9bfbf6104ea01f5e5b4bb01dfd432d58e34142a32372a7cce86a75fd013cf3a2226c9e679179e55f9351fecdacfaddf7065673aa6ddeedb91137e71f75c520edef0fbce22c66ed3af88e4366c123e22f5208ba54a23d8a8beae03d2c2531606b7e570901deaad8edd9ba2252c55ec712268690a71f13ac1d428aeda43dabf6ba35ea7b174a8383cafc0c5096f9dc02388ad5d425567f03ce252d8d4f298da77e7a0a28eef2a313067e6662c226d2fba7561f2d6f8911476da624aeca3a99876f7a8e18bd9d24a09dae8e30954511f3678be01862464a6c74c8c7c59069b196e798fda7c6d51c86f80b3f9fbe724184029cd0a4eacada0f1e09c7358ce7e24a6f5a2969065fa81308fff17dad8f8bf0b8abd1b2e5edbb0b010cc0bae10c35b90a40db2102d9f664dbc867e40ac015e88eb46f86242b2d32db3536d7516c1e36762e14e5066a393cd86a62a71b0527276e8dfa4e48fe5c57227313daedc5f7dcf738bb263f55b7d4b861e8058ebcb0359895b91e9db5756bbe6a4e38f44201db0826a1f458d10826013364e6737e6fc66dbb65053103e54386f07c740dec7bbb864fefe6cc86dd88378167b77a4f5d0aafbceab3627aff8484f10a803ac82631607730d7811f167b471a193457443d9597ccd9c516c9e6d003f884d96f08c2833e04a487135bffb761300666fc7dd790793597ee154a5da0bceb0df974e95d068c0ccd52e6cbbc0858c8148438775924bdf8481492c832cfbf2762b6817f31f53731c245db66dd949ee8289a77c32355173d7a879b3adb7d63f3d1149c1e2a3d29e8bc55c6d4c8e813b863eb481b2df39559804dae1d658edba2aae1dc999f34c269840b9de81ebbb26d2331d730f250bf387b5f49b2fd83bc23d6e507cab05257043421b0179bd4fe0f681ce4ef20f9e25e994b6136bfc138391b845b399e5cb57d78483298f01f3b1433e33631cfaa0e8e0a43880911687318be93ddabafc88807c6ec910d52ed5e3e145d46988f3857e707d8f794cc33bdd107bd72023af7ca8248f110994cb1cc10491ad34c0bfa0e14d9c9dd935fcedc8ebd568f8924560a835e86e0b95d641f234dcf2046e5045cac3a3cdcf81229af7d76dfbed2ffc89f4c1105b2b669d07d4e58f8fc937399801749248b25d3525d65aeb803285a0bed15e5405cb8c0d388a3929086dea22dd9f98ca71fa0e4e7f2dbeeefd22b669c4dbec387ac57316d8ecc1f5771678957df931b6af859f320c77327053d0ceafd919a597d384016d94c2407e1a61cb23e07c78b584ddd49770a35e6ba8903259727f743a0b59b73982c9be0368a83600ceab0cbc0478ef013924fef21a82e0dc6e3c9b5499940dec9ca5b1e4c508de0485e422663a107781057ac7708a04774985ef9db5fa900bbcd6721b87b3be1c9a8b32f887af4f5dcd3a1488556074e07914afdfaa650bb1b964f444637a5ec93d412f537c000e03de1552aa488984678467b8c84bb5bf2745943c8b1ce24fc679795781127ce98866dc80127c700be17b19e249e5d7f8bdc358264cbaa35dbb9d3418503fa8ab9597dbf969c067ae3e42f3aa64c7372dba93cb0075f27662b50239595d35550df26f195f083a1d6a25cc089a1d9f6d0d6ed9109ef0e9fc96161013b0b22f5b814bd79cc1e38a4ffd059dc27c41c512d16c65d2f6d212fd6b6f6bbf0a844f2be1b2a4e3ad67cbcd029b722766ebb68a86549a380b681c6529a7ecdfe5e28fffb96c49beda141251700e0384c9364d67a3cdc7720c0c85bf7c04157f6f8453d9669c2f40682a513b4d93e7e252b77ba12e51418e8d52bbb87d6f91520544083af61248eaf0dd723e255b51cdbd8e1c8cd53cd9b206a87ea21277fd02d82657b502726312b4b8524d15ef4311add6921c11b49527d111cfb130bb925c577ee7cf0df59b9c340ba5b345a31c4579f0be4b3e81d78a10d66bd4d5fe740db74e3286c840558ba26e61df966f4ef6fa79b850bb9afa43fede87f34493cddd8d3c6641ca4284bf7b7a711c7236d4f17204c7eae79e8461c5eaebf82a1fe32d5b36b3cf211feb8381d5cf45b3c534479b32ff149f089b81a592ded24598097b691d8b3c19c851017a8bbbed33c98106858dc613f116f10bff582e742c93fe7ffd7ebb2b4c4b3e6ad077a525f1d57684e3a99fad90902ee8fe6b92f9615e6282ef0ecbf4903f8a768d7f6d3ea959ddcdfd59edac38d2beee9cd5a27b0c39d145f013c83cf466425489772273295bfddc909e20f7c0cf58d53e3c6c0059a07a761a2585e169eefeb9b0267244a1b9d0323c01d3e370c75a9fd09786048c82e43b98e600bc4f0ca73a24695fe04c5a563cd60303f1ae0de49216cf50b1a61fd896880cf6a1e922677a667b5e93d4bfbda02763046f0f9d9aaafc362dded80f6aed41b1ad63707f6a7dcb96528a267d138d92227de189b4eaebf9844c31fab5fe8da4d087fd170e11ea99dfa0490811a0a388f88a989af2e8e0025478420343ed31b8a4e9476fc8b3b2ef79982b89ba666ab1b2919c87a22e353cf37510855d84711932c581603573cc50ca389594e375c97e958952492a6785de99e486e68639c3b08d59a70872818902bf3712891fbe9a7c3d8b7bfacbe84e510f36ae873ecb6d60e4779783e00fb0ff9f67b9a44182cd3d95d6a432bb7d7c0c7beeffb4331bd586443cd9f5b9b25b6d52d5bb5fde5091c9b572e5e918cebdd2a30b6268395d3e632dc816740110994a690c6690e931767d2a2918568e5a489c262c9f5f671c151f0f321254ab29deb6a1e96371e444d4edfffcebf557f98b44277b2888aa7adadbc4a93621df409d5a6b63e29149acf8f75d214398014200c921c2f4ecc5ff2ddfff4a44eb1fa2546a8360fa88d8455f36709fc0d5e42a89addb61c24b6ce7b1917571b2bc7335b01b0c3928d5b9952fb418476489fbc7296f3f9c8e3dae5edee709d1a31aaa3bd2019a871840779cbf4176a14ace098e80d1312353b6778fbc193758c7b73926c8c606252873fdc3bf06f0920827a2c90e2c9298d90816d471dbf98a66d3bd220aeb69ba88598201093f73e065bca4a85f211fdde1e5212440b581e2774c3b6d4825052634ce6605fdcc941588d5cce64ed5b67966071b5f5babf30b92f755380a7f1e6ade592fa94816f2f2a2e9bf3afa763ca665f6562fedcaeebc4be89c822de4a417b782eed750dddfc657341671575cab1d0a0279e03505edff0a660f8ba88c27c5a7b49a661690d45e59d275caae8a885248f9e3c59700e3e400304051f6200055984f5eea79d41f56fb67a76f2f34674e33dec44749f03c156e62abd650f91f78a4afde41e7d761a26c95f38a3e2689ec9a6c2da945643ace011371cc7dfa795cad1e1cd2417ebac3e079e57e63bc3b16ba86087edce1dc71f24dab7f19c855282dcc8de04317654bd3914b32f0a4cfe0911e8345b186891af8e84e3dbb0e582256f1a3cb907e30fded333479ce576ba3ad6389d366d2342ba968e57dd5de4d702da799e89ce182a73e4e74c134865e0e1f0164f53f8c43dcf86c9c0aa85d4be8064446f7e9a33dc4a564b74a64d0f0168fe0e02d3a8e95e63a5844bfbbc05901bde333f05d5f2ef65588b04827dea8b7151ec0bf8525c2f6b2f50c44715073ebc42d4ec8a3970dcfd96839dba62d9b38ee32ba39b64e8d4588dab834b99aa859df7d8bcd3e97217fad7fb4bcaf82cc04657a9f0c11e721b68d8c4847e4b197746562a18cefc5f3fb93e54e0b6a496c3b980a05de73b6f06d8053af95896fe553ec742b3822e539410bee14c4de5964e365cc2b6cc74ce908667dcd1d449b3be83118ab32972827d3d8f276cf0eec21bbd8de716fe4d7d708b52659fd4fc48c9427ab3748da67744c435c31f39a78672688347c0bb4867be98afb708fbcae30e657a1127e24a36cb999ad14eb3bb82b2ddd276887ad6b85a510d0c20f7f69f724d4e5f6dde9de942ecc074e93857239bf18c9428fac505ab1fdaac0cac73639770034b818c6882865d0622006babe06e9e21a4d2c93924349b875fa67b05a4542bbdd1a1b079614d479af4c0f8164a7a25c595db0c32c963be5ad0b5d38c74863b8ffe0b59cf6357b98f356e6d27d03d07e5928488dc3aa043be447342b6aaef47af6f47fb2931dfbd527b2ded9f0ae1932b0bb65286f0a97a3a7c465cdedc21983340e134438ef559e5a080b43de77c6445eb1f0a6c1f638f75abee4c97838ded9f5b0b2de9fabb7729a94bda97aeb471a302a043ab6e96699fecb5bbbffa094e30614cf1319d25f8ac63e71248c8ed204daf6c404bdbe55a1d7dacff993ea721f70f30905ee6972d8455a9056eb1da4986ec96da02dfa4d87a1852471c2f25766a2a1df712f079900727bf541253458887539e7951a6510d27c6cd85406960d3e291236cfc156f8ae6fc05f48b060c5339bfa5499ad7c4f3cce5f07dfea7665959059bb1fe222fbc4a5f5233be17e5d7289bf75eb5ffcf870a547c8475668d80dbd11dbdf9b93837c75bffd61c6a38d373520aace3fd8a6c68d5c7c69724a8d96ce7dfa0c59eea807686463e899f2278422302ffa65ff7cd1d6a1fccceb42dd38f5dba1b6aacd8a1e3566292e25b3c0d8dfc43479cefd2c1b12202e2d9eded7bb45685cf963f7e554aeb3a9a520e306511e72ec1bfc2248cd47e3730c5064cfeab01d8dfc3c81975818a6e9ac1b4fc35080d0d7e0dce71ea932329a64e37f454fcfa793c5147a4d99b9951f9ce8e97a9be2ae6665fd18828470f22893720b9bf99ae36e9b01c3febde767a8807f246334a6a0cfa2557677d9706f4fc93fd545bb2a69e4232ddc48467b51d48a09a98f3ed81ff61b6aa420a68560bc5965688e923a92760e03c5cd5aa0ac02764e304af25ae9a56e22d54c0966ed7047a7195f6a41503830d3144246129cdde11114a6e6f48f31169285c45502c59d2b310dab2774e7cd163fe1987028cd8469d0cbb126613e697560af096e55799193dd2a3ec7cd5f76c797bad243cde0fa2ecba8118876ba90bbf40bab9d19148197673a764a6f21b7250b51b092c55327517416b92e9ca0c45fe26588f2070d6051d4ea19b90143af678c9469a94defdc15402a997579c3d25abe8b043c5515511f3d7ddc80b0a1c170484c9348b2e226a522441076e06ee81c596775d698b7513c7af133e427bfa6ae0bd84ebd2400c62ad6e47da474981a021d7b53f9cbafc3a77c610021e0b791151303b493128ab1e19dcdf103cc22278063149849c778f0091c5b6e640491b976c51b83bbd"}], 0x1018, 0x40}, 0x4) ioctl$PPPIOCSACTIVE(r2, 0x40107446, &(0x7f0000000280)={0x4, &(0x7f0000000240)=[{0x8, 0xfa, 0x20, 0x1}, {0xffe1, 0x81, 0x3, 0x9}, {0x9, 0x6, 0x4, 0x9}, {0x6bce, 0x6, 0x7a, 0x80}]}) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:57 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") [ 276.753187] FAULT_INJECTION: forcing a failure. [ 276.753187] name failslab, interval 1, probability 0, space 0, times 0 [ 276.765451] CPU: 1 PID: 15127 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 276.772627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.781985] Call Trace: [ 276.784598] dump_stack+0x138/0x197 [ 276.788243] should_fail.cold+0x10f/0x159 [ 276.792418] should_failslab+0xdb/0x130 [ 276.796403] kmem_cache_alloc+0x47/0x780 [ 276.800478] ? __lock_is_held+0xb6/0x140 [ 276.804586] ? check_preemption_disabled+0x3c/0x250 [ 276.809621] dst_alloc+0xf3/0x1a0 [ 276.813089] rt_dst_alloc+0x73/0x440 [ 276.816811] ip_route_output_key_hash_rcu+0x731/0x2750 [ 276.822200] ? check_preemption_disabled+0x3c/0x250 [ 276.827377] ip_route_output_key_hash+0x1c0/0x2e0 [ 276.832335] ? ip_route_output_key_hash_rcu+0x2750/0x2750 [ 276.838078] ? raw_sendmsg+0x573/0x2450 [ 276.842064] ip_route_output_flow+0x27/0xa0 [ 276.846384] raw_sendmsg+0x87b/0x2450 [ 276.850463] ? dst_output+0x140/0x140 [ 276.854451] ? avc_has_perm_noaudit+0x420/0x420 [ 276.859117] ? process_measurement+0x58a/0xb80 [ 276.863794] ? process_measurement+0x58a/0xb80 [ 276.868379] ? sock_has_perm+0x1ed/0x280 [ 276.872449] ? save_trace+0x290/0x290 [ 276.876365] ? __lock_is_held+0xb6/0x140 [ 276.880432] inet_sendmsg+0x122/0x500 [ 276.884237] ? inet_recvmsg+0x500/0x500 [ 276.888211] sock_sendmsg+0xce/0x110 [ 276.891939] kernel_sendmsg+0x44/0x50 [ 276.895749] sock_no_sendpage+0x107/0x130 [ 276.900088] ? sock_kzfree_s+0x50/0x50 [ 276.903995] ? mark_held_locks+0xb1/0x100 [ 276.908286] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 276.913396] inet_sendpage+0x3b8/0x580 [ 276.917397] kernel_sendpage+0x92/0xf0 [ 276.921281] ? inet_sendmsg+0x500/0x500 [ 276.925264] sock_sendpage+0x8b/0xc0 [ 276.928974] ? kernel_sendpage+0xf0/0xf0 [ 276.933032] pipe_to_sendpage+0x242/0x340 [ 276.937181] ? direct_splice_actor+0x190/0x190 [ 276.941766] ? anon_pipe_buf_release+0x174/0x220 [ 276.946517] __splice_from_pipe+0x348/0x780 [ 276.950837] ? direct_splice_actor+0x190/0x190 [ 276.955414] ? direct_splice_actor+0x190/0x190 [ 276.959990] splice_from_pipe+0xf0/0x150 [ 276.964044] ? splice_shrink_spd+0xb0/0xb0 [ 276.968272] ? security_file_permission+0x89/0x1f0 [ 276.973211] generic_splice_sendpage+0x3c/0x50 [ 276.977789] ? splice_from_pipe+0x150/0x150 [ 276.982122] SyS_splice+0xd92/0x1430 [ 276.985828] ? __sb_end_write+0xc1/0x100 [ 276.989894] ? compat_SyS_vmsplice+0x250/0x250 [ 276.994488] ? do_syscall_64+0x53/0x640 [ 276.998587] ? compat_SyS_vmsplice+0x250/0x250 [ 277.003226] do_syscall_64+0x1e8/0x640 [ 277.007108] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 277.012073] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 277.017418] RIP: 0033:0x459ef9 [ 277.020699] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 277.028417] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 277.035701] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 277.042962] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 277.050229] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 277.057648] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:57 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:57 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x0, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000000000000000") 21:29:57 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dedmaN\x01\x01\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:57 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, 0x0) 21:29:58 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) io_setup(0x4, &(0x7f00000004c0)=0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) io_submit(r2, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x1, 0x0, r1, &(0x7f0000000000)="98", 0x3e80000000, 0x40000000}]) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) socket$inet(0x2, 0x4000000805, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r5, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r6 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)) 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, 0x0) 21:29:58 executing program 5: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x201, 0x0) ioctl$KVM_GET_TSC_KHZ(r0, 0xaea3) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r2, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:58 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) geteuid() ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000000c0)="6b9df33ba1a0a0bf1c95f5fcfb49cd87d1ebddf1cf195bcd3fac490ed0da0d6fa48c5c343904158cb1055a5bf352dc2f0df5c5352942df390d9334125c2c3492023214f2d839dd509f9e010c7a1931745a", 0x51, r3) 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, 0x0) 21:29:58 executing program 4 (fault-call:9 fault-nth:56): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:29:58 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=0x0, &(0x7f0000000040)=0x4) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f00000000c0)={r6, 0x3f}, 0x8) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) ioctl$TUNSETPERSIST(r7, 0x400454cb, 0x1) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem\x00', 0x82, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)) [ 277.604572] FAULT_INJECTION: forcing a failure. [ 277.604572] name failslab, interval 1, probability 0, space 0, times 0 [ 277.616258] CPU: 0 PID: 15176 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 277.623423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 277.632786] Call Trace: [ 277.635507] dump_stack+0x138/0x197 [ 277.639251] should_fail.cold+0x10f/0x159 [ 277.643411] should_failslab+0xdb/0x130 [ 277.647552] kmem_cache_alloc_node_trace+0x280/0x770 [ 277.652672] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 277.658140] __kmalloc_node_track_caller+0x3d/0x80 [ 277.663192] __kmalloc_reserve.isra.0+0x40/0xe0 [ 277.667899] __alloc_skb+0xcf/0x500 [ 277.671564] ? skb_scrub_packet+0x4b0/0x4b0 [ 277.676008] sock_wmalloc+0xae/0xf0 [ 277.679780] __ip_append_data.isra.0+0x196f/0x20c0 [ 277.684709] ? save_trace+0x290/0x290 [ 277.688515] ? raw_destroy+0x30/0x30 [ 277.692251] ? trace_hardirqs_on+0x10/0x10 [ 277.696541] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 277.702244] ? find_held_lock+0x35/0x130 [ 277.706293] ? raw_destroy+0x30/0x30 [ 277.709999] ip_append_data.part.0+0xde/0x150 [ 277.714539] ? raw_destroy+0x30/0x30 [ 277.718240] ip_append_data+0x5b/0x80 [ 277.722029] raw_sendmsg+0xe49/0x2450 [ 277.725843] ? dst_output+0x140/0x140 [ 277.729628] ? avc_has_perm_noaudit+0x420/0x420 [ 277.734293] ? process_measurement+0x58a/0xb80 [ 277.738867] ? process_measurement+0x58a/0xb80 [ 277.743481] ? sock_has_perm+0x1ed/0x280 [ 277.747566] ? save_trace+0x290/0x290 [ 277.751491] ? __lock_is_held+0xb6/0x140 [ 277.755554] inet_sendmsg+0x122/0x500 [ 277.759502] ? inet_recvmsg+0x500/0x500 [ 277.763481] sock_sendmsg+0xce/0x110 [ 277.767298] kernel_sendmsg+0x44/0x50 [ 277.771125] sock_no_sendpage+0x107/0x130 [ 277.775356] ? sock_kzfree_s+0x50/0x50 [ 277.779450] ? mark_held_locks+0xb1/0x100 [ 277.783717] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 277.788869] inet_sendpage+0x3b8/0x580 [ 277.792772] kernel_sendpage+0x92/0xf0 [ 277.796659] ? inet_sendmsg+0x500/0x500 [ 277.800737] sock_sendpage+0x8b/0xc0 [ 277.804461] ? kernel_sendpage+0xf0/0xf0 [ 277.808515] pipe_to_sendpage+0x242/0x340 [ 277.812677] ? direct_splice_actor+0x190/0x190 [ 277.817291] ? anon_pipe_buf_release+0x174/0x220 [ 277.822041] __splice_from_pipe+0x348/0x780 [ 277.826473] ? direct_splice_actor+0x190/0x190 [ 277.831069] ? direct_splice_actor+0x190/0x190 [ 277.835652] splice_from_pipe+0xf0/0x150 [ 277.839865] ? splice_shrink_spd+0xb0/0xb0 [ 277.844234] ? security_file_permission+0x89/0x1f0 [ 277.849177] generic_splice_sendpage+0x3c/0x50 [ 277.853763] ? splice_from_pipe+0x150/0x150 [ 277.858086] SyS_splice+0xd92/0x1430 [ 277.861809] ? __sb_end_write+0xc1/0x100 [ 277.865870] ? compat_SyS_vmsplice+0x250/0x250 [ 277.870585] ? do_syscall_64+0x53/0x640 [ 277.874567] ? compat_SyS_vmsplice+0x250/0x250 [ 277.879149] do_syscall_64+0x1e8/0x640 [ 277.883053] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 277.887906] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 277.893092] RIP: 0033:0x459ef9 [ 277.896277] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 277.903996] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 277.911278] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 277.918547] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 277.925813] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 277.933105] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:58 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 21:29:58 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$EVIOCGKEYCODE_V2(r3, 0x80284504, &(0x7f0000000280)=""/162) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) ppoll(&(0x7f0000000040)=[{r1, 0x601}], 0x1, &(0x7f00000000c0)={0x0, 0x1c9c380}, &(0x7f0000000100)={0x1}, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r4, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:58 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r0, 0x110, 0x3) r1 = socket$inet(0x2, 0x4000000805, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000040)={0x0, 0x200}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000100)={0x40, 0x2, 0x2, 0x2, r3}, 0x10) socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000200)="da797523ea73cfdfab4ed238bf4d4421375332ea8f9f966355590dab0abbb0e985b113d2a71133be1bbde63ad4fadc6f54fdd9d94d99927ba41a62fe9bf37095892d37060b8c97ca1b3dcd205ac79e7496839b1dde9fb5393a52dbadf92259cac96038e2e6caacc5decff97655a2f4de6e9b623c3d03de5b54348f3a8010868079d33b65cc14ebcb5bebbeb23f", 0x8d, 0x0, &(0x7f00000001c0)={0x2, 0x0, @broadcast}, 0x10) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x4, 0x0) ioctl$KDGETLED(r4, 0x4b31, &(0x7f0000000180)) fsetxattr$trusted_overlay_nlink(r1, &(0x7f00000002c0)='trusted.overlay.nlink\x00', &(0x7f0000000300)={'L-', 0x3}, 0x28, 0x1) r5 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)) 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)) 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)) 21:29:58 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) syz_mount_image$msdos(&(0x7f0000000280)='msdos\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000880)=[{&(0x7f0000000300)="39d75fc9e1e052ef21dde94147268da12b0c9dcd9aa50f03f5a15edb70720e6b938975d48173e72d0e28e9fd3cb3a25460191be3c03fd2fa4d98c883cb509589c7319b9fd92708eed4d65db1d65ab87c8515c01603a99d78eb29c28ae34a50b4d6c95001f9838bdad85b6b9b0819bafc2b7fac386a5701cae711a5b788c4093472b24962b17e1bd05d7dd5d80f66eaaabf1a66408a68de26b9f99b92fd168049f7309c10e8cb289e86595131410a29da90f8d33d23f9a0124154ac9f3c481c5f7f6edeb6df49647bb1cf278cebcf1116a67af64bf753d3fcec9d6994", 0xdc, 0x4}, {&(0x7f0000000400)="23a6bdc00c0695064710175d0d99159d2660ec98e1fcd0d97fab7330ad2f51b24e5970f9e19118e3fe6c4a47656629b5005ab429b0e1f2895e07b2fe15687de35926466f406a23378b66f9910003a44b33467d65cf8f47f744e6c4c947c804f1b2d4e72430829010fdd53bc6394d4d0c17e36d1594ca96a3da4b4f33a9632901e3e5048658ee9a34f508aa57053ec4fbae93d9f5c3dcf9df239e6cd758254d82a329", 0xa2, 0xfffffffffffffe00}, {&(0x7f00000004c0)="fc65597d4a1f409d1e3bdf185a010eceb1a743dc9859d02d4d9213ffb9941d60bd8c4e8fab31c57334b6561a4f5423800b5ca97ca3f54284d5ba231f8bc12005cec63a6b3ded801084c57e", 0x4b, 0x7}, {&(0x7f00000007c0)="a242a2d44b46064c921d29e964cba86b6413f2fc801b393b3607335d984a02f08f5cd2562eda46892ab89e77f87f986a2b87cd3ea9ba2edca5769ce3330447b9cf2c678c8602540a9a631d489a7a50526fb19a0418f5bcdc51e86795d8653b6ab1817452d112b75978d1667db9d3e39f9e8f6ee50c4c4e9a17f9dc98b117ff10ad16eef8365d3672b3d7eb00d8f05e", 0x8f, 0xaf}], 0x40, &(0x7f0000000900)={[{@fat=@debug='debug'}, {@fat=@quiet='quiet'}, {@dots='dots'}, {@dots='dots'}], [{@fsuuid={'fsuuid', 0x3d, {[0x31, 0x31, 0x33, 0x0, 0x3, 0x65, 0x37, 0x37], 0x2d, [0x65, 0x31, 0x30, 0x66], 0x2d, [0x33, 0x90d6448ad69335b9, 0x36, 0x30], 0x2d, [0x35, 0x0, 0x31, 0x37], 0x2d, [0x62, 0x66, 0x63, 0x35, 0x66, 0x37, 0x63, 0x32]}}}, {@dont_measure='dont_measure'}, {@smackfstransmute={'smackfstransmute', 0x3d, '/dev/infiniband/rDma_cm\x00'}}]}) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000040)) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r5, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r6 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f00000000c0)='fou\x01') ioctl(r6, 0xc1004110, &(0x7f0000000580)) 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06") 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06") 21:29:58 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06") [ 278.174757] FAT-fs (loop0): Unrecognized mount option "fsuuid=113" or missing value 21:29:59 executing program 4 (fault-call:9 fault-nth:57): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:29:59 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23000000") 21:29:59 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 278.425526] FAULT_INJECTION: forcing a failure. [ 278.425526] name failslab, interval 1, probability 0, space 0, times 0 [ 278.437127] CPU: 0 PID: 15223 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 278.444145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.453683] Call Trace: [ 278.456362] dump_stack+0x138/0x197 [ 278.459994] should_fail.cold+0x10f/0x159 [ 278.464230] should_failslab+0xdb/0x130 [ 278.468200] kmem_cache_alloc_node+0x287/0x780 [ 278.472813] ? __kmalloc_node_track_caller+0x51/0x80 [ 278.477928] __alloc_skb+0x9c/0x500 [ 278.481764] ? skb_scrub_packet+0x4b0/0x4b0 [ 278.486211] sock_wmalloc+0xae/0xf0 [ 278.489853] __ip_append_data.isra.0+0x196f/0x20c0 [ 278.494935] ? save_trace+0x290/0x290 [ 278.498873] ? raw_destroy+0x30/0x30 [ 278.502590] ? trace_hardirqs_on+0x10/0x10 [ 278.506818] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 278.512655] ? find_held_lock+0x35/0x130 [ 278.516736] ? raw_destroy+0x30/0x30 [ 278.520454] ip_append_data.part.0+0xde/0x150 [ 278.524963] ? raw_destroy+0x30/0x30 [ 278.528784] ip_append_data+0x5b/0x80 [ 278.532885] raw_sendmsg+0xe49/0x2450 [ 278.536886] ? dst_output+0x140/0x140 [ 278.540848] ? avc_has_perm_noaudit+0x420/0x420 [ 278.545682] ? __lock_acquire+0x5f7/0x4620 [ 278.550020] ? __lock_is_held+0xb6/0x140 [ 278.554447] ? sock_has_perm+0x1ed/0x280 [ 278.558825] ? save_trace+0x290/0x290 [ 278.562623] ? __lock_is_held+0xb6/0x140 [ 278.567166] inet_sendmsg+0x122/0x500 [ 278.571109] ? inet_recvmsg+0x500/0x500 [ 278.575253] sock_sendmsg+0xce/0x110 [ 278.579145] kernel_sendmsg+0x44/0x50 [ 278.583791] sock_no_sendpage+0x107/0x130 [ 278.588253] ? sock_kzfree_s+0x50/0x50 [ 278.592244] ? mark_held_locks+0xb1/0x100 [ 278.596411] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 278.601612] inet_sendpage+0x3b8/0x580 [ 278.605504] kernel_sendpage+0x92/0xf0 [ 278.609537] ? inet_sendmsg+0x500/0x500 [ 278.613531] sock_sendpage+0x8b/0xc0 [ 278.617239] ? kernel_sendpage+0xf0/0xf0 [ 278.621297] pipe_to_sendpage+0x242/0x340 [ 278.625443] ? direct_splice_actor+0x190/0x190 [ 278.630041] ? anon_pipe_buf_release+0x174/0x220 [ 278.634819] __splice_from_pipe+0x348/0x780 [ 278.639237] ? direct_splice_actor+0x190/0x190 [ 278.643820] ? direct_splice_actor+0x190/0x190 [ 278.648416] splice_from_pipe+0xf0/0x150 [ 278.652611] ? splice_shrink_spd+0xb0/0xb0 [ 278.656859] ? security_file_permission+0x89/0x1f0 [ 278.663308] generic_splice_sendpage+0x3c/0x50 [ 278.668148] ? splice_from_pipe+0x150/0x150 [ 278.672482] SyS_splice+0xd92/0x1430 [ 278.676208] ? __sb_end_write+0xc1/0x100 [ 278.680283] ? compat_SyS_vmsplice+0x250/0x250 [ 278.684920] ? do_syscall_64+0x53/0x640 [ 278.688907] ? compat_SyS_vmsplice+0x250/0x250 [ 278.693489] do_syscall_64+0x1e8/0x640 [ 278.697478] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 278.702471] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 278.707788] RIP: 0033:0x459ef9 [ 278.710970] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 278.718726] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 278.725990] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 278.733255] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 278.740531] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 278.747967] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:29:59 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) openat$ion(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ion\x00', 0x0, 0x0) 21:29:59 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b7") 21:29:59 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) write$UHID_SET_REPORT_REPLY(r0, &(0x7f00000000c0)={0xe, 0x7, 0x1, 0x3f, 0xc5, "14ff4feb8efbd83afe098e96000b5a8341a46ad19d5749b3a73a73d0748ce16a9bc4ee367cd0d3b1045fc68aa42468cf6b51adad5f5173f53331f70a661e6cf27b7c26a927f4f5f6d442bbf3aca959dac7e043346e761193b9608f195d285d73479ae6d2f3724a8e9d7f73e56c82edaccd209dd813b012cc0d1a07fe04f0f67846920faf7dfa91befd4d7ce0daba4a3a22bd6d784df8a67c444e33f7276d890c01e78052fa48c8d895ce34cbc40a1bfde4b365d18efbc71e9f2c0674d64924b610764c3323"}, 0xd1) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:29:59 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000480)={0x9, 0x108, 0xfa00, {r1, 0x0, "731702", "4e5963d2c8dd546b7aa758bb3e10dbb39db5a8f600b78c9d4d81726d09e73e62ae97f70bc763eb523840e85d3b180bd158d189ab69670f3e014047174a18ef272b26e8e249d9420e51bc0a73d75a3f564ecc92cd7ede35ec942b644c00b751d9282e266ccdceadc0d1a6ed6316ea682a5c52549c8f5cb75e6b95a7e1139f790441be62b61378ac0e5e9d4dd268bae93d4e78c34dadb813951ec94065ccb2287aa2a3928e00911d1eba1a251b6796e24fb90edc0ea6e5ed63a57a1967ce34cafe01d5db6bb797f48f2d7004b20c17a8009fe6bcf2be4fbe440c74a6138114528ede4ad7806f42caf7d20dd7dba1d8edcd876625af573750d48da9ed8ced8739ba"}}, 0x110) 21:29:59 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b7") [ 278.949433] FAT-fs (loop0): Unrecognized mount option "fsuuid=113" or missing value 21:29:59 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x1, 0x2) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x48681004}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r2, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x30, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x10}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x4000) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r3, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) getsockopt(r3, 0x5, 0x1f80000, &(0x7f0000000000)=""/67, &(0x7f00000000c0)=0x43) r4 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x20, &(0x7f0000000100)=0x5, 0x4) sendto$inet(r4, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r5 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)) 21:29:59 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r2, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x0, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="14ffffff81100100070000dba0e2fafff06cf4e0fa000000"], &(0x7f0000000040)='syzkaller\x00', 0xffffffff, 0x63, &(0x7f00000000c0)=""/99, 0x41100, 0x1, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x2, 0x1, 0x3, 0x8000}, 0x10}, 0x70) ioctl(r3, 0x40c100410c, &(0x7f0000000280)="33c5d66231b0aa60846217539ee5e1740cb88682c980f1f48bbf0c37e4860cf65892e5519dbb186f8d00131569c64e3369f88960e733c98b") 21:29:59 executing program 5 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:29:59 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b7") [ 279.090512] FAULT_INJECTION: forcing a failure. [ 279.090512] name failslab, interval 1, probability 0, space 0, times 0 [ 279.124987] CPU: 1 PID: 15257 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 279.132047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.141405] Call Trace: [ 279.143997] dump_stack+0x138/0x197 [ 279.147621] should_fail.cold+0x10f/0x159 [ 279.151769] should_failslab+0xdb/0x130 [ 279.155765] __kmalloc+0x2f0/0x7a0 [ 279.159343] ? __sb_end_write+0xc1/0x100 [ 279.163422] ? strnlen_user+0x12f/0x1a0 [ 279.167396] ? SyS_memfd_create+0xba/0x3a0 [ 279.171649] SyS_memfd_create+0xba/0x3a0 [ 279.175706] ? shmem_fcntl+0x130/0x130 [ 279.179609] ? do_syscall_64+0x53/0x640 [ 279.183599] ? shmem_fcntl+0x130/0x130 [ 279.187489] do_syscall_64+0x1e8/0x640 [ 279.191363] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.196372] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 279.201563] RIP: 0033:0x459ef9 [ 279.204758] RSP: 002b:00007f4e83a16a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 279.212469] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 279.219726] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 279.226983] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 21:30:00 executing program 4 (fault-call:9 fault-nth:58): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:00 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x2, 0x200000) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000040)=0xffffffff) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x420441, 0x0) ioctl$GIO_FONTX(r2, 0x4b6b, &(0x7f0000000100)=""/60) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) lsetxattr$trusted_overlay_redirect(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='trusted.overlay.redirect\x00', &(0x7f0000000280)='./file0\x00', 0x8, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) read$eventfd(r0, &(0x7f00000002c0), 0x8) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/d\xfe4\x00\x00nfinib\x18\xab\x13q+\xcfE\xa1_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) fcntl$addseals(r5, 0x409, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:00 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 279.234433] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4e83a176d4 [ 279.241690] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 279.342751] FAULT_INJECTION: forcing a failure. [ 279.342751] name failslab, interval 1, probability 0, space 0, times 0 [ 279.357411] CPU: 0 PID: 15272 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 279.364617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.373984] Call Trace: [ 279.374004] dump_stack+0x138/0x197 [ 279.380253] should_fail.cold+0x10f/0x159 [ 279.380270] should_failslab+0xdb/0x130 [ 279.380283] kmem_cache_alloc_node_trace+0x280/0x770 [ 279.380296] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 279.380310] __kmalloc_node_track_caller+0x3d/0x80 [ 279.380322] __kmalloc_reserve.isra.0+0x40/0xe0 [ 279.408868] __alloc_skb+0xcf/0x500 [ 279.412489] ? skb_scrub_packet+0x4b0/0x4b0 [ 279.416813] sock_wmalloc+0xae/0xf0 [ 279.420461] __ip_append_data.isra.0+0x196f/0x20c0 [ 279.425392] ? save_trace+0x290/0x290 [ 279.429183] ? raw_destroy+0x30/0x30 [ 279.432889] ? trace_hardirqs_on+0x10/0x10 [ 279.437262] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 279.443587] ? find_held_lock+0x35/0x130 [ 279.448004] ? raw_destroy+0x30/0x30 [ 279.451748] ip_append_data.part.0+0xde/0x150 [ 279.456253] ? raw_destroy+0x30/0x30 [ 279.459951] ip_append_data+0x5b/0x80 [ 279.463779] raw_sendmsg+0xe49/0x2450 [ 279.467571] ? dst_output+0x140/0x140 [ 279.471360] ? avc_has_perm_noaudit+0x420/0x420 [ 279.476014] ? process_measurement+0x58a/0xb80 [ 279.480579] ? process_measurement+0x58a/0xb80 [ 279.485146] ? sock_has_perm+0x1ed/0x280 [ 279.489192] ? save_trace+0x290/0x290 [ 279.493160] ? __lock_is_held+0xb6/0x140 [ 279.497232] inet_sendmsg+0x122/0x500 [ 279.501024] ? inet_recvmsg+0x500/0x500 [ 279.504989] sock_sendmsg+0xce/0x110 [ 279.508698] kernel_sendmsg+0x44/0x50 [ 279.512486] sock_no_sendpage+0x107/0x130 [ 279.516617] ? sock_kzfree_s+0x50/0x50 [ 279.520487] ? mark_held_locks+0xb1/0x100 [ 279.524636] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 279.529743] inet_sendpage+0x3b8/0x580 [ 279.533635] kernel_sendpage+0x92/0xf0 [ 279.537506] ? inet_sendmsg+0x500/0x500 [ 279.541478] sock_sendpage+0x8b/0xc0 [ 279.545445] ? kernel_sendpage+0xf0/0xf0 [ 279.549691] pipe_to_sendpage+0x242/0x340 [ 279.553858] ? direct_splice_actor+0x190/0x190 [ 279.558521] ? anon_pipe_buf_release+0x174/0x220 [ 279.563443] __splice_from_pipe+0x348/0x780 [ 279.567757] ? direct_splice_actor+0x190/0x190 [ 279.572586] ? direct_splice_actor+0x190/0x190 [ 279.577292] splice_from_pipe+0xf0/0x150 [ 279.581368] ? splice_shrink_spd+0xb0/0xb0 [ 279.585884] ? security_file_permission+0x89/0x1f0 [ 279.590822] generic_splice_sendpage+0x3c/0x50 [ 279.595393] ? splice_from_pipe+0x150/0x150 [ 279.599698] SyS_splice+0xd92/0x1430 [ 279.603397] ? __sb_end_write+0xc1/0x100 [ 279.607468] ? compat_SyS_vmsplice+0x250/0x250 [ 279.612037] ? do_syscall_64+0x53/0x640 [ 279.616004] ? compat_SyS_vmsplice+0x250/0x250 [ 279.620693] do_syscall_64+0x1e8/0x640 [ 279.624589] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.629441] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 279.634624] RIP: 0033:0x459ef9 21:30:00 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:00 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x0, 0x24000081, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0xfffffffffffffd9b) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000680)={{{@in=@broadcast, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@initdev}}, &(0x7f0000000540)=0xe8) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x5, 0x6, &(0x7f00000005c0)=[{&(0x7f00000000c0)="1caeea76c275463cd3ecc2eb8a1208db72c06927f47f5c5293818a886a09a63925b94b1d6b19b7e08df1971df06cb1db8df86ad23f5417315442540fcc72a14fcc2b9a2def284c0f3fdb3931fdbe81e5c5dde77d9a0d30f049c01d2efc20733e622ddf638804eea87e75bf971b18469482680bd6dd8683bc2af0b1c5ee6248351ac6eee1c3a92909f079a6df333609c3b4b81aaa98e38fc7157b5f2c365f715742051d16003d3f3fc1641fb7cf8dc30a06babc772a89", 0xb6}, {&(0x7f0000000180)="68098ce57af51a43d6ce210741c93fcfbe329dc88dbc99b823076b783bd8508aec65c5bd9250f189a805f50081ac600302a0ae13d0eff7dc44ad165877c0f68a7d307d66bc101a18645d01e52a49683da0586d882b3c65e93f1ab8b86e8f68f9c8151f4dcfbc003303d2c778d70602c118dfb01c6067527734a04abce563bf3f68415fbf19979cd625bdb2be6df4cce6e4d37dc672c369492faadaa3aed3e83374e16230bdc449169327ee3b605c9c263f58d60ee09a8e3dc8b94d5aff35f1efaeb8b7d822ee8e0ec57527904f4b20dcb0c99d247ad9d0abde02e3c4ea", 0xdd, 0x9}, {&(0x7f0000000280)="829bb7202a8685439e1817e355c249f9337be4a0e8f9738151aca3dd8f82133fd936b50b79b17347f33d3e09d7ed585d68ee803c212bcf73a1b08585886531ad31e6396c8a92693a9647c381b241d745bbdb940f94ff2ad5ca2eea9cd164adf41d3a680b22954a54d0ad33ad2c27414d51e66c6f47035441cc05954d20c0e32fe4beb7c9fa8a8071695fd85957179d19aecaad1235a1ad088aae8d16401f55236050a19560c2576096e19738402a7ab1c42bb11f3f3576da867dfd69f69bef2bb0e985de906b7dc765995dfb3b5054229ae5b9c873e6bb6fc6e8c7a6cc79", 0xde, 0xfc}, {&(0x7f0000000380)="3ef21c265ea08a46af42f52de325f6ca6ae55e17937d0095c8bea8c9f9f7ee41bffd1b115b65c59e3bc6ff36c5511ad04561cd143756942476d89603e98f9177e841e9c8bc2324", 0x47, 0xfffffffffffffc01}, {&(0x7f0000000400)="f9b92ba0510d071e4b4ab22a652b1b491980e4bc8e4c19e9c8db7f1cfb52a7e49ac27d22f20a84dc62d1dcd14fd4c08ef582fe7860db6a67b09465f2467597bfe45c8b9bb7b90dbb426b29423d680b960a0cd55380bd8870eb7e76dad16503bc4abae9", 0x63, 0x4}, {&(0x7f0000000480)="5455182ba22eb4eab290b6ef322613582de542771acf208d6c1569bd9137c1df44167d411aa124efba9ec164231b6716d2c4f84823eb57ce9325105b9d23df9a18bc9b3b5f9276c8a9df857d95def7ac753a483f652ca2b25b8e9fff495f47dfcc53a0d8b4375fb245fc66fbc7088b28f1f8a3d291f092e64f853dc7f65bff0f16caec3f5630a2fdf3538f2da2041166d4cba2ddeb761e32d87774dafc266bd9", 0xa0, 0x7}], 0x9f6e57967c549b2e, &(0x7f0000000780)={[{@noquota='noquota'}, {@barrier_flush='barrier=flush'}, {@usrjquota='usrjquota'}, {@acl='acl'}, {@balloc_test4='block-allocator=test4'}], [{@euid_eq={'euid', 0x3d, r2}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}, {@subj_user={'subj_user', 0x3d, '/dev/snd/pcmC#D#c\x00'}}]}) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000840)) r3 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)) 21:30:00 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b7") 21:30:00 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$EVIOCSABS3F(r0, 0x401845ff, &(0x7f0000000040)={0x408, 0x101, 0x2, 0x53, 0x3, 0x1}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000240)={0x40, 0x6, 0xec, 0x9, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}]}) r4 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:00 executing program 5 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 279.637802] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 279.645642] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 279.653094] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 279.660354] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 279.667765] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 279.675175] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 21:30:00 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b7") [ 279.737890] FAULT_INJECTION: forcing a failure. [ 279.737890] name failslab, interval 1, probability 0, space 0, times 0 [ 279.760717] CPU: 1 PID: 15283 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 279.767779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.777141] Call Trace: [ 279.777165] dump_stack+0x138/0x197 [ 279.777183] should_fail.cold+0x10f/0x159 [ 279.777204] should_failslab+0xdb/0x130 [ 279.787589] kmem_cache_alloc+0x2d7/0x780 [ 279.787604] ? __alloc_fd+0x1d4/0x4a0 [ 279.787623] __d_alloc+0x2d/0x9f0 [ 279.787638] ? lock_downgrade+0x740/0x740 [ 279.807213] d_alloc_pseudo+0x1e/0x30 [ 279.811034] __shmem_file_setup.part.0+0xd8/0x400 [ 279.815903] ? __alloc_fd+0x1d4/0x4a0 [ 279.819726] ? shmem_fill_super+0x8c0/0x8c0 [ 279.824091] SyS_memfd_create+0x1f9/0x3a0 [ 279.828483] ? shmem_fcntl+0x130/0x130 [ 279.832370] ? do_syscall_64+0x53/0x640 [ 279.836407] ? shmem_fcntl+0x130/0x130 [ 279.840431] do_syscall_64+0x1e8/0x640 [ 279.844335] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 279.849211] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 279.854413] RIP: 0033:0x459ef9 [ 279.857613] RSP: 002b:00007f4e83a16a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 279.865339] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 279.872630] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 279.879913] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 21:30:00 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b7") 21:30:00 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b") 21:30:00 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r1 = socket$inet(0x2, 0x4000000805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) write(r1, &(0x7f0000000040)="0d3b9c", 0x3) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000000)='syz0\x00') r3 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) syz_open_dev$sndseq(&(0x7f00000000c0)='/dev/snd/seq\x00', 0x0, 0x1c1200) ioctl(r3, 0xc1004110, &(0x7f0000000580)) [ 279.887206] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4e83a176d4 [ 279.894629] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:00 executing program 4 (fault-call:9 fault-nth:59): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:00 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b") 21:30:00 executing program 5 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 280.134991] FAULT_INJECTION: forcing a failure. [ 280.134991] name failslab, interval 1, probability 0, space 0, times 0 [ 280.146761] CPU: 0 PID: 15314 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 280.153937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 280.163572] Call Trace: [ 280.166276] dump_stack+0x138/0x197 [ 280.169907] should_fail.cold+0x10f/0x159 [ 280.174065] should_failslab+0xdb/0x130 [ 280.178261] kmem_cache_alloc+0x2d7/0x780 [ 280.182510] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 280.185531] FAULT_INJECTION: forcing a failure. [ 280.185531] name failslab, interval 1, probability 0, space 0, times 0 [ 280.188075] ? rcu_read_lock_sched_held+0x110/0x130 [ 280.188088] ? shmem_destroy_callback+0xa0/0xa0 [ 280.188098] shmem_alloc_inode+0x1c/0x50 [ 280.188108] alloc_inode+0x64/0x180 [ 280.188123] new_inode_pseudo+0x19/0xf0 [ 280.221008] new_inode+0x1f/0x40 [ 280.224380] shmem_get_inode+0x75/0x750 [ 280.228369] __shmem_file_setup.part.0+0x111/0x400 [ 280.233318] ? __alloc_fd+0x1d4/0x4a0 [ 280.237150] ? shmem_fill_super+0x8c0/0x8c0 [ 280.241493] SyS_memfd_create+0x1f9/0x3a0 [ 280.245647] ? shmem_fcntl+0x130/0x130 [ 280.249750] ? do_syscall_64+0x53/0x640 [ 280.253878] ? shmem_fcntl+0x130/0x130 [ 280.257783] do_syscall_64+0x1e8/0x640 [ 280.261755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 280.266627] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 280.271843] RIP: 0033:0x459ef9 [ 280.275044] RSP: 002b:00007f4e83a16a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 280.283113] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 280.290576] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 280.298123] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 280.305615] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4e83a176d4 [ 280.312980] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 280.324685] CPU: 1 PID: 15317 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 280.331931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 280.341398] Call Trace: [ 280.344021] dump_stack+0x138/0x197 [ 280.344039] should_fail.cold+0x10f/0x159 [ 280.344055] should_failslab+0xdb/0x130 [ 280.344069] kmem_cache_alloc_node_trace+0x280/0x770 [ 280.344084] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 280.344097] __kmalloc_node_track_caller+0x3d/0x80 [ 280.344112] __kmalloc_reserve.isra.0+0x40/0xe0 [ 280.351976] __alloc_skb+0xcf/0x500 [ 280.351985] ? skb_scrub_packet+0x4b0/0x4b0 [ 280.351999] sock_wmalloc+0xae/0xf0 [ 280.352012] __ip_append_data.isra.0+0x196f/0x20c0 [ 280.352022] ? save_trace+0x290/0x290 [ 280.352039] ? raw_destroy+0x30/0x30 [ 280.403734] ? trace_hardirqs_on+0x10/0x10 [ 280.408076] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 280.413809] ? find_held_lock+0x35/0x130 [ 280.418437] ? raw_destroy+0x30/0x30 [ 280.422648] ip_append_data.part.0+0xde/0x150 [ 280.427296] ? raw_destroy+0x30/0x30 [ 280.431093] ip_append_data+0x5b/0x80 [ 280.435038] raw_sendmsg+0xe49/0x2450 [ 280.438979] ? dst_output+0x140/0x140 [ 280.443367] ? avc_has_perm_noaudit+0x420/0x420 [ 280.448050] ? process_measurement+0x58a/0xb80 [ 280.452630] ? process_measurement+0x58a/0xb80 [ 280.457354] ? sock_has_perm+0x1ed/0x280 [ 280.461450] ? save_trace+0x290/0x290 [ 280.465609] ? __lock_is_held+0xb6/0x140 [ 280.469751] inet_sendmsg+0x122/0x500 [ 280.473640] ? inet_recvmsg+0x500/0x500 [ 280.477722] sock_sendmsg+0xce/0x110 [ 280.481673] kernel_sendmsg+0x44/0x50 [ 280.485493] sock_no_sendpage+0x107/0x130 [ 280.489650] ? sock_kzfree_s+0x50/0x50 [ 280.493772] ? mark_held_locks+0xb1/0x100 [ 280.499424] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 280.504815] inet_sendpage+0x3b8/0x580 [ 280.508984] kernel_sendpage+0x92/0xf0 [ 280.512873] ? inet_sendmsg+0x500/0x500 [ 280.518973] sock_sendpage+0x8b/0xc0 [ 280.526194] ? kernel_sendpage+0xf0/0xf0 [ 280.531416] pipe_to_sendpage+0x242/0x340 [ 280.538704] ? direct_splice_actor+0x190/0x190 [ 280.545429] ? anon_pipe_buf_release+0x174/0x220 [ 280.552129] __splice_from_pipe+0x348/0x780 [ 280.558205] ? direct_splice_actor+0x190/0x190 [ 280.565685] ? direct_splice_actor+0x190/0x190 [ 280.572346] splice_from_pipe+0xf0/0x150 [ 280.579583] ? splice_shrink_spd+0xb0/0xb0 [ 280.585214] ? security_file_permission+0x89/0x1f0 [ 280.592802] generic_splice_sendpage+0x3c/0x50 [ 280.592813] ? splice_from_pipe+0x150/0x150 [ 280.592823] SyS_splice+0xd92/0x1430 [ 280.592832] ? __sb_end_write+0xc1/0x100 [ 280.592852] ? compat_SyS_vmsplice+0x250/0x250 [ 280.592861] ? do_syscall_64+0x53/0x640 21:30:01 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:01 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r2 = syz_open_dev$sndpcmc(0x0, 0x0, 0x52000) ioctl(r2, 0xc1004110, &(0x7f0000000580)) 21:30:01 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b") 21:30:01 executing program 5 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:01 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r5, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000280)={{{@in6, @in=@dev}}, {{@in6=@local}, 0x0, @in=@loopback}}, &(0x7f0000000380)=0xe8) ioctl$SIOCAX25DELUID(r1, 0x89e2, &(0x7f0000000100)={0x3, @null, r5}) lsetxattr$security_capability(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.capability\x00', &(0x7f00000000c0)=@v1={0x1000000, [{0x8, 0xfffffff8}]}, 0xc, 0x1) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 280.592871] ? compat_SyS_vmsplice+0x250/0x250 [ 280.607880] do_syscall_64+0x1e8/0x640 [ 280.607891] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 280.607908] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 280.607916] RIP: 0033:0x459ef9 [ 280.607921] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 280.607932] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 280.607938] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 21:30:01 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 280.607943] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 280.607948] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 280.607956] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 [ 280.644481] FAULT_INJECTION: forcing a failure. [ 280.644481] name failslab, interval 1, probability 0, space 0, times 0 [ 280.725343] CPU: 0 PID: 15327 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 280.732410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 280.741793] Call Trace: [ 280.741816] dump_stack+0x138/0x197 [ 280.741833] should_fail.cold+0x10f/0x159 [ 280.741848] should_failslab+0xdb/0x130 [ 280.741860] kmem_cache_alloc+0x2d7/0x780 [ 280.741869] ? shmem_alloc_inode+0x1c/0x50 [ 280.741879] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 280.741892] selinux_inode_alloc_security+0xb6/0x2a0 [ 280.741903] security_inode_alloc+0x94/0xd0 [ 280.741914] inode_init_always+0x552/0xaf0 [ 280.741925] alloc_inode+0x81/0x180 21:30:01 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r2 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r2, 0xc100410d, &(0x7f0000000580)) [ 280.752437] new_inode_pseudo+0x19/0xf0 [ 280.752448] new_inode+0x1f/0x40 [ 280.752458] shmem_get_inode+0x75/0x750 [ 280.752472] __shmem_file_setup.part.0+0x111/0x400 [ 280.752480] ? __alloc_fd+0x1d4/0x4a0 [ 280.752491] ? shmem_fill_super+0x8c0/0x8c0 [ 280.760653] SyS_memfd_create+0x1f9/0x3a0 [ 280.760665] ? shmem_fcntl+0x130/0x130 [ 280.760676] ? do_syscall_64+0x53/0x640 [ 280.760684] ? shmem_fcntl+0x130/0x130 [ 280.760694] do_syscall_64+0x1e8/0x640 [ 280.760702] ? trace_hardirqs_off_thunk+0x1a/0x1c 21:30:01 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) init_module(&(0x7f0000000240)='{@]wlan1^\x00', 0xa, &(0x7f0000000200)='eth1mime_type(@trustedppp1mime_type\'\x00') fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) sched_setattr(r2, &(0x7f0000000100)={0x30, 0x0, 0x0, 0x7, 0x2, 0x2, 0x0, 0x3}, 0x0) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x0, @loopback}, 0x10) r3 = syz_open_dev$sndpcmc(0x0, 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)) [ 280.760717] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 280.760724] RIP: 0033:0x459ef9 [ 280.760729] RSP: 002b:00007f4e83a16a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 280.760740] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 280.760744] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 280.760752] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 280.830060] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4e83a176d4 21:30:01 executing program 0 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 280.830066] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 280.839663] FAULT_INJECTION: forcing a failure. [ 280.839663] name failslab, interval 1, probability 0, space 0, times 0 [ 280.847670] CPU: 0 PID: 15343 Comm: syz-executor.3 Not tainted 4.14.150 #0 [ 280.912795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 280.922151] Call Trace: [ 280.922169] dump_stack+0x138/0x197 [ 280.922185] should_fail.cold+0x10f/0x159 [ 280.922200] should_failslab+0xdb/0x130 [ 280.922211] kmem_cache_alloc_trace+0x2e9/0x790 [ 280.922230] snd_pcm_common_ioctl+0xe4e/0x1da0 [ 280.922244] ? snd_pcm_status_user+0x140/0x140 [ 280.922256] ? __might_sleep+0x93/0xb0 [ 280.922267] ? __fget+0x210/0x370 [ 280.928737] snd_pcm_ioctl+0x73/0xb0 [ 280.962217] ? snd_pcm_common_ioctl+0x1da0/0x1da0 [ 280.967093] do_vfs_ioctl+0x7ae/0x1060 [ 280.972156] ? selinux_file_mprotect+0x5d0/0x5d0 [ 280.977347] ? lock_downgrade+0x740/0x740 [ 280.979403] FAULT_INJECTION: forcing a failure. [ 280.979403] name failslab, interval 1, probability 0, space 0, times 0 [ 280.981528] ? ioctl_preallocate+0x1c0/0x1c0 [ 280.981540] ? __fget+0x237/0x370 [ 280.981557] ? security_file_ioctl+0x89/0xb0 [ 280.981569] SyS_ioctl+0x8f/0xc0 [ 280.981579] ? do_vfs_ioctl+0x1060/0x1060 [ 280.981599] do_syscall_64+0x1e8/0x640 [ 280.981608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 280.981625] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 280.981633] RIP: 0033:0x459ef9 [ 280.981638] RSP: 002b:00007f423072bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 280.981654] RAX: ffffffffffffffda RBX: 00007f423072bc90 RCX: 0000000000459ef9 [ 281.045608] RDX: 0000000020000200 RSI: 00000000c1004110 RDI: 0000000000000003 [ 281.052898] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 281.060688] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f423072c6d4 [ 281.068338] R13: 00000000004c14bd R14: 00000000004d4c80 R15: 0000000000000004 [ 281.075908] CPU: 1 PID: 15350 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 281.082950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.092579] Call Trace: [ 281.095190] dump_stack+0x138/0x197 [ 281.098854] should_fail.cold+0x10f/0x159 [ 281.103040] should_failslab+0xdb/0x130 [ 281.107049] __kmalloc+0x2f0/0x7a0 [ 281.110611] ? __sb_end_write+0xc1/0x100 [ 281.115309] ? strnlen_user+0x12f/0x1a0 [ 281.119642] ? SyS_memfd_create+0xba/0x3a0 [ 281.124245] SyS_memfd_create+0xba/0x3a0 [ 281.124257] ? shmem_fcntl+0x130/0x130 [ 281.124267] ? do_syscall_64+0x53/0x640 [ 281.124275] ? shmem_fcntl+0x130/0x130 21:30:01 executing program 4 (fault-call:9 fault-nth:60): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:01 executing program 5 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 281.124285] do_syscall_64+0x1e8/0x640 [ 281.124296] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 281.149197] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 281.154405] RIP: 0033:0x459ef9 [ 281.157608] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 281.165464] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 281.172921] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 281.175295] FAULT_INJECTION: forcing a failure. 21:30:01 executing program 3 (fault-call:1 fault-nth:1): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 281.175295] name failslab, interval 1, probability 0, space 0, times 0 [ 281.180352] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 281.180360] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f45235486d4 [ 281.180364] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 281.212843] CPU: 0 PID: 15356 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 281.221319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.230712] Call Trace: [ 281.230735] dump_stack+0x138/0x197 [ 281.230753] should_fail.cold+0x10f/0x159 [ 281.230769] should_failslab+0xdb/0x130 [ 281.230782] kmem_cache_alloc+0x2d7/0x780 [ 281.230797] ? lock_downgrade+0x740/0x740 [ 281.230808] get_empty_filp+0x8c/0x3f0 [ 281.230817] alloc_file+0x23/0x440 [ 281.230829] __shmem_file_setup.part.0+0x1b1/0x400 [ 281.230838] ? __alloc_fd+0x1d4/0x4a0 [ 281.230846] ? shmem_fill_super+0x8c0/0x8c0 [ 281.230863] SyS_memfd_create+0x1f9/0x3a0 [ 281.230873] ? shmem_fcntl+0x130/0x130 [ 281.230885] ? do_syscall_64+0x81/0x640 [ 281.230891] ? shmem_fcntl+0x130/0x130 [ 281.230902] do_syscall_64+0x1e8/0x640 [ 281.282305] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 281.290786] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 281.290796] RIP: 0033:0x459ef9 [ 281.290800] RSP: 002b:00007f4e83a16a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 281.290809] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 281.290814] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 281.290818] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 281.290824] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4e83a176d4 [ 281.290828] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 281.294432] FAULT_INJECTION: forcing a failure. [ 281.294432] name failslab, interval 1, probability 0, space 0, times 0 [ 281.304333] FAULT_INJECTION: forcing a failure. [ 281.304333] name failslab, interval 1, probability 0, space 0, times 0 [ 281.306116] CPU: 0 PID: 15360 Comm: syz-executor.4 Not tainted 4.14.150 #0 [ 281.384434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.394001] Call Trace: [ 281.396629] dump_stack+0x138/0x197 [ 281.400261] should_fail.cold+0x10f/0x159 [ 281.404408] should_failslab+0xdb/0x130 [ 281.408395] kmem_cache_alloc_node+0x287/0x780 [ 281.413007] ? __kmalloc_node_track_caller+0x51/0x80 [ 281.418142] __alloc_skb+0x9c/0x500 [ 281.421790] ? skb_scrub_packet+0x4b0/0x4b0 [ 281.426263] sock_wmalloc+0xae/0xf0 [ 281.429906] __ip_append_data.isra.0+0x196f/0x20c0 [ 281.434845] ? save_trace+0x290/0x290 [ 281.438659] ? raw_destroy+0x30/0x30 [ 281.442623] ? trace_hardirqs_on+0x10/0x10 [ 281.446922] ? __ip_flush_pending_frames.isra.0+0x2d0/0x2d0 [ 281.452658] ? find_held_lock+0x35/0x130 [ 281.456725] ? raw_destroy+0x30/0x30 [ 281.460447] ip_append_data.part.0+0xde/0x150 [ 281.464961] ? raw_destroy+0x30/0x30 [ 281.468687] ip_append_data+0x5b/0x80 [ 281.472520] raw_sendmsg+0xe49/0x2450 [ 281.476574] ? dst_output+0x140/0x140 [ 281.480469] ? avc_has_perm_noaudit+0x420/0x420 [ 281.485143] ? __lock_acquire+0x5f7/0x4620 [ 281.489385] ? __lock_is_held+0xb6/0x140 [ 281.493455] ? sock_has_perm+0x1ed/0x280 [ 281.497682] ? save_trace+0x290/0x290 [ 281.501500] ? __lock_is_held+0xb6/0x140 [ 281.505588] inet_sendmsg+0x122/0x500 [ 281.509392] ? inet_recvmsg+0x500/0x500 [ 281.513511] sock_sendmsg+0xce/0x110 [ 281.517228] kernel_sendmsg+0x44/0x50 [ 281.521030] sock_no_sendpage+0x107/0x130 [ 281.525179] ? sock_kzfree_s+0x50/0x50 [ 281.529082] ? mark_held_locks+0xb1/0x100 [ 281.533380] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 281.538625] inet_sendpage+0x3b8/0x580 [ 281.542528] kernel_sendpage+0x92/0xf0 [ 281.546420] ? inet_sendmsg+0x500/0x500 [ 281.550418] sock_sendpage+0x8b/0xc0 [ 281.554138] ? kernel_sendpage+0xf0/0xf0 [ 281.558335] pipe_to_sendpage+0x242/0x340 [ 281.562513] ? direct_splice_actor+0x190/0x190 [ 281.567126] ? anon_pipe_buf_release+0x174/0x220 [ 281.571942] __splice_from_pipe+0x348/0x780 [ 281.576269] ? direct_splice_actor+0x190/0x190 [ 281.580856] ? direct_splice_actor+0x190/0x190 [ 281.585627] splice_from_pipe+0xf0/0x150 [ 281.589694] ? splice_shrink_spd+0xb0/0xb0 [ 281.593946] ? security_file_permission+0x89/0x1f0 [ 281.598889] generic_splice_sendpage+0x3c/0x50 [ 281.603488] ? splice_from_pipe+0x150/0x150 [ 281.607825] SyS_splice+0xd92/0x1430 [ 281.611552] ? __sb_end_write+0xc1/0x100 [ 281.615652] ? compat_SyS_vmsplice+0x250/0x250 [ 281.620241] ? do_syscall_64+0x53/0x640 [ 281.624221] ? compat_SyS_vmsplice+0x250/0x250 [ 281.628802] do_syscall_64+0x1e8/0x640 [ 281.632731] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 281.638186] entry_SYSCALL_64_after_hwframe+0x42/0xb7 21:30:02 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:02 executing program 0 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:02 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80002, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0xda7eac3de80c91a6, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000140)={{{@in=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@empty}}, &(0x7f0000000240)=0xe8) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000280)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, @dev={0xfe, 0x80, [], 0x1f}, @rand_addr="23cf001d948a769f9e41f04e84b0de40", 0x800, 0x5, 0x5, 0x300, 0x7, 0x300004, r4}) sendto$inet6(r2, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r2, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) r5 = accept4$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000040)=0x1c, 0x800) ioctl(r5, 0x0, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 281.643368] RIP: 0033:0x459ef9 [ 281.646560] RSP: 002b:00007ff387144c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 281.654277] RAX: ffffffffffffffda RBX: 00007ff387144c90 RCX: 0000000000459ef9 [ 281.661546] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003 [ 281.668811] RBP: 000000000075bfc8 R08: 0000000000010007 R09: 0000000000000006 [ 281.676098] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff3871456d4 [ 281.683363] R13: 00000000004c9b4f R14: 00000000004e0710 R15: 0000000000000007 [ 281.717774] CPU: 1 PID: 15359 Comm: syz-executor.3 Not tainted 4.14.150 #0 [ 281.724842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.734868] Call Trace: [ 281.737573] dump_stack+0x138/0x197 [ 281.741241] should_fail.cold+0x10f/0x159 [ 281.745407] should_failslab+0xdb/0x130 [ 281.749410] __kmalloc_track_caller+0x2ec/0x790 [ 281.754097] ? snd_pcm_common_ioctl+0xe4e/0x1da0 [ 281.758879] ? rcu_read_lock_sched_held+0x110/0x130 21:30:02 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f0000002540)={0x0, 0x0, 0x0}, 0x0) preadv(r2, &(0x7f00000017c0), 0x3a8, 0x7a) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r3, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) fsetxattr$trusted_overlay_upper(r6, &(0x7f0000000000)='trusted.overlay.upper\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="00fba40a03e5b216bd73db5ce91e700524330df2ab88a324a184557ba90bf9be9b25daa4"], 0x24, 0x2) fallocate(r5, 0x10, 0x4, 0x1) [ 281.763922] ? kmem_cache_alloc_trace+0x623/0x790 [ 281.768806] ? snd_pcm_common_ioctl+0xe70/0x1da0 [ 281.773739] memdup_user+0x26/0xa0 [ 281.777318] snd_pcm_common_ioctl+0xe70/0x1da0 [ 281.781931] ? snd_pcm_status_user+0x140/0x140 [ 281.786667] ? __might_sleep+0x93/0xb0 [ 281.790577] ? __fget+0x210/0x370 [ 281.794056] snd_pcm_ioctl+0x73/0xb0 [ 281.797795] ? snd_pcm_common_ioctl+0x1da0/0x1da0 [ 281.802659] do_vfs_ioctl+0x7ae/0x1060 [ 281.806360] FAULT_INJECTION: forcing a failure. [ 281.806360] name failslab, interval 1, probability 0, space 0, times 0 [ 281.806656] ? selinux_file_mprotect+0x5d0/0x5d0 [ 281.822628] ? lock_downgrade+0x740/0x740 [ 281.826791] ? ioctl_preallocate+0x1c0/0x1c0 [ 281.831200] ? __fget+0x237/0x370 [ 281.834659] ? security_file_ioctl+0x89/0xb0 [ 281.839088] SyS_ioctl+0x8f/0xc0 [ 281.842453] ? do_vfs_ioctl+0x1060/0x1060 [ 281.846602] do_syscall_64+0x1e8/0x640 [ 281.850488] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 281.855357] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 281.860546] RIP: 0033:0x459ef9 [ 281.863726] RSP: 002b:00007f423072bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 281.871441] RAX: ffffffffffffffda RBX: 00007f423072bc90 RCX: 0000000000459ef9 [ 281.878724] RDX: 0000000020000200 RSI: 00000000c1004110 RDI: 0000000000000003 [ 281.885994] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 281.893261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f423072c6d4 [ 281.900530] R13: 00000000004c14bd R14: 00000000004d4c80 R15: 0000000000000004 [ 281.907816] CPU: 0 PID: 15373 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 281.908053] net_ratelimit: 24 callbacks suppressed [ 281.908058] protocol 88fb is buggy, dev hsr_slave_0 [ 281.914849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.914853] Call Trace: [ 281.914870] dump_stack+0x138/0x197 [ 281.914886] should_fail.cold+0x10f/0x159 [ 281.919841] protocol 88fb is buggy, dev hsr_slave_1 [ 281.924802] should_failslab+0xdb/0x130 [ 281.924814] kmem_cache_alloc+0x2d7/0x780 [ 281.924827] ? __alloc_fd+0x1d4/0x4a0 [ 281.961547] __d_alloc+0x2d/0x9f0 [ 281.965024] ? lock_downgrade+0x740/0x740 21:30:02 executing program 3 (fault-call:1 fault-nth:2): r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:02 executing program 3: setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, &(0x7f0000000000)=0x1, 0x4) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x200000, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x7b02546d0b57e453}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x198, r3, 0x4, 0x70bd27, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffff0000}]}, @TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xff}]}, @TIPC_NLA_MEDIA={0x58, 0x5, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_LINK={0xb0, 0x4, [@TIPC_NLA_LINK_PROP={0x34, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9d0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x54, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x54cd}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7e00000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}]}]}, @TIPC_NLA_MON={0x54, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2c17}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8000000}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x20000000}, 0x80) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f00000000c0)={0x7, 0x400, 0xfffffff8}) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 281.969199] d_alloc_pseudo+0x1e/0x30 [ 281.973015] __shmem_file_setup.part.0+0xd8/0x400 [ 281.977897] ? __alloc_fd+0x1d4/0x4a0 [ 281.981719] ? shmem_fill_super+0x8c0/0x8c0 [ 281.986051] SyS_memfd_create+0x1f9/0x3a0 [ 281.990215] ? shmem_fcntl+0x130/0x130 [ 281.994111] ? do_syscall_64+0x53/0x640 [ 281.998095] ? shmem_fcntl+0x130/0x130 [ 282.001989] do_syscall_64+0x1e8/0x640 [ 282.001999] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 282.002015] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 282.010731] RIP: 0033:0x459ef9 21:30:02 executing program 4 (fault-call:9 fault-nth:61): pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:02 executing program 5 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 282.010737] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 282.010747] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 282.010752] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 282.010757] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 282.010761] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f45235486d4 [ 282.010766] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:02 executing program 0 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 282.088845] FAULT_INJECTION: forcing a failure. [ 282.088845] name failslab, interval 1, probability 0, space 0, times 0 [ 282.118598] CPU: 0 PID: 15384 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 282.125817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.135197] Call Trace: [ 282.137810] dump_stack+0x138/0x197 [ 282.139773] FAULT_INJECTION: forcing a failure. [ 282.139773] name failslab, interval 1, probability 0, space 0, times 0 [ 282.141456] should_fail.cold+0x10f/0x159 [ 282.141472] should_failslab+0xdb/0x130 [ 282.141487] kmem_cache_alloc+0x2d7/0x780 [ 282.141502] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 282.141516] ? check_preemption_disabled+0x3c/0x250 [ 282.141532] selinux_file_alloc_security+0xb4/0x190 [ 282.141545] security_file_alloc+0x6d/0xa0 [ 282.141557] get_empty_filp+0x162/0x3f0 [ 282.141572] alloc_file+0x23/0x440 [ 282.192372] __shmem_file_setup.part.0+0x1b1/0x400 [ 282.197320] ? __alloc_fd+0x1d4/0x4a0 [ 282.201130] ? shmem_fill_super+0x8c0/0x8c0 [ 282.205891] SyS_memfd_create+0x1f9/0x3a0 [ 282.210036] ? shmem_fcntl+0x130/0x130 [ 282.213940] ? do_syscall_64+0x53/0x640 [ 282.217924] ? shmem_fcntl+0x130/0x130 [ 282.221816] do_syscall_64+0x1e8/0x640 [ 282.225699] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 282.230572] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 282.235926] RIP: 0033:0x459ef9 [ 282.239114] RSP: 002b:00007f4e83a16a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 282.247174] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 282.254519] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 282.261919] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 282.269205] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f4e83a176d4 [ 282.276485] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 282.283925] CPU: 1 PID: 15391 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 282.291044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.300405] Call Trace: [ 282.303033] dump_stack+0x138/0x197 [ 282.306886] should_fail.cold+0x10f/0x159 [ 282.311058] should_failslab+0xdb/0x130 [ 282.314398] FAULT_INJECTION: forcing a failure. [ 282.314398] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 282.315047] kmem_cache_alloc+0x2d7/0x780 [ 282.315060] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 282.315074] ? rcu_read_lock_sched_held+0x110/0x130 [ 282.315083] ? shmem_destroy_callback+0xa0/0xa0 [ 282.315091] shmem_alloc_inode+0x1c/0x50 [ 282.315107] alloc_inode+0x64/0x180 [ 282.354561] new_inode_pseudo+0x19/0xf0 [ 282.358569] new_inode+0x1f/0x40 [ 282.361957] shmem_get_inode+0x75/0x750 [ 282.366361] __shmem_file_setup.part.0+0x111/0x400 [ 282.371567] ? __alloc_fd+0x1d4/0x4a0 [ 282.375390] ? shmem_fill_super+0x8c0/0x8c0 [ 282.379735] SyS_memfd_create+0x1f9/0x3a0 [ 282.383888] ? shmem_fcntl+0x130/0x130 [ 282.387794] ? do_syscall_64+0x53/0x640 [ 282.391793] ? shmem_fcntl+0x130/0x130 [ 282.395687] do_syscall_64+0x1e8/0x640 [ 282.399750] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 282.404610] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 282.409814] RIP: 0033:0x459ef9 [ 282.413071] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 282.420777] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 282.428077] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 21:30:03 executing program 5 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 282.435398] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 282.442684] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f45235486d4 [ 282.450093] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 282.457397] CPU: 0 PID: 15396 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 282.464643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.464649] Call Trace: [ 282.464669] dump_stack+0x138/0x197 [ 282.464685] should_fail.cold+0x10f/0x159 [ 282.464694] ? __might_sleep+0x93/0xb0 21:30:03 executing program 0 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 282.464708] __alloc_pages_nodemask+0x1d6/0x7a0 [ 282.494205] ? __alloc_pages_slowpath+0x2930/0x2930 [ 282.499267] ? lock_downgrade+0x740/0x740 [ 282.503448] alloc_pages_vma+0xc9/0x4c0 [ 282.507462] shmem_alloc_page+0xf6/0x1a0 [ 282.511971] ? shmem_swapin+0x1a0/0x1a0 [ 282.515988] ? cred_has_capability+0x142/0x290 [ 282.520715] ? check_preemption_disabled+0x3c/0x250 [ 282.525758] ? __this_cpu_preempt_check+0x1d/0x30 [ 282.530771] ? percpu_counter_add_batch+0x112/0x160 [ 282.530786] ? __vm_enough_memory+0x26a/0x490 [ 282.530801] shmem_alloc_and_acct_page+0x12a/0x680 [ 282.530814] shmem_getpage_gfp+0x3e7/0x25d0 [ 282.530832] ? shmem_add_to_page_cache+0x860/0x860 [ 282.530845] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 282.530857] shmem_write_begin+0xfd/0x1b0 [ 282.530869] ? trace_hardirqs_on_caller+0x400/0x590 [ 282.530879] generic_perform_write+0x1f8/0x480 [ 282.531059] ? page_endio+0x530/0x530 [ 282.531070] ? current_time+0xb0/0xb0 [ 282.531081] ? generic_file_write_iter+0x9a/0x660 [ 282.531092] __generic_file_write_iter+0x239/0x5b0 [ 282.531105] generic_file_write_iter+0x303/0x660 [ 282.531119] __vfs_write+0x4a7/0x6b0 [ 282.555671] ? selinux_file_open+0x420/0x420 [ 282.555691] ? kernel_read+0x120/0x120 [ 282.555705] ? check_preemption_disabled+0x3c/0x250 [ 282.555722] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 282.555737] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 282.589592] FAULT_INJECTION: forcing a failure. [ 282.589592] name failslab, interval 1, probability 0, space 0, times 0 [ 282.592194] ? __sb_start_write+0x153/0x2f0 [ 282.592211] vfs_write+0x198/0x500 [ 282.592225] SyS_pwrite64+0x115/0x140 [ 282.592234] ? SyS_pread64+0x140/0x140 [ 282.592244] ? do_syscall_64+0x53/0x640 [ 282.592253] ? SyS_pread64+0x140/0x140 [ 282.592263] do_syscall_64+0x1e8/0x640 [ 282.592271] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 282.592287] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 282.592294] RIP: 0033:0x413cf7 [ 282.592299] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 282.685241] RAX: ffffffffffffffda RBX: 0000000020000090 RCX: 0000000000413cf7 [ 282.692532] RDX: 00000000000000ca RSI: 0000000020000480 RDI: 0000000000000004 [ 282.699823] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 282.707109] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 282.714397] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 282.720150] protocol 88fb is buggy, dev hsr_slave_0 [ 282.722001] protocol 88fb is buggy, dev hsr_slave_0 [ 282.726878] protocol 88fb is buggy, dev hsr_slave_1 21:30:03 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000, 0x0}, &(0x7f00000003c0)=0x20) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000400)={r4, 0x0, 0x8c}, 0x8) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") getsockname$netlink(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0xc) fgetxattr(r0, &(0x7f0000000000)=@known='system.advise\x00', &(0x7f00000000c0)=""/186, 0xba) 21:30:03 executing program 5 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 282.732119] protocol 88fb is buggy, dev hsr_slave_1 [ 282.737223] protocol 88fb is buggy, dev hsr_slave_0 [ 282.747376] protocol 88fb is buggy, dev hsr_slave_1 [ 282.752578] protocol 88fb is buggy, dev hsr_slave_0 [ 282.757661] protocol 88fb is buggy, dev hsr_slave_1 [ 282.825852] FAULT_INJECTION: forcing a failure. [ 282.825852] name failslab, interval 1, probability 0, space 0, times 0 [ 282.830518] CPU: 1 PID: 15401 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 282.844425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.853905] Call Trace: [ 282.856499] dump_stack+0x138/0x197 [ 282.860161] should_fail.cold+0x10f/0x159 [ 282.864316] should_failslab+0xdb/0x130 [ 282.868302] kmem_cache_alloc+0x2d7/0x780 [ 282.872472] ? shmem_alloc_inode+0x1c/0x50 [ 282.876740] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 282.882208] selinux_inode_alloc_security+0xb6/0x2a0 [ 282.887336] security_inode_alloc+0x94/0xd0 [ 282.891714] inode_init_always+0x552/0xaf0 [ 282.896125] alloc_inode+0x81/0x180 [ 282.899993] new_inode_pseudo+0x19/0xf0 [ 282.904019] new_inode+0x1f/0x40 [ 282.907410] shmem_get_inode+0x75/0x750 [ 282.911389] __shmem_file_setup.part.0+0x111/0x400 [ 282.916320] ? __alloc_fd+0x1d4/0x4a0 [ 282.920131] ? shmem_fill_super+0x8c0/0x8c0 [ 282.924467] SyS_memfd_create+0x1f9/0x3a0 [ 282.928837] ? shmem_fcntl+0x130/0x130 [ 282.932750] ? do_syscall_64+0x53/0x640 [ 282.936739] ? shmem_fcntl+0x130/0x130 [ 282.940629] do_syscall_64+0x1e8/0x640 [ 282.944530] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 282.949404] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 282.954903] RIP: 0033:0x459ef9 [ 282.958093] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 282.965825] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 282.973092] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 282.980376] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 282.987647] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f45235486d4 [ 282.995183] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 283.002479] CPU: 0 PID: 15410 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 283.009514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.018873] Call Trace: [ 283.021548] dump_stack+0x138/0x197 21:30:03 executing program 0 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 283.025609] should_fail.cold+0x10f/0x159 [ 283.029844] should_failslab+0xdb/0x130 [ 283.033995] kmem_cache_alloc+0x47/0x780 [ 283.038067] ? __alloc_pages_slowpath+0x2930/0x2930 [ 283.043112] ? lock_downgrade+0x740/0x740 [ 283.043224] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 283.043238] __radix_tree_create+0x337/0x4d0 [ 283.043254] __radix_tree_insert+0xab/0x570 [ 283.043269] ? __radix_tree_create+0x4d0/0x4d0 [ 283.043287] shmem_add_to_page_cache+0x5a4/0x860 [ 283.043299] ? shmem_writepage+0xbb0/0xbb0 [ 283.043306] ? __radix_tree_preload+0x1d2/0x260 [ 283.043321] shmem_getpage_gfp+0x1757/0x25d0 [ 283.058277] ? shmem_add_to_page_cache+0x860/0x860 [ 283.058293] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 283.058306] shmem_write_begin+0xfd/0x1b0 [ 283.087110] FAULT_INJECTION: forcing a failure. [ 283.087110] name failslab, interval 1, probability 0, space 0, times 0 [ 283.092175] ? trace_hardirqs_on_caller+0x400/0x590 [ 283.092190] generic_perform_write+0x1f8/0x480 [ 283.092207] ? page_endio+0x530/0x530 [ 283.092216] ? current_time+0xb0/0xb0 [ 283.092225] ? generic_file_write_iter+0x9a/0x660 [ 283.092235] __generic_file_write_iter+0x239/0x5b0 [ 283.092248] generic_file_write_iter+0x303/0x660 [ 283.092262] __vfs_write+0x4a7/0x6b0 [ 283.092273] ? selinux_file_open+0x420/0x420 [ 283.092284] ? kernel_read+0x120/0x120 [ 283.092299] ? check_preemption_disabled+0x3c/0x250 [ 283.092316] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 283.167582] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 283.172426] ? __sb_start_write+0x153/0x2f0 [ 283.176752] vfs_write+0x198/0x500 [ 283.180320] SyS_pwrite64+0x115/0x140 [ 283.184123] ? SyS_pread64+0x140/0x140 [ 283.188011] ? do_syscall_64+0x53/0x640 [ 283.191984] ? SyS_pread64+0x140/0x140 [ 283.195891] do_syscall_64+0x1e8/0x640 [ 283.199787] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 283.204639] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 283.209825] RIP: 0033:0x413cf7 [ 283.213009] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 283.220748] RAX: ffffffffffffffda RBX: 0000000020000090 RCX: 0000000000413cf7 [ 283.228023] RDX: 00000000000000ca RSI: 0000000020000480 RDI: 0000000000000004 [ 283.235329] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 283.242812] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 283.250125] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 283.257670] CPU: 1 PID: 15413 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 283.264833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.274341] Call Trace: [ 283.276963] dump_stack+0x138/0x197 [ 283.280740] should_fail.cold+0x10f/0x159 [ 283.284928] should_failslab+0xdb/0x130 [ 283.288938] kmem_cache_alloc+0x2d7/0x780 [ 283.293939] ? lock_downgrade+0x740/0x740 [ 283.298116] get_empty_filp+0x8c/0x3f0 [ 283.302011] alloc_file+0x23/0x440 [ 283.305558] __shmem_file_setup.part.0+0x1b1/0x400 [ 283.310599] ? __alloc_fd+0x1d4/0x4a0 [ 283.310609] ? shmem_fill_super+0x8c0/0x8c0 [ 283.310626] SyS_memfd_create+0x1f9/0x3a0 [ 283.310634] ? shmem_fcntl+0x130/0x130 [ 283.310647] ? do_syscall_64+0x53/0x640 [ 283.318919] ? shmem_fcntl+0x130/0x130 [ 283.326945] do_syscall_64+0x1e8/0x640 [ 283.326954] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 283.326972] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 283.335161] RIP: 0033:0x459ef9 [ 283.335168] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 283.335178] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 283.335182] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 21:30:04 executing program 5 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:04 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0xfffffffffffff5f7) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:04 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) r3 = accept4$alg(r0, 0x0, 0x0, 0x80400) ioctl(r3, 0xc1004112, &(0x7f00000000c0)="8ae1b4b11010fc70e37350da46b70e5b23c109e72bef3c31b9a4d16bf3e7d3fc433e202db975ff2ce26b1e6f884839e72f4dcb3feb9240b4fd73f5ebbd593014792475616929d11ce09684e72a9f31e90598c34b7480746b32da12b108e2602ed0011d001051b4ca9986e5b35f1806369dd18e637da25626bc5d8dcc43967748f2907d7e6df247b78c1508fd14c0c105f4d9dabf8f1a2372d4d8a2effabb359517d03870e4891e3a4c5975c4bcdf8050a4aa837198ed0b7ae29e9c37d300000000000000008b1133e692b0675ddf4df81a002de6a07666576ba3e764ca5b20d8311226e13672ce3f6a8228") 21:30:04 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="73797a3055dca3aced92c9cc72234c4b737c4a73559dcb94eb5cc1a38ba28223228129525b656326a5912b011620e093708084221dd14d8311fd3aa402951cc8fcf9b2a17edaaa1d0ff4a20d137764ac8608653975ebb8751d3f2dc7d1e85258bfb16633706494b53320d84d8aa7df78953788afa01eb1220cc24fca4c332d4aaa85982253e0fd824efb0204222dce3438ef7ca660cc096731e66cface29bd5925759627ea688fddf95e0730f0e0397dfd9e428cf63cd9eb5d8282aba7a15354b5e9b7cd71c248513a3b6330f9092944d45e518ab8d99a6e558dcd284d085ca9f1afa805d5b30cc7817d05e87308780a0ada448f411dd6fd3c477e37e081e18a01d82829655f5f625fa2eb5a2d2037908d76efb33cc096e2811838be8dc64a384d81fdd41d3d1e6c220a790d3e34f814beac2c38585d6d4f5a263a12905437c764693297cf8adadd281eacf58ae1d92982dc105737da30b4cbb877ea6574356919de8ca7126d3fdc4295060d73fce0990b00c1ba2f9030a7028535737e76b3881c5c1458bb029a2b09c818e4ff3dcabeaf19fb5ed944cac5451ba862172bf1959b97bbdfc2775eba0dec14fecaf6d223a7cf118f84"], 0xd5) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:04 executing program 0 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:04 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet(0x2, 0x4000000805, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) r6 = dup3(r4, r5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000240)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000280)={0x0, 0x7}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f0000000300)={r8, 0x7fff}, &(0x7f0000000340)=0x8) sendto$inet(r6, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r5, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x7a, &(0x7f000059aff8)={r9}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={r9, 0x58, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x5a87}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e22, 0x400, @mcast2, 0x21}, @in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000140)=0x10) fcntl$setpipe(r3, 0x407, 0x0) ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000000000)) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r10 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$VIDIOC_EXPBUF(r2, 0xc0405610, &(0x7f0000000200)={0x5, 0x0, 0x81, 0x0, r10}) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 283.335187] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 283.335193] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f45235486d4 [ 283.335198] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 283.425787] FAULT_INJECTION: forcing a failure. [ 283.425787] name failslab, interval 1, probability 0, space 0, times 0 [ 283.444738] CPU: 1 PID: 15426 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 283.451805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.451811] Call Trace: [ 283.451834] dump_stack+0x138/0x197 [ 283.451854] should_fail.cold+0x10f/0x159 [ 283.451870] should_failslab+0xdb/0x130 [ 283.451884] kmem_cache_alloc+0x2d7/0x780 [ 283.451895] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 283.451905] ? check_preemption_disabled+0x3c/0x250 [ 283.451920] selinux_file_alloc_security+0xb4/0x190 [ 283.451930] security_file_alloc+0x6d/0xa0 [ 283.451942] get_empty_filp+0x162/0x3f0 [ 283.451951] alloc_file+0x23/0x440 [ 283.451962] __shmem_file_setup.part.0+0x1b1/0x400 [ 283.451970] ? __alloc_fd+0x1d4/0x4a0 [ 283.451979] ? shmem_fill_super+0x8c0/0x8c0 [ 283.451996] SyS_memfd_create+0x1f9/0x3a0 21:30:04 executing program 0 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:04 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x2, 0x40) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 283.452009] ? shmem_fcntl+0x130/0x130 [ 283.463291] FAULT_INJECTION: forcing a failure. [ 283.463291] name failslab, interval 1, probability 0, space 0, times 0 [ 283.464523] ? do_syscall_64+0x53/0x640 [ 283.464538] ? shmem_fcntl+0x130/0x130 [ 283.464565] do_syscall_64+0x1e8/0x640 [ 283.464575] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 283.464591] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 283.464602] RIP: 0033:0x459ef9 [ 283.486076] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 283.486087] RAX: ffffffffffffffda RBX: 0000000020000080 RCX: 0000000000459ef9 [ 283.486092] RDX: 00000000200000a8 RSI: 0000000000000000 RDI: 00000000004bef97 [ 283.486098] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 283.486104] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f45235486d4 [ 283.486109] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 283.578857] FAULT_INJECTION: forcing a failure. [ 283.578857] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 283.584909] CPU: 0 PID: 15432 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 283.629343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.638696] Call Trace: [ 283.641293] dump_stack+0x138/0x197 [ 283.644935] should_fail.cold+0x10f/0x159 [ 283.649086] should_failslab+0xdb/0x130 [ 283.653070] kmem_cache_alloc+0x2d7/0x780 [ 283.657388] ? vfs_write+0x25f/0x500 [ 283.661115] getname_flags+0xcb/0x580 [ 283.664927] ? check_preemption_disabled+0x3c/0x250 [ 283.670043] getname+0x1a/0x20 [ 283.673255] do_sys_open+0x1e7/0x430 [ 283.677006] ? filp_open+0x70/0x70 [ 283.680581] ? fput+0xd4/0x150 [ 283.683807] ? SyS_pwrite64+0xca/0x140 [ 283.687789] SyS_open+0x2d/0x40 [ 283.691128] ? do_sys_open+0x430/0x430 [ 283.695033] do_syscall_64+0x1e8/0x640 [ 283.698942] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 283.704080] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 283.709269] RIP: 0033:0x413c91 [ 283.712454] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 283.720176] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 283.727490] RDX: 00007f4e83a16b0a RSI: 0000000000000002 RDI: 00007f4e83a16b00 [ 283.735106] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 283.742395] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 283.749805] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 283.757280] CPU: 1 PID: 15438 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 283.764756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.774311] Call Trace: [ 283.776900] dump_stack+0x138/0x197 [ 283.776919] should_fail.cold+0x10f/0x159 [ 283.776930] ? __might_sleep+0x93/0xb0 [ 283.784745] __alloc_pages_nodemask+0x1d6/0x7a0 [ 283.784760] ? __alloc_pages_slowpath+0x2930/0x2930 [ 283.784774] ? lock_downgrade+0x740/0x740 [ 283.793336] alloc_pages_vma+0xc9/0x4c0 [ 283.793351] shmem_alloc_page+0xf6/0x1a0 [ 283.793358] ? shmem_swapin+0x1a0/0x1a0 [ 283.793375] ? cred_has_capability+0x142/0x290 [ 283.793389] ? check_preemption_disabled+0x3c/0x250 [ 283.803093] ? __this_cpu_preempt_check+0x1d/0x30 [ 283.803106] ? percpu_counter_add_batch+0x112/0x160 [ 283.803121] ? __vm_enough_memory+0x26a/0x490 [ 283.803136] shmem_alloc_and_acct_page+0x12a/0x680 [ 283.803150] shmem_getpage_gfp+0x3e7/0x25d0 [ 283.811182] ? shmem_add_to_page_cache+0x860/0x860 [ 283.811197] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 283.811210] shmem_write_begin+0xfd/0x1b0 [ 283.811223] ? trace_hardirqs_on_caller+0x400/0x590 [ 283.869306] generic_perform_write+0x1f8/0x480 [ 283.873915] ? page_endio+0x530/0x530 [ 283.877827] ? current_time+0xb0/0xb0 [ 283.881653] ? generic_file_write_iter+0x9a/0x660 [ 283.886643] __generic_file_write_iter+0x239/0x5b0 [ 283.891773] generic_file_write_iter+0x303/0x660 [ 283.896556] __vfs_write+0x4a7/0x6b0 [ 283.900407] ? selinux_file_open+0x420/0x420 [ 283.905081] ? kernel_read+0x120/0x120 [ 283.909138] ? check_preemption_disabled+0x3c/0x250 [ 283.914181] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 283.919658] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 283.924423] ? __sb_start_write+0x153/0x2f0 [ 283.928870] vfs_write+0x198/0x500 [ 283.932453] SyS_pwrite64+0x115/0x140 [ 283.936244] ? SyS_pread64+0x140/0x140 [ 283.940230] ? do_syscall_64+0x53/0x640 [ 283.944425] ? SyS_pread64+0x140/0x140 [ 283.948425] do_syscall_64+0x1e8/0x640 [ 283.952311] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 283.957295] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 283.962491] RIP: 0033:0x413cf7 [ 283.965951] RSP: 002b:00007f4523547a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 21:30:04 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) dup3(r0, r1, 0x80000) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000380)={0xffff, 0x2, 0x7da9781dd42ec390, 0x400, 0x628ed23d, 0x0, 0x2, 0x10000}, &(0x7f00000003c0)=0x20) r3 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:04 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x103003) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:04 executing program 5 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:04 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dC\xfdM#c\x00', 0x3, 0x82b01) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f00000000c0)=""/245) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x1) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 283.973992] RAX: ffffffffffffffda RBX: 0000000020000090 RCX: 0000000000413cf7 [ 283.981502] RDX: 0000000000000048 RSI: 0000000020000480 RDI: 0000000000000004 [ 283.989018] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 283.996520] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 284.003800] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:04 executing program 0 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 284.107154] FAULT_INJECTION: forcing a failure. [ 284.107154] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 284.119105] CPU: 1 PID: 15461 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 284.119322] FAULT_INJECTION: forcing a failure. [ 284.119322] name failslab, interval 1, probability 0, space 0, times 0 [ 284.126146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.146713] Call Trace: [ 284.149331] dump_stack+0x138/0x197 [ 284.153693] should_fail.cold+0x10f/0x159 [ 284.158304] __alloc_pages_nodemask+0x1d6/0x7a0 [ 284.163004] ? fs_reclaim_acquire+0x20/0x20 [ 284.167337] ? __alloc_pages_slowpath+0x2930/0x2930 [ 284.172369] cache_grow_begin+0x80/0x400 [ 284.176430] kmem_cache_alloc+0x6a6/0x780 [ 284.180701] ? vfs_write+0x25f/0x500 [ 284.184428] getname_flags+0xcb/0x580 [ 284.188237] ? check_preemption_disabled+0x3c/0x250 [ 284.193282] getname+0x1a/0x20 [ 284.196500] do_sys_open+0x1e7/0x430 [ 284.200226] ? filp_open+0x70/0x70 [ 284.203888] ? fput+0xd4/0x150 [ 284.207088] ? SyS_pwrite64+0xca/0x140 [ 284.210988] SyS_open+0x2d/0x40 [ 284.214260] ? do_sys_open+0x430/0x430 [ 284.219320] do_syscall_64+0x1e8/0x640 [ 284.223210] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 284.228052] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 284.233494] RIP: 0033:0x413c91 [ 284.236683] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 284.244405] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 284.251865] RDX: 00007f4e83a16b0a RSI: 0000000000000002 RDI: 00007f4e83a16b00 [ 284.259456] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 284.266744] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 284.274394] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 284.282069] CPU: 0 PID: 15463 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 284.289102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.298591] Call Trace: [ 284.301192] dump_stack+0x138/0x197 21:30:05 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x8, 0x1, 0x5) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 284.304857] should_fail.cold+0x10f/0x159 [ 284.309445] should_failslab+0xdb/0x130 [ 284.313449] kmem_cache_alloc+0x47/0x780 [ 284.317559] ? __alloc_pages_slowpath+0x2930/0x2930 [ 284.322598] ? lock_downgrade+0x740/0x740 [ 284.326803] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 284.332546] __radix_tree_create+0x337/0x4d0 [ 284.337176] __radix_tree_insert+0xab/0x570 [ 284.341629] ? __radix_tree_create+0x4d0/0x4d0 [ 284.341647] shmem_add_to_page_cache+0x5a4/0x860 [ 284.341658] ? shmem_writepage+0xbb0/0xbb0 [ 284.341666] ? __radix_tree_preload+0x1d2/0x260 [ 284.341679] shmem_getpage_gfp+0x1757/0x25d0 [ 284.341700] ? shmem_add_to_page_cache+0x860/0x860 [ 284.341712] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 284.341725] shmem_write_begin+0xfd/0x1b0 [ 284.351080] ? trace_hardirqs_on_caller+0x400/0x590 [ 284.351095] generic_perform_write+0x1f8/0x480 [ 284.351112] ? page_endio+0x530/0x530 [ 284.351123] ? current_time+0xb0/0xb0 [ 284.351133] ? generic_file_write_iter+0x9a/0x660 [ 284.351145] __generic_file_write_iter+0x239/0x5b0 [ 284.351158] generic_file_write_iter+0x303/0x660 [ 284.351172] __vfs_write+0x4a7/0x6b0 [ 284.351181] ? selinux_file_open+0x420/0x420 [ 284.351192] ? kernel_read+0x120/0x120 [ 284.351204] ? check_preemption_disabled+0x3c/0x250 [ 284.351218] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 284.434179] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 284.438956] ? __sb_start_write+0x153/0x2f0 [ 284.443299] vfs_write+0x198/0x500 [ 284.446967] SyS_pwrite64+0x115/0x140 [ 284.450759] ? SyS_pread64+0x140/0x140 [ 284.454646] ? do_syscall_64+0x53/0x640 [ 284.458612] ? SyS_pread64+0x140/0x140 [ 284.462583] do_syscall_64+0x1e8/0x640 [ 284.466471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 284.471477] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 284.476674] RIP: 0033:0x413cf7 [ 284.479856] RSP: 002b:00007f4523547a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 284.487695] RAX: ffffffffffffffda RBX: 0000000020000090 RCX: 0000000000413cf7 [ 284.495129] RDX: 0000000000000048 RSI: 0000000020000480 RDI: 0000000000000004 [ 284.502826] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 284.510099] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 284.517639] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:05 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, 0x0) finit_module(r1, &(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x2) write(r0, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f00000000c0)={{0xdb, 0x40}, 'port1\x00', 0x40, 0x80000, 0x6, 0x4, 0x2, 0xffffffff, 0x1, 0x0, 0xd, 0x5}) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000040)=""/18) 21:30:05 executing program 5 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:05 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0xffffffffffffffff, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r3, 0x84, 0x74, &(0x7f00000000c0)=""/199, &(0x7f0000000040)=0xc7) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:05 executing program 0 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 284.630856] FAULT_INJECTION: forcing a failure. [ 284.630856] name failslab, interval 1, probability 0, space 0, times 0 [ 284.650436] CPU: 0 PID: 15480 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 284.657862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.667401] Call Trace: [ 284.670148] dump_stack+0x138/0x197 [ 284.673914] should_fail.cold+0x10f/0x159 [ 284.678096] should_failslab+0xdb/0x130 [ 284.679195] FAULT_INJECTION: forcing a failure. [ 284.679195] name failslab, interval 1, probability 0, space 0, times 0 [ 284.682096] kmem_cache_alloc+0x2d7/0x780 [ 284.682109] ? save_stack+0xa9/0xd0 [ 284.682126] get_empty_filp+0x8c/0x3f0 [ 284.682136] path_openat+0x8f/0x3f70 [ 284.682151] ? trace_hardirqs_on+0x10/0x10 [ 284.682164] ? check_preemption_disabled+0x3c/0x250 [ 284.682178] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 284.682184] ? find_held_lock+0x35/0x130 [ 284.682193] ? save_trace+0x290/0x290 [ 284.682206] ? __alloc_fd+0x1d4/0x4a0 [ 284.682217] do_filp_open+0x18e/0x250 [ 284.682226] ? may_open_dev+0xe0/0xe0 [ 284.682240] ? lock_downgrade+0x740/0x740 [ 284.745990] ? _raw_spin_unlock+0x2d/0x50 [ 284.750136] ? __alloc_fd+0x1d4/0x4a0 [ 284.754033] do_sys_open+0x2c5/0x430 [ 284.757748] ? filp_open+0x70/0x70 [ 284.761284] ? fput+0xd4/0x150 [ 284.764477] ? SyS_pwrite64+0xca/0x140 [ 284.768379] SyS_open+0x2d/0x40 [ 284.771671] ? do_sys_open+0x430/0x430 [ 284.775580] do_syscall_64+0x1e8/0x640 [ 284.779473] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 284.784318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 284.789502] RIP: 0033:0x413c91 [ 284.792692] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 284.800500] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 284.807775] RDX: 00007f4e83a16b0a RSI: 0000000000000002 RDI: 00007f4e83a16b00 [ 284.815153] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 284.822421] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 284.829731] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 284.837041] CPU: 1 PID: 15487 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 284.844081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.853610] Call Trace: [ 284.856822] dump_stack+0x138/0x197 [ 284.860688] should_fail.cold+0x10f/0x159 [ 284.865228] should_failslab+0xdb/0x130 [ 284.869413] kmem_cache_alloc+0x2d7/0x780 [ 284.873568] ? vfs_write+0x25f/0x500 [ 284.877295] getname_flags+0xcb/0x580 21:30:05 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) dup3(r0, r1, 0x80000) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @mcast2}, 0x9) r3 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:05 executing program 5 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 284.881182] ? check_preemption_disabled+0x3c/0x250 [ 284.886200] getname+0x1a/0x20 [ 284.889397] do_sys_open+0x1e7/0x430 [ 284.893113] ? filp_open+0x70/0x70 [ 284.896665] ? fput+0xd4/0x150 [ 284.899870] ? SyS_pwrite64+0xca/0x140 [ 284.903768] SyS_open+0x2d/0x40 [ 284.907062] ? do_sys_open+0x430/0x430 [ 284.910955] do_syscall_64+0x1e8/0x640 [ 284.910965] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 284.910982] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 284.910990] RIP: 0033:0x413c91 21:30:05 executing program 0 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 284.910995] RSP: 002b:00007f4523547a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 284.911005] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 284.911013] RDX: 00007f4523547b0a RSI: 0000000000000002 RDI: 00007f4523547b00 [ 284.920173] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 284.920179] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 284.920184] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 284.959749] FAULT_INJECTION: forcing a failure. [ 284.959749] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 284.974318] FAULT_INJECTION: forcing a failure. [ 284.974318] name failslab, interval 1, probability 0, space 0, times 0 [ 284.985318] CPU: 1 PID: 15494 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 284.985327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.985330] Call Trace: [ 284.985351] dump_stack+0x138/0x197 [ 284.985375] should_fail.cold+0x10f/0x159 [ 284.985390] __alloc_pages_nodemask+0x1d6/0x7a0 [ 284.985398] ? fs_reclaim_acquire+0x20/0x20 [ 284.985410] ? __alloc_pages_slowpath+0x2930/0x2930 [ 284.985432] cache_grow_begin+0x80/0x400 [ 284.985446] kmem_cache_alloc+0x6a6/0x780 [ 284.985455] ? vfs_write+0x25f/0x500 [ 284.985469] getname_flags+0xcb/0x580 [ 284.985478] ? check_preemption_disabled+0x3c/0x250 [ 284.985489] getname+0x1a/0x20 [ 284.985497] do_sys_open+0x1e7/0x430 [ 284.985508] ? filp_open+0x70/0x70 [ 284.985515] ? fput+0xd4/0x150 [ 284.985524] ? SyS_pwrite64+0xca/0x140 [ 284.985536] SyS_open+0x2d/0x40 [ 284.985543] ? do_sys_open+0x430/0x430 [ 284.985553] do_syscall_64+0x1e8/0x640 [ 284.985561] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 284.985575] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 284.985583] RIP: 0033:0x413c91 [ 284.985587] RSP: 002b:00007f4523547a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 285.028309] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 285.028316] RDX: 00007f4523547b0a RSI: 0000000000000002 RDI: 00007f4523547b00 [ 285.028321] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 285.028325] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 285.028331] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 285.061585] CPU: 1 PID: 15492 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 285.067076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.067083] Call Trace: [ 285.067103] dump_stack+0x138/0x197 [ 285.067120] should_fail.cold+0x10f/0x159 [ 285.067134] should_failslab+0xdb/0x130 [ 285.073895] kmem_cache_alloc+0x2d7/0x780 [ 285.073907] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 285.073921] ? check_preemption_disabled+0x3c/0x250 [ 285.081183] selinux_file_alloc_security+0xb4/0x190 [ 285.081195] security_file_alloc+0x6d/0xa0 [ 285.081207] get_empty_filp+0x162/0x3f0 [ 285.081216] path_openat+0x8f/0x3f70 [ 285.081231] ? trace_hardirqs_on+0x10/0x10 [ 285.117576] ? check_preemption_disabled+0x3c/0x250 [ 285.117593] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 285.117605] ? find_held_lock+0x35/0x130 [ 285.132236] ? save_trace+0x290/0x290 [ 285.132249] ? __alloc_fd+0x1d4/0x4a0 [ 285.132265] do_filp_open+0x18e/0x250 [ 285.132275] ? may_open_dev+0xe0/0xe0 [ 285.132287] ? lock_downgrade+0x740/0x740 [ 285.247842] ? _raw_spin_unlock+0x2d/0x50 [ 285.251979] ? __alloc_fd+0x1d4/0x4a0 [ 285.255774] do_sys_open+0x2c5/0x430 [ 285.259478] ? filp_open+0x70/0x70 [ 285.263005] ? fput+0xd4/0x150 [ 285.266346] ? SyS_pwrite64+0xca/0x140 [ 285.270252] SyS_open+0x2d/0x40 [ 285.273547] ? do_sys_open+0x430/0x430 [ 285.277430] do_syscall_64+0x1e8/0x640 [ 285.281661] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 285.286519] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.291727] RIP: 0033:0x413c91 [ 285.294913] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 285.302628] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 285.309883] RDX: 00007f4e83a16b0a RSI: 0000000000000002 RDI: 00007f4e83a16b00 [ 285.317272] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 285.324533] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 21:30:06 executing program 5 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 285.331791] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:06 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r4, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0}, &(0x7f0000000380)=0xc) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) sendmsg$netlink(r6, &(0x7f0000002a40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r7}}}], 0x20}, 0x0) pipe2$9p(&(0x7f00000003c0)={0xffffffffffffffff}, 0x184400) sendmsg$unix(r3, &(0x7f0000000440)={&(0x7f0000000080)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000300)=[{&(0x7f0000000140)="f0d950b15688479c9b2630a49537ec9f96be3a5fb3d133ec2a32baf1e78712d620a5f1b97c8d0ee496b5f6ca60c18d17d1e7e3f4ce3ba0f09472b9d3b3ec6c449a3549a7b5558d76b95815fd8e3400193cedef06", 0x54}, {&(0x7f00000001c0)="833be1b4a6ed6d566fc984df4f812c63fd4b040663b39d3e575a5ce478018654c8d99962afc4e3bac2ee40cfaa0f084690510e54f39fd78bb61af563c842089454898d9aadf3626cfd3a9b411f8ceaed83c97a7e1870a25e74e23ad3ac63ebaa3ddb53302c507de2b8a85a0ba90faa542263252edc2c89c750f2799727a78ea3fcabffcaf6e0694ad0b910a98b72da10e8274172b00bbb1b5c08e001c1ba7402", 0xa0}, {&(0x7f0000000280)="a5690b947db18bface6dbf1db08e1a317fbb521b3e5ba8a5c2077ec74b90eed56178d5c04bc4249bc8ddc0974cbc04d7528c5d5fca8ad08eedebc3a6d2e243e740aea4fa2fe3a49e0f30fc2ae5929f3c778f87bfb3eec2a01ebdb02d5f9751fde8", 0x61}], 0x3, &(0x7f0000000400)=[@cred={{0x1c, 0x1, 0x2, {0x0, r5, r7}}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r8]}}], 0x40, 0x4000}, 0x50c4) r9 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r9, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r10 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 285.405642] FAULT_INJECTION: forcing a failure. [ 285.405642] name failslab, interval 1, probability 0, space 0, times 0 [ 285.417746] CPU: 0 PID: 15508 Comm: syz-executor.5 Not tainted 4.14.150 #0 [ 285.424963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.434315] Call Trace: [ 285.436900] dump_stack+0x138/0x197 [ 285.440552] should_fail.cold+0x10f/0x159 [ 285.444715] should_failslab+0xdb/0x130 [ 285.448677] kmem_cache_alloc_trace+0x2e9/0x790 [ 285.453496] ? save_trace+0x290/0x290 [ 285.457299] inotify_handle_event+0x2ca/0x4b0 [ 285.461790] fsnotify+0x63b/0x11e0 [ 285.465325] ? __fsnotify_update_child_dentry_flags.part.0+0x300/0x300 [ 285.472329] ? fsnotify+0x11e0/0x11e0 [ 285.476127] ? __might_sleep+0x93/0xb0 [ 285.480064] __fput+0x4a6/0x7a0 [ 285.483351] ____fput+0x16/0x20 [ 285.486761] task_work_run+0x114/0x190 [ 285.490672] exit_to_usermode_loop+0x1da/0x220 [ 285.495266] do_syscall_64+0x4bc/0x640 [ 285.499279] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 285.504139] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.509337] RIP: 0033:0x413a91 [ 285.512611] RSP: 002b:00007f4e83a16a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 285.520440] RAX: 0000000000000000 RBX: 00007f4e83a176d4 RCX: 0000000000413a91 [ 285.527838] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 285.535110] RBP: 0000000000000005 R08: 0000000000000000 R09: 000000000000000a [ 285.542377] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 21:30:06 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0xc0305302, &(0x7f0000000040)={0x7, 0x6, 0x80000000, 0x664, 0x4a}) 21:30:06 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x8000000000000007, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 285.549925] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:06 executing program 0 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:06 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl(r2, 0x3, &(0x7f0000000000)="9606aee50e29c02ada34e3f2d084e3a5d13345f7e568e3c93ac952969864380ac0337e7b5a835495ebb28a982abfc21377799e6f84fa5ff1b123baaec7ac1ea5edd02546185c115b518fa5f2664ca28145bf490ef14e76fcf0506f51d9cca397508de5fc8c346c9c096193f350d6b4") r3 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:06 executing program 5 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 285.636465] FAULT_INJECTION: forcing a failure. [ 285.636465] name failslab, interval 1, probability 0, space 0, times 0 [ 285.667545] CPU: 0 PID: 15519 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 285.674656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.684220] Call Trace: 21:30:06 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0xfffffffffffffffb, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) getsockname(r0, &(0x7f0000000000)=@l2, &(0x7f0000000140)=0x80) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_G_FBUF(r1, 0x8030560a, &(0x7f0000000240)={0x4, 0x4a, &(0x7f00000001c0)="9d3c36bc626e647dffe646b376bf46aa2d07ed80997f2b96d0b4f02e3e4a8450fb3f5c4bbab31936546db92b083ccfacd77aba8ec19a129d22a878380ce91932b32eb5f0427365f1c5f4b9c46e0bf908df7451737c50691c08429ec8295d361de1ee106b5d92e257bf99df4b09955255498a5737076f1724fc36a5ec5f512534", {0xfffffe75, 0x7fff, 0x0, 0x6, 0x80, 0x5, 0xa, 0x400}}) setsockopt$inet6_buf(r0, 0x29, 0xd3, &(0x7f0000000f00)="7d0dc54f93e0cc8a61dae1a69047951a54e77f46a6da411154272c6ea39dde377d6eabb9e5aaf55feb138df8a9e081bb5beed107ae82aa899a292b8184bf5435fbee686215d428ea9afc5956ee9a5a6215c6f919830927d0654ea9841781347c8b6e7e2cebd72ada829f6648d977c0ca63211cb47432d0665cec2c62835ee853541800da5379f649e0ea4f19f419c3b8634dd610b62a93a09b012c679813c54e42497d13518cb4eb468996ee3026d9dc7d141e7a26be6b30a5a76bceff3bf6a0dbad3f51cc152163d009ece99309a4605e1b9d3787fe1c6325da41769f9c15509d878b323a12841ccb74a53c037d2efe7e606a849791791dac10852a148c04f159517797cad90d4fb467a296f843ab237422a9989a7788449f718cec05c0419acecd303deed6ff0ceb3dddedf5ce0be08523f43cef7d631581236429ba527382c81cde68f882471635432fc4486f6b0134914d60c63f9e872d1bb6fc20e13c6f51da3c8b1e382c1780e396c6972540859bd44c17b844c34862ff21a5573ee3c07540bd65f148516e0d2ab6be4b5dc044a5d5067d437249c5055d6bec552ad62526c7cad6f7fddd0a5fe1ac596f86935fce6edf4ec842baf335cbda912d8c72938f974a73e7dfea746d74544249b9cab83bee4a62fa444d2d4dea3ca01849fae7d4c40d622c40c38a6f1ee221ebf10f91a106a49374d9dbae790292872a13e88b9060b82a1e76dd83b2ff65cfb46cc40c60717674ce6fc56da1d99c8afa486c75ead2e1cbe50974f7e2349b33350e39f79ad6ed6f38b6fbb57e4b2a9e86b47b58d21acd9dd876c52a8a478ae8980285c30f0618b0daba2b812db5eb263953f5e80ffae0e14192c900610ec14743b5fb9156d120e3656049803ead513964765dbef4478d32c2ada3ae5bf0f8cb86d9f93fae46476be89bd2eb9739ac3b7ea092bb330e371c526c5de3c15fb35987af8debec1fe14ddf1ecd43580866c3daa3031fce4c9acb26f21c3c939c13b409ee57d5b5ab4cbfa6b84647609ad6d7a1310d1ed03cc89edcf08d2e189c0330badb015d34abd4c48dc0e15e8b9b867b34b13f52da1f1af52029c5213810f0c2ae04ef66a0afdbdee889a7822a1ecd640aaa0ca0b9a0c2428aefd395778ec32f949fa8ca91870968c9016c99d124ab3bd04a5fd67f26082881bdd2c72924882d1bb4b2f9b83d9f642f5293713a10729f759df4df14879de289e80ae0e9cf4ce46ae477690bb8937b59cad66972edfac6078550ca5f860e0fb9656c35bd1c9a47077056e2e2e8837cb026c325d2c019b21df95bc25c8daf40ee2fb2082ec6fef5abeaa1c74c816ffd5bf1f38afe775cd43bc41edfc628abff860b364e26efcffde81b299ef31b63530fe93b7f3cb5416bf2ecafcc1573113d08f7265472175822356176b3f4d7ba0c1125b5938b8489585b90012725fe81ccc16bca414038f5f501c8110dc0ba6ee237db1dfaec12a21e4e20987ffeeb23c3bed3fd15f67e60161ed563488e0402bd87d71d207fb32edb788e867d8f9eea36a98c8bdbb8b345962cdfdb00dc23b97d015c6c4ccabbabb3410440435a7067bddb0cd54670a0df260b3aa954508bfc6b524e55abb98659472cd65a613bec847884cdc1b99e0d212fd5407deba04cf647c6b41aea81e8bb21fb83c829fdaf865cf375504d6d5da9b2b5a3bd6bc8743e89fb19b1dfbe1aed3749a1d3b0c22d63b09025f25598c0bea08a365675b1e70b1160d08c74fb7828347346d91de5804d2600b298976f3580c744ec2c5d135ddef9d9dae3be8d1f53d7c2c71caac12bf30c796e0976f33fde1108e97ced47064c61eb8eae224aa6fbd09804e8df5a5b8594d55418b196ffc7ab0da5f64e2a4aaac97b051b5eafcc5602482bf3338457a3dead150636bd82e4e8b67aecbb29646277f68aeb17773e2f7a476c32b620f719daa7c77da45cba7e59b7316ae1f3354f5047828f00643d05ead118da63f513cd865b25e4cc397db6eee6d5a1ebe845544d79f06792dd4948f17a3417fc11a9747705987c430e0916d6d5ae7c80679c13b5af87e68b5edffc1e4fa982d2f36657c77205f99bae0aff571bc00bde6955a8bc7a678e64439387c625db01b5fcc0f6c476cc054a9196bf30a4ca28bc0669fdfd4cc4d86b5789e79ec1a0af88eac29ecc298be312858b14ffc2638f692b30294ffe6df808ee501319d627c94215f206d26d21dcd5111aa3e4ebc2a3dbfabeae947e10d45466d86bb998bc720cc13c88b2c1a2598d7508ef8b64bedfe80b3f64b40463a891ba46db4078b8a111b9ab3024e3c1cc2b4f6d343142587af3708ed951b5c4c169b7fed9cd7a50b068cc16f90e244597867fc55424bf34616967f8d0545e7846648068582e7c6d53308ad27bfeda05cc1f4622e075d15634f320cb2776d371e546ffbabd58db16f2d7f1ce5aeec284ce572b3d050859f8fed35df0d2a916c8b1b32108522c2d762146caedcd2d893b202c7265c35c06a3c6a201f208bc7990b786324cb7bbb36cf3266b8cc5f0729c1145c8013b9c417e0c77fd294c99e6da6aa12d72c25da0951451978ee1b974f0c291c8adf09e4f2c9c7a29210366a2f996d74e3a4e162ac5df885c47e4af4717a84389e79fafa6c419866aa036618da460e6adc8dfb1538068a013ff4bdd230dd99cd09858e32af5a5e917060c1cb292e416d24b3dcd352a37d44ef523aea5cd7558697eaae673719edbb377df75143fa34752d5c89c4fb368e5c10ad67e6964ae03e665510fa868287c94ed4a7288c51c445e759d27e1040c55ea39a5ce3d511642017d14748945f7e50d411ea271518533943128d720335bf3e72a762dcffb95eb30d7f63901ce610a8c1f3b461ef0cefe76ba573d901d9fd74b76690d55f5d4c69049238c6930ed5bc37e42757859286f24c4208b45c450ffde55f0bf9fdf7619ac2cc9de1dab747da6404a5b20025506244f73167951e1983b1fe57933a843276e0e6bf3e15381e6f15a4530731f8200cd71866150554d0449086d5fec71b6e572c1c7a215e3ea94d13d4e4a4b1c15c8ede4b12e0af337bbdb1ed8793d8f67f630752f298fd8063292fc8aa1bf7922dc31d43842a2e57d60183b2aa0176dcd184f42602c5b2f9b742425bfdbe112f66949c2a6cac74a79e227c5112e3354f16cb292a6df805cf77de3c48b5b93ffbbce41db4a8fc53aaec3fb065042e709d704f9e955e70b819dc3ebb87fd5a6155f1553880673a654ffecdc081d164ceb101421562f2893c511c0a372ed3d7f3a3cd3804da1fea35b07df291d6d05fa46b054ad29cd79834498adf0b0fe078750939822fe58f7543ff23e6b746dd497412fc76be7ac7aba3ff3e38a43dc5f0aea2f767425c91e5fd57aed72b74ab8cd84644a01090ec8df5ccd4b2d95a1543a5713e357341f673729348222b2f6c23b0dadde75dd83015aa66d61dcdf857b72d366b6307f8c5aef6e61627a76abd2b867bdacc4d184df07bc6ce7004e9db84577547ae12ef3b4adc4cfaf737003e3e8bbafc602a2a5d0bf6d3391e834e1c4c0186bc3b7ef5fdc0ab8304573077230280958244debc1bd006316613bdb7b64828b502adac185a59b74675ecec236e8395518467ba498afdbcfd194d9277aa6dc682f6e8abe7e112da01afcfa49412b8e957d3e5195c22a449a41142148c0df577f794585d500edaddf377fd867decd021c3bc36f19385ac6b6497e5ea6bb8cc5653fa582c2253d975a173f59f3503155deb0c0bf98b2334e4d303d6cb52cc311f5f4880f2194548c305caca01e554133b070bf1021133d12aba7dbc36d0e17c59014d22ee8f4fc523b3fa880c259b823b6fbd5c49c726dae715553bcbfa71ef13b678a1e4a32d43555c1b5ef6ead8929fb5dc63ca8d008979858a1ecc1bb4efffe839cabb4d0b0c3f6280fb0c1ad1e53280e9c39e619efb510ebc342fda832aa4be589f9862d64a37dc42e9d657c92d24fa39f6c3bede0d436e88c848e9d18fb2fbf6208226e60fa55b1f959eb55aefbcdd4e101319eff6d241dfec085a4d42a4a64be199c248865f35d3c1a718ba8e82f84722edabd0c6f4aa32238573c85e362328f4c768cdfafc5a326867cbd0777d57a61fbb2ebb902a91abab24731d06c91b1310d6196558e562c595bdaba2609c24aa2b2dc9a189825de4c5d9f26dc91c74892be6818687c05ea12503042a558f45880bada62ae3c461fc9ec5c2263a2522c6ffa8dbad242285ec80b077874a3568669942c12123002a0ef4b91c2e7e13cdfb5fb5b100831cb1a7b53e384f65cadddf97a2eb52a56315705ee353c20f2bade3f1bc641095e1773653aeecf619a68f7a95a7d6535210f64c47c3a1dc10a26ca85ce60ef9aa5a4e65bfd887186d3aaf6c104aef22dcd2de79a2d3baf16c666918cd1610da8b79e6a900533b6cddd836fb1aadb5a25eb7b55991895d50d33395a5e33b47f5880d6a971e56f3f75dafba8ad33e52568ae80597d4e0122996fa644041f7ac319591da61403f372c065e9d003c7d08bdbefcf6a4da21bb911a68307d078b3ca48f8cfa4b6b33b6d29f8cc8ab8abf6c2df1ec58349b90bbd070a9899da43e017fa08538579bd3d8e77415312ec07acc0091f7365cb7d38cb896a98df958a28809e428caf410da0d2f69851fcefd60e9923b4d9a7dde961fa498770800be26f2b086696dad8c847ed60d7ed8fa2db8e33ef7ab36a3025e10dc19d02f316f48d519a8ae2c5543229c446bd67ed062e9f688632fd45d21db8d770855746a275d45eb624f63c975bdb59023ed502ca73eb50c3b9a361ac8eae666118c30d6837d73ffda2b0a9f2fe9428a75dd7d9c69a2194548f69622dff82873aa5995db0d0a24520bd6079b368a4b01d6644884635bd79313d761c6799a8c79d0ac9a7e99fec58f1ce4d0c84bf2dc3a2402bf536aa36bf39929bf2dd0eefc0508b2a5cd72e38d572a4c1ec0ac5761234dd85fa958c2e991aa4230e37c0ee0dfa09f385204d9e014f5f4cccc0a5385fd44cb53b9172254018c321d90ce0347c64bde1e4ba58ef7615289fecf70e2b07533edff13be6441d674f865fc735eaab90b3035d893095607617d97b76389d55b117236b8742069f829d2ad110e6f511a6829d1de8623ea89a524d7999b5a1af331e6250c0d12bffb5e87cfc2bcd98fc4cbc1c141e90b4f4aeda2d089b9b5d1000c9106d68e69c0c610d0774262d1b5632ce275ca72789bb3af876c45fb670085ae59c5a625ec2d0124da5faa7ee17ba7783f8d05aa8436631cfa707219a5075a520797b52c4f911446c23e6241a953af7db9a8a29ea2a8e40103c0cd74c4e659b4b33d88fbc54a084f2fe3f3a0be71082db218919104f47f3384a38122b32af73e3d9f74df1d97af11fc99a6fdc5e4a05585385b3453c6d38e868d88c474e5d7530489990b11bce95dbace8a602cb3312ebd7ba341bfe3f26bbd4ff1c04c362ede4c6f06535f09f7fe97da4f8ae0326c049f6b8f6afc2a5e20f4c6cdfb0b8ebaaf77e8df4f7fb625c73f92a63fbb0eb36a49e6e322ffc34664bc354c573bbf9d33a4bbfefacc4a46f61455e2d7ca81fad02bd2661f537379743d25ba750f262139abb2d8a47900fee373d48e2188de18eb22b3ed037bd79f5098a3d5682481af84c86c34346f80620d4305495d001b18e682de1b22a04f7b4f41616e4b9433c97ceb561244a7f7f1ea972690c5ad3890b34a9e4a83201745ee56cb1a7debc0576c76368bed78981856a54b1d2baf2cfb93d8bc296394aca483e2c4e59", 0x1000) [ 285.686828] dump_stack+0x138/0x197 [ 285.690481] should_fail.cold+0x10f/0x159 [ 285.694650] should_failslab+0xdb/0x130 [ 285.698647] kmem_cache_alloc+0x2d7/0x780 [ 285.702818] ? save_stack+0xa9/0xd0 [ 285.706467] get_empty_filp+0x8c/0x3f0 [ 285.710380] path_openat+0x8f/0x3f70 [ 285.714217] ? trace_hardirqs_on+0x10/0x10 [ 285.718721] ? check_preemption_disabled+0x3c/0x250 [ 285.723764] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 285.728450] ? find_held_lock+0x35/0x130 [ 285.732531] ? save_trace+0x290/0x290 [ 285.736349] ? __alloc_fd+0x1d4/0x4a0 [ 285.740172] do_filp_open+0x18e/0x250 [ 285.743998] ? may_open_dev+0xe0/0xe0 [ 285.747839] ? lock_downgrade+0x740/0x740 [ 285.752012] ? _raw_spin_unlock+0x2d/0x50 [ 285.756257] ? __alloc_fd+0x1d4/0x4a0 [ 285.756282] do_sys_open+0x2c5/0x430 [ 285.756293] ? filp_open+0x70/0x70 [ 285.767326] ? fput+0xd4/0x150 [ 285.767340] ? SyS_pwrite64+0xca/0x140 [ 285.767356] SyS_open+0x2d/0x40 [ 285.767366] ? do_sys_open+0x430/0x430 [ 285.781608] do_syscall_64+0x1e8/0x640 21:30:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000380)={'bridge_slave_0\x00', &(0x7f0000000180)=@ethtool_cmd={0x4e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x9, 0x4}}) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r1 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) shmctl$SHM_LOCK(r1, 0xb) shmctl$SHM_UNLOCK(r1, 0xc) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 285.785572] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 285.790441] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 285.795647] RIP: 0033:0x413c91 [ 285.798843] RSP: 002b:00007f4523547a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 285.806570] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000413c91 [ 285.813851] RDX: 00007f4523547b0a RSI: 0000000000000002 RDI: 00007f4523547b00 [ 285.821134] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 285.828416] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 21:30:06 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) dup3(r0, r1, 0x80000) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:06 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/demC(D\x00\x00\x00\x00\x00\x80\x00', 0x0, 0x30401) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r1, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x6, 0x97, 0x4, 0x6c858502, 0x3, 0x3b, 0x80000000, 0x25a, 0x40, 0xb6, 0x4, 0xffff, 0x38, 0x2, 0x7, 0xfff, 0xb99}, [{0x3, 0xfffffffc, 0x200, 0x653, 0x80000001, 0x12ddb987, 0xfc4, 0xfff}, {0xbf49173b928a4dd8, 0x4, 0x1, 0x7, 0x2, 0x65, 0x3, 0x93}], "bb12175dfedff97fbbf291ecb2a3f819245810cb6b1ee7e5f64dc4a23bf51046e824cc2d515f553c7ec27fbce1799958cb9861de82a8a051ca568e8c107fcc56a290bfc1f65ffdd1618fbb1238f6b81818b007c3f2733b086fa3e8cbcf32dbb7ef58fe432ac191118d26da465c80a4612f6194dce3e2b250820f0b6d15d5ae50fe69d2371a2bd96f45def10dc5e65c65796cab7f9a480337e9e246637dab96f280c7c9e528863e90e7ced4f854ecc9291d6d818d463882bac57c0de8f6f8c485e13ec8b81f915cfead05eda4e7311082575a3b0ab69bd644800c7b859a93a24b51f23b6cc70e5ce911c2fb31e9b68399c9f7048a4c40b8fa10ef67f6414b16e49ce167f66f09291ddd47aed1dfde1bbc87d750e391894e7cf7f9645db0668091a0735651d1d3b0ec751cb14e61872ae2d8da7081e6e21375bf94b650e16e0bf80042b9a3c04f00ccffe4963efc7f81c000a399c79daf9dd6d7c9a6ecbac1ca7c084ad237c37427f73aaf2f8b0ffd0c72d84b80eb258c52a86dc1248a43b16d93339ec31d2f144763f2c97014875517e179217ae6d747add057304a042cdcc34fc74ef9fac5249f8827d6793961008ed8a9ca03200388c9c086eb710e7fdf937e51c09282735306cbc742d6318a2b1131368e956d6847525eeadc2d907a3c3c32b6642064d72beee3e907682e60aba2cb3b028b9fae78ea2e31c4c486a0ca50b877d6ff2feb4fbee684ee0d8cb5185418250160a8a2ed251a1b58de25c46e63b7b4acdaed5f70d0b5ac9b861b01ec41979302af32850c7eac346857ae1078c28bfa0c5f4c17040e63463b48239f3b58fbdd7df62899780bdc3862f5f727c4be3cd3180198a6972f59c869b5588fb2dbefd418153e55ab591e44fe516b802043f596a478d24a7bc8d16bed7d0504dc09382b947c45c6cf6611b98156809353acb97239e37146d5190f5f134383fae4f5db00ce11ec6e002c0e2c10a2486b3cb87e31a80d2de2959a57e76032ce8f2341c2dfe69d756525a389dbd2afeb07397b109b09c5b09841b7973ddbeaf376d6a2b69f61e4baacdb63d7c5306ae6d9f69d229304e7b326ed09d2fc06bc19726af46e25f86446686d0a836292d70384799e3556eeb98039feebd22009fdc657d4f1ba12efb6918836b550c2282020aea338928acf6f7640e1f5906e3099416494118c82ff96ac8cd0ff1e52ad318a6fb620f5dc45746531c296e824e733d5d54381451423fb9222f41426532cc666be10437c622a6ae7110598cf3af64db3f2ab031cd007265eb45df08865223e5f7410d40a7be5383c95c69b65f650bf53001514ac5d0c008120e4abf0d90500fd44c460fd26d205d56095f766bd5c9bb24678ae91c9b29333ba353d08180beb757ffcb67461a203cc8aac8896534ce737401e1bf53215f09df745120fc887e016d03a266904995caadf4b648bae3e69cbe768cf47ec9625eb3cf0ae8fbe6e153bf906e8462eb87bd7996f39d1c638c3612e96abd5c3ec5b21c78c5dd6ae4d9978029306a71f33548ebc76199f582b5681cc506e7394156e1eef2a0f265432b7390cb54c8963822f81fb4ab6830d5f3ae7a3c3cf45f63ded175356ddb241020df74339fa35f1ee115b03f2aac1c2d947c75200a8d77e125ceff390b1cd3792a45d2bb536fe282f533e63c2c037c3ae46dd9acd0bb288710ed2b5a0a3d4c8ec47e617be51e8c45ea4a718503e73598e5e8faf20b334163c105b80bab33c650fc71cd2896e45354284ddae8206a9f59611f0518935e209dde8c99bf1be4117a9cc7b8becd78d2e15863672105572220b0adafac51626381685caaa0b5a909b5187d508a0e601effac40780d64795eff03ca45e3ac9c72ccb2ee0fc3df814a47623cb9aaaa647de899cf3637e249bb29941104ea549a60904ed00691f4edfcfc21230786a7202787cc9950cf8fd0c2d104b2aa400237281c7c897ef05ce1815e562be6142f82633afbd27163f29fdbb3fc864cc34f30d25a87f9992b8436ce9e2faf66b8b9232a6ee899dd0e8201ffed1d309f23d41b9fdbfdbe00e62e113e4f538b594bac2e8f8fcd73f944b89c7bcfcc11c2a9903650bc0f1c69b2c76919f20f51ca0f39d165f802322601889ee33b2c3bac7d5a63e4c5ba1393b9f0a6ccc34f586002693b0c8411a7d8f3756b592d6fccd909f9934992f96a71a1d012e7822094f9f5bc33cf93debe560a27218ec3603cd4db631afb4832e7e3dbedf60a0db65bca115ae2a6a2f98b88d85d34b608bad64e9b59fd85ccf269438768dec2392af124a750e4d3f66aecd4ccdaafc1d398ef99848b15f989d670585ba87bb7a424b45308c47522afd9e610628d79550d94791550d17bc128ed185b37415d84b54b7cbf7d3dc134079363c10ac589c974064c647daff2748150c78c8e00f7552b50bdfbf3ec6a43b2d40d62bc4e6ef731edddb796300b825e6142a9672fecbc9c9f4055525cff5541d1cf4b945ed386ae7e8471c48ca1c28bc7017b312e5c180d810ef6ffed3ce6d9f9904fcfbd6ce1a121290530bd91b21d613cf1e330b1fa1d9bd148be2875d933ed7aff758905bbdd6b2b970538fda780a986b9f14dfd827b452d557bbfc66f23961dc014367d4f6b2cbb745d7f7b80852f833a94bc7eaf52d073851c143ceeee30599a58ee8b0f82d6daad7609c4663c43059d9a75e464da50e96997e49a1595da5e8dccc4f77abb7e7aa7ff954731d58dd9b9fff3d7b0b74a5e13bfb54f646af813403d710c7718c6506704179e6172e7aa05c5e8b275ea970dc30b9dc77a411aa1871c5ec3d859edfafe0e2b0486b04c430dcf9ddfcd5d5dd3e1d71893367e30d2b69c06fb90a922ec0394932f59dd4b6aeadfdb2d71b64de53d3af7b710ab25940ffd432e39354e2022cb1b7d18d4880a867de0fbbc453c8a64b15f4d118f916a81ba8fac81b63f5e7ad8f48931e840572db6ee9307bb2f253ac0d69ef5b9c2df9842902138bea6e1aabfdfa48c293739c7c0cb03309eb38ccddd887c0fa22d0886a000059c0f2fa97d8eaf6dcfe858b1fb6a6bc60d3017d0c059b9d95844faa90fc4bbf4a7c50725c4dca2efe2487dbe2a6bb2cf053107389bf2e23bea3b6106a20724b9e07b8d88e97dbd4b1c56c44baab91c43359219eaf7b7f8eb84cc6fbc76d075aa960eda30924e11975140b1730d2f880677fd1e3103c2834db450a66cb58b38e2ed61c67324b352e9cc23968c1a07f99ba0ec25d2693165d726fd411c75b059949177f2a252dd2d7c387162a21210f4985999e34a141f355f3fece1fab6d4ece82daa12e41094bce19b72d23ad1a1973c3920f684b0d7c849db03a79beb8c8a7541863fa0f9b772992abcbb3e00c69ea83eb9bd9de187fcb67e85c986f9853dacb461b7c8bd8b7f4a9970df2efbb761fa2327e07867a6048891ad534827847017a3686baed5f9575159f1cba49a5db24e7ffcf26c9184a3120378564dc260e9023a21fc7b960b7e62c119ce9bab6e75c41cc0ff12a50daa9c394cb06e9489342bc60c6cb761018c6f27d7c1fd46fcc4da84f6f843c876e8372d2baf4f3fc22702b1e677b6209909b523323a505ca962f9aa27bfea32ea02c744b446e6c99b0460a4773c8ce670cfc74a0e9746d25e72df8f3885c5bdf0a497bd4322f9be70e4cce23794e1584f13cc1f7c3fefba54a4aa358b7e04cb3927f36fcc5588d6e8ad37e56c0cfa2943f72227167e827bc6ba0c3b8f6b7cdbf16e93344040cb3b43e4d7ed7ce9e068fd05159b06805004ea70e9f1e0ec1c7a1cc890ca2aeb60d97b63e3b052765b515c2f3660e204710f162777d2c29d967fac984d0b1cc163e73a7efafd26eead2c61292f4b4aa22e1e9d642990edaeba591e878e14ee12454bbb7401d34c7a6ca1446b7a74820ebbc9005f415beded3d012adad4a41270d1b202e16caf9c1ccd207b66ca7faae9c9aaf2912c33b92f13b912d4e3f08448dc577163436537b0a957e0351f2e190ff19fe5de3a02ce623444df6c5483a9cb1e17580918ee69692803df8805e87eb6202946775cca006898a3db9cc81cb5d8f57af347821bfbfea2b81e12e416f6586f80c0745e141b3e763b8f1b2e1f6832f442c56b4b842e31ce59f97d9704a6f262dc2fdc3e71c0c6fdffae5c34f27cf13724e1d2ae8414c4fca1270e64139c65bd1270b7ad04a6e7373329a5fa4a087df00d998b690e1273974de245c2f9c64ad22a85e2bda4aab4c0251927a7b514d1aba34c4a188b58b66c35c86910fee40d1e0cada59729c3b4d212a5dcfd27c7da3630392802a9b79cb336587c34d66fc71b2f74415169a208be41c38d7a42d5f8bc3a93f4cb4e2024c51f2785960dbf2ff44acd457004644a55a7027c6e6bde77947ac401a4467f75d345c13e942c55a7020adc229e0fd6bd319efc06a52187bdf5f24049294341c69931bd90b00a470625aeddece1b9cbe6319cbad567a86ddd11fa852128c5509814e70b46653ca6af0542b5a4fa8409f3ffbf0e913aea27a0b0e3c0fcce7606b21f3d036a6ba1326cbb8bc99c082a02198025d91a6e3069253c95cfa8ad0911a1008b2a4bcd10c89ae9b6b795b6f8798f4f98bc858a034a8186160f6dc03a8e8b2dcd2a2eb2ae3564d69624263c09776520890e59234bda54e689609165f9a01f062e31ec3ddf2c48d94c57b0fac5474e0c6fce958741a7c3be45ae6f3e78484f252f7af2d8b4f4f40749aebd95b8fcda8de396a59a8420046bafbedf28bc7ed0ebaa128cf0f06a8a40a4da155d8223ac76fe10a5d2a69d275904fc48c22a2ca3ddacf5c686501b5168e8836c8ce272557fac0691814443236da7022152196a753e11c1d9f370a85f7cf7d8cf33e72784ecf4535fda1ef7c4c66d5bce8353ed2207cf370479a99047c9f75b1db6cedeaf65eac9db77217a27e7aec34ba80428b4c1ae48bd316488d8a5fd1a1dbcb83787dc8f96485b3543bcddbf220319e53a37d94906538a3105bd6da5e24def90f18c7acc295f213f9f7c89c868c2ba40ce64164787626ccfa1977757311da60cd0d7523fc42c36465d1c5672d7c0cf1d48de9bfeb5819f5d9c79fe44286c13e93d18744e5712a7ed96a0974383b748ee6f5910464cb7a48e913e11195545f8ec7150e391770fb4c8da90ba79dcdcbf151ee6d2df7a457c427da856dd465db27422eae5a13a70095c58d78c0ced5ebaad173764a731acaf3074376e3aec8235b663c01c409e3035d1f84cda30f97d05a35d0acabe22e77c2fc5f9dfa28fe9de6a011ec0f3c5ec360167964a0a408460f88577d1137b89d5ce37afd6b59bb50573ea5a418c83a065af41aad33b2e32d30d405c7ed7d60b7501d4590f93541c9723e929f6d7da313db1d1b6912ea2b0c3e64310c98e26950063ac5b08435470eccc5a5e99ff61f592d5e4ee3d370fde16b7ade1527c7b914cfee146d31e089eb9389c886758743f94d9df12800db1e896a2746ae5ae7d19b0dd426d36bb79cfc0b0539fd21eaf60038ee377b781aabb4fa90b877f157db4eee101b3ed123ad7a206632b56a165019714162bfe053c84d5fab3580a50940334fe4050112aba8317a787951b0b5ccc20cf44efe71d0a053eb4875f6a2edd8f20a05c38f1b45656ff395fd3f8eb54058e19471efedbfb5203fb0deecbc6ba4c4c4152d07edd76cd66d34df523d7b50cde28f1a546d8e6edce7fe9287c135687110dfebe92ac0a521a0a923d50c227a02a6cd6aab65b61e7707455e0e92dec53eade099badec4c697fa295b8fb9369adb68", [[], [], [], [], [], []]}, 0x16b0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 285.835679] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:06 executing program 0 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:06 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000000040), &(0x7f00000001c0)=0x30) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x7fff, 0x20003) ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000140)={0x840b40986a935704, 0x0, [0x5, 0x4, 0x6, 0x100, 0x80, 0x0, 0xc2]}) [ 285.939635] FAULT_INJECTION: forcing a failure. [ 285.939635] name failslab, interval 1, probability 0, space 0, times 0 [ 285.956779] CPU: 1 PID: 15547 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 285.963829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.963835] Call Trace: [ 285.963852] dump_stack+0x138/0x197 [ 285.963873] should_fail.cold+0x10f/0x159 [ 285.963889] should_failslab+0xdb/0x130 [ 285.963902] kmem_cache_alloc_trace+0x2e9/0x790 [ 285.979517] ? __lockdep_init_map+0x10c/0x570 [ 285.979533] ? loop_get_status64+0x120/0x120 [ 285.979545] __kthread_create_on_node+0xe3/0x3e0 [ 285.979557] ? kthread_park+0x140/0x140 [ 285.979569] ? __fget+0x210/0x370 [ 285.979588] ? loop_get_status64+0x120/0x120 [ 285.979597] kthread_create_on_node+0xa8/0xd0 [ 285.979607] ? __kthread_create_on_node+0x3e0/0x3e0 [ 286.027843] ? __lockdep_init_map+0x10c/0x570 [ 286.032333] lo_ioctl+0xcf7/0x1ce0 [ 286.035889] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 286.040900] ? loop_probe+0x160/0x160 [ 286.044689] blkdev_ioctl+0x96b/0x1860 [ 286.048562] ? blkpg_ioctl+0x980/0x980 [ 286.052444] ? __might_sleep+0x93/0xb0 [ 286.056338] ? __fget+0x210/0x370 [ 286.059816] block_ioctl+0xde/0x120 [ 286.063450] ? blkdev_fallocate+0x3b0/0x3b0 [ 286.067794] do_vfs_ioctl+0x7ae/0x1060 [ 286.071694] ? selinux_file_mprotect+0x5d0/0x5d0 [ 286.076572] ? lock_downgrade+0x740/0x740 [ 286.080750] ? ioctl_preallocate+0x1c0/0x1c0 [ 286.085185] ? __fget+0x237/0x370 [ 286.088652] ? security_file_ioctl+0x89/0xb0 [ 286.093197] SyS_ioctl+0x8f/0xc0 [ 286.096558] ? do_vfs_ioctl+0x1060/0x1060 [ 286.100708] do_syscall_64+0x1e8/0x640 [ 286.104596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 286.109438] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 286.114628] RIP: 0033:0x459d67 [ 286.117803] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.125518] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 286.132807] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 286.140096] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 286.147362] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 286.154630] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:06 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/d#c\x00', 0x4, 0x8bd555e480d19c0e) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") connect$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x5, @mcast1, 0x8}, 0x1c) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0xb867519bad6a2c2b, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f00000001c0)={0x4, 0xedbe, 0x24000000000000, 0x401, 0x7, 0x6}) r4 = accept4$ax25(r1, &(0x7f0000000000)={{}, [@rose, @remote, @rose, @netrom, @remote, @rose, @remote, @rose]}, &(0x7f00000000c0)=0x48, 0x81800) r5 = socket$inet6(0xa, 0x2, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5419, &(0x7f0000000140)) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000100)) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) ioctl$FICLONE(r4, 0x40049409, r5) 21:30:06 executing program 0 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:06 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendto$isdn(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="200a000001000000ea2fdb5092b34a19d018bb98c142819fa505c6541603d94a25b39fcb04d6c43efd5ddc298e27617e4db0000070bdad5335f9a2bb3ec30f382278197e6fbd8612a460ce842819c8fec5fd1f893bd89f6516867490888c0c740c01f790a035720edaf33f594a7ceb52b3305cd2fb75f922dba0f79ebb6a84ed1c50aa629c9f50d12c95e397f27900"/154], 0xa3, 0x5040, &(0x7f0000000040)={0x22, 0x93, 0xff, 0x8, 0x81}, 0x6) pipe2(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}, 0x8000) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000380)) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) faccessat(r0, &(0x7f0000000000)='./file0/../file0\x00', 0x10, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:06 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x80000, 0x0) splice(r7, 0x0, r1, 0x0, 0xfffffffffffff7fe, 0x6) [ 286.246938] FAULT_INJECTION: forcing a failure. [ 286.246938] name failslab, interval 1, probability 0, space 0, times 0 [ 286.261073] CPU: 1 PID: 15562 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 286.268438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.277871] Call Trace: [ 286.280452] dump_stack+0x138/0x197 [ 286.284070] should_fail.cold+0x10f/0x159 [ 286.288218] should_failslab+0xdb/0x130 [ 286.292309] kmem_cache_alloc_trace+0x2e9/0x790 [ 286.296964] ? __lockdep_init_map+0x10c/0x570 [ 286.301563] ? loop_get_status64+0x120/0x120 [ 286.306103] __kthread_create_on_node+0xe3/0x3e0 [ 286.311078] ? kthread_park+0x140/0x140 [ 286.315039] ? __fget+0x210/0x370 [ 286.318513] ? loop_get_status64+0x120/0x120 [ 286.322914] kthread_create_on_node+0xa8/0xd0 [ 286.327401] ? __kthread_create_on_node+0x3e0/0x3e0 [ 286.332405] ? __lockdep_init_map+0x10c/0x570 [ 286.337034] lo_ioctl+0xcf7/0x1ce0 [ 286.340570] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 286.345667] ? loop_probe+0x160/0x160 [ 286.349516] blkdev_ioctl+0x96b/0x1860 [ 286.353395] ? blkpg_ioctl+0x980/0x980 [ 286.357358] ? __might_sleep+0x93/0xb0 [ 286.361229] ? __fget+0x210/0x370 [ 286.364668] block_ioctl+0xde/0x120 [ 286.368415] ? blkdev_fallocate+0x3b0/0x3b0 [ 286.372788] do_vfs_ioctl+0x7ae/0x1060 [ 286.376797] ? selinux_file_mprotect+0x5d0/0x5d0 [ 286.381546] ? lock_downgrade+0x740/0x740 [ 286.385816] ? ioctl_preallocate+0x1c0/0x1c0 [ 286.390364] ? __fget+0x237/0x370 [ 286.393815] ? security_file_ioctl+0x89/0xb0 [ 286.398218] SyS_ioctl+0x8f/0xc0 [ 286.401575] ? do_vfs_ioctl+0x1060/0x1060 [ 286.405714] do_syscall_64+0x1e8/0x640 [ 286.409585] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 286.414508] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 286.419694] RIP: 0033:0x459d67 [ 286.422868] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.430855] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 286.438111] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 21:30:07 executing program 2: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x8001) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/deX\xff\x0f\x00\x00/pcmC#D#c\x00', 0x4b770bf8, 0x41) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0x1, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) getsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, &(0x7f0000000000)=0x6, &(0x7f00000000c0)=0x2) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$TUNGETDEVNETNS(r5, 0x54e3, 0x0) ioctl$KDSETLED(r3, 0x4b32, 0x5) write$UHID_INPUT(r0, &(0x7f00000005c0)={0x8, "8dcdabd5d9c29e3fbc6379c623946237fcc25eabf71f8c818fd54dbc409f1f8180efec38f6cfcfa60f82be55816fd0f430d041065b7e33a5bfd012b98a762e186700e2149f46e768c50d1a938f6a6f688037e163f35364b6831e565a76cb1447455946447475162eaa304d02574b9dc1b09e36061b1052b930f0aeeb66ea825b30b6db44a6f0ca5caea4482efec89793eaeed6e300f31c765c0d122b0e73de41db39d95a091267250ff722f3351415511e2aebdab8b9b9c0b33163eae2eea293bf284061604bfa3e503a900c3367cf764645bd1582e3560f780bafd7c240365c79681fb29539665bda71116cb9c4bdbcd7d0699c81dd03933e1adaa87e8241dea75f95edb122fb1d0e45e5f6fb6709722c9088c5870c9e4009a55b658dc6183831a397bcdf57841bdcce71321633fc2199b5b437503570583fe11deaf960eb82e3ff208f9e26b7ad25a4106a474ad88b898e340d69b72fca367512ddbb6c1634fa9a56fb63816c832a241d94539277325c9e5e636eb6ce029680fb3cf5050eb3b3a7fb38841ca527f0bc8074d96621c3b88036a855067dcd464b6e439f62fb1545917cb0fa6e2d1ce35dead918eb36c5294c51069ca7b2badab85524427cd53e2ad3faae201531803b2dfd90f33cbdec368d940735d50ba9ff051e4865436327086faa4a2b3b05dc3fcb4cfca59eb1f452931d23a4256320fa841f8ad28d4d3c5530869208a4ab021512f17af7b55e9dc4fff8c3640e83b205b08a1803459f51a5cd2c97aad0ccfe2b68443d3135bb56a6e16575c8efe428049c39e40b0eb0e2d2f7077ac3321dc1188073717781edc9e5093ea84363625926f689e6873926655835640dd007f7eb2eb03b35721da413f758454e1af002fb5978e15e347314f82248d754323d5cde8554d57dacc6f93e83f5ae56b6b7c265f802750aeb087e89c39a94d5ef3c6f42da61defeae0fcb7b4d27f570045e24b13a39b860a52d327b1f7090c67cb3d65cea28baad70e03e85dd60da16bf72ce6270ea18647a7698eea312d23af7ff32ba4d48341c11fcd74d16de52aa3e48b262ea51f75a7083df8d2e2ced27350b4a72181d78549fe8de6b67400a3f4bc1645e3478fcd36899491ec50561590e5f4dd4ed95bcbd7fd2bbe59763e2ae7b01e04509da40067e679235bec594fbaf2e4abf9a1608f3a8c9ca88b23b938957c6c65bdbf328f2f3b85f94297af6f0ca3f81719e0bec844d91ac52f6e1faeb1a6e4700918916c9fc8a55d6b68e1425a69f0cdecacaaaf8913095adadd680288aa3969bbfa23fcedd9849dd3ea4854c7c6e64e709086dbd55c3930818f7a8fe8d1e07a6b8ec3e9a6bc444c516a32259f170e24fd657ce0cf21c608f1a7dd3ff7c4ab66ddde564b0b37e93f12dd8995e33649abf1ef15ff2ca9c39506ed9ba274175cc7805bc8bd37f0c111ddf938f4c186b6495c0d42b0f46a64908d97f328acfe8c6242a6e41bad07426093f61ef2b547c42a08c3109f00f258680ab5a0c962e1a084cda0bdd2101e3fac45441ad0eea80dd1f1055d7e5a4305ce4c8dce83820124f4544b9a0db80f5051fb838ce9c2d02c9dc6ecc6d1fa852552494213d5bfe4ef187212923f0caede2521f2279a5bce66d7369d5c747feb8e0fbb71c04dd148bc7117b04aeb606421267a4b451435ba765af1c3313b64fca622ee67c4cc8b0dfc78bde92eff5f67b29ec3d7c05790684093656f422b0b70fd83c1d5cf23c4af46c3bc7b8b6027f071582d8f2d1063dd8293bc2b2631176adbd16e7db2f5015f5c992c294fc4bfa4826fdeb03afaa64b1b8a7d9e4ba39e34a885f44d50393ab3d1d9ecf7835d13d792268796a45af3ea644b04ce51cb29b0efa046a1978af9d23deb28ba4968367a8142a927d94039561d556950e28ef1ed83111a2a6ebeb569ce3c77107b0476884bd8b10b6031e446a846862bc0e40c35f616d60c378195e9261fd546ba0d6b9f2701b29f57a4cbb4b22df1cdde7a3c386d279b502d1f4a69c2c764ea9dc45af90ed9fc14c18b40b5f4a622783f7577fd1cac5a3383ea90a210341a24525076eaf5f8ba8dc6d170832506696ca173d86a3ce1fcd38671fe74e859bc06cbd1f3b0ce58fcb328198db56d3370672b0473315b4c259581a5caad474e9de018140aac08afbbb6c27acbe7adcd39b2f51510f8d513ef494023dc86c577094187e26fe280f9e03672ef5048d8df4f69e8528ee9d083ce64d69c2faf4132296b195cf302e0027dd0377ab1338e2fda4ea966120a1f882034da4d67862dadb1220e2a7fb2ff510a532f30457bb32a39c9d17f6eeb28c960a4341d2070b8fafd6a477deb4ea69a0cf50eecc96a033ee2f5e5bb0fb40721b75358ba966c398fdebfaffe886be4a26bb6211bb7484bc3dcc258e80750b74b67baa8538c65ba48e1cc85f784d85f183fe72d46bacd4fe710d1065cd5ac4d3f3ace6386b66fab9728fbabbe22a69f5ee4246de240655c1ee7087b4bbd71c089dabd00f9523a3674e3bb529b68a467c5877aa9c75030f83901cf2b7d10b0cee70780735d88c8505ba668a2448cd38798ebaf90d08c1d2a2ad64b6c93635d6642dfbf5a378e970c954acada0052f031fe02eb853a79a2330d5d4f9c30c7ced45e8020c538ca0ddcba491a13590a9469ee486b3f708883009b4c0cd5ac5f1848e3ae5a8c59e42755a021cd26e546f101a060050f27f784bbbdb94f25612edaeeed3ba47008cef7553be93c6e1c3580f6a05990a39210a3b1a2d0b13e91dc1b8cfedcda64e6857574b2e457c6df7053296856c7ec9caa34bc3064b2a0822d8aef35247768b32fe0ed153dcaee61fbfcadffce92632f3b788d9d64f765e7e68fce3aaf1133a85c132cc0f974ccc634cc4bbcae9c3841bf46d068ed1330ca988540b2090b554a697075026d541fa26806b97974de51f3d0adceb9c857ec7abeb9c5846c72218f556466d621a22d604421b652f5f7c8d7fcfbca7cfc65cf4d41ae4c678394914fe7b0e0c0fd6563a6dcc06e800552ab912067cb066d3e2f3441efb84927888f0c074dfa19dcc3ef358ed012391a1149dc92bcf6951a0a1fb5df1784c01536a12ed738c6d528d2ac28740eed6cbd731f314c5d172f7a92927016451926e533de1b283e4172d4eedbbe54db7c9741fc0aaa5238afbe8cb5c735ba991c9a1c9ad51d0d532fa9aabc209bd0c414fc2a3364222d232fc01b1385ee25f32e6553275cf98b75085c4d04e5ee53cb3239e0d02ceaf097e6f983525cd426fc17a36756ffc4a7699fc225731ab5a2e79d809926421007a95795e363b0f54eb545f437d85518538c44e7a564060f114e18b9b8ca5471e4a1834deeacfdead214bb911ff6f12b023360ae385f0137f1a973c3d23d5bf180dfe9f28028d274679bb7661088a0345970c3716f0f82bc07d97893f8c8590b292178d06549674292e522e1e87458d863af42415fe41a62b6011597bb9a611ad10a461424b50363e7585d6d8d82bbe93f190760498debad147023519224b4669e38d99d7faa8b3ac6adbf1af1de55eec1a7e8c17ba3ab1e36bc497c9f2bb2cca1c910e8f8d01d5f76bfb150a09a3c3329825f08fc792fbb6f2ca387f5f6c96dad4d17d91d8ba6c209d0ca1f1445b6a260755acb415a21dd2740646e6b53e399f953a9f484d5f53840921cb1f7f1e97200e4ce8550c1d5acf1fcb50486aaf79080e119a9ef1b5bfc9eef88b7caec62b08511627cc2bb6332a71dc16a3d5838a071e29c5dc1692999bd426b7ccf2777c561f5d24756afcb4a7b11053c34627c80e2283a8bc94b8a4175dd6dd5161a47be7f8007aa8282a9bb74494818d9b14c45c43e1c4ea72f315c10f268a92c4cea48cbb1db3389986bd03455e862b03913dc510a2f64ae78b23d8cccc95ada1130bbb49842b6515ee00a1ae8d6d93c3bbae8abc83d02db8b697a35cb8c5eb3405a9a0568ae39cb94f8815e541c7ed3cfcb788040a1d99b9ef94600884398cbc401e1abeebffcb7e939fb9d76681c1b1ef018eb1023d781189fec6643da70f94070f0ed28fd44a0b571c60c558e46f55c24169520b4d998e6bffb902052083bd3a48305994d66bed509afb7d1196987f7d763486c0af5cf2f9f9a2ebeb138b12d1cd01a01b4c1c0dc2ecc815ac2f49311478f6eb98bb5bb07a519ffc1054d14997ad00d270fefffdf5a9b9f8e8716af7a8c3c5ff2dde647806d7bc03fda581fdadc4e8924ec54adb857230584b64ad6884e6b28b5b45b5c6c0cc37bfbcbf8eb606d6d5d248b9e643124ca06f560b213332c59ed3d68b7ffc8a172ff3dcacf4d85041e97fe099ce6e5fe1f8b4b5337f9145b2b944b8cd2eecf08efd9bbc1a9f18fa90a9187a0eb67874c0dc633d9d5bd703aa02a757c2f97432400995c9159ea610dc1b0d3e19f8b2c26c698afc079acbc1d12b9fe01e614ce04f885bdb63ed1219f4d98f429b152c8a22f1843a847fef54141c02d625af25597037081e02dbf4e9a47d893275c5ff0fcb6da932d2c9ca4b71633b40639a7c6147f5e9e1ccaf68c8348743d4eec8780a4a706a4c59be80c2a0bc126d0fefb4bcbe98b183651f3022b114dc27fa0a1bab31499919a17a0587b5e311582adbdc742147560f185724e4da050fafd0b0b27a687e48138005b57f15f8597a054d9ee729aa764da76dc6af1abe9f4d7fb3aa97425cc4756a47099dac85ca43cb0bc28420f01f3e48f84d36d26ed7f7f066b4aaf4d35b22e81e3056c0a14b0ec5f5419b4d8da8f8eb3f6ee3bff386d2bdd8e774d3ee97025cd859559a989fdd6bd1ae4a66c92250e73c9f756128b5827cd8b1d5f634ca23c89feacaa1f9e3acdc5404c0ea2a76bec641c00e6ed30801a2a442c512479e89dfb4caf578557fc7aa864efdd530ab514267d0d95a44f3108b6ef299c10c4ecd502271a9328692906d7c3378c44c758ad017f9c9f3f950e9d8fc404eb83baa471ce49ca75637d48c83ec03144e1d35ada5b34cd38955ff5d74389ec93c36f385594a6b9ddac69ecb0b802b0319648f9ce4c99c6380e7695779024248a02193e7b79e1689751aec7eb1f7ba8254465a6af667f5ce853fd38f8da69135b4793c83ecb07c33e95dc91cadb62681e1b38f1ab09f25072c92e904f508088e3cbde3b41a1f72348292c91152ba63ffa4c7cb43f735299b3e197839abda318f421a7e56cf7982522ea6e183b169c83fd392f1e4c2e19a7b73b973f26254c8c59c4e6714199e446a10162acbfb16d783cfa811b32886c4a611859398c05d49bb67602db3eb0e28a204fa251272d74e41211de8b1bb633b6682c1c92da6990755694987f90ac06b0de6f6d07698fe56b086c05aad2211cd4124e06a4a5183fccf82f74f07766fffbe36c59562f8f19ae5be2618c035c112a0241d9a8c93838b757384b1e85b658c3d1f925579472ebf01e051a5f807e8c0c79d5141e688cca2eccbee60fbe4fcefaab19797fe6b6a1ab27c0a8955db11945739f80d9acd5f308fff29c60f20661e3a00850dee5294ef3138b20a8a21e0ce8cf221df49c5fd52a65b693c358a00d2d621095d43446d5e52806159c74f1db054c1069ed1e96614bc132eb4d903f3375a1cbfc838e8a4ef1652454753548881035d97e9e8a3e38baa7167aa6d8c81db5f3fb162fe6a6ea7af8489b015f08b838acbba7da1ea23ac4576ec40b051a62ddc5f656da582ab5af17fe0074e3bcaced9e0eef8731bdbc469f8244a3961ed074696a3a815d09f80d2002e48926f4649590229d521d1ea8a5cf20df468e2a7", 0x1000}, 0x1006) keyctl$set_reqkey_keyring(0xe, 0x7) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 286.445378] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 286.452634] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 286.459891] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:07 executing program 0 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 286.534367] FAULT_INJECTION: forcing a failure. [ 286.534367] name failslab, interval 1, probability 0, space 0, times 0 [ 286.546483] CPU: 1 PID: 15573 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 286.553615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.563091] Call Trace: [ 286.565684] dump_stack+0x138/0x197 [ 286.569440] should_fail.cold+0x10f/0x159 [ 286.573733] should_failslab+0xdb/0x130 [ 286.577893] kmem_cache_alloc+0x47/0x780 [ 286.582050] ? save_stack_trace+0x16/0x20 [ 286.586195] ? save_stack+0x45/0xd0 [ 286.589833] ? kasan_kmalloc+0xce/0xf0 [ 286.593706] ? kasan_slab_alloc+0xf/0x20 [ 286.597769] ? kmem_cache_alloc+0x12e/0x780 [ 286.603041] ? __kernfs_new_node+0x70/0x420 [ 286.607359] ? kernfs_new_node+0x80/0xf0 [ 286.611409] ? kernfs_create_dir_ns+0x41/0x140 [ 286.615984] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 286.621613] idr_get_free_cmn+0x563/0x8d0 [ 286.625759] idr_alloc_cmn+0x10e/0x210 [ 286.629753] ? __fprop_inc_percpu_max+0x1e0/0x1e0 [ 286.634585] ? __lock_is_held+0xb6/0x140 [ 286.638743] ? check_preemption_disabled+0x3c/0x250 [ 286.643961] idr_alloc_cyclic+0xd0/0x1e2 [ 286.648485] ? ida_simple_remove+0x60/0x60 [ 286.652866] __kernfs_new_node+0xe4/0x420 [ 286.657154] kernfs_new_node+0x80/0xf0 [ 286.661413] kernfs_create_dir_ns+0x41/0x140 [ 286.666019] internal_create_group+0xea/0x7b0 [ 286.670639] sysfs_create_group+0x20/0x30 [ 286.674798] lo_ioctl+0x1176/0x1ce0 [ 286.678572] ? loop_probe+0x160/0x160 [ 286.682373] blkdev_ioctl+0x96b/0x1860 [ 286.686428] ? blkpg_ioctl+0x980/0x980 [ 286.690340] ? __might_sleep+0x93/0xb0 [ 286.694362] ? __fget+0x210/0x370 [ 286.697837] block_ioctl+0xde/0x120 [ 286.701468] ? blkdev_fallocate+0x3b0/0x3b0 [ 286.705850] do_vfs_ioctl+0x7ae/0x1060 [ 286.709758] ? selinux_file_mprotect+0x5d0/0x5d0 [ 286.714531] ? lock_downgrade+0x740/0x740 [ 286.718698] ? ioctl_preallocate+0x1c0/0x1c0 [ 286.723129] ? __fget+0x237/0x370 [ 286.726609] ? security_file_ioctl+0x89/0xb0 [ 286.731034] SyS_ioctl+0x8f/0xc0 21:30:07 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) dup3(r0, r1, 0x80000) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r2 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 286.734474] ? do_vfs_ioctl+0x1060/0x1060 [ 286.738642] do_syscall_64+0x1e8/0x640 [ 286.742573] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 286.747443] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 286.752624] RIP: 0033:0x459d67 [ 286.755819] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 286.763557] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 286.770836] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 286.778123] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 286.785382] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 286.792906] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:07 executing program 0 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 286.924325] FAULT_INJECTION: forcing a failure. [ 286.924325] name failslab, interval 1, probability 0, space 0, times 0 [ 286.936057] CPU: 0 PID: 15586 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 286.943083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.952699] Call Trace: [ 286.955456] dump_stack+0x138/0x197 [ 286.959089] should_fail.cold+0x10f/0x159 [ 286.963415] should_failslab+0xdb/0x130 [ 286.967396] kmem_cache_alloc+0x47/0x780 [ 286.971466] ? save_stack_trace+0x16/0x20 [ 286.975621] ? save_stack+0x45/0xd0 [ 286.979243] ? kasan_kmalloc+0xce/0xf0 [ 286.983257] ? kasan_slab_alloc+0xf/0x20 [ 286.987322] ? kmem_cache_alloc+0x12e/0x780 [ 286.992147] ? __kernfs_new_node+0x70/0x420 [ 286.996473] ? kernfs_new_node+0x80/0xf0 [ 287.000550] ? kernfs_create_dir_ns+0x41/0x140 [ 287.005157] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 287.010813] idr_get_free_cmn+0x563/0x8d0 [ 287.014983] idr_alloc_cmn+0x10e/0x210 [ 287.018969] ? __fprop_inc_percpu_max+0x1e0/0x1e0 [ 287.023814] ? __lock_is_held+0xb6/0x140 [ 287.027992] ? check_preemption_disabled+0x3c/0x250 [ 287.033153] idr_alloc_cyclic+0xd0/0x1e2 [ 287.037355] ? ida_simple_remove+0x60/0x60 [ 287.041617] __kernfs_new_node+0xe4/0x420 [ 287.045796] kernfs_new_node+0x80/0xf0 [ 287.049720] kernfs_create_dir_ns+0x41/0x140 [ 287.054168] internal_create_group+0xea/0x7b0 [ 287.058827] sysfs_create_group+0x20/0x30 [ 287.062996] lo_ioctl+0x1176/0x1ce0 [ 287.063011] ? loop_probe+0x160/0x160 [ 287.063024] blkdev_ioctl+0x96b/0x1860 21:30:07 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") sendto$rxrpc(0xffffffffffffffff, &(0x7f00000000c0)="7faf724c0c5ea99220771684d0aa54b4c4685e1c913390b08d2b5338aabf09208c9fbd482f8a934d2a48cf4c37738cb4ed7765e2d1be6c8df6577bb1d6f431edeb2afd4071dd26804917081776cc3f6284b56f162d1aa684cd464056a3f334a4af99f2c56474a674f58f3a665d5f40fe665de172363bc04b7a2af73a6cff8bfa2f89e0aae201aec9abd3535883e381d8747a43afcba0aa355e0eb75a0cda57a7d009bd04dc3268601a8420e739c4dec40cd94a065b46b4f2515cbc9be0cfd2b481dba192666f436bd5a372cb4138c9045f7c45e7bb03f8e7f5e9", 0xda, 0x8000, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x24) [ 287.063035] ? blkpg_ioctl+0x980/0x980 [ 287.063053] ? __might_sleep+0x93/0xb0 [ 287.063063] ? __fget+0x210/0x370 [ 287.063076] block_ioctl+0xde/0x120 [ 287.063086] ? blkdev_fallocate+0x3b0/0x3b0 [ 287.070520] do_vfs_ioctl+0x7ae/0x1060 [ 287.070535] ? selinux_file_mprotect+0x5d0/0x5d0 [ 287.070547] ? lock_downgrade+0x740/0x740 [ 287.070558] ? ioctl_preallocate+0x1c0/0x1c0 [ 287.070571] ? __fget+0x237/0x370 [ 287.070589] ? security_file_ioctl+0x89/0xb0 [ 287.070604] SyS_ioctl+0x8f/0xc0 21:30:07 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) r4 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) r6 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) r8 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r8, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r9 = socket$inet6(0xa, 0x2, 0x0) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r10, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r11}}, 0x2de) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040), 0x13d, 0x5}}, 0x20) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYPTR64=&(0x7f0000000080)=ANY=[@ANYPTR, @ANYRES16=r9, @ANYRES32=r6, @ANYRESDEC, @ANYRES16=r1, @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYPTR, @ANYRESDEC, @ANYBLOB="b97171ae3fd760bda5af7ecc749270b255884028d4f06811b5081bd2a81b9b56f473d5a6a58384ba4d53fa46bc192f1a8005fe41d825444404e5293c901d6c6670df5747745e137f102fb3a1add585e2ceafe70731355ed364f2f5b81b46f6347d9d039e062ae5af5331d40889ff240732516eac47de893be513b37ef4", @ANYPTR, @ANYPTR64], @ANYRESHEX=0x0, @ANYRES64, @ANYRESHEX], @ANYBLOB, @ANYBLOB="9fa1d774714c0d166d86a65c7a7cee4b148a8b18deab57b230524606ed352bf7d20e37716eb795c7c96dcf23c650d9c824c9a1cbfeabc06810fe233b3344e3a654e6d8d956366af70b953e5f0376be737539c7552afe4fd0fd470e4f1de0e58b86e59ae6757bdcee22f323b15c1cdfeebbb3a5df55881e397d2439b2a8098cd6ea3c89f73c1c", @ANYRESDEC=r8], 0xa2) r12 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r12, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 287.070612] ? do_vfs_ioctl+0x1060/0x1060 [ 287.070624] do_syscall_64+0x1e8/0x640 [ 287.070632] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 287.070647] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 287.070655] RIP: 0033:0x459d67 [ 287.070659] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.106600] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 287.106606] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 287.106611] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 21:30:07 executing program 3: socketpair(0x8000000000001e, 0x5, 0x0, &(0x7f000000dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000080)="a3", 0x1}], 0x1) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x585400, 0x0) ioctl$ASHMEM_GET_NAME(r2, 0x81007702, &(0x7f00000000c0)=""/20) writev(r0, &(0x7f00000013c0)=[{&(0x7f0000000000)="d2a52900ffffff41283951000000000004", 0x3a4}], 0x3e4) recvmmsg(r1, &(0x7f00000052c0)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/160, 0xa0}], 0x1}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}], 0x1}}], 0x2, 0x0, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:07 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 287.106615] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 287.106621] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 287.122496] net_ratelimit: 23 callbacks suppressed [ 287.122502] protocol 88fb is buggy, dev hsr_slave_0 [ 287.122556] protocol 88fb is buggy, dev hsr_slave_1 21:30:08 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/\x82cmC#D#c\x00', 0x2, 0x125000) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl(r0, 0xffffffffdffffbff, &(0x7f00000000c0)="1010907f873f94398c9da88c5037769a86725ff2fc70e37362c7001000e9220000000044dd15b15ac27cdff119b1f336bf5d0f78aff4222f0200176ea01c9e6a8e76c0ccf3f59d193d49c82a1a2d53c4") getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000140), &(0x7f0000000240)=0x4) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) perf_event_open(&(0x7f00000001c0)={0x6, 0x70, 0x6, 0x0, 0x8, 0x7, 0x0, 0x5d15, 0x800, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x1}, 0x4000, 0x8, 0x401, 0x2, 0x6, 0x0, 0x9}, r1, 0x8, 0xffffffffffffffff, 0xc) 21:30:08 executing program 0 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:08 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) bind$pptp(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0x2, {0x2, @multicast2}}, 0x1e) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000280)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f00000002c0)={0x0, 0x2, "aed1"}, &(0x7f0000000300)=0xa) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r7, 0x84, 0x22, &(0x7f0000000340)={0x0, 0x4, 0x1, 0x7, r8}, &(0x7f0000000380)=0x10) perf_event_open$cgroup(&(0x7f00000000c0)={0x3, 0x70, 0xe, 0xff, 0x81, 0x8, 0x0, 0x3, 0x80, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={&(0x7f0000000000), 0x1d}, 0x110, 0x5, 0x7, 0x7, 0x6, 0xfffffc00, 0x8001}, r2, 0xb, r3, 0x808f736005f3c7a5) ioctl(r0, 0x100000c1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:08 executing program 5: syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xaaaaaaaaaaaada5, &(0x7f0000000040)=[{&(0x7f0000000480)="8da4363ac0ed0200000100000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe536978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118d845ca451f6e61e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xc3, 0x10000}], 0x40, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 287.362926] FAULT_INJECTION: forcing a failure. [ 287.362926] name failslab, interval 1, probability 0, space 0, times 0 [ 287.379174] CPU: 0 PID: 15616 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 287.386242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.395620] Call Trace: [ 287.398235] dump_stack+0x138/0x197 [ 287.401901] should_fail.cold+0x10f/0x159 [ 287.406081] should_failslab+0xdb/0x130 [ 287.410073] kmem_cache_alloc+0x2d7/0x780 [ 287.414237] ? __mutex_unlock_slowpath+0x71/0x800 [ 287.419086] ? __lock_is_held+0xb6/0x140 [ 287.419105] __kernfs_new_node+0x70/0x420 [ 287.419120] kernfs_new_node+0x80/0xf0 [ 287.419133] __kernfs_create_file+0x46/0x323 [ 287.419145] sysfs_add_file_mode_ns+0x1e4/0x450 [ 287.427364] internal_create_group+0x232/0x7b0 [ 287.445053] sysfs_create_group+0x20/0x30 [ 287.449225] lo_ioctl+0x1176/0x1ce0 [ 287.452886] ? loop_probe+0x160/0x160 [ 287.457107] blkdev_ioctl+0x96b/0x1860 [ 287.461024] ? blkpg_ioctl+0x980/0x980 [ 287.464944] ? __might_sleep+0x93/0xb0 [ 287.468867] ? __fget+0x210/0x370 [ 287.472647] block_ioctl+0xde/0x120 [ 287.476301] ? blkdev_fallocate+0x3b0/0x3b0 [ 287.480650] do_vfs_ioctl+0x7ae/0x1060 [ 287.484684] ? selinux_file_mprotect+0x5d0/0x5d0 [ 287.489464] ? lock_downgrade+0x740/0x740 [ 287.493644] ? ioctl_preallocate+0x1c0/0x1c0 [ 287.498065] ? __fget+0x237/0x370 [ 287.501637] ? security_file_ioctl+0x89/0xb0 [ 287.506248] SyS_ioctl+0x8f/0xc0 [ 287.509623] ? do_vfs_ioctl+0x1060/0x1060 [ 287.514209] do_syscall_64+0x1e8/0x640 [ 287.518445] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 287.523308] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 287.528572] RIP: 0033:0x459d67 [ 287.532173] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.540069] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 287.547352] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 287.554847] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 21:30:08 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btr\x00', &(0x7f00000000c0)='./file0\x00', 0x3ff, 0x0, &(0x7f0000000080), 0x2, 0x0) msgget$private(0x0, 0x680) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:08 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) dup3(r0, r1, 0x80000) r2 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 287.562288] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 287.569668] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:08 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000240)={{0xfc, 0x2}, 'port0\x00', 0x20, 0x8, 0x8001, 0xfffff668, 0x10000, 0x8, 0x5, 0x0, 0x7, 0xfff}) set_robust_list(&(0x7f00000003c0)={&(0x7f0000000400)={&(0x7f0000000040)}, 0x5, &(0x7f0000000380)={&(0x7f0000000340)}}, 0xfffffdbb) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0xfffffffffffffffd, 0x1, &(0x7f0000000080)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10004}], 0x0, 0x0) r1 = pkey_alloc(0x0, 0x0) pkey_free(r1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:08 executing program 0 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 287.709364] FAULT_INJECTION: forcing a failure. [ 287.709364] name failslab, interval 1, probability 0, space 0, times 0 [ 287.722446] CPU: 1 PID: 15642 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 287.729497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.738850] Call Trace: [ 287.738872] dump_stack+0x138/0x197 [ 287.738892] should_fail.cold+0x10f/0x159 [ 287.738907] should_failslab+0xdb/0x130 [ 287.738918] kmem_cache_alloc+0x2d7/0x780 [ 287.738927] ? wait_for_completion+0x420/0x420 [ 287.738942] __kernfs_new_node+0x70/0x420 [ 287.738955] kernfs_new_node+0x80/0xf0 [ 287.738966] __kernfs_create_file+0x46/0x323 [ 287.738977] sysfs_add_file_mode_ns+0x1e4/0x450 [ 287.738991] internal_create_group+0x232/0x7b0 [ 287.739007] sysfs_create_group+0x20/0x30 [ 287.739017] lo_ioctl+0x1176/0x1ce0 [ 287.739028] ? loop_probe+0x160/0x160 [ 287.739038] blkdev_ioctl+0x96b/0x1860 [ 287.739046] ? blkpg_ioctl+0x980/0x980 [ 287.739062] ? __might_sleep+0x93/0xb0 [ 287.739069] ? __fget+0x210/0x370 [ 287.739082] block_ioctl+0xde/0x120 [ 287.739092] ? blkdev_fallocate+0x3b0/0x3b0 [ 287.739100] do_vfs_ioctl+0x7ae/0x1060 [ 287.739110] ? selinux_file_mprotect+0x5d0/0x5d0 [ 287.739119] ? lock_downgrade+0x740/0x740 [ 287.739129] ? ioctl_preallocate+0x1c0/0x1c0 [ 287.739140] ? __fget+0x237/0x370 [ 287.739154] ? security_file_ioctl+0x89/0xb0 [ 287.739165] SyS_ioctl+0x8f/0xc0 [ 287.739172] ? do_vfs_ioctl+0x1060/0x1060 [ 287.739184] do_syscall_64+0x1e8/0x640 [ 287.739192] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 287.739206] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 287.739214] RIP: 0033:0x459d67 [ 287.739219] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 287.739229] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 287.739235] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 287.739239] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 287.739247] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 21:30:08 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbcbd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0x62, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 287.905851] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:08 executing program 4: r0 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/status\x00', 0x0, 0x0) sendto$rxrpc(r0, &(0x7f0000000080)="b551e580570f838668bdcca957ad479275b61a0f11705e2094", 0x19, 0x8000, 0x0, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r3) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000100)='syz_tun\x00', 0x1d8) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r3, 0x0, 0x10007, 0x6) 21:30:08 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) pipe(&(0x7f0000000180)={0xffffffffffffffff}) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={0xffffffffffffffff}, 0x111, 0xd0d7e22aa7cffddd}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x0, {0x0, 0xb3, "f095830e7e7a8a81a9355a5b9103a3978a35f7a2f349bbc4258dbe79b65a16b51f09394a4153e2b8d3bb4fa49063cd05e9accf7fa2517685b275276dcf2719461ef3f705143a108954fe9f69dd384092d2196155465bccb7db02683a8108e9563bd2fd3524c0bc14c584cf0c56264e05253ac4694e1a2084810c90f51d2ceb1ba5aa5fa231018b9fc89cf2e3900e2f86477baacd163303c0d6dc03468b5d4cab99ce60e5001d3a78fdb617be4361891b69996e8c3c9e09ed030bda43483dd689630e1ab66fe3c27fc7ba9340b109ab4221cd4b935e3322d1459d3e9deedd9c262794d231c63fd31897f93526ce458fbd4b135065f47d1ccef63fead8832a9871", 0x9f, 0x5, 0x1, 0x1, 0x3, 0x91, 0x4, 0x1}, r6}}, 0x128) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r7, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r9}}, 0x18) r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') sendmsg$TIPC_NL_NODE_GET(r7, &(0x7f0000000800)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1004000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000580)={0x30, r10, 0xfb96d7e8e07bbd48, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x1c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000001}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x75aade57f395205e) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r11 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r11, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r11, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r12}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r12}}, 0x18) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, 0x0) 21:30:08 executing program 0 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 288.061608] FAULT_INJECTION: forcing a failure. [ 288.061608] name failslab, interval 1, probability 0, space 0, times 0 [ 288.080228] CPU: 1 PID: 15660 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 288.087298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.096876] Call Trace: [ 288.099468] dump_stack+0x138/0x197 [ 288.103113] should_fail.cold+0x10f/0x159 [ 288.107270] should_failslab+0xdb/0x130 [ 288.111245] kmem_cache_alloc+0x2d7/0x780 [ 288.115506] ? wait_for_completion+0x420/0x420 [ 288.120095] __kernfs_new_node+0x70/0x420 [ 288.124258] kernfs_new_node+0x80/0xf0 [ 288.128139] __kernfs_create_file+0x46/0x323 [ 288.132596] sysfs_add_file_mode_ns+0x1e4/0x450 [ 288.137298] internal_create_group+0x232/0x7b0 [ 288.141950] sysfs_create_group+0x20/0x30 [ 288.146117] lo_ioctl+0x1176/0x1ce0 [ 288.149757] ? loop_probe+0x160/0x160 [ 288.149771] blkdev_ioctl+0x96b/0x1860 [ 288.149782] ? blkpg_ioctl+0x980/0x980 21:30:08 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) [ 288.149800] ? __might_sleep+0x93/0xb0 [ 288.149810] ? __fget+0x210/0x370 [ 288.149825] block_ioctl+0xde/0x120 [ 288.157505] ? blkdev_fallocate+0x3b0/0x3b0 [ 288.157517] do_vfs_ioctl+0x7ae/0x1060 [ 288.157530] ? selinux_file_mprotect+0x5d0/0x5d0 [ 288.157541] ? lock_downgrade+0x740/0x740 [ 288.157552] ? ioctl_preallocate+0x1c0/0x1c0 [ 288.157565] ? __fget+0x237/0x370 [ 288.157581] ? security_file_ioctl+0x89/0xb0 [ 288.201978] SyS_ioctl+0x8f/0xc0 [ 288.205361] ? do_vfs_ioctl+0x1060/0x1060 21:30:09 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0xbd, 0x303000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x40800) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop-control\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") ioctl$KVM_INTERRUPT(r0, 0x4004ae86, &(0x7f0000000000)=0x2) [ 288.209533] do_syscall_64+0x1e8/0x640 [ 288.213523] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 288.218362] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 288.223543] RIP: 0033:0x459d67 [ 288.226735] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.234440] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 288.241715] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 288.249004] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 21:30:09 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x400) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 288.256276] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 288.256283] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 288.256532] protocol 88fb is buggy, dev hsr_slave_0 [ 288.276079] protocol 88fb is buggy, dev hsr_slave_1 21:30:09 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x3, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:09 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) recvmsg$kcm(r3, &(0x7f00000004c0)={&(0x7f0000000000)=@un=@abs, 0x80, &(0x7f0000000400)=[{&(0x7f00000000c0)=""/172, 0xac}, {&(0x7f0000000180)=""/84, 0x54}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f0000000200)=""/130, 0x82}, {&(0x7f00000015c0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/140, 0x8c}, {&(0x7f0000000380)=""/85, 0x55}], 0x7, &(0x7f0000000480)=""/3, 0x3}, 0x20) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:09 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:09 executing program 3: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000240)={0x0, @motion_det}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") mq_unlink(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00') getsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x80000, 0x0) 21:30:09 executing program 0 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:09 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/s\x80d/pcmC\b\x00', 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x224, 0x101200) ioctl$EVIOCSABS3F(r1, 0x401845ff, &(0x7f0000000180)={0x1000, 0x6, 0x80000000, 0x3, 0x7, 0x80000001}) openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x0, 0x0) getpeername$ax25(0xffffffffffffffff, &(0x7f0000000000)={{}, [@netrom, @bcast, @netrom, @netrom, @netrom, @remote, @remote, @null]}, &(0x7f00000000c0)=0x48) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000340)='SEG6\x00') sendmsg$SEG6_CMD_DUMPHMAC(r2, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, r4, 0x200, 0x70bd2a, 0x25dfdbff, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1ff}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x0, 0x8, 0x3]}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x9}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0xfb}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x9}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) sendmsg$nl_crypto(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80040}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@delrng={0x10, 0x14, 0x1, 0x70bd29, 0x25dfdbfd, "", ["", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x20000081) prctl$PR_SET_SECUREBITS(0x1c, 0x14) ioctl(r0, 0xfffffffffffffffc, &(0x7f0000000100)="887865a5047fed0f622e") pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r9, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r10, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r11}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r9, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r11}}, 0x18) r12 = socket$inet(0x2, 0x4000000805, 0x0) r13 = socket$inet_sctp(0x2, 0x5, 0x84) r14 = dup3(r12, r13, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r13, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r14, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r13, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r13, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r14, 0x84, 0x7a, &(0x7f000059aff8)={r15}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r9, 0x84, 0x6d, &(0x7f00000004c0)={r15, 0x80, "431814bcbf84e2f949cc2e59449fbdcc94b5b1d0fe2ffb08482f40017af4b612727e8fccaa5f040634f58a5c3517e18ffa0e9c3dc94136ac97256b474c290a20e6c62ef91529cb25a3dcc1473a5e3d8f2982bd193a4397db1448289fc54e84ce97c9d1898f4a1899be10037408475b66410efb7b8edf1e25fd44649b1bf7b9e2"}, &(0x7f0000000580)=0x88) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r8}}, 0x18) write$USERIO_CMD_REGISTER(r6, &(0x7f0000000480)={0x0, 0x6}, 0x2) socket$nl_xfrm(0x10, 0x3, 0x6) [ 288.464189] FAULT_INJECTION: forcing a failure. [ 288.464189] name failslab, interval 1, probability 0, space 0, times 0 [ 288.494243] CPU: 1 PID: 15695 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 288.501307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.511145] Call Trace: [ 288.511165] dump_stack+0x138/0x197 [ 288.511184] should_fail.cold+0x10f/0x159 [ 288.521661] should_failslab+0xdb/0x130 [ 288.525912] kmem_cache_alloc+0x2d7/0x780 [ 288.530059] ? wait_for_completion+0x420/0x420 [ 288.534754] __kernfs_new_node+0x70/0x420 [ 288.539019] kernfs_new_node+0x80/0xf0 [ 288.543000] __kernfs_create_file+0x46/0x323 [ 288.547398] sysfs_add_file_mode_ns+0x1e4/0x450 [ 288.552057] internal_create_group+0x232/0x7b0 [ 288.556628] sysfs_create_group+0x20/0x30 [ 288.560771] lo_ioctl+0x1176/0x1ce0 [ 288.564418] ? loop_probe+0x160/0x160 [ 288.568207] blkdev_ioctl+0x96b/0x1860 [ 288.572093] ? blkpg_ioctl+0x980/0x980 [ 288.575978] ? __might_sleep+0x93/0xb0 [ 288.579846] ? __fget+0x210/0x370 [ 288.583282] block_ioctl+0xde/0x120 [ 288.586891] ? blkdev_fallocate+0x3b0/0x3b0 [ 288.591224] do_vfs_ioctl+0x7ae/0x1060 [ 288.595100] ? selinux_file_mprotect+0x5d0/0x5d0 [ 288.599839] ? lock_downgrade+0x740/0x740 [ 288.603976] ? ioctl_preallocate+0x1c0/0x1c0 [ 288.608393] ? __fget+0x237/0x370 [ 288.611851] ? security_file_ioctl+0x89/0xb0 [ 288.616250] SyS_ioctl+0x8f/0xc0 [ 288.619599] ? do_vfs_ioctl+0x1060/0x1060 [ 288.623735] do_syscall_64+0x1e8/0x640 [ 288.627606] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 288.632453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 288.637628] RIP: 0033:0x459d67 [ 288.640801] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 288.648495] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 288.655768] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 288.663047] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 288.670307] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 288.677579] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:09 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) accept4(r2, &(0x7f0000000140)=@un=@abs, &(0x7f00000001c0)=0x80, 0x80800) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0x0) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x8000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r5, 0x84, 0x6b, &(0x7f0000000040)=[@in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e20, @empty}, @in6={0xa, 0x4e24, 0x5, @local, 0x8}, @in={0x2, 0x4e20, @loopback}, @in6={0xa, 0x4e22, 0x30ae, @mcast1, 0x2}], 0x68) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r6 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/status\x00', 0x0, 0x0) ioctl$TUNGETDEVNETNS(r6, 0x54e3, 0x0) socket(0x8, 0x5, 0xe0) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:09 executing program 0 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:09 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) bind$ax25(r3, &(0x7f0000000280)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x7}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) getsockopt$inet_mtu(r7, 0x0, 0xa, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 288.882062] FAULT_INJECTION: forcing a failure. [ 288.882062] name failslab, interval 1, probability 0, space 0, times 0 [ 288.893728] CPU: 0 PID: 15713 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 288.900759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.900765] Call Trace: [ 288.900784] dump_stack+0x138/0x197 [ 288.900805] should_fail.cold+0x10f/0x159 [ 288.900821] should_failslab+0xdb/0x130 [ 288.900837] kmem_cache_alloc+0x2d7/0x780 [ 288.900847] ? wait_for_completion+0x420/0x420 [ 288.900862] __kernfs_new_node+0x70/0x420 [ 288.900874] kernfs_new_node+0x80/0xf0 [ 288.900886] __kernfs_create_file+0x46/0x323 [ 288.916499] sysfs_add_file_mode_ns+0x1e4/0x450 [ 288.916516] internal_create_group+0x232/0x7b0 [ 288.916535] sysfs_create_group+0x20/0x30 [ 288.916547] lo_ioctl+0x1176/0x1ce0 [ 288.916559] ? loop_probe+0x160/0x160 [ 288.916570] blkdev_ioctl+0x96b/0x1860 [ 288.960134] protocol 88fb is buggy, dev hsr_slave_0 [ 288.963039] ? blkpg_ioctl+0x980/0x980 [ 288.963058] ? __might_sleep+0x93/0xb0 [ 288.963071] ? __fget+0x210/0x370 [ 288.963087] block_ioctl+0xde/0x120 [ 288.963098] ? blkdev_fallocate+0x3b0/0x3b0 [ 288.963114] do_vfs_ioctl+0x7ae/0x1060 [ 288.963128] ? selinux_file_mprotect+0x5d0/0x5d0 [ 288.966973] protocol 88fb is buggy, dev hsr_slave_1 [ 288.970798] ? lock_downgrade+0x740/0x740 [ 288.970810] ? ioctl_preallocate+0x1c0/0x1c0 [ 288.970820] ? __fget+0x237/0x370 [ 288.970835] ? security_file_ioctl+0x89/0xb0 [ 288.970846] SyS_ioctl+0x8f/0xc0 [ 288.970856] ? do_vfs_ioctl+0x1060/0x1060 [ 288.975941] protocol 88fb is buggy, dev hsr_slave_0 [ 288.979737] do_syscall_64+0x1e8/0x640 [ 288.983699] protocol 88fb is buggy, dev hsr_slave_1 [ 288.987047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 288.987065] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 288.987073] RIP: 0033:0x459d67 [ 288.990783] protocol 88fb is buggy, dev hsr_slave_0 [ 288.994982] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 [ 288.998875] protocol 88fb is buggy, dev hsr_slave_1 [ 289.003579] ORIG_RAX: 0000000000000010 [ 289.003585] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 289.003590] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 289.003594] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 289.003599] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 289.003604] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:09 executing program 0 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:09 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r6, 0x407, 0x0) write(r6, &(0x7f0000000340), 0x41395527) ioctl$SG_SET_FORCE_PACK_ID(r6, 0x227b, &(0x7f0000000040)=0x1) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) r7 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) close(r7) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r9, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000280), r5, 0x2aaa08b7b93c93b3}}, 0x18) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r3, 0x84, 0x7, &(0x7f0000000000)={0xfffffe01}, 0x4) 21:30:10 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) socket$inet6(0xa, 0x2, 0x0) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 289.264510] FAULT_INJECTION: forcing a failure. [ 289.264510] name failslab, interval 1, probability 0, space 0, times 0 [ 289.282302] CPU: 1 PID: 15729 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 289.289378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.298761] Call Trace: [ 289.301371] dump_stack+0x138/0x197 [ 289.305021] should_fail.cold+0x10f/0x159 [ 289.309204] should_failslab+0xdb/0x130 21:30:10 executing program 1: r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, 0x0) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:10 executing program 1: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 289.313204] kmem_cache_alloc+0x2d7/0x780 [ 289.317361] ? wait_for_completion+0x420/0x420 [ 289.317383] __kernfs_new_node+0x70/0x420 [ 289.317398] kernfs_new_node+0x80/0xf0 [ 289.326273] __kernfs_create_file+0x46/0x323 [ 289.326289] sysfs_add_file_mode_ns+0x1e4/0x450 [ 289.326302] internal_create_group+0x232/0x7b0 [ 289.326317] sysfs_create_group+0x20/0x30 [ 289.348099] lo_ioctl+0x1176/0x1ce0 [ 289.351747] ? loop_probe+0x160/0x160 [ 289.355561] blkdev_ioctl+0x96b/0x1860 [ 289.359458] ? blkpg_ioctl+0x980/0x980 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 289.363386] ? __might_sleep+0x93/0xb0 [ 289.367414] ? __fget+0x210/0x370 [ 289.370891] block_ioctl+0xde/0x120 [ 289.374537] ? blkdev_fallocate+0x3b0/0x3b0 [ 289.378870] do_vfs_ioctl+0x7ae/0x1060 [ 289.382769] ? selinux_file_mprotect+0x5d0/0x5d0 [ 289.387532] ? lock_downgrade+0x740/0x740 [ 289.387547] ? ioctl_preallocate+0x1c0/0x1c0 [ 289.387559] ? __fget+0x237/0x370 [ 289.396119] ? security_file_ioctl+0x89/0xb0 [ 289.396135] SyS_ioctl+0x8f/0xc0 [ 289.396143] ? do_vfs_ioctl+0x1060/0x1060 [ 289.396157] do_syscall_64+0x1e8/0x640 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 289.415396] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 289.420261] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 289.425463] RIP: 0033:0x459d67 [ 289.428661] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.436387] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 289.443670] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 289.450953] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 289.458243] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(0x0, 0x0, 0x1800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 289.465522] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:10 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) openat$vnet(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-net\x00', 0x2, 0x0) r5 = dup3(r3, r4, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e22, @empty}, @in6={0xa, 0x4e21, 0x4, @mcast2, 0x7fff}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e21, 0x35c, @loopback, 0x2}], 0x78) sendto$inet(r5, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r4, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000025e000)=ANY=[@ANYBLOB="02000080", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x7a, &(0x7f000059aff8)={r6}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000100)={r6, 0x9}, &(0x7f0000000140)=0x8) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0) r8 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r9 = socket$inet(0x2, 0x4000000805, 0x0) r10 = socket$inet_sctp(0x2, 0x5, 0x84) r11 = dup3(r9, r10, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r10, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r11, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r10, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r11, 0x84, 0x7a, &(0x7f000059aff8)={r12}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000340)={r12, 0x38, "1e06c583e1954faebc38ab7e3c7528bc7920d9d81550be5878983541f9f21a860fbf991d40477d165a3461156fa6ede5b075e1f40115172c"}, &(0x7f0000000380)=0x40) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f00000003c0)={r13, 0x7}, 0x8) r14 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r14, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r14, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r14, 0x0, 0x3, &(0x7f0000000000)=""/112, &(0x7f00000000c0)=0x70) ioctl(r8, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:10 executing program 0 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:10 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 289.748337] FAULT_INJECTION: forcing a failure. [ 289.748337] name failslab, interval 1, probability 0, space 0, times 0 [ 289.769603] CPU: 1 PID: 15766 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 289.776685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.786088] Call Trace: [ 289.788697] dump_stack+0x138/0x197 [ 289.792338] should_fail.cold+0x10f/0x159 [ 289.796476] should_failslab+0xdb/0x130 [ 289.800576] kmem_cache_alloc_trace+0x2e9/0x790 [ 289.805379] ? kernfs_put+0x35e/0x490 [ 289.809169] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 289.814017] ? devm_device_remove_groups+0x50/0x50 [ 289.818935] kobject_uevent_env+0x378/0xc23 [ 289.823244] ? internal_create_group+0x49a/0x7b0 [ 289.828026] kobject_uevent+0x20/0x26 [ 289.831864] lo_ioctl+0x11e7/0x1ce0 [ 289.835508] ? loop_probe+0x160/0x160 [ 289.839316] blkdev_ioctl+0x96b/0x1860 [ 289.843208] ? blkpg_ioctl+0x980/0x980 [ 289.847095] ? __might_sleep+0x93/0xb0 [ 289.850981] ? __fget+0x210/0x370 [ 289.854440] block_ioctl+0xde/0x120 [ 289.858375] ? blkdev_fallocate+0x3b0/0x3b0 [ 289.863056] do_vfs_ioctl+0x7ae/0x1060 [ 289.867278] ? selinux_file_mprotect+0x5d0/0x5d0 [ 289.872029] ? lock_downgrade+0x740/0x740 [ 289.876186] ? ioctl_preallocate+0x1c0/0x1c0 [ 289.880601] ? __fget+0x237/0x370 [ 289.884066] ? security_file_ioctl+0x89/0xb0 [ 289.888484] SyS_ioctl+0x8f/0xc0 [ 289.891840] ? do_vfs_ioctl+0x1060/0x1060 [ 289.895975] do_syscall_64+0x1e8/0x640 [ 289.899844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 289.904686] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 289.909860] RIP: 0033:0x459d67 [ 289.913038] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 289.920742] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 289.928005] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 289.935371] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 289.942656] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 289.949915] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:10 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:10 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={0xffffffffffffffff}, 0x111}}, 0xfffffffffffffe57) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) setsockopt$inet_int(r3, 0x0, 0x22, &(0x7f00000001c0)=0x33eaa021, 0x4) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r7 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) ioctl$KDADDIO(r0, 0x4b34, 0xd0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x2c0c00, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r8 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r8, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r8, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$FUSE_NOTIFY_DELETE(r8, &(0x7f0000000140)={0x35, 0x6, 0x0, {0x1, 0x4, 0xc, 0x0, 'vboxnet1eth1'}}, 0x35) r9 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x80000, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r10, 0x407, 0x0) write(r10, &(0x7f0000000340), 0x41395527) setsockopt$inet_int(r10, 0x0, 0x0, &(0x7f00000000c0)=0xfffffffc, 0x4) ioctl$NBD_SET_SIZE_BLOCKS(r9, 0xab07, 0xfffffffffffffca2) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:10 executing program 5: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000140)={'ip_vti0\x00', 0x400}) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xae44, 0xfffffffffffffffd) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) write$P9_RUNLINKAT(r2, &(0x7f0000000040)={0x7, 0x4d, 0x1}, 0x7) ioctl$TIOCCBRK(r2, 0x5428) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0x6e, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:10 executing program 0 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:10 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r2, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) dup(r2) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f0000000140)=0x4) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20020000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r3, @ANYBLOB="4b012bbd7000fddbdf25030000002000010014000300ffef00000000000000000000000000d46be2c4813a0008000900494000004c00020008000e004e21000008000d00010000000800060000010000080007000800000008000700400000000800081efb004e23000008000d000000000008000e004e230000088005002eec0000080004006900000008000500f7ffff57ad742c06f5dee96196ff0800"], 0xa0}, 0x1, 0x0, 0x0, 0x95}, 0x4000000) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000200)={0x0, 0xffff}, 0x8) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) setsockopt$inet6_int(r4, 0x29, 0x11, &(0x7f0000000100)=0xaef, 0x4) r5 = fcntl$dupfd(0xffffffffffffffff, 0x937085707798130b, r1) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000240)=0x4, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:10 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 290.115862] FAULT_INJECTION: forcing a failure. [ 290.115862] name failslab, interval 1, probability 0, space 0, times 0 [ 290.144253] CPU: 0 PID: 15784 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 290.152285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.161652] Call Trace: [ 290.164259] dump_stack+0x138/0x197 [ 290.167899] should_fail.cold+0x10f/0x159 [ 290.172064] should_failslab+0xdb/0x130 [ 290.176062] kmem_cache_alloc_trace+0x2e9/0x790 [ 290.180747] ? kernfs_put+0x35e/0x490 [ 290.184553] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 290.189416] ? devm_device_remove_groups+0x50/0x50 [ 290.194376] kobject_uevent_env+0x378/0xc23 [ 290.198705] ? internal_create_group+0x49a/0x7b0 [ 290.203461] kobject_uevent+0x20/0x26 [ 290.203471] lo_ioctl+0x11e7/0x1ce0 [ 290.203483] ? loop_probe+0x160/0x160 [ 290.203493] blkdev_ioctl+0x96b/0x1860 [ 290.203501] ? blkpg_ioctl+0x980/0x980 [ 290.203517] ? __might_sleep+0x93/0xb0 [ 290.203525] ? __fget+0x210/0x370 [ 290.203538] block_ioctl+0xde/0x120 [ 290.203548] ? blkdev_fallocate+0x3b0/0x3b0 [ 290.203559] do_vfs_ioctl+0x7ae/0x1060 [ 290.203572] ? selinux_file_mprotect+0x5d0/0x5d0 [ 290.241655] ? lock_downgrade+0x740/0x740 [ 290.241670] ? ioctl_preallocate+0x1c0/0x1c0 [ 290.250784] ? __fget+0x237/0x370 [ 290.250801] ? security_file_ioctl+0x89/0xb0 21:30:10 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, 0x0) 21:30:10 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, 0x0) [ 290.250812] SyS_ioctl+0x8f/0xc0 [ 290.250819] ? do_vfs_ioctl+0x1060/0x1060 [ 290.250832] do_syscall_64+0x1e8/0x640 [ 290.250840] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 290.250856] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 290.250864] RIP: 0033:0x459d67 [ 290.250869] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.250878] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 290.250884] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 290.250889] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 290.250894] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 290.250902] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:11 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) bind$llc(r1, &(0x7f00000000c0)={0x1a, 0x2, 0x1, 0x7, 0x2, 0x6}, 0x10) 21:30:11 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, 0x0) 21:30:11 executing program 0 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:11 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x0, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 290.555236] FAULT_INJECTION: forcing a failure. [ 290.555236] name failslab, interval 1, probability 0, space 0, times 0 [ 290.574347] CPU: 0 PID: 15813 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 290.581415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.590785] Call Trace: [ 290.593386] dump_stack+0x138/0x197 [ 290.597014] should_fail.cold+0x10f/0x159 [ 290.601175] should_failslab+0xdb/0x130 [ 290.605137] kmem_cache_alloc_node+0x287/0x780 [ 290.609709] __alloc_skb+0x9c/0x500 [ 290.613317] ? skb_scrub_packet+0x4b0/0x4b0 [ 290.617625] ? netlink_has_listeners+0x20a/0x330 [ 290.622382] kobject_uevent_env+0x781/0xc23 [ 290.626687] ? internal_create_group+0x49a/0x7b0 [ 290.631443] kobject_uevent+0x20/0x26 [ 290.635251] lo_ioctl+0x11e7/0x1ce0 [ 290.638878] ? loop_probe+0x160/0x160 [ 290.642741] blkdev_ioctl+0x96b/0x1860 [ 290.646610] ? blkpg_ioctl+0x980/0x980 [ 290.650491] ? __might_sleep+0x93/0xb0 [ 290.654367] ? __fget+0x210/0x370 [ 290.657838] block_ioctl+0xde/0x120 [ 290.661459] ? blkdev_fallocate+0x3b0/0x3b0 [ 290.665765] do_vfs_ioctl+0x7ae/0x1060 [ 290.669639] ? selinux_file_mprotect+0x5d0/0x5d0 [ 290.674396] ? lock_downgrade+0x740/0x740 [ 290.678543] ? ioctl_preallocate+0x1c0/0x1c0 [ 290.683037] ? __fget+0x237/0x370 [ 290.686659] ? security_file_ioctl+0x89/0xb0 [ 290.691056] SyS_ioctl+0x8f/0xc0 [ 290.694406] ? do_vfs_ioctl+0x1060/0x1060 [ 290.698541] do_syscall_64+0x1e8/0x640 [ 290.702479] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 290.707317] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 290.712634] RIP: 0033:0x459d67 [ 290.715808] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.723565] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 290.731145] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 290.738672] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 290.746234] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 290.753493] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:11 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x0, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:11 executing program 0 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:11 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) pipe(&(0x7f0000000180)={0xffffffffffffffff}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r8}}, 0x18) ioctl$SG_GET_NUM_WAITING(r6, 0x227d, &(0x7f0000000280)) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r10}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r10}}, 0x18) r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x89703304}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x40, r11, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x40}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x5}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40080}, 0x880) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:11 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:11 executing program 5: pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f0000000280)={'raw\x00'}, &(0x7f0000000040)=0x54) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000000)={0x40c, 0x1700, "f116badf407b161acee8252a0880b276a94916dbadfcecb5", {0x3ff, 0xfffffffb}, 0x1}) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 290.975826] FAULT_INJECTION: forcing a failure. [ 290.975826] name failslab, interval 1, probability 0, space 0, times 0 [ 290.994573] CPU: 1 PID: 15832 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 291.001634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.010992] Call Trace: [ 291.013657] dump_stack+0x138/0x197 [ 291.017311] should_fail.cold+0x10f/0x159 [ 291.021502] should_failslab+0xdb/0x130 [ 291.021520] kmem_cache_alloc_node_trace+0x280/0x770 [ 291.021534] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 291.021550] __kmalloc_node_track_caller+0x3d/0x80 [ 291.021566] __kmalloc_reserve.isra.0+0x40/0xe0 [ 291.021577] __alloc_skb+0xcf/0x500 [ 291.021585] ? skb_scrub_packet+0x4b0/0x4b0 [ 291.021597] ? netlink_has_listeners+0x20a/0x330 [ 291.021611] kobject_uevent_env+0x781/0xc23 [ 291.021621] ? internal_create_group+0x49a/0x7b0 [ 291.021637] kobject_uevent+0x20/0x26 [ 291.021646] lo_ioctl+0x11e7/0x1ce0 21:30:11 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) fcntl$F_GET_FILE_RW_HINT(r3, 0x40d, &(0x7f0000000000)) ioctl$sock_SIOCBRADDBR(0xffffffffffffffff, 0x89a0, &(0x7f0000000040)='hwsim0\x00') ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:11 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x0, 0x5}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:11 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000000)) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 291.021659] ? loop_probe+0x160/0x160 [ 291.078939] blkdev_ioctl+0x96b/0x1860 [ 291.082846] ? blkpg_ioctl+0x980/0x980 [ 291.086761] ? __might_sleep+0x93/0xb0 [ 291.090670] ? __fget+0x210/0x370 [ 291.094170] block_ioctl+0xde/0x120 [ 291.097842] ? blkdev_fallocate+0x3b0/0x3b0 [ 291.102179] do_vfs_ioctl+0x7ae/0x1060 [ 291.106068] ? selinux_file_mprotect+0x5d0/0x5d0 [ 291.110993] ? lock_downgrade+0x740/0x740 [ 291.115245] ? ioctl_preallocate+0x1c0/0x1c0 [ 291.119747] ? __fget+0x237/0x370 [ 291.123324] ? security_file_ioctl+0x89/0xb0 [ 291.127749] SyS_ioctl+0x8f/0xc0 [ 291.131121] ? do_vfs_ioctl+0x1060/0x1060 [ 291.135270] do_syscall_64+0x1e8/0x640 [ 291.139138] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 291.143984] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 291.149287] RIP: 0033:0x459d67 [ 291.152477] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 291.160181] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 291.167444] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 291.174853] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 291.182121] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 291.189403] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:12 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/\x82\xc1vsnd#pc\xe0+\xa4\xa3\x8d!\x1a\xb1', 0x801, 0x8000) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:12 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) setsockopt$inet6_tcp_buf(r3, 0x6, 0xb, &(0x7f0000000000)="249fb0cbffc21b71342f54ced3d8a56f847dadcf2dcaab051cb89db13cbcc1c9b5be0f22d3221b9ed3f8cb", 0x2b) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x4, 0x1f, {0x1, 0x1}, 0x1, 0x1}) 21:30:12 executing program 0 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x1f, {0x1, 0x1}, 0x1, 0x1}) [ 291.395037] FAULT_INJECTION: forcing a failure. [ 291.395037] name failslab, interval 1, probability 0, space 0, times 0 [ 291.410450] CPU: 1 PID: 15860 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 291.417505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.426869] Call Trace: [ 291.429468] dump_stack+0x138/0x197 [ 291.429489] should_fail.cold+0x10f/0x159 [ 291.429505] should_failslab+0xdb/0x130 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {0x1, 0x1}, 0x1, 0x1}) [ 291.429520] kmem_cache_alloc_node+0x287/0x780 [ 291.441274] __alloc_skb+0x9c/0x500 [ 291.441285] ? skb_scrub_packet+0x4b0/0x4b0 [ 291.441297] ? netlink_has_listeners+0x20a/0x330 [ 291.441313] kobject_uevent_env+0x781/0xc23 [ 291.441333] kobject_uevent+0x20/0x26 [ 291.441345] lo_ioctl+0x11e7/0x1ce0 [ 291.441356] ? loop_probe+0x160/0x160 [ 291.441368] blkdev_ioctl+0x96b/0x1860 [ 291.441376] ? blkpg_ioctl+0x980/0x980 [ 291.441391] ? __might_sleep+0x93/0xb0 [ 291.441402] ? __fget+0x210/0x370 [ 291.489697] block_ioctl+0xde/0x120 [ 291.493345] ? blkdev_fallocate+0x3b0/0x3b0 [ 291.497696] do_vfs_ioctl+0x7ae/0x1060 [ 291.501618] ? selinux_file_mprotect+0x5d0/0x5d0 [ 291.506384] ? lock_downgrade+0x740/0x740 [ 291.510551] ? ioctl_preallocate+0x1c0/0x1c0 [ 291.518038] ? __fget+0x237/0x370 [ 291.521622] ? security_file_ioctl+0x89/0xb0 [ 291.526096] SyS_ioctl+0x8f/0xc0 [ 291.529462] ? do_vfs_ioctl+0x1060/0x1060 [ 291.533675] do_syscall_64+0x1e8/0x640 [ 291.537592] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 291.542537] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 291.548659] RIP: 0033:0x459d67 [ 291.551848] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 291.559884] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 291.567260] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 291.574529] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 291.581984] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 291.589266] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:12 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x10, 0x5) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='veth1_to_hsr\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {0x0, 0x1}, 0x1, 0x1}) 21:30:12 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f0000000000)='./file0\x00', 0x80, 0x358, &(0x7f0000000440)=[{&(0x7f0000000680)="409d2731588a592ceab02f22e46baa70c4ccc880c1767c8d121fbbbe11774bfdf8659cc12babc4f948539d10696c64a04a71bef14a2b6a6812fbd72a5e380d55e6a1e822c1361bc62761c15931cf28bee55d99338511a4b0537ebcc64fc4c61718e4e2b9359a7121c77a50028b45bae03fbc914bf70fe5821d9b0781", 0x0, 0x101}], 0x1004890, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:12 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/d#c\x00', 0x8, 0x0) ioctl(r0, 0x86c, &(0x7f0000000140)="cae1b4b11010fc70dbb17522b5de80c9e128da06b70e5b23ed852cde6ed51b18251acf02c80a00567e68dfa812fdad566397e22525f2b492b2cdedefeecd0000000000") r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r2 = creat(&(0x7f0000001240)='./file0\x00', 0x40) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) fsetxattr$security_selinux(r0, &(0x7f0000000040)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:dhcpd_initrc_exec_t:s0\x00', 0x29, 0x3) r3 = syz_open_dev$vcsn(&(0x7f0000001280)='/dev/vcs#\x00', 0x9, 0x200000) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000001500)='/dev/video1\x00', 0x2, 0x0) dup(r4) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000001300)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000012c0)={0xffffffffffffffff}, 0x2, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r3, &(0x7f0000001340)={0x9, 0x108, 0xfa00, {r5, 0x55, "d916f5", "5d3135ffe9691623b96a8fa0de805b6624072bc49b1222adc688c6883cdd3998333ee3a2db7ddbc6c53e8990b1f92c30991adf2999f3c603b5bf2d175fa3c3f2bcd62ac9b9095c32393b81aff8c89af2636d3c4664db7c61074c4ba40b2079925bf628a3352a00e296efeb33bddaef47f379a0c57539b6e251b1ba9dd683fd212ea4405697ad55192a66b7a5b02e050647d6fbd149d56421b8814383007a6100cfd3ef72438778f55750223ca93046e981ff59bbb67bd55d315938981413f8f89572ceb95a36a1545af3a8a321cfc2b9de410a0e2a5427cdf6c81485b6cd049b90f1ecdb1bf082163a82e540635584433926c58f236d0a26cbcc0c34e56ae317"}}, 0x110) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$EVIOCSMASK(r1, 0x40104593, &(0x7f0000000000)={0x17, 0x1000, &(0x7f0000000240)="075c0c34036cc2f4152749e64d70159ac5ff7900540bf46dc616b7967d6c1b601dfe87e7b364d9d4c7e4cf490e98bc909bf09c2907b2ff30f2a0271bfbacd4a7920d9c522560bfe421d617c029f85a9ce398fa84a703bc523be5b409b179c285ed0fadf749d88dde7f5ed3e70b0dcd331c348731aed4aa5e7c24bf0a8b2df157f503ae13a4435df9912695f43475dd188ac64a89bae4c5f6d9a1a4b721bacf1e8604032b0d873ff16017dc87e0a5f171bd4001cd5bef4d17e8618646f972bb7adbca7f09a6a6112871ff5f939d0272b5831164e760e1b930eff8e69c6951666ab3942d6362f53261e77b2f993c6421ddc9a9690cf814ad9c7896dc62af1c6ccb02cee183e36d51bba13239108b1dc264fba565bc96b631c0c6d841047a43015fbe7c63f78e2b7d938a3bbecc13add66fe187a94bfce80cd85087f8199da8bfe79ab2adfe3be5590978a37c3faa863520f3d02c9d080d02eb637abd0faf01b7cb6668c34d9dc607f33de0c11c8c742309395d3f3e1e33a5cb4636264f7e9cb569c86a9e451b9b3c866c96ae4c10583cc9b070f38526f19c7a7607c15703d08d2622e99ab2fc64b116a8aa313f3b1d68d84068843c0daab97e657880254405ef4bb6cb4de7d2ca098f1471fff2e78d21df0d73f4cb2a17b3fee84a30a3d37cd766f39bec8277213db72f7193418416079bcf0e75abef85d9feef25e32849ed91d27bd712a1f2acd82059d5f29072c638d517143a4df241a2a46578cd8a305f2ab42bcbe6b0e41fcf0cd968e06bd87dcd7df9252ba1c4071cefc722fe805b2e41130c2c2745d92764b23915784403f26f160349c5de31d988c2d0e022b07cbc393c7d00052f09ca021812ac600a7fc59b7dcadf6817599133ce09f5763e88a7d44007c145f3a2f7076caf168034e83b2d51596494a5f81acc2e2693b1a9f8e5ffcfd64cc318e5e6d6bd508dc7ea4f5e6c70bf1c6d42b6b8b7ecfc5cb4e2b8fda256e7ee5fcd159b8939dd385f8b3311390c7f3dfcfcbc7d2885b4d47c8b1fd8e516e3bb87990f871044257e3f6418b095622c3e25a7663c171659d328b5fb54348e9fd23a83322e763915ccacc4ce3a5f4f137da46e913fc4c081e01ceb032e40139f961de1f4036a13a4c40c6b8da215aec590b346919d50be05bf044abc3ee7811127888e97f668046af6bb3be47c0c0abc75381f5a86c3dd49167727606fbd72e4e5cca94b839429f509f1adce3f2134e1e2bd9be63b8bc8f054b0db4e81245afa2ed6f743d624be0ac8c18aec5e17b6c8b10c42dbafcf58f4a82f1ddda722c7030663d08a512444d2a3d25c302e06f39f02eacb26e8d139370e9c76eb072ad2d982690b08beacf4ccbd784057db07dcb4272c7d00ba66d0700388de28e87b01771e831897f803951c62218ce35ba19687d641ae8bab01864be6d54335a6d7b74bc7f0210b1853bfc18a1264d2642c75f6230f472decaddcb296f1f1cabd85151b616477389acfd93180d20379250d4d87946247f9a702535ed467dfe76409084ab2122a67cf557f2f98018960c4dab78f87d3771470f5582a4d1e0528764f87e2cf172acc32a61db23ca6e9ed9944d5861f33bfebed27f9a1c394210df8f34d00c793a1bbb5486430d1bf89591cfe1e7f26d09bfe60c5ebe008481db82e7224e2eff7e5693f62096d6cec32104cbd2610c9e495a91314f424f4544f186a6a83f4a432f3962800e4e698181c3b8784f5b2419ac39c3c8cb5e943fc01e82c1c0e9df91acf75082716e6f03870195539d4660cc47b3363262a29cd0c1a72e32b78e34aef26946169521412d125a2a11796d3b909a6dac2044f1c756dcb6175ba146356f124e2b7268b141121240303ca0553185d20f4612084adae0cf1dc5e3bf0090f2d71cf09ec28d19e39808f7cc736466f5979677fe6ae52584dfddd9553798ac90a06a68baa0b24d712ec4087c66204863da86a90f227fdcf28aa172eace46ba40127c35501ccbdae2e22c423a7b9ddb30e253f0b744d24341b7bc8409d104607b46792676430e29b432d99c4392f991a0f516b2c1dab1fe4944da2cebea20cdd7330183d3c09fe16a2228f3a9f4c66b140182f22f0f1389674679d60e17e248938dd9ac1fa967eabcde85fffe2e4c0aa3bf57e45601bbf150e15173b1c3ddbc9dc4fcd57a8f9cefb293c4878d7ca7bcd16150f669ba160b089bd2ccd74f0183dc4126586b6d10d95b5c4a768526e3b90d4f2df4987968e9cef4a0d7e054124d630f519f7f63ce6cf3bef4d7ef4c3c64abdb91dd090370fa7e26e27663312fd37906491ba3ea73865bc20610a0a4a9d991138f254675ca116c8dcaac69de1c369fd7643396924a8cfd2a2cf257b3479ceecfacfc5a95fa0258d1686ce2bf16cf0de76f4948ba4e625bd7c40a2f82d971a7fc9d888c08e7e00a16ca4e84c1bfeb145db831149cfe8c6ce81e7e7a345c23f9d5e1e4036decc9238b01b83879f13f953fbcd778620c2f71fcd839b7f60a4f425373d5fadda9fc6c88617d223c5d4b78fa435e14ecd88ac481e62d5612d07c05e8562e24ccdee224b42a6b2fbcb6fadc1ac3d0f4b813979cdc544b1c22732b200614ff13ba01409969df0c377f068555f4afa07606d87c70d089f47536b4de852645940221f09f3e9add378f6d70eb571521a8623a44ae0cc85103efd07cc07de6b27960a5b1da5311e961b1e6ea08fbef4ef19df7c6ec33acbdf75cbf0fa218af1d863be17d2b4c1af000b158543a740bb04bbee7afedaa51d924e057261c66945f5db43defc34229b11941c82f6a22025548293e46590ede1f36a4b51a13c5ab06b7539469e1070e6af93cc0feac36760b41f0cf48cfbb4fdd3c33c6453221e930742c5ab55de73e80e20abc568595bb89fa2908f76e3f3624b5001bde0e408fad1528c6eb21cfaeaed21786d0b7af077c29eec4ae39045da7c46fe617dafc6f0cf2d018317ade06a262630e6b06a909a224988ba4ce2f2f69dd2a8379aa34bde8f5b22208295dd2444bb852e35293720bb0139f01b33303125aa4371a424cb80b8b5288455d49df952842f1544901a43f1de6717f0d269d887e88a59fe75819d3e77af6e195d0d474ae4b6efc62b16a3e9ce9fa4e60da40e2df5cedcd000605d8c94f3fd22e049cc84c66002a9f22afb0034837b44b95483a51cdeba1c08db137abcdf34fb2e6c98a7904c0eba9fb39dead59ae21671b23f0b2bc845ddd7bd37265d7fac191a113bcbffb4a9553298132892e6acd0125bb48b064d43dfe72233405f300e90174f974b976b006f25bf8c0c1b227434819ee1d290673aada8d80fb7f97db8dd1b41605d04e5125bd1ab9368554ec47b377b6305a587d5dbd6a2cefad0242880146809c8c0987cef294881bfde29abcccbb43ffaa6e98cee94af990208ce27126776d6e32176b21f66d10890043761fd229ae2aa15ab61c845f169342d7e7c2187705a9cffd8f2af5ebf7ca49ee436352666ac8f9d5004d8198f6fe30ceea998cfba788723cddc9242537ae4b0393eddee65590b81ce2c0a875d52920b8fa02175d7ea9fc38a7f49dafccb2c59384df835f94c0d7281462f45918b01a8ec6c97d720b34a21b10bec1d93c2f214d87e87bf37a38ad071166fbf788eee6b71e2e0f3ae6c48a78944e6000d77b6d344969f7ef8420296e80d3cc9d52b024662c185a4674d759e9f51fd15088c2fc3ee09b4921915239a6939357965b2d52e00a3a3ee208983b16aef2e378e41708a609b0b7477b45ac97e7860f7241ad44c4cdcc8c7b6a1617214f406df0b7138ee52b2b85742f31de283f462e556a03691874f0fde8cc008dbfb5ccc59df14b3bde7ca5e137d0d2c44367296fb3d4fd8c7bf67cb134aaa6814cb852e0f394a701dfc0addc800e023ca9572015dc30c300c348f127be8b8de3b9712bd25ca4e30fa2380728b4d5fd3291d89f4cb783b42dcc751aa057d4331c462487246e87b5aa04cd27a3ce64ea819fd820c4c7b1f56e611fa5fd08bbb6aead31b089aba79c271e7b59b357753892661a54cc213873395083fc40b16a0d34ea5a3acef67bf009c28783337e473793de37d29bb4c2eeaaf700723c5cee414d843be6bcd8c8d44bcdad1b6fea2ab90d1f54ad7516bcea1a199f0b35a0cc24bc5caed9d20843135f6c1805d66a98832c8acc29cdfeec26bb6a730cefab8a0f702f5dec60d78bef6845602878b4192658fb0d7326f27dae4d8e568dfc71d46cdc5c1259cde7cfc2d02738c328052455151a0b919dda93c523f450f72549fe4019a7cb4d8d3665310686e31b1ad5e93cd8a9d5f57ae8eff7cae764408e3e5ea5eab1bcde7b3471cda2612fd7711b10ce081c83a6101b5cc87484ae5a135b46d7276f690c45fc760cf9024efe9c529973c3817dea265ec4d845211082a7320171713a5ab7f498d3fe16be30075be5823135595d5e83e7a6867ec09c05054ea2f952b49d09abc7d3f42c22df7c65b6958b586efb37de45b7af8b59ebac5646beb521915db4ae5c821a2e537386eac9d0e5934d306b6734b867797b84625c5b41e26d21aaad7a46b1d8559bf5bc3e70fdc3b613c2a572bbf4eecf728f9f1a714c544d07fdf0ec0b097654473f0dc567b77104c3d221dc1f850497ade3b53e821b4b76545a698244fe22aa5f1fe67b447bcc7858ede992f739ce597b77e0f3e6d666ec9e669b937c341bd6379d55786f0122e951eb1c8240220e4998ede10c2bc1a20ac07f64a9b4c26e9835327ada215d83707e8f7ed876bf86c031f376ad17d08d2d34bd5036db41c47a7d3849478d3f340349d9a76f784d01ba9bd8d06f20289e8759d071cd1b9d409b4be83fc36a2934892ad551d16dbd42553bd8cc85216d34389a1f74d385d1eecdf6a3aef3db7f411b4be629e5e6dfcb7aa25fc44854c715dffd87ff61d334c22a010eb7e09392d5c0a4f436524d355ccf661e32192cc23b57e1fa8f8e4b8040ac7c9def79452a4973a1b5631798f5138fe35274be819c73cda39da42a1f32e470afb3ca1fc70537d6327e28686e7bb98d2d6c0f820543fbfbc6354ec12ed6a213b9a3e0951d1d3f61fa019d9e011a71aa2cb589d74ccbed7efbbbb90442130225725c05e63070d6bc06520d4f3d79f662e93c57b4c861772b4bcc1ca54db7b60db35d1e4c8644a926f33a383926d30cabeebdb677962319f5c01844dbe145ef72ea7349fb8fee30bb0b0ff09d19d401d539a60b9b1a314093f2372b4e476ab644a43a652f2ea530c5b67445c3986e170fee895ae1054cf08b75f3eac2b9d4e679aab9aba9da95fc6f3d5c0be71869b382c61603f6839ce59a5dbeaffe3631518faee283e8aea81a9a4329d8c545fb1baa9818e42627fa5bdad16653bfa9b31377037a4d3e8f773fc10e1f04e8e276ac5ff512001551b9725970dff86f1a46d14582e9aa707fc8fa0fbe7bb80ab61da6149358ce51d1716a375ffafda897877ec8e93a8af19ecdd0a1412d87d89946aaa009278a98017be72b167fe4523d60244582cfa7ac3084d9c019255f03ef1c112175a4510512fd31379d9ecdb47d42a9344944361588c90c7be0ec9a950def8f8850cb8f75bd21e8f13a7fb9b55f887c4717b4702cf89da1cf23711f91fdce3af8481ad78cffabc2657306bb11155cd8943837c0d81039503a551d63630fbb9f82428b18cbd2791d564fbf19177468f50f7b05d96e2fc816106faf800dbb78969d587b67b555e2e0b4b9c7fd6e9734b9125e471ccfa57915a7c0fb4c3a9f653dc5c6d7c291f595572d48fd7"}) r6 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r6, 0x0, 0x486, &(0x7f0000001480), &(0x7f00000014c0)=0xc) ioctl$KVM_SET_DEBUGREGS(r6, 0x4080aea2, &(0x7f00000001c0)={[0xd000, 0x2000, 0x1], 0x10000000, 0x8, 0x7}) 21:30:12 executing program 0 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {}, 0x1, 0x1}) 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {}, 0x0, 0x1}) [ 291.853072] FAULT_INJECTION: forcing a failure. [ 291.853072] name failslab, interval 1, probability 0, space 0, times 0 [ 291.884143] CPU: 1 PID: 15891 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 291.891211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.900576] Call Trace: [ 291.903202] dump_stack+0x138/0x197 [ 291.906880] should_fail.cold+0x10f/0x159 [ 291.911057] should_failslab+0xdb/0x130 [ 291.915054] kmem_cache_alloc_node_trace+0x280/0x770 [ 291.920204] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 291.925698] __kmalloc_node_track_caller+0x3d/0x80 [ 291.930665] __kmalloc_reserve.isra.0+0x40/0xe0 [ 291.935369] __alloc_skb+0xcf/0x500 [ 291.939020] ? skb_scrub_packet+0x4b0/0x4b0 [ 291.943346] ? netlink_has_listeners+0x20a/0x330 [ 291.948094] kobject_uevent_env+0x781/0xc23 [ 291.952414] kobject_uevent+0x20/0x26 [ 291.956388] lo_ioctl+0x11e7/0x1ce0 [ 291.960041] ? loop_probe+0x160/0x160 [ 291.963867] blkdev_ioctl+0x96b/0x1860 [ 291.968115] ? blkpg_ioctl+0x980/0x980 [ 291.972132] ? __might_sleep+0x93/0xb0 [ 291.976022] ? __fget+0x210/0x370 [ 291.979470] block_ioctl+0xde/0x120 [ 291.983284] ? blkdev_fallocate+0x3b0/0x3b0 [ 291.988549] do_vfs_ioctl+0x7ae/0x1060 [ 291.992446] ? selinux_file_mprotect+0x5d0/0x5d0 [ 291.997197] ? lock_downgrade+0x740/0x740 [ 292.001426] ? ioctl_preallocate+0x1c0/0x1c0 [ 292.005850] ? __fget+0x237/0x370 [ 292.009410] ? security_file_ioctl+0x89/0xb0 [ 292.013981] SyS_ioctl+0x8f/0xc0 [ 292.017337] ? do_vfs_ioctl+0x1060/0x1060 [ 292.022090] do_syscall_64+0x1e8/0x640 [ 292.025976] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 292.030816] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 292.036261] RIP: 0033:0x459d67 [ 292.039438] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 292.047580] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 292.054981] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 292.062249] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 292.069867] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 292.077309] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:12 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = perf_event_open$cgroup(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x3f, 0x3, 0x9, 0x0, 0x10000, 0x400, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x2010, 0x2, 0x20010000, 0xf, 0x80000000, 0x1, 0x5}, 0xffffffffffffffff, 0x7, r0, 0xe) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0xfffffffffffffffe) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") epoll_create1(0x0) 21:30:12 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = open(&(0x7f0000000000)='./file0\x00', 0x402400, 0x4) r2 = semget(0x1, 0x0, 0x2) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000080)=[0x8001, 0x745e, 0x2]) semctl$SEM_INFO(r2, 0x3, 0x13, &(0x7f0000000100)=""/13) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040), &(0x7f00000000c0)=0x14) 21:30:12 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) recvfrom$unix(r0, &(0x7f0000000000), 0x0, 0xc0000003, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e20}, 0x6e) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:12 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:12 executing program 0 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 292.269094] FAULT_INJECTION: forcing a failure. [ 292.269094] name failslab, interval 1, probability 0, space 0, times 0 [ 292.294360] CPU: 1 PID: 15915 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 292.301456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.310842] Call Trace: [ 292.313440] dump_stack+0x138/0x197 [ 292.317094] should_fail.cold+0x10f/0x159 [ 292.321273] should_failslab+0xdb/0x130 [ 292.325264] kmem_cache_alloc_node+0x287/0x780 [ 292.329848] __alloc_skb+0x9c/0x500 [ 292.333476] ? skb_scrub_packet+0x4b0/0x4b0 [ 292.337784] ? netlink_has_listeners+0x20a/0x330 [ 292.342532] kobject_uevent_env+0x781/0xc23 [ 292.347013] kobject_uevent+0x20/0x26 [ 292.350808] lo_ioctl+0x11e7/0x1ce0 [ 292.354606] ? loop_probe+0x160/0x160 [ 292.358394] blkdev_ioctl+0x96b/0x1860 [ 292.362265] ? blkpg_ioctl+0x980/0x980 [ 292.366282] ? __might_sleep+0x93/0xb0 [ 292.370165] ? __fget+0x210/0x370 [ 292.373626] block_ioctl+0xde/0x120 [ 292.377249] ? blkdev_fallocate+0x3b0/0x3b0 [ 292.381559] do_vfs_ioctl+0x7ae/0x1060 [ 292.385431] ? selinux_file_mprotect+0x5d0/0x5d0 [ 292.390188] ? lock_downgrade+0x740/0x740 [ 292.394331] ? ioctl_preallocate+0x1c0/0x1c0 [ 292.398727] ? __fget+0x237/0x370 [ 292.402190] ? security_file_ioctl+0x89/0xb0 [ 292.406696] SyS_ioctl+0x8f/0xc0 [ 292.410161] ? do_vfs_ioctl+0x1060/0x1060 [ 292.414327] do_syscall_64+0x1e8/0x640 [ 292.418219] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 292.423058] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 292.428247] RIP: 0033:0x459d67 [ 292.431426] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 292.439141] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 292.446397] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 292.453797] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 292.461130] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 292.468393] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 292.475983] net_ratelimit: 16 callbacks suppressed [ 292.475989] protocol 88fb is buggy, dev hsr_slave_0 [ 292.486109] protocol 88fb is buggy, dev hsr_slave_1 21:30:13 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x3dc) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:13 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x3, 0x49a880) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100, 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) move_pages(r0, 0x7, &(0x7f0000000040)=[&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000140)=[0x8, 0x6, 0x9], &(0x7f0000000180)=[0x0], 0x0) 21:30:13 executing program 1 (fault-call:1 fault-nth:0): r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:13 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f00000000c0)='/dev/sd/pcmC#D#c\x00', 0x0, 0x341000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$IOC_PR_CLEAR(r3, 0x401070cd, &(0x7f0000000000)={0x38}) syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x2, 0x200000) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) ioctl$PERF_EVENT_IOC_REFRESH(r4, 0x2402, 0xfffffffffffffff9) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:13 executing program 0 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:13 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x100000000000, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:13 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") getsockname$packet(r2, &(0x7f0000000000), &(0x7f0000000040)=0x14) 21:30:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x804808, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) openat$selinux_create(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/create\x00', 0x2, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000040)={r0, 0x10, &(0x7f0000000000)={&(0x7f0000000580)=""/4096, 0x1000, 0x0}}, 0x10) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, &(0x7f00000001c0)) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000140)=r1, 0x4) 21:30:13 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm-monitor\x00', 0x10000, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f0000000180)=0x80000001) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4a000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x74, r1, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x10, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x20, 0x4, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}]}]}, 0x74}}, 0x10) 21:30:13 executing program 3: ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) wait4(r0, &(0x7f0000000040), 0x120000002, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$CAPI_GET_MANUFACTURER(0xffffffffffffffff, 0xc0044306, &(0x7f00000000c0)=0x5) ioctl(r1, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 292.727054] FAULT_INJECTION: forcing a failure. [ 292.727054] name failslab, interval 1, probability 0, space 0, times 0 [ 292.764508] CPU: 0 PID: 15941 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 292.771576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.780970] Call Trace: [ 292.783570] dump_stack+0x138/0x197 [ 292.787205] should_fail.cold+0x10f/0x159 [ 292.791356] should_failslab+0xdb/0x130 [ 292.795534] kmem_cache_alloc_node+0x287/0x780 [ 292.800311] __alloc_skb+0x9c/0x500 [ 292.804034] ? skb_scrub_packet+0x4b0/0x4b0 [ 292.808368] ? netlink_has_listeners+0x20a/0x330 [ 292.813409] kobject_uevent_env+0x781/0xc23 [ 292.818025] kobject_uevent+0x20/0x26 [ 292.821900] lo_ioctl+0x11e7/0x1ce0 [ 292.825648] ? loop_probe+0x160/0x160 [ 292.829454] blkdev_ioctl+0x96b/0x1860 [ 292.833333] ? blkpg_ioctl+0x980/0x980 [ 292.837226] ? __might_sleep+0x93/0xb0 [ 292.841287] ? __fget+0x210/0x370 [ 292.844727] block_ioctl+0xde/0x120 [ 292.848339] ? blkdev_fallocate+0x3b0/0x3b0 [ 292.852651] do_vfs_ioctl+0x7ae/0x1060 [ 292.856678] ? selinux_file_mprotect+0x5d0/0x5d0 [ 292.861490] ? lock_downgrade+0x740/0x740 [ 292.865638] ? ioctl_preallocate+0x1c0/0x1c0 [ 292.870046] ? __fget+0x237/0x370 [ 292.873493] ? security_file_ioctl+0x89/0xb0 [ 292.877885] SyS_ioctl+0x8f/0xc0 [ 292.881247] ? do_vfs_ioctl+0x1060/0x1060 [ 292.885415] do_syscall_64+0x1e8/0x640 [ 292.889551] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 292.894394] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 292.899577] RIP: 0033:0x459d67 [ 292.902775] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 292.910472] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 292.917852] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 21:30:13 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) getsockname$unix(r1, &(0x7f0000000000), &(0x7f00000000c0)=0x6e) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 292.925116] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 292.932390] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 292.939661] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 293.120189] protocol 88fb is buggy, dev hsr_slave_0 [ 293.125480] protocol 88fb is buggy, dev hsr_slave_1 [ 293.200199] protocol 88fb is buggy, dev hsr_slave_0 [ 293.205298] protocol 88fb is buggy, dev hsr_slave_1 [ 293.210423] protocol 88fb is buggy, dev hsr_slave_0 [ 293.215476] protocol 88fb is buggy, dev hsr_slave_1 [ 293.220639] protocol 88fb is buggy, dev hsr_slave_0 [ 293.225689] protocol 88fb is buggy, dev hsr_slave_1 21:30:14 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000040)=0x7fffffff) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:14 executing program 0 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:14 executing program 5: r0 = accept$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) setsockopt$sock_timeval(r0, 0x1, 0x927ec418fca89232, &(0x7f00000001c0)={r1, r2/1000+30000}, 0x10) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000200)="cae1b4b142491c1ef89a0e5b23") getuid() connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SIOCAX25GETINFOOLD(r3, 0x89e9, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:14 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0xfffffffffffffe26) ioctl$TIOCLINUX3(r3, 0x541c, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:14 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffc, 0x101100) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$EVIOCGLED(r1, 0x80404519, &(0x7f0000000000)=""/65) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400203) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:14 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r1 = msgget$private(0x0, 0xb1) msgctl$IPC_RMID(r1, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000040)={0x800, 0x7, 0x1000, 0x9, 0x3, 0x7}) [ 293.475238] FAULT_INJECTION: forcing a failure. [ 293.475238] name failslab, interval 1, probability 0, space 0, times 0 [ 293.506103] CPU: 0 PID: 15981 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 293.513163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.513168] Call Trace: 21:30:14 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x8, 0x4, 0x7, 0x2, 0x0}, &(0x7f0000000040)=0x10) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f00000000c0)={r2}, 0x8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 293.513185] dump_stack+0x138/0x197 [ 293.513205] should_fail.cold+0x10f/0x159 [ 293.513221] should_failslab+0xdb/0x130 [ 293.537063] kmem_cache_alloc_node_trace+0x280/0x770 [ 293.542221] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 293.547683] __kmalloc_node_track_caller+0x3d/0x80 [ 293.552752] __kmalloc_reserve.isra.0+0x40/0xe0 [ 293.557438] __alloc_skb+0xcf/0x500 [ 293.561616] ? skb_scrub_packet+0x4b0/0x4b0 [ 293.566019] ? netlink_has_listeners+0x20a/0x330 21:30:14 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = fcntl$dupfd(r1, 0x406, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 293.570886] kobject_uevent_env+0x781/0xc23 [ 293.580452] kobject_uevent+0x20/0x26 [ 293.584361] lo_ioctl+0x11e7/0x1ce0 [ 293.588015] ? loop_probe+0x160/0x160 [ 293.592788] blkdev_ioctl+0x96b/0x1860 [ 293.596914] ? blkpg_ioctl+0x980/0x980 [ 293.601097] ? __might_sleep+0x93/0xb0 [ 293.605159] ? __fget+0x210/0x370 [ 293.608623] block_ioctl+0xde/0x120 [ 293.612241] ? blkdev_fallocate+0x3b0/0x3b0 [ 293.616551] do_vfs_ioctl+0x7ae/0x1060 [ 293.620428] ? selinux_file_mprotect+0x5d0/0x5d0 21:30:14 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x10000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 293.625328] ? lock_downgrade+0x740/0x740 [ 293.629504] ? ioctl_preallocate+0x1c0/0x1c0 [ 293.633920] ? __fget+0x237/0x370 [ 293.637382] ? security_file_ioctl+0x89/0xb0 [ 293.641895] SyS_ioctl+0x8f/0xc0 [ 293.645276] ? do_vfs_ioctl+0x1060/0x1060 [ 293.649966] do_syscall_64+0x1e8/0x640 [ 293.653871] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 293.658736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 293.663943] RIP: 0033:0x459d67 [ 293.667149] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 21:30:14 executing program 1: openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x880, 0x0) r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:14 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5, 0x80800) r2 = socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = dup3(r2, r3, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r4, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r3, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000080)=ANY=[@ANYBLOB="0400087083b000", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x7a, &(0x7f000059aff8)={r5}, &(0x7f000034f000)=0x2059b000) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={r5, 0x5, 0x6, 0x1000, 0x800, 0x10001}, 0x14) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 293.674887] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 293.682287] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 293.689567] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 293.696858] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 293.704382] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:14 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) getpeername$ax25(r2, &(0x7f0000000000)={{0x3, @bcast}, [@rose, @bcast, @rose, @rose, @rose, @remote, @netrom, @netrom]}, &(0x7f00000000c0)=0x48) 21:30:15 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) lsetxattr$trusted_overlay_opaque(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.opaque\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x3) r3 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x100000001, 0x2) 21:30:15 executing program 0 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:15 executing program 1: getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000000), &(0x7f0000000040)=0x4) r0 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x9, 0x1) r1 = socket$inet(0x2, 0x4000000805, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = dup3(r1, r2, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r3, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r2, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x7a, &(0x7f000059aff8)={r4}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f00000000c0)={r4, 0xcb1, 0x7, 0x3ff}, &(0x7f0000000100)=0x10) r5 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:15 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000280)=ANY=[@ANYBLOB="0200000000402815bf873641904600000000000000000000080000000001000000000000000000000000000000000000000000000000000000000000030000000000000000000000ff7f00000700"/104]) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000000)={r0}) 21:30:15 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x400000, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3ff, 0xfffffffffffffffd, 0x0, 0x12, 0x3, 0x10, "a9572a810770ae83f79bbd1fafd20e7c59d77369f75b30fa244925a4225a934c735c9af2f32ca53bb7466f4eb891551e9c8ada80b747720e332637e487c1607b", "54fdffff9e717a1a32298f9ccd1d10c5ed1f666ed8075d72191e7f2be02d0d4312f55d35019bf8cf55632ed64042521d2bcecb47a0da83701fe120ff2d8532db", "dfdb75b7577b4aa2274cf2045a996fc7abe4970c29fc909d268901237db7efcc", [0x4, 0x8]}) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 294.301355] FAULT_INJECTION: forcing a failure. [ 294.301355] name failslab, interval 1, probability 0, space 0, times 0 [ 294.329759] CPU: 0 PID: 16030 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 294.336831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.346219] Call Trace: 21:30:15 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x2afe4c94}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r1, 0xc04c5349, &(0x7f0000000000)={0x8da, 0x7, 0x80000000}) [ 294.348821] dump_stack+0x138/0x197 [ 294.352473] should_fail.cold+0x10f/0x159 [ 294.356646] should_failslab+0xdb/0x130 [ 294.360638] kmem_cache_alloc_node+0x287/0x780 [ 294.365366] __alloc_skb+0x9c/0x500 [ 294.369149] ? skb_scrub_packet+0x4b0/0x4b0 [ 294.373638] ? netlink_has_listeners+0x20a/0x330 [ 294.378543] kobject_uevent_env+0x781/0xc23 [ 294.382870] kobject_uevent+0x20/0x26 [ 294.386664] lo_ioctl+0x11e7/0x1ce0 [ 294.390281] ? loop_probe+0x160/0x160 [ 294.394083] blkdev_ioctl+0x96b/0x1860 [ 294.397971] ? blkpg_ioctl+0x980/0x980 [ 294.401858] ? __might_sleep+0x93/0xb0 [ 294.405733] ? __fget+0x210/0x370 [ 294.409177] block_ioctl+0xde/0x120 [ 294.412806] ? blkdev_fallocate+0x3b0/0x3b0 [ 294.417129] do_vfs_ioctl+0x7ae/0x1060 [ 294.421010] ? selinux_file_mprotect+0x5d0/0x5d0 [ 294.425783] ? lock_downgrade+0x740/0x740 [ 294.429928] ? ioctl_preallocate+0x1c0/0x1c0 [ 294.434338] ? __fget+0x237/0x370 [ 294.437782] ? security_file_ioctl+0x89/0xb0 [ 294.442182] SyS_ioctl+0x8f/0xc0 [ 294.445549] ? do_vfs_ioctl+0x1060/0x1060 [ 294.449697] do_syscall_64+0x1e8/0x640 [ 294.453682] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 294.458514] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 294.463714] RIP: 0033:0x459d67 [ 294.466888] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.474601] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 294.481866] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 294.489377] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 21:30:15 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x2, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet(0x2, 0x4000000805, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) r6 = dup3(r4, r5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r6, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r5, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) r8 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x70000, 0x0) setsockopt$RDS_RECVERR(r8, 0x114, 0x5, &(0x7f00000001c0)=0x1, 0x4) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x7a, &(0x7f000059aff8)={r7}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={r7, 0x9}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000100)={0x4, 0x9, 0x200, 0x9, 0x4, 0x2, 0x8, 0x400, r9}, &(0x7f0000000140)=0x20) r10 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 294.496648] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 294.504231] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:15 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) sendmsg$netlink(r3, &(0x7f0000002a40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r4}}}], 0x20}, 0x0) r5 = geteuid() r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000140)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@initdev}}, &(0x7f0000000240)=0xe8) syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x2, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="7df1954b5a6a1d94", 0x8, 0x1}], 0x1000000, &(0x7f0000000400)=ANY=[@ANYBLOB='map=acorn,check=strict,unhide,utf8,map=acorn,hide,nocompress,gid=', @ANYRESHEX=r4, @ANYBLOB=',nocompress,overriderockperm,uid<', @ANYRESDEC=r5, @ANYBLOB=',dont_appraise,uid=', @ANYRESDEC=r7, @ANYBLOB="2c6673636f6e746578743d73797361646d5f752c736d61636b66736465663d2f6465762f736e642f70636d4323442363002c00f0b3cdbabed57c6e3b101456e0fa32d9a9dd2add14e936f134650833da151a56393f87aabdbd7d85428110d9fd3a24475636f0be75d6f89acbb86bee84ae63cdba8ea3374928b00bb17247afd6457b4a1031c59e5c671eec10174cf912f85c7da464345064e77d0f769632fda6adc0515b3fc6160f7b2ae1abe9f1391b3db9ad9f85f9f0a2579aeb9505ceb98add37"]) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") socket$inet_tcp(0x2, 0x1, 0x0) 21:30:15 executing program 0 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:15 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000000)={@ipv4={[], [], @loopback}, 0x0}, &(0x7f0000000040)=0x14) setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f00000000c0)={@rand_addr=0x9, @rand_addr=0x4, r5}, 0xc) r6 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:15 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = open(&(0x7f0000000140)='./file0\x00', 0x84000, 0x122) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x8000, 0x101000) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, 0x0) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r1) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) mlock2(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0xfffffffffffffcda, 0xfa00, {{0x6000000, 0x4e26, 0x0, @rand_addr="9885e007004000"}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xfffff7ff}, r3, 0x9dd}}, 0x694) ioctl(0xffffffffffffffff, 0xc100410e, &(0x7f00000000c0)="cae1b4b51010fc54e38550da26b70e5b23395a9a856a7f45dec644668bb8b0bb1f181707b975b562759c4565b88f74346ea8d84763833e2c67b3b84a8254be1d080724bf255b6bf1c804ba197f09e04996174853a986e681254547ce4ae06b5602fe6d8a8b5ffacaac9149169a362c4c0d087863e5a39196") [ 294.681595] FAULT_INJECTION: forcing a failure. [ 294.681595] name failslab, interval 1, probability 0, space 0, times 0 [ 294.694421] CPU: 0 PID: 16055 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 294.701470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.710883] Call Trace: [ 294.713507] dump_stack+0x138/0x197 [ 294.717305] should_fail.cold+0x10f/0x159 [ 294.721470] should_failslab+0xdb/0x130 [ 294.725473] kmem_cache_alloc_node_trace+0x280/0x770 [ 294.730605] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 294.736494] __kmalloc_node_track_caller+0x3d/0x80 [ 294.741452] __kmalloc_reserve.isra.0+0x40/0xe0 [ 294.746140] __alloc_skb+0xcf/0x500 [ 294.749779] ? skb_scrub_packet+0x4b0/0x4b0 [ 294.754116] ? netlink_has_listeners+0x20a/0x330 [ 294.758895] kobject_uevent_env+0x781/0xc23 [ 294.763239] kobject_uevent+0x20/0x26 [ 294.767048] lo_ioctl+0x11e7/0x1ce0 [ 294.770679] ? loop_probe+0x160/0x160 [ 294.774618] blkdev_ioctl+0x96b/0x1860 21:30:15 executing program 3: [ 294.778512] ? blkpg_ioctl+0x980/0x980 [ 294.782418] ? __might_sleep+0x93/0xb0 [ 294.786306] ? __fget+0x210/0x370 [ 294.789769] block_ioctl+0xde/0x120 [ 294.793406] ? blkdev_fallocate+0x3b0/0x3b0 [ 294.793418] do_vfs_ioctl+0x7ae/0x1060 [ 294.793431] ? selinux_file_mprotect+0x5d0/0x5d0 [ 294.793442] ? lock_downgrade+0x740/0x740 [ 294.793453] ? ioctl_preallocate+0x1c0/0x1c0 [ 294.793467] ? __fget+0x237/0x370 [ 294.793484] ? security_file_ioctl+0x89/0xb0 [ 294.801703] SyS_ioctl+0x8f/0xc0 [ 294.801714] ? do_vfs_ioctl+0x1060/0x1060 [ 294.801729] do_syscall_64+0x1e8/0x640 [ 294.801738] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 294.801756] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 294.801765] RIP: 0033:0x459d67 [ 294.801770] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 294.801782] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 294.801786] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 294.801791] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 294.801795] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 294.801799] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:15 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r1) r3 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10007, 0x6) 21:30:15 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x8, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x743300, 0x0) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f0000000240)=""/4096) setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:15 executing program 0 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:15 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000140)=0x60) [ 295.124888] FAULT_INJECTION: forcing a failure. [ 295.124888] name failslab, interval 1, probability 0, space 0, times 0 [ 295.136492] CPU: 0 PID: 16079 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 295.143530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.143537] Call Trace: [ 295.143560] dump_stack+0x138/0x197 [ 295.143580] should_fail.cold+0x10f/0x159 [ 295.143596] should_failslab+0xdb/0x130 [ 295.143622] kmem_cache_alloc_node+0x287/0x780 21:30:15 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) fstatfs(r0, &(0x7f0000000000)=""/56) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x9, 0x4) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {0x2, 0x6}}) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(0xffffffffffffffff, 0x8008ae9d, &(0x7f0000000100)=""/39) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000040)={{&(0x7f0000ffc000/0x3000)=nil, 0x3000}, 0x1}) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x800, 0x0) ioctl$IMGETDEVINFO(r1, 0x80044944, &(0x7f0000000140)={0x20}) 21:30:15 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x460100, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000040)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xff96, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 295.143639] __alloc_skb+0x9c/0x500 [ 295.143647] ? skb_scrub_packet+0x4b0/0x4b0 [ 295.143657] ? netlink_has_listeners+0x20a/0x330 [ 295.143676] kobject_uevent_env+0x781/0xc23 [ 295.143693] kobject_uevent+0x20/0x26 [ 295.163536] lo_ioctl+0x11e7/0x1ce0 [ 295.196519] ? loop_probe+0x160/0x160 [ 295.200335] blkdev_ioctl+0x96b/0x1860 [ 295.204238] ? blkpg_ioctl+0x980/0x980 [ 295.208138] ? __might_sleep+0x93/0xb0 [ 295.212042] ? __fget+0x210/0x370 [ 295.215518] block_ioctl+0xde/0x120 [ 295.219165] ? blkdev_fallocate+0x3b0/0x3b0 21:30:15 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='\x1cR\xa6\x8e*Hnd/se\xff\x0f', 0x0, 0x549100) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 295.223505] do_vfs_ioctl+0x7ae/0x1060 [ 295.227420] ? selinux_file_mprotect+0x5d0/0x5d0 [ 295.232191] ? lock_downgrade+0x740/0x740 [ 295.236358] ? ioctl_preallocate+0x1c0/0x1c0 [ 295.240786] ? __fget+0x237/0x370 [ 295.244266] ? security_file_ioctl+0x89/0xb0 [ 295.248710] SyS_ioctl+0x8f/0xc0 [ 295.252102] ? do_vfs_ioctl+0x1060/0x1060 [ 295.256261] do_syscall_64+0x1e8/0x640 [ 295.260162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 295.265047] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 295.270250] RIP: 0033:0x459d67 21:30:16 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = getuid() r5 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) sendmsg$netlink(r5, &(0x7f0000002a40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r6}}}], 0x20}, 0x0) fchownat(r1, &(0x7f0000000000)='./file0\x00', r4, r6, 0x400) 21:30:16 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) r5 = open(&(0x7f0000000040)='./file0\x00', 0x60e, 0x0) writev(r5, &(0x7f0000000300)=[{&(0x7f0000001180)="f0", 0x1}], 0x1) r6 = openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) readv(r6, &(0x7f0000000600)=[{&(0x7f0000000500)=""/45, 0x2d}], 0x1) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 295.273569] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 295.281302] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 295.288679] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 295.296076] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 295.303351] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 295.310683] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:16 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f00000002c0)={0xa10000, 0xb30f, 0x7, [], &(0x7f0000000280)={0x990a79, 0xffff0001, [], @ptr=0x2}}) setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="00fb190407d0be9f85e177f3bf089d944b85ddd7c5f4dffedae8934670cecfa93cd5d4404f9bec862b29d797e6c49f8e61d0cd4fe82c797efcf0d478a3640ad2e4f104fc2624c1a30d5c9fc42546576103cdb7f0b4edfa9ef708d287bc805b1d30f847cffa774ac946f64968842fee42a22a6c892ae8ccbf908add9f7fd9fa9fb1741ea2dbbf8c3054c4ec8a50b7c6c6dcce77824abd7ded3286d4d943c78de948c681d056ce6cda018c4d26c1fb465568d1b5a46a3b334c07d2d7cd851bcc6022134048a79a8ce3b4a7563b961d18b5fae7a3ece21a41504d398c0c51bddf117bb199ac3de90d59163e861c690cce27a925b06fa5dcc7539090dabd6cae810b9d8c0d5a3b8ea4d5ce9babbae35d9e6825985e4bc08f88aac30fa2af950d1aea43af4e90be3c87a33f2518f6d1084c8731a2e2cd9723beb63192e2a426f858e58e7c6250f4127064111337df074377ea9a0e939eefdfa0178e0aff54"], 0x19, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000900)={r2, 0x10, &(0x7f00000008c0)={&(0x7f0000000880)=""/36, 0x24, 0xffffffffffffffff}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000980)={r1, 0x10, &(0x7f0000000940)={&(0x7f00000007c0)=""/165, 0xa5, r5}}, 0x10) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) socket$nl_crypto(0x10, 0x3, 0x15) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) r8 = openat$dsp(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/dsp\x00', 0x400000, 0x0) getsockopt$inet_dccp_int(r8, 0x21, 0xb, &(0x7f0000000a00), &(0x7f0000000a40)=0x4) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r7}}, 0x18) r9 = openat(r1, &(0x7f00000001c0)='./file0\x00', 0x10000, 0x4) connect$inet6(r9, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, [], 0xd}}, 0x1c) ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000000000)=0x3) 21:30:16 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000100)={0x2, &(0x7f00000000c0)=[{0x81, 0xf7, 0xe0, 0x4}, {0x5, 0xf1, 0x80, 0xff}]}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000), 0x111}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x4e20, 0x100000, @mcast2}, {0xa, 0x1, 0x0, @rand_addr="bab9ab80558eadcd47618be2cda85672"}, r3}}, 0x48) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000280)={0xffffffffffffffff}, 0x13, 0x10}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x0, 0x100, @mcast2, 0x4}, {0xa, 0x4, 0x0, @remote}, r8}}, 0x48) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r7}}, 0x18) ioctl$SCSI_IOCTL_START_UNIT(r5, 0x5) fcntl$setown(r1, 0x8, r4) 21:30:16 executing program 0 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:16 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = openat(r0, &(0x7f0000000040)='./file0\x00', 0x40000, 0x12) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r5, &(0x7f0000000640)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) socket(0x10, 0x2, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r8, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r9, 0x407, 0x0) write(r9, &(0x7f0000000340), 0x41395527) socket(0x0, 0x1, 0x3) r10 = fcntl$dupfd(r8, 0x0, r9) ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000200)={'vcan0\x00', r7}) setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000240)={@loopback, r11}, 0x14) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r12 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) write(r12, &(0x7f00000000c0)="e92f16aa0a3d31f827f3e585ad31f6943ef59e5ee3a79b8d5c1ccd99cc61e5fcfbaf99300c3c27fd76fbad39c15b90b3e2e119be7ccac360974e90e358922dd52477b57dc0fca306d0e13e323d1d94a1dc4b7cad4bdce57ad11a6a88651fb71fac1ecbc5a453d1aeec874202968e639093e15532126e", 0x76) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 295.573801] FAULT_INJECTION: forcing a failure. [ 295.573801] name failslab, interval 1, probability 0, space 0, times 0 [ 295.585127] CPU: 1 PID: 16122 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 295.592156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.601842] Call Trace: [ 295.604444] dump_stack+0x138/0x197 [ 295.608082] should_fail.cold+0x10f/0x159 [ 295.612236] should_failslab+0xdb/0x130 [ 295.616214] kmem_cache_alloc_node+0x287/0x780 [ 295.620801] __alloc_skb+0x9c/0x500 [ 295.624433] ? skb_scrub_packet+0x4b0/0x4b0 [ 295.628769] ? netlink_has_listeners+0x20a/0x330 [ 295.634135] kobject_uevent_env+0x781/0xc23 [ 295.638476] kobject_uevent+0x20/0x26 [ 295.642296] lo_ioctl+0x11e7/0x1ce0 [ 295.646082] ? loop_probe+0x160/0x160 [ 295.650059] blkdev_ioctl+0x96b/0x1860 [ 295.653972] ? blkpg_ioctl+0x980/0x980 [ 295.657864] ? __might_sleep+0x93/0xb0 [ 295.661753] ? __fget+0x210/0x370 [ 295.665215] block_ioctl+0xde/0x120 [ 295.669202] ? blkdev_fallocate+0x3b0/0x3b0 [ 295.673559] do_vfs_ioctl+0x7ae/0x1060 [ 295.677454] ? selinux_file_mprotect+0x5d0/0x5d0 [ 295.682219] ? lock_downgrade+0x740/0x740 [ 295.686495] ? ioctl_preallocate+0x1c0/0x1c0 [ 295.691424] ? __fget+0x237/0x370 [ 295.694873] ? security_file_ioctl+0x89/0xb0 [ 295.699391] SyS_ioctl+0x8f/0xc0 [ 295.702783] ? do_vfs_ioctl+0x1060/0x1060 [ 295.706931] do_syscall_64+0x1e8/0x640 [ 295.710945] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 295.715783] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 295.720984] RIP: 0033:0x459d67 [ 295.724185] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 295.732006] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 295.739609] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 295.746883] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 295.754280] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 295.761561] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:16 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x82, 0x400500) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dlm_plock\x00', 0x20000, 0x0) ioctl$KVM_GET_MSRS(r4, 0xc008ae88, &(0x7f00000005c0)=ANY=[]) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, &(0x7f0000000300)) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r6 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r6, 0x40086607, &(0x7f00000002c0)=0x3) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='9p\x00', 0x10, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_mmap='cache=mmap'}, {@version_9p2000='version=9p2000'}, {@dfltgid={'dfltgid', 0x3d, r7}}, {@uname={'uname', 0x3d, '+-\x98bdev,md5sumsystem]self)trustedkeyringwlan1'}}, {@access_client='access=client'}, {@afid={'afid', 0x3d, 0x2}}, {@loose='loose'}, {@posixacl='posixacl'}], [{@appraise='appraise'}, {@appraise_type='appraise_type=imasig'}]}}) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:16 executing program 0 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:16 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$TIOCLINUX4(r2, 0x541c, &(0x7f0000000000)) r3 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 295.936053] FAULT_INJECTION: forcing a failure. [ 295.936053] name failslab, interval 1, probability 0, space 0, times 0 [ 295.950365] CPU: 0 PID: 16143 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 295.957414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 295.966782] Call Trace: [ 295.969387] dump_stack+0x138/0x197 [ 295.973094] should_fail.cold+0x10f/0x159 [ 295.977252] should_failslab+0xdb/0x130 [ 295.981229] kmem_cache_alloc_node+0x287/0x780 [ 295.985806] __alloc_skb+0x9c/0x500 [ 295.989427] ? skb_scrub_packet+0x4b0/0x4b0 [ 295.993739] ? netlink_has_listeners+0x20a/0x330 [ 295.998489] kobject_uevent_env+0x781/0xc23 [ 296.002813] kobject_uevent+0x20/0x26 [ 296.006616] lo_ioctl+0x11e7/0x1ce0 [ 296.010262] ? loop_probe+0x160/0x160 [ 296.014063] blkdev_ioctl+0x96b/0x1860 [ 296.018066] ? blkpg_ioctl+0x980/0x980 [ 296.022181] ? __might_sleep+0x93/0xb0 [ 296.026077] ? __fget+0x210/0x370 [ 296.029529] block_ioctl+0xde/0x120 [ 296.033151] ? blkdev_fallocate+0x3b0/0x3b0 [ 296.037471] do_vfs_ioctl+0x7ae/0x1060 [ 296.041469] ? selinux_file_mprotect+0x5d0/0x5d0 [ 296.046331] ? lock_downgrade+0x740/0x740 [ 296.050472] ? ioctl_preallocate+0x1c0/0x1c0 [ 296.054873] ? __fget+0x237/0x370 [ 296.058320] ? security_file_ioctl+0x89/0xb0 [ 296.062725] SyS_ioctl+0x8f/0xc0 [ 296.066079] ? do_vfs_ioctl+0x1060/0x1060 [ 296.070219] do_syscall_64+0x1e8/0x640 [ 296.074091] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 296.078963] entry_SYSCALL_64_after_hwframe+0x42/0xb7 21:30:16 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") getsockopt$inet_int(r2, 0x0, 0x14, &(0x7f0000000300), &(0x7f0000000340)=0x4) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r5, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r6 = accept4$x25(0xffffffffffffffff, &(0x7f0000000040)={0x9, @remote}, &(0x7f0000000080)=0x12, 0xdd92e0022517c2cf) r7 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/status\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000240)={r6, r7, 0x5840, 0xa6, &(0x7f0000000180)="6705f04d2ceaaf5ff11fe98fdf8ebd1747b3d0f53f991f23cc9e9912e81e4de1e2a194005d6481452564c4515d950e70a158ea0399bf24b1b4157f4c691d439a501c6eaeb197cbf716e4504aef2d9314ad784c977177058477c3d1c16248da59abd7fe55c6e65902a2664ca2835690f8106d9685db9e98d68af04708f13abac4954562611cc026082b5d5b33e9b11d27605ee6d2a7256c807b14eaed379dd55693e36efe4d4b", 0x0, 0x1, 0x6, 0x101, 0x8, 0x0, 0x6, 'syz0\x00'}) write$binfmt_elf64(r5, &(0x7f0000000500)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0x2, 0x9, 0xff, 0x64ef0000000, 0x2, 0x3, 0x0, 0x32f, 0x40, 0x1e4, 0xe9, 0x3, 0x38, 0x1, 0x0, 0x30, 0x1}, [{0x60000000, 0x5, 0x401, 0xfffffffffffffff9, 0x2, 0x1ff, 0x1, 0x8}, {0x60000000, 0x1ff, 0x6, 0x7, 0xffffffffffffff80, 0x7, 0xb4, 0x401}], "3a18498e66a0b63e20e34f01cdc5cb264773792d32c54676d212b3f44cc5719f7e79eb242e9360030b3434f831589962fc7eb057265af0dd8a3f0ce0c0633d4b8ef7a0c5e4ab426ccd9a4dfe63daaa2c8121a2ab503e4d97d899a894d57d1dd62f451a", [[], [], [], [], [], [], [], [], [], []]}, 0xb13) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000380)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x81}}, [0x95, 0x1, 0x8, 0x6, 0xb1d, 0x5, 0xcc14, 0xfffffffffffffffa, 0xd0, 0x26051668, 0x6, 0x101, 0x2, 0x9e, 0x7f]}, &(0x7f0000000480)=0x100) [ 296.084250] RIP: 0033:0x459d67 [ 296.087446] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 296.095173] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 296.102461] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 296.109751] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 296.117112] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 296.117117] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:16 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) getresuid(&(0x7f0000000100)=0x0, &(0x7f0000000140), &(0x7f0000000180)) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) sendmsg$netlink(r2, &(0x7f0000002a40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r3}}}], 0x20}, 0x0) lchown(&(0x7f00000000c0)='./file0\x00', r1, r3) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_tcp_int(r4, 0x6, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:16 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x40000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0x1}, 0x1, 0x0, 0x0, {0x0, 0x5}}) 21:30:16 executing program 0 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 296.255928] FAULT_INJECTION: forcing a failure. [ 296.255928] name failslab, interval 1, probability 0, space 0, times 0 [ 296.275987] CPU: 0 PID: 16163 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 296.283287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.292687] Call Trace: [ 296.295275] dump_stack+0x138/0x197 [ 296.298918] should_fail.cold+0x10f/0x159 [ 296.303091] should_failslab+0xdb/0x130 [ 296.307152] kmem_cache_alloc_node_trace+0x280/0x770 [ 296.312247] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 296.317823] __kmalloc_node_track_caller+0x3d/0x80 [ 296.323142] __kmalloc_reserve.isra.0+0x40/0xe0 [ 296.327821] __alloc_skb+0xcf/0x500 [ 296.331550] ? skb_scrub_packet+0x4b0/0x4b0 [ 296.335860] ? netlink_has_listeners+0x20a/0x330 [ 296.340818] kobject_uevent_env+0x781/0xc23 [ 296.345185] kobject_uevent+0x20/0x26 [ 296.349015] lo_ioctl+0x11e7/0x1ce0 [ 296.352662] ? loop_probe+0x160/0x160 [ 296.356607] blkdev_ioctl+0x96b/0x1860 [ 296.360608] ? blkpg_ioctl+0x980/0x980 [ 296.364692] ? __might_sleep+0x93/0xb0 [ 296.368609] ? __fget+0x210/0x370 [ 296.372205] block_ioctl+0xde/0x120 [ 296.376390] ? blkdev_fallocate+0x3b0/0x3b0 [ 296.381116] do_vfs_ioctl+0x7ae/0x1060 [ 296.385461] ? selinux_file_mprotect+0x5d0/0x5d0 [ 296.390257] ? lock_downgrade+0x740/0x740 [ 296.394428] ? ioctl_preallocate+0x1c0/0x1c0 [ 296.398890] ? __fget+0x237/0x370 [ 296.402373] ? security_file_ioctl+0x89/0xb0 21:30:17 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) sched_getscheduler(r1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$RTC_ALM_SET(r2, 0x40247007, &(0x7f0000000000)={0x27, 0x15, 0x0, 0x1, 0x0, 0x2, 0x2, 0x73, 0x1}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) 21:30:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x200, 0x8, &(0x7f0000001780)=[{&(0x7f0000000580)="1ca78773cbcd73b08be0c3226a1b1fdd6ed6f14a09a801bf03d74a21acce64f163c8c83b11fb850506d3518473500acdbd36cf45968bc24e9957177b7a58fe81700722606773ff31b20e8a226bf04a52b6918514b978b02db3e1fb181c1449f35fa39a4bd532f6b5b53c82a4328b9da4b47683f759ea4b6498d06084709a53f3834e3278ba7e939fe19cdad5435b4fe10ad2d60e0bdff7da42d53d95014070ef7e4d6166ad6e74111309b5f9814f8cf03627d9031a10bd4392cad15365804431b74ca53bc65504b9a3e6681361b4455fb37548d1c1a9489c0c7d0d6ab2cc9402c81c24f132878848a5ac7d00f0799b23408ff01b13f42fb04f11b3e9bb860629b5767fbb3e4c8195e6bf6b1c2ca640e508f8393f73d06789179da70911e136c5e034f206ae1ce9f8c5a068e015f6e928d421a2ec140048b777d7df4b423840de5273799bf51ace2aef8b2513ec1d1f092c227e670a092b4ce8bba3a760b2a3de24f2e971f36d4446c2961fbce6c62f450b11a906e52da0d2de8e9806fbfcaa47e8f4e05996e62ec2aed078382257c97bfa2ed2448f822a49aaa0789a448a167637ef801c427282f87f76ee19a1d97304fc59a41f2d58bcee5a46ca75b759ad02c8df0b6302a8f94ddf7e378dabed73bca800323e6f96148bbd963eb3ecd9b2612210a5d89b0a20b62e8c4b05e598c5024862428ab1261f9560834ff7d036d92c856f2b8852810a1b670c8a6c9477e72bee3ebf8968618a7b06cfef65c476533965a46562e527b554f1307c5b41d4c2d2afe5147bcc0da257c9d4c7c1c15e58080f04386a6d8986fa5fa62675e737062ed13e162a64e742aac2c98fb354d94a3bb1b49549357eb9b62cacdd0dc2808f11b4153cf31af52d471e0cb8cc8b4ab7930ed44cbb016b33a7a52f120b5605c9677db73977e45935c719c54cf39121d93a831d8f3ab78eb4dd5734c2e38a8fddcc08bc033994f39f36da7b8e0a2deaccd3a896a47a52240e712bddebfc0155fd62794bd7654e4e0c911d4003a727fee0f70ada79ecbc0335f527986b810f3cbbbd34f91eb1b892e5638b6c214c4655874450aac9eff82538339e167cd0465c270f535f72469810c49de53960efecd8a89f77947a85de6d1a2d626fe3511909d507afad76260b2dc3c2d2ff9a2f27d5d78beed3d647025455470347d4b83b5c829997ff1f4b5f9d3ad60c1290e2fbee61bba450f95576e57d296a2de5bc5994be5234eaf4081a9c07d053d4b5efeef9457046a61ceb1004edf3e786edcec274738cb4b0c160bb4922ab7e857a554496e31cdaf7532e91b28324523fd93810b12b065c02859943e3da9d98fadb23952d6d01bef22ef6a7d93a62cdf93775d05d2fd8e5529c89a7f3f6ecffc3e3e6f8ab9de6565aa46d4c7c10ba62967926fff17adb25dd1e086fe74cdf969f32b00c25b3f3acb41561243b8a64d97985c226b959849df5caf748b4139379688c342af45fefef5ec375ee925da41b1dc60bdc5f9550a0aad2e91bf2f8d8c4a023d02bcc6af817548611312ce3f24f1d0480c7edd820ee315d886e22eab6ca533ea5ee14880808c38772cc6ab9a2e3967e2459e3194ffa64da62b6016184f95a92a932adce24f7994dd930d0f1f800d02ff7c3b1cbf4555b22e8f8b25bb6c7af47ae2d1b7d8390ed1b2fea42448251a5fa628d4ac5b55af121b715d45d46ede2f22d125aeddcbaf14cba17fd9a074976089da3253f2117fae549ecd521586e86c6c3bf88f03ead310d9ef4da9a9b1c12ce3aecc2121b9d8fd189c681442980ae890a47d82bfef9b418d69723c4a3135983bd3feaf2bbb0b0eeaa55c37164df6883b3adf38d011a416f1c1b57263e7064658d892756d93bc6c311c3fb237be51fc5ee0abd57a02a1a978eec51e820702f22330ce68a9ff236053ea3168f6e5e706a4ad54f3128cab72156ada65588cd472484021623db677b09208291079fdb43866bfd018391e374e9b8cfd12fc3f3dcabacb308b47dd16dbf5907f392c3f79b0057cd9b3cb9c82ca2253d4dfa5ffd9c67820aafb41582b0387acc24195194e187f651ee0669065346989d93fec773d39e4cc2d0ad21c7aefa66571ecdeedbff65f697e89586c834e6f64dd9c809df5c5488383314a5ef6f92c8e817851921976812d1d0deed12f0bd633c4aa6966959e79abc72de87017e4e5cba72c05d9eee7c18ebadecb0addea795848f263f5e17dd5310ddcb7254b7cb170f11442502544b5e39270eac33e033108dd3b686125e45c4df84987c7d4923067539307ec0a3e02e58c0d937530797297a2d7b69e8e43390042fd3cf1e94af690ac13acef1597b4e796106133a2af0f8b2e03623bca24e62cb9252243bb65d05abc8aaf36417acd7791e01ccd2587ff185ebe5e2e0fc1bc745a5bb2aea25b410472704c5b33c42569693b7bcd90a2205e586c6fce81306e0da6a3d00cde0b6fd99ff17f722057dd1fa91f4a5ba15882a364917cebe0af629a862ddeae1ea1cdea9a98f90b8260a82a3b5b6a5920a9e7d0b2d99d7be1bfaf55d968638de34a8d337999094795b86f9f5a94f99794d396659547909d3a68c1f3e2acf03ab9328936aa5e895c624da9ddb011b79a46156c0f2aaad6038d18f37204c42ab3b0469fa91d1fd36359c698d9c0b8391319620ba293adc44d7436020184b7b89e741b2ecedec925bd16b97e0839131ee108db1cbc130ffaa3357e70576cf3a41d9fe3cb3f4d65c1b428190591f22337d3ed3454a5693e91a23864ab9bd03bdf302d7972207155a44534b46f11776ce85e20b7b61b79cb0d10cd7c1446cba6e1f38e22ba597ec25a23f6e7e04e25dfc2174b79985cfc8c20bd3ceb230d9af0ec6137a6e901dc90c0f6abf62c4c4e41ba51784105a2ca3098d2c1fa9153157cb3955cb856ba2247f2eb946124be463008c8c25cc45663561046818a849caa2ca174873b3918526425409399d2308d3b19837918a766c33aec7f11bad13d1f0a60ae8372a3ed778c3cff7a0e36007ff39549cf868a5453868668f1c3625ff7b93841080f2da2ce9987b33535c4bcd04fb29688fd7367c142bf172afbfa8bd4f0485a5dba4c1dc055602ff7eb5202c847b6d210d0eca86aa5d6e7a874570deb89eb1c761d9bb848712a9be03b4a379973a10fb9a011150827f422886db4b20ea45ec1a91758622f16ba12b88253aa573cda84a28dbde85cd0fe1448ed14a97358138d8d2bc454e79bb262280a52b4eda7be01f926bf47b03abed0b8586a76a7f0f06cbcb9557813069bcca6f7540a8e814a44477d06af169206741bf26ecb62263cd6d422366447e2d830ae6e9a2dabe48852cd19eeada9df5015f00624585e6be9282546f331ffcc367eefc9d51c98795391586b4356b714f82eaf19641f68d38188844cc9f3fd6cde2c216152bce4f140cd149e64b2fa5f36c21bf739a769c08a7bc902241db64a9f2154d4c9ba9d9c8a8e6fb9c966b8a658fd38eb6d56c6e30b7728b079f9c83e1920ae314e27b614ad047e81b02f561cbe9ec1f24cdeef5212252ad87effde3dd50adbf675fdc51d8567acc5c37b7229c9ef9128e9c09e0b5a7a786dccfb5e2e95163d4e7f16ccab2c00b1d1d13d83794dfad6d39632f0cce7db8b7b47309d547fe3852779e1e3905f212472d4cf4310276938bb3e2fb17084c87701c6757160b60d6c0c4094ab243d88507c8f22e07890051bc16c351e9855bff9a61bcb3e7ac5fc0c1c4272aa18bd51793ae9cd7288af0869811cea994c1ea049af25759eb9f08c8fd3d7aa4f71ac43e558a32d5a0da35fb6a60dfce99665c7f85db6c7271fafca5bee37c6e27343f3946078f758a2c9a0dc3611d8b50e4b0df113a730f2f595d2fb7efbdd5a6c3ccb0db304dd805ea71ae4109145d0ee65a5039c248ec8edcff3d496af1d1ea1e8ab12ae4030329d450006d6825aee1d67e321f8d393c0e249c1dae32ba21854ed7b4b550637a125063d9a844c5a90a7b7921e5d8a19bebe052e26110b3fa6a1dc918bac805f589186f85149d97886425208488ce4f3e5fd32dfeb9c55956c9c05275624ea23566f850eea70a5b3ecceb1baa424c166cea2eac81f6e8659ecccaa5ed6b8edcbf5fd4b8e547692fa739a857a1acea30cd40e5545ffcd8b9b7be390662d505e3c07a52e1c8efeaf39c08c5880761bbcfb00224e41be50d3b9e161f922e1d6fb509677259fd080369622dbab794a97a268c38f11a97ab142aa52089f9379446a6e55eb1444fc6f8e64b0dbe4c117c7a6f24a5e7ac88c36cd864721ab8a43784f2eee0fafdbeb1e3e18eda91db1bd46cbf68ac1bea9e4d0811fe7789bd7aceb6f9c4a29df72ad3849e29513cc162bc55ede75ba45b47ee8bc027f3dbc2623de7cd0266d4cd71062ffea81c8c6f769faac6e8d3d9c52fec747ae961baa0ece1bf8572dbfecc3f8c56ce3a0b7067d8513204841eb85c25d6987625f18cf738c855254e00c9db19ba5917716c4a835ca2de98b2075d0d0a5ce58768ac2bbb9fcef9de62cfb678df12dfd4d0bf0ac0767f3d5cfaccda28a28cf934a6e0e04a8fd054ead63a0375a132a85e2424721e2d8fd9239db6c7331bc1302d0bee03d24a4345514f162878b2a87abebf670b8e942aeb9f9185677a428d419ddd66d2fca29baf5010fedae316e8a33b71cacf9a3d7fa3f763e8dda0bca22d5209c319cb212263e14a944729adff6b9362e22769ceb442c5291e00cdae19915944ed1eed9c93092df2d1cc529c5002e8ce0d4e2bfb2485d45bdf651216dcf800e9c7a63d995ba3adf0bc23da329712225bbfe0edbf7a1afc9496771b7b7247775488e3241c29b4ac16d58292046a9c4281a16baddc1169f0102f53ac3d296e54818e35623d24a8d321ca76e222a8f46eec8eccb0446d1e373d35fdb532a56c359d90117f23c52172c3f31cc9cface8380091fc8b8cdbe7c0d505e6846c8998472beec96089bb6c9982726eac7a84f0d767b345a47e35731292356b87748b62317cf86d6d63990eac1ae366306a2c80dda5a2eed95e5d6b605334e3f6c823234251905dfdb8ad35ad5fd642daa8bf0b8f7fc37bae749c49f0193cafded5c22910b3ecdc5ffe145a2723da635093a6ffdc66033a2f6a17032dd2da7d55160928675ae9c6f262801674b556dc24c3fabe86da7ba2c112051a0b5a0ca7c2273ba91199e57d5abb7574df9e318ea1eeff1071c8914a46e171169b07bb31c980902ac4355c63cdebc4de6c57e4fcc5b36c2817700efeac02e8eb90a7fb90a6cf9623ddcfa62eb99103f390123b023d428874a6410df8ead155c9a6917c4f419f68230d298c883553e20035c19fe0003fc6a109b47671250267541ea0e07f79095f0c5983936fe4737713d5e249ae4b9a545f33f187b9e3eca0f60978f40c08bc636026be86ec7da9b248429b57aa842871824866c4af8a8c92d1d26426095d9cd8ed167e8295c5f1baed980741b462874f81e877bf7a7089eab4ebac8b55a5ddd444dc423800dccb1967132cadbd933dba4499312984047206777a5c92f699c6f04cc749f446c4e376e665a0a23555c192ce0bf4c14f4b0ffe3a9dfd9ffe3cbb7f58555ee67ee6d9eb9e086cd40ecd198378f9d284885ff270983a4bbdf613a2ac6d11de174c9807a595db4dcbd5c33de1b97f9db094ee34ab0087278a577daf8affc82f243214148501e07b130e54ab3caaa5af943a6546bdd31064154b1e29ae1b2398ead9af4aaa3b75e917c2a121fdcdf8e75043b35291af510bdfffe0f00789fdc40307dd", 0x1000, 0x2212}, {&(0x7f0000000040), 0x0, 0x1}, {&(0x7f0000000140)="731d4781dc160ec0b8ae3630243946f82c5445d2d383e28db055cac32714fb64cc80ce72c929eeea81fde1e52cde099796cecf13bbbfd15db2e97f31125e3a367abb4810a385b761fc962a8e263cb1a8b4d6509e6d9e59d280cc8bc4a3ba602c6600a150810b18eba382f7d0214d606a255e7861ef92e3bb5cbf599916e8fedd1971e3e92925d741ead3e39876ebe009e5", 0x91, 0xe5000}, {&(0x7f0000001840)="5e9e22b0f0e7f48dfdfee6f252641a0b4f63a88b9eb9b52b457cc0fbc85a796a14852a21099bacdd8ee4d600e00213622529252a2bf560daff8a52c58b319796db97363be2717abd923845db9d9f150ad4b74521c28d0d1c416964adcb0abceed83272b4a4354cd65c44d9b3c4ed41f0655c59c634bc27811bddb0ca6c25a85526a19a17cc34c44cdde3eee634e839a89a8c0f39afc97cbe647d4d1d72849ac8197e00a00fc3dc1c78223284716f6caebc1182781512f295ccf73aa9625ad919b3cf837b18fd5afc097746e8fe4e218a94754ec56d4255b2", 0xd8, 0x101}, {&(0x7f0000000300)="381455d2e9cd06cc6727989ef85976e20266f0451fa07d67df1cdb1cfc679ce9f1588341e087c1a9aa5a277c3dd245bcd4858851921d4a4e8fcdf2e614b4651a4d9e45893db8f2e7c4d5165aafd85f44ff24338edda97af7125dcfd2648a725496c16076e8ec747dabf763a4a37d309e812d1188ae473efb73f1c4784e33033e80b7cd494ce48bcccb692ddcf03dd1025e345230b844a18199ee7e625927a636232f6a2a490846abcaf8", 0xaa, 0x7}, {&(0x7f0000001580)="dc1000e4f6666edbb1e6cd842bedfb2b3b60458ec85cae6b064ae2768b78712791b99da380b8d21dbe933d2c81e6074d84a0c097ee08a38dafe8e0937f125fabfbd7c0ebd0dede96289bb3c2753586f941ce93e00c7ea0f3db96b4006d4f4a42cee325e6a58cd82a1a1117cf0ab8b0197c213955c32635c8dbb206ab23a44e91a62ed4e04d261a7b2a26b241e08da6e93a8529a114286239324fe9b73502c58473fcbdea2d4bd6a221946ff3c5c15d211895167807ce5139fc30b26adb75535d7b0ff19ecaa682ddde40ef257bdccec131", 0xd1, 0x800000000016}, {&(0x7f00000003c0)="2992598367e60b5586ff782a088cc73187555b52562d7f3deddc96d2855899cf8075bc4dcf5c4d5a5f8b2408d0fd8f8405fbeddaefd60dbf817ba1889fb3b64e86e38e00", 0x44, 0x200}, {&(0x7f0000001680)="1319d2559e6464aae3db36efea7addfcabd082817e1ce7426114b85ce8190ae554581c0d89e8a6b4fac3c80b8437adc1cc7d5c84ec6a10c19533f0970f9e70fcee114e1b4fc887ce4ae3dea601021daf0aaf8c81837ec7c9339292332bea8f1d6f723e0ddfc4d673d10cbe2c2edc569d61632875d3cc7502f4aea8c87f541d82fb0d4d915bf7e03adada46e68bf0fab2fe3abf8cc969a7c4c3125db5b7f66eae6d14182d1a06c467abe1bdf078607350dc055b7dc26b37b0544a83b016c88ad30ad44d58ddf7", 0xc6, 0x9}], 0x20000, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 296.406799] SyS_ioctl+0x8f/0xc0 [ 296.410272] ? do_vfs_ioctl+0x1060/0x1060 [ 296.414436] do_syscall_64+0x1e8/0x640 [ 296.418343] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 296.423203] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 296.428410] RIP: 0033:0x459d67 [ 296.431742] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 296.439470] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 296.446832] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 296.454137] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 296.461409] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 296.468685] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:17 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) setsockopt$inet_group_source_req(r1, 0x0, 0x15, &(0x7f00000007c0)={0x200, {{0x2, 0x4e22, @multicast2}}, {{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x108) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000300)={'icmp\x00'}, &(0x7f0000000340)=0x1e) setsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r4 = accept(r0, &(0x7f0000000000)=@nfc, &(0x7f0000000140)=0x80) r5 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_PRI(r4, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x404002}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r5, 0x0, 0x70bd2b, 0x25dfdbff, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x4, @media='udp\x00'}}}, ["", "", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x4400c0c0}, 0x80c1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) ioctl$KVM_GET_XSAVE(r7, 0x9000aea4, &(0x7f0000000a00)) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r9}}, 0x18) getsockopt$IP6T_SO_GET_INFO(r6, 0x29, 0x40, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000440)=0x54) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000900)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0x5, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(0xffffffffffffffff, 0x800443d3, &(0x7f0000000380)={{0x8, 0x0, 0x4, 0x1, 0x4, 0x1f}, 0x0, 0xff, 0x80}) 21:30:17 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x88200) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x8, 0x101001) socket$unix(0x1, 0x2, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:17 executing program 0 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:17 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x10000, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000040)=0x2, 0x4) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 296.610565] FAULT_INJECTION: forcing a failure. [ 296.610565] name failslab, interval 1, probability 0, space 0, times 0 [ 296.628945] CPU: 1 PID: 16190 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 296.636028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.645534] Call Trace: [ 296.648130] dump_stack+0x138/0x197 [ 296.648150] should_fail.cold+0x10f/0x159 [ 296.648165] should_failslab+0xdb/0x130 [ 296.648178] kmem_cache_alloc_node_trace+0x280/0x770 [ 296.665056] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 296.670539] __kmalloc_node_track_caller+0x3d/0x80 [ 296.675504] __kmalloc_reserve.isra.0+0x40/0xe0 [ 296.681748] __alloc_skb+0xcf/0x500 [ 296.685400] ? skb_scrub_packet+0x4b0/0x4b0 [ 296.689746] ? netlink_has_listeners+0x20a/0x330 [ 296.694522] kobject_uevent_env+0x781/0xc23 [ 296.698863] kobject_uevent+0x20/0x26 [ 296.702680] lo_ioctl+0x11e7/0x1ce0 [ 296.706333] ? loop_probe+0x160/0x160 21:30:17 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x301000) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000280)) r4 = socket$inet6(0xa, 0x2, 0x1) ppoll(&(0x7f0000000000)=[{r4}], 0x1, 0x0, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r4, &(0x7f00000092c0), 0x4ff, 0x0) fcntl$setsig(r2, 0xa, 0x24) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f00000000c0)={{0xffa6, 0x6, 0x40, 0x7}, 'syz1\x00', 0x4a}) setsockopt$sock_int(r1, 0x1, 0x9, &(0x7f0000000380)=0x2, 0x4) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) lgetxattr(&(0x7f00000003c0)='./file0\x00', &(0x7f00000017c0)=ANY=[@ANYBLOB="62741b000000000045c9005e949f8972733c3109ed068ccbfb87b1ee1cb5b1e298e1927436b706bcc85c2d85ff10d889e99bebe8f0a7233bd3ae976bfe95df42af7b91d56012fba9b1fbc8004e2bfbdb32cd7add1f6f9d5a357affd97a7bab7a72607df80eac0b8f2e9067709af22d0e7e3d5b450ea10f40d5be19c5dcdfc2630fd53b43f479b31eb103a69e1c63992cf628e47e2ca2204d7556a799221a0c26063c291a68e40d498591376876479172893a605cc89b6ae0ffcf6c6e1c8a5d96733c24092b61076710cad8552785f4a9d2202092365d4444338745a054196b4def87ff52cf51"], &(0x7f00000007c0)=""/4096, 0x1000) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x1e359464f4375ef0, 0xfa00, {{0x6000000, 0x0, 0x0, @empty}, {0xa, 0x0, 0x9, @dev}, r7, 0xfffffffc}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r7}}, 0x18) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x20, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x1, 0xfffffffd, 0xffff7ffe}) [ 296.710149] blkdev_ioctl+0x96b/0x1860 [ 296.714132] ? blkpg_ioctl+0x980/0x980 [ 296.718030] ? __might_sleep+0x93/0xb0 [ 296.721931] ? __fget+0x210/0x370 [ 296.725407] block_ioctl+0xde/0x120 [ 296.729056] ? blkdev_fallocate+0x3b0/0x3b0 [ 296.733402] do_vfs_ioctl+0x7ae/0x1060 [ 296.737449] ? selinux_file_mprotect+0x5d0/0x5d0 [ 296.742228] ? lock_downgrade+0x740/0x740 [ 296.746405] ? ioctl_preallocate+0x1c0/0x1c0 [ 296.751050] ? __fget+0x237/0x370 [ 296.754532] ? security_file_ioctl+0x89/0xb0 [ 296.758962] SyS_ioctl+0x8f/0xc0 [ 296.762344] ? do_vfs_ioctl+0x1060/0x1060 [ 296.766653] do_syscall_64+0x1e8/0x640 [ 296.770568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 296.775440] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 296.780653] RIP: 0033:0x459d67 [ 296.783856] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 296.791698] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459d67 [ 296.798995] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 296.806294] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 296.813574] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 296.820856] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:17 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat(r2, &(0x7f0000000040)='./file0\x00', 0x101000, 0x1b0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f00000000c0)={{0x3, 0x0, 0x7, 0x1, 0x10001}, 0x1, 0x2}) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:17 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0800cfe87b0071") close(r1) r3 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r3, 0x0, 0x30, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r3, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) write$binfmt_misc(r3, &(0x7f0000000140)=ANY=[], 0x0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10007, 0x3) 21:30:17 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmc#D#c\x00', 0x0, 0x10000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:17 executing program 0 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:17 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) dup(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x82, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x800, 0x4f416588956fea82) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 297.093899] FAULT_INJECTION: forcing a failure. [ 297.093899] name failslab, interval 1, probability 0, space 0, times 0 [ 297.147562] CPU: 1 PID: 16220 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 297.154634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.164267] Call Trace: [ 297.166874] dump_stack+0x138/0x197 [ 297.170528] should_fail.cold+0x10f/0x159 [ 297.174705] should_failslab+0xdb/0x130 [ 297.178706] kmem_cache_alloc+0x2d7/0x780 [ 297.182869] ? selinux_file_mprotect+0x5d0/0x5d0 [ 297.187641] ? lock_downgrade+0x740/0x740 [ 297.191810] ? ioctl_preallocate+0x1c0/0x1c0 [ 297.196246] getname_flags+0xcb/0x580 [ 297.200067] SyS_mkdir+0x7e/0x200 [ 297.203538] ? SyS_mkdirat+0x210/0x210 [ 297.207443] ? do_syscall_64+0x53/0x640 [ 297.211441] ? SyS_mkdirat+0x210/0x210 [ 297.215361] do_syscall_64+0x1e8/0x640 [ 297.219281] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 297.224180] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 297.229385] RIP: 0033:0x459317 [ 297.232582] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 297.240310] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 21:30:18 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x2) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:18 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0xfffffffffffffded) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 297.247590] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 297.254872] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 297.262155] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 297.269439] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:18 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000140)={0x2, 0x1, 'client0\x00', 0x2, "f67ee667b66dbf50", "0b9b6f93bd0f886e79ebce96b69ff89e3570b02bd6b0f634d06afc07bd01eb6b", 0x81, 0x800}) 21:30:18 executing program 2: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) ioctl(r2, 0xc3, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:18 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) connect(r0, &(0x7f0000000140)=@nfc={0x27, 0x0, 0x2, 0x6}, 0x80) r1 = syz_open_dev$sndctrl(&(0x7f00000001c0)='/dev/snd/controlC#\x00', 0x6, 0xf77f9858cc8ed41c) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r2, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) fcntl$dupfd(r1, 0x0, r2) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f0000000000)={'TPROXY\x00'}, &(0x7f0000000040)=0x1e) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000002c0)=@nat={'nat\x00', 0x1b, 0x5, 0x6b0, 0x4d0, 0x140, 0x308, 0x4d0, 0x308, 0x5e0, 0x5e0, 0x5e0, 0x5e0, 0x5e0, 0x5, &(0x7f0000000240), {[{{@ipv6={@loopback, @rand_addr="f160809193af6bd6b93eed367c2fc30b", [0xff, 0xff, 0x0, 0xffffffff], [0xff, 0x1fffffffe, 0xff000000, 0xff000000], 'sit0\x00', 'veth0_to_bridge\x00', {}, {0x17e}, 0xc9e853bcf3a2c130, 0x80, 0x1, 0x32}, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@srh={0x30, 'srh\x00', 0x0, {0x3c, 0x80, 0x76, 0x1, 0x1744, 0x86, 0xe00}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x8, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv6=@rand_addr="edc1cea5fbc1e44564702e9b33853089", @port=0x4e21, @gre_key=0x7}}}, {{@uncond, 0x0, 0x180, 0x1c8, 0x0, {}, [@common=@srh1={0x90, 'srh\x00', 0x1, {0x3b, 0x4, 0x5, 0x26, 0x3f, @initdev={0xfe, 0x88, [], 0x1, 0x0}, @rand_addr="2c2b505323e8515e2346b4d1e1c2558e", @remote, [0xff], [0x0, 0xffffffff, 0xff000000, 0xff000000], [0x0, 0xff000000, 0xffffffff, 0x7c9031640a6fcea9], 0x317c}}, @common=@mh={0x28, 'mh\x00', 0x0, {0x5, 0x1, 0x1}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0xe, @ipv4=@dev={0xac, 0x14, 0x14, 0x25}, @ipv4=@broadcast, @icmp_id=0x67, @gre_key=0x23e3}}}, {{@uncond, 0x0, 0x180, 0x1c8, 0x0, {}, [@common=@icmp6={0x28, 'icmp6\x00', 0x0, {0xb, 0x3f, 0xff, 0x1}}, @common=@srh1={0x90, 'srh\x00', 0x1, {0x5c, 0x2, 0x3, 0x7, 0xf5c0, @ipv4={[], [], @remote}, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, @ipv4={[], [], @remote}, [0xff, 0xffffff00, 0xff000000, 0xff000000], [0x0, 0xff, 0xffffffff, 0x181ffffff], [0xff, 0xffffffff, 0xff, 0x181800000], 0x80, 0x10}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x4, @ipv4=@local, @ipv4=@local, @port=0x4e20, @icmp_id=0x65}}}, {{@uncond, 0x0, 0xc8, 0x110}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x256, 0x2}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x710) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000100)={0x6, &(0x7f00000000c0)=[{0x3ff, 0x2, 0xbc, 0x5}, {0xff, 0x20, 0x81, 0x31}, {0x526, 0xc0, 0x5, 0x7}, {0x2, 0x7f, 0x8, 0x6}, {0xff, 0x11, 0x20, 0x2}, {0x1f, 0xef, 0x1, 0xc1}]}) 21:30:18 executing program 0 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 297.495732] FAULT_INJECTION: forcing a failure. [ 297.495732] name failslab, interval 1, probability 0, space 0, times 0 [ 297.508317] CPU: 1 PID: 16247 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 297.515382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.524776] Call Trace: [ 297.527384] dump_stack+0x138/0x197 [ 297.531186] should_fail.cold+0x10f/0x159 [ 297.535457] should_failslab+0xdb/0x130 [ 297.539597] kmem_cache_alloc+0x2d7/0x780 [ 297.543849] ? selinux_file_mprotect+0x5d0/0x5d0 [ 297.548608] ? lock_downgrade+0x740/0x740 [ 297.552845] ? ioctl_preallocate+0x1c0/0x1c0 [ 297.557263] getname_flags+0xcb/0x580 [ 297.562628] SyS_mkdir+0x7e/0x200 [ 297.566080] ? SyS_mkdirat+0x210/0x210 [ 297.570323] ? do_syscall_64+0x53/0x640 [ 297.574773] ? SyS_mkdirat+0x210/0x210 [ 297.578967] do_syscall_64+0x1e8/0x640 [ 297.583032] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 297.587914] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 297.593107] RIP: 0033:0x459317 [ 297.596285] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 297.603986] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 297.611257] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 297.618733] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 297.626010] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 297.633287] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 297.641070] net_ratelimit: 23 callbacks suppressed [ 297.641075] protocol 88fb is buggy, dev hsr_slave_0 [ 297.651119] protocol 88fb is buggy, dev hsr_slave_1 21:30:18 executing program 1: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) bind$nfc_llcp(r0, &(0x7f0000000100)={0x27, 0x1, 0x1, 0x3, 0x92, 0x4, "595764c65a92bd111bd3de9ea7431f87c3a15995fe951c337173f1ede36d1c896e18e67227eb1e2bfbc5f91ae75e56e9e522694034d39357972078d47feef3", 0x21}, 0x60) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r0, 0xc0a85352, &(0x7f0000000040)={{0xb, 0x3}, 'port1\x00', 0x8, 0x48, 0xfffffffc, 0x20, 0xfff, 0x400, 0xa35, 0x0, 0x1, 0xfffff800}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000000)={0x3f, 0x10000, 0xc80, 0x4ab, 0x6, 0x9}) r2 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x624840) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:18 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$llc_int(r2, 0x10c, 0x9, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:18 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/\xa4\xfb\x06\xa3snd/pcmC#D#c\x00', 0x0, 0x0) msgget(0x1, 0x102) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:18 executing program 0 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:18 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x1) write$selinux_user(r2, &(0x7f0000000040)={'system_u:object_r:dhcp_state_t:s0', 0x20, 'sysadm_u\x00'}, 0x2b) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 297.751421] FAULT_INJECTION: forcing a failure. [ 297.751421] name failslab, interval 1, probability 0, space 0, times 0 [ 297.782987] CPU: 0 PID: 16266 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 297.790056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.799438] Call Trace: [ 297.799480] dump_stack+0x138/0x197 [ 297.799500] should_fail.cold+0x10f/0x159 [ 297.809881] should_failslab+0xdb/0x130 [ 297.813874] kmem_cache_alloc+0x2d7/0x780 [ 297.818046] ? __d_lookup+0x3a2/0x670 [ 297.821860] ? mark_held_locks+0xb1/0x100 [ 297.826033] ? d_lookup+0xe5/0x240 [ 297.829591] __d_alloc+0x2d/0x9f0 [ 297.829605] d_alloc+0x4d/0x270 [ 297.829620] __lookup_hash+0x58/0x180 [ 297.836349] filename_create+0x16c/0x430 [ 297.836362] ? kern_path_mountpoint+0x40/0x40 [ 297.836377] SyS_mkdir+0x92/0x200 21:30:18 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x40, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040)={0x1ec}, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000001c0)=@gcm_128={{0x304}, "033215f0b082480e", "27957f22c7d502c3ebc2fe4657286053", "2c91890c", "11073f4153b3451d"}, 0x28) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f00000001c0), 0xe2, 0x22, 0x0) recvfrom$inet6(r4, &(0x7f00000000c0)=""/218, 0xda, 0xc3fddf1a92072b25, &(0x7f0000000000)={0xa, 0x4e23, 0x7, @mcast1, 0x1649}, 0x1c) 21:30:18 executing program 3: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0xea4edff350843257, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f00000000c0), 0x4) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) r2 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r2, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="d0a5bb4190e94e68aa63d9d5", @ANYRES16=r3, @ANYBLOB="000825bd7000fbdbdf25020000001c0009000800020009000000080002000000008008000100e80600001c00060008000100136c000008000100de0f000004000200040002003c0007000c00040008000000000000000c00040002000000000000000c0004001f000000000000000c0004004be00000000000000800010005000000"], 0x88}, 0x1, 0x0, 0x0, 0x40008}, 0x4c031) r4 = syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x7, 0x8000) ioctl(r4, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 297.852318] ? SyS_mkdirat+0x210/0x210 [ 297.856218] ? do_syscall_64+0x53/0x640 [ 297.860357] ? SyS_mkdirat+0x210/0x210 [ 297.864265] do_syscall_64+0x1e8/0x640 [ 297.868205] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 297.873072] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 297.878279] RIP: 0033:0x459317 [ 297.881588] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 297.889591] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 297.896876] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 297.904160] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 297.911594] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 297.918986] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:18 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$rds(0x15, 0x5, 0x0) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:18 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.syz\x00', &(0x7f00000000c0)=""/130, 0x82) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:18 executing program 1: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f00000000c0), 0x8) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) renameat2(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000280)='./file0\x00', 0x4) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x36c, 0xfa00, {&(0x7f00000005c0)}}, 0x18) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f00000002c0)={0x0, r1}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000300), &(0x7f0000000340)=0xc) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r7, 0x0) fsetxattr$security_capability(r4, &(0x7f0000000380)='security.capability\x00', &(0x7f00000003c0)=@v3={0x3000000, [{0x5, 0x6}, {0x2, 0x81}], r7}, 0x18, 0x2) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000000)={{0x6}, 0x0, 0x0, 0x80, {}, 0xff}) 21:30:18 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x406, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:19 executing program 0 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:19 executing program 5: syz_open_procfs(0x0, &(0x7f0000000140)='net/ptype\x00') syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$KVM_SET_XSAVE(r0, 0x5000aea5, &(0x7f0000000580)={"b05728beb6b7b5a3223c21f86e4d5fb762689751bac7606f3a2ed89298881e07a8374dbb255d15cb7a217cb2322641a71b5433b96c6cfc2ee9ba309b91073f3b88cc19761fb7e7f9d09534fd8101b01375939d1c131d2832957bc730b14b7fafec74833210c9dd17f6ddc0d1b09419e0c4d30052eed022995ced38595c10bc4f62c06654d2309e9ee73b5b9d70beda273619ae48ad2e5b6d6675837eec9ac78530422ed010442c96743856637da8d7a10bf7bf8b73667379a8c206ff2cffbc089c374bc211ad9c88c000c18fabf8c5bbb2657e516cc5bc332ef8b01007b744f67406a26052d9899c3e8de6fb00fc041b5ed1be1c397d223cf29f6142d3d98679664f570b88e564d142a18a3471ff088784af744cefb2bf89a22929146cd0e24710e3b24b9e0a81376c3d3f1b5f3506b45d1a3ac4bf98711c8c6ca349b66cebb31510ee3f31ff9b7ab9ad3457ce413a806203315ef81e1e2502687898c828e42df2775b8726be1e6c6b3a2fe58119d4d6206d29dd533700edc7e9e5af1789b897555e8e4b61f6039e0e5ff4512db0e5cb57cb1d744a39a70103763b7c2d7bca1488a49364b7314372586b6f1104bfabc8b131e70b28d2f39f61d53baa43139a965d173a6cc4f00f49167450c7afe09139fb1c0afbd6ef0ebec65c5998f4947c6a43d722505b11af9abca79e80b3abea6634366e47d6eec94200384598d3b46bed2c6e18cbe3042370781ef3fe3f100558a3cd35d21c8c448312fb4226248c9080e1b5797f2746e8bf6ab0536b7c6749477b02d33bc0ad7977230913e8932f2a811452bbfe9cc5ee0773c02db02a0870e175819d779140baa13b39861b98a000ead88ac1e715aec141622461e7e627e046968ac8164f862d599a44cdc86d9f207c0e6e294f3a69027b0f449b17d55831d3ec8918fab75e24ec583ffb85586deb6d9870413c2b313377963774bd7dde8f3fa725c1a682df63d9ee1f9b215c836e983c3463f7d406e9ea7c22a6eb3e5df45f6a5e6a293de6896b374fceadd86b30f4fa6270dd2b748df5f922faca56cfbbb283f220cf7eb67f161040258b1a7b301ba862077f8b02843d7b569cc241aa5576e4ecf98c31577ecb327e1e1ffdfb19a190ee90477fb9150583d48aed1ee94743e55f07e644e37a17b71bc05a23c05dbd4d1d6325154a4ab7040a0414e5984a8853d26ef47bbe02e1a6d402008ab181d631cc8d265cf512fc43c56ef71ba027849a4cd6b19ad538646b8c38cdb8c86ff02a49d56720d0bd9a97da5f2dfd74547e964833e9e7ac858fe8b28d5284c00c47e3dbc849fa53d9de9a8d96c9c792ed4e70cacf395b4a5736df0fd03de6620b81b703ace765a14ccf131d051d3a30598f066612b72fd5f4b1d362d1bd75f6f449bdf9a9cb1f408498cb2ba0fc5dbd3787c017d6bb16d375916c359e274521e344"}) rename(&(0x7f0000000200)='./file0\x00', &(0x7f00000001c0)='./file0\x00') 21:30:19 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) [ 298.289379] FAULT_INJECTION: forcing a failure. [ 298.289379] name failslab, interval 1, probability 0, space 0, times 0 [ 298.310931] CPU: 0 PID: 16299 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 298.318007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.318013] Call Trace: [ 298.318028] dump_stack+0x138/0x197 [ 298.318047] should_fail.cold+0x10f/0x159 [ 298.337860] should_failslab+0xdb/0x130 [ 298.342201] kmem_cache_alloc+0x2d7/0x780 [ 298.346685] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 298.352906] ? ext4_sync_fs+0x800/0x800 [ 298.356992] ext4_alloc_inode+0x1d/0x610 [ 298.361072] alloc_inode+0x64/0x180 [ 298.364735] new_inode_pseudo+0x19/0xf0 [ 298.364746] new_inode+0x1f/0x40 [ 298.364757] __ext4_new_inode+0x32c/0x4860 [ 298.364779] ? avc_has_perm+0x2df/0x4b0 [ 298.364791] ? ext4_free_inode+0x1210/0x1210 [ 298.364809] ? dquot_get_next_dqblk+0x160/0x160 [ 298.364826] ext4_mkdir+0x331/0xc20 [ 298.389611] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 298.389627] ? security_inode_mkdir+0xd0/0x110 [ 298.389641] vfs_mkdir+0x3ca/0x610 [ 298.389654] SyS_mkdir+0x1b7/0x200 [ 298.389664] ? SyS_mkdirat+0x210/0x210 [ 298.389675] ? do_syscall_64+0x53/0x640 [ 298.402646] ? SyS_mkdirat+0x210/0x210 [ 298.402664] do_syscall_64+0x1e8/0x640 [ 298.425478] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 298.430344] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 298.435554] RIP: 0033:0x459317 21:30:19 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pread64(r1, &(0x7f0000000000)=""/84, 0x54, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg(r2, &(0x7f0000002d00)={&(0x7f00000000c0)=@pppoe={0x18, 0x0, {0x1, @broadcast, 'bridge0\x00'}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000140)="bb1a92279b13cc16429127a4ec6c2d459bb5fb76e9cfc76183a43dba26f223b5d236908b0d1f47a6342f3509bfb8dcd6769d71e8cb8ffafcc9ce4dabb3faf441d241887e50b40a74810656f67c20321155be41d94f8ec441bf5ca697ec5d390130afa516a8fec0dfb9403580377e13c190fadb6d73a9a6b4c008d75d3a66d76f8084fd5593254094e012822f9854e5840648a93a9f664731f2", 0x99}, {&(0x7f0000000240)="85981314c59e356fc70d03baacb8b38b82b874dde45eaf2a6b74c8353c7392", 0x1f}, {&(0x7f0000000280)="6e73ca6328e67a31bfc7dacaf89e7c472a82d313416bdf18da00024b8603ea24a5ca10ccb1483887cd2d0d3b8726b9527470f4c6ac4a4cac8e9d23f5a6fdd13568ed9f3d5f0261ebbc1b49e7ce28aaa3c91d5e2018d8a0f7a50ee341f425b740c540a47de353fe1700572a1ee8831c5e0cdc9d7572980698e3b73663bf1d75", 0x7f}, {&(0x7f0000000300)="c47a75b0203104", 0x7}, {&(0x7f0000000340)='8#P\b', 0x4}, {&(0x7f0000000380)="6d154f52208ad62f95dfafde499e01d9940dc5a6395ea0df51e44f4f416a510882d1aba28831721cf3fa9c8812cab4552822fe8644fecf4f4ca4d81ec83174d954e32643bfbeaa36f436958c2a757be87281aea295284fd084504edc35ff495ed48026325b5c4656eb98d624f5f0336b2182f6a7f401ef5ec99d4058419e480b192c34f9d6f0660cef54825e49263ce7f73ff16bfb94b5879b3bccf2af38914bdb47c73b0c94407b2bea20f68b7b176ca667e8f79a0ca804350035dd55280d3f54bf6825738cd5277201d866583f049cbe21590e9b5133832098b448454c62efcecb", 0xe2}, {&(0x7f0000000480)="576efe757b6f951d3fa429c25f68bd3e344ea6790dc3b981aaf9b3f3fef0060eff25a3d43a4d724da22d317595b0621e37cd675639cc1c0c8e39b6d40bf6946e9be2451d0b0a4273f73c88990ddecbe92e66a152fcba5464e94152c710ed8d8041c89d9cf757d2120903b561d334db4e3440b08cebb2b5be3bcb392a4bd13c66d6e8ab761c3dab16362ff904ea2924f33a15878b6bcf5538b6812e468ff6a04da8c1f83527d8a630b01ecd096ec05a396ad0798e1eecd644ce2d859131df58b32d87", 0xc2}, {&(0x7f0000000580)="c16405c3fd30804a0fd43ec640f82fb66dd96a695f761bd0d35dc0cf481c968fd1b44cc9f371683b3a9ae43a66a01f107e2090da1317de290072e99b547f0a2382d9ee0f5c2fa116031bd1f064a9869b35c20a8d346ad50dab144cdc57444c76def9216f4a3612f55fdbc229480c71fce5f03b6b004e494d35a7072d1b0e5c7bf10ce14c33b69a28090d94c5c6002da028684e5094b2fa321476aea165c9616f72cbb16cadbbc777301f92011cccd6c048604529eb71cbb0255565", 0xbb}, {&(0x7f0000000640)="903cc9fc53c0145f47eff20a9b07b63990c66b7f15673fb1caaf8cb1566657098227f4e220ec0baa5045153b9f1df80d9c0d45a0d8a48a73b130b17f19e3a1c5af23aa164bbfb69f063fd3748002fd0bca1098f6634f22d1b1a77d6a31851c2b9005db62ca9ed481f81178c75eaf2e12bad6e8125394d40c9d9d34108a4b4755f5a26fc847cdc20a57d094fc079f22f0bbd61631117f5b377669520faf116c9093a691c13d21fadad2be054620f4e08c44825434212fae9ff67a1ad3689851bb0d4a623d304008be6fa35cd0f93bb13ba611c43659", 0xd5}], 0x9, &(0x7f0000000800)=[{0xb0, 0x103, 0x0, "3646a8f279571162ef53abfd47ded72428f375aa1fa1bab87d3f1fb7a5f00723339602725a60067b13448c338cba0f5d58d58a8c76e96a3d8461a67e4cd3459a08df7652efd8bfa97a76e0bc08a9063c7c59cb613fd3ba3ed3957c67bb9505f3df58aadb59ec46e50b00b459942eb062d9695217f9e0ebd77c3a4b68ad742807bbaf2d934826bbdacc71a5460ca797605a13184bcc1b10efb2c66f1fa8"}, {0x108, 0x116, 0x200, "6e7b5bc4d673e278b4967452533b372847298e18e4ac7c3a1cf50eb0dc82853d90d5ef0a9b47007ffc2a9c9715aba51bc5166910771c1537a0fd15a017da3015ff0ece3971cc8b6bf3184357e7e76f15466c4dbabb5f29eab345b573dd188448fdbcc9ac4ad6b25f41d4dc5d4e64bd773b2f02419455b61d4a62c0e132961a94406968c317edec146e0103c0a4ae3b231b71a742e835006a3a22bd421012744a19276c7f7a746e03572f0a05ea0ad32028174586691978072ec5791c074beb5e6597993491564d532481964d259c6c3a7124182e256a7a5e2c29677640d0dee2184201a23d3a9486d1166d4512d5488c22d7fc4f8fcf8c"}, {0x1010, 0x10c, 0x3, "e4682c4471803355bc4de5130f2ddd10521c2073f91ef9c4744c1458930faba84a279ae3f444739e6b17e0618300f06e15f21b9ba12263499aff1e9027236c7975447cca4e04288a35d2223eb40f419f4b55232e133b54b2c0db4dafb77c6c1de58f3d7692755bfb33a1edea466a94f70f285940f168739c62ceb62f0d6a039730108e8517aaea3f7a115fd7acb1eefcd8bb23d0624f2a44ae0ac12f470b0c1c5722e2e9f9fa36c37f5ebfc43e3e40af1ceba7fb17aab4ab49a861164cfa27cb265f245d8d416c7dd8e51ad7bfc82b7d1c3c8a3bb489e45597dcf753a0b0b0c6a5b0d23e82c350e9b8a050e17d543f88968ed5e8d84373fc24064504bb50be6ddfe0a655cb4be50edc3ff8b05c34bba7b99ffd323751d9de31163a2bf81b2d926ae74ad0d6d2874bdb6d2dff2f0f4af611f89cc2ebb0f3a131b43d9c3c4f7195b5229ab3fbfc357c95671a2e80daeadc991da7b65dcb1decfc97b19d9bac7dbdfb0f2b97118bf0ea26122e89e6dfc496abfe73eaf2cd91500ae37d707084fb6ae719c4a04071649d39fae461d4282f1a014188aa9b4e4ae8541a293908c2b1fcca122cef5ccd42438806f1a99f5d52796a12de4112e3ad7c79f23cd749873bfc79c8367dad76ec8988a7f7c5d4c43657cd67f47913ab8cce3db917b1f1540995e5e0537728c9f8e5585880a68fc4cc216ee799083eecfe72a7fbb16255c86d66f415094957dc9aa2072af150d8db79d6b36549bfced379aa87f947439cba9a5240ed3153808b755a757e3bd797338d51aa990db54b34ffb1b252aefddd12278cf8b336d65672820a0e76c613e4c872499205b2693f3e7735a08b847c54aa2cce44c66219379120da3ae1aac1ca79bdd0d91b8325b60a5064373a6bc29992880fbd45e1682e666bfd68eb44007060f3115c03b465c3a4bbff9c578b0b8540a2a55e7d0cd6afc4d980bb7658dd494962fc52ee41402bb07f021ed6b6a8260b7a3708a88870b76edfe01d66dc8342dd7f4a25d30827e521134f573ed6042fd75b67675ced0c23feea06e09d91c463df50e25008b1b5c6520ea7f01a88c8b29ce1234450d0930375b07dd166c0efa195788a529b1120f40b88e44a68403e4bffa79f35d7c3d7013a505290a2d0070bc737b78fca29e6dd64e10d376dd1dc8748fa32027dd78f789b1eb85203342c521d9abe1bce9c0e1ac96fa711547b8264a3365129385b7eb5244d5375983be1b01052e56e42f89a6a107051f0740ca3dcf70b27b824ec59f83e552bd1653a9bd1e3899a075908cd1922079db1a6878050e1f6a933f7b7b062f8205066b7860be56f1c3bc306346aa1ccb0d5186d13f48ac6065d0c7e8652cc1b9ba5154c5f9d88eba226367c927b3e48bee9c39bd74c083d476764ea7449984abe4c493b9faa2d5ff15da8f006895b6ee73f2109d6998614dc1bf47cf80d82099596aee1c4282504154c352292e376b0f229700e3e0976dd92f1538819bf97e095108b422e1502815774072a50d6828d098e0ca753c25b155c1d97e24151afd54a3a66b81360a1546968199c85167c760dc5b4036689f4c0838ed32417f3ebb46b76d102a4545edd79e9b772f729512fcfd54cbddcd79b4b6292d3a0957825e06be5cf2c4ba4d76949b6c1c5d9378ef8ef077e806218adf96f814e3d305e3f9b2d151478ba6c49c22a89afe661f6efd92ec0dbeb33dab6113e6101251f6bfbc2a6eab6c32edd6e4797e0788fa43c5c1c7fd2e0800ef92f11fa5f6c18e4c1e1aa4527d4089b47adfc4ea46a185037ed53495ba4d54725ebcf0550dab4c6b64d34efa3b67ae71fe2e8112f0a35bd23be020cb36c648aeb34a03c1df4be9349515691108f4c9281e6f627b7c55cafffe0aa2fec4e61475ded5ee9bed0f43674d56d94e92b9d6cb6a1acf7ac25499808a3bd7c3a55ee80c5fc8277aeb9e92f898c2cf4df2c74f2071f6d4ad52ae4440cff7398b6de1241ef54057dafc07a4af864a2825f771dc4e89fd302f15dfc8673dd06eda252a109d2ecd19b4b33995452d2acb0410bb2acb53547b88b4fea4c4a28ae423f6990fb1e0f7f1453c10a64161b3c2ca45917cce4ea08f7ada3fabf897c6c14975ec3670ad57a6f4f0565e99d7bb14851371b1be0dcb8ab01b974e5fde4e947f7cd5c88ec29a4a6829b22c9b22f0ea4b0122ae12d95080bc8560f1e6882fe090710ca6f71e6e9461eae9087893e5aa72100cc0113d7d6c6729a8739d192104055ab67999abe2e5d8ca239a5474a9ff77928ee0c74bddfbb91afd77d91e2bdadb6f20236f3cb7ec7eb291d571b1139542a1c1916a6ca12ceadd04bcca6397e5564ed6b7d69e4b15e9d5d44a3dced948423f90c274371ab7a84d91150cc866d318e07cadf1ffdfcf09ad49f4e35482741535a6601aa26563ab5e7b9afd1c9e0716445713ba175b9d68baf67dd37ff932413420ee45afc8968cbc6b934b546ea11796135ef682f4d9bca4d3972e569e752e3c3a9673e741e303014de9c77956ab9c6d19a33c8da4c3af93fead3249912ff5c6f87c8d1af532d5568fc19b88b5ece809c4504973fd4690ded767b1a2b28e8c0cb3ea8ddb87ecabeae53cde3a6be2c88a20fc53124d135328b7e491a7bd837145d46ae47970dd2c8a5f270939b94fa9b4f7014f744c22f9646758dcbc6d1606331da2219dcddaed121e741151d1decc18fa6054a460630c36b64951efccb8ee5b17fec645f0c6923f90c4384871c81d385406a14a15a6a4a791085263a1b565d2c738181ccf4a916e36da7f2f3c5629642db2cfe2c9e04f39e17423cfdbdbf9ed937785b0ec08e0070f474dcab974a032583fe395f7938294510b29858c84a8897251d8e3c323ff8c7d3ac50eb578aa484cc7c540f0f6a64c969316f2446acc4787e50691092d78ae38b35fbd3db5269ec6aa6d851c3a7ee5fcd1334f5b70228976829efa036810c07adfff7863fc0478332497d5728cdcf2497f14895ee1064a3beefa2e9d0d3efa7707c2e04c3cf0571e533d7eb3d906dea6ea4a0a13f440cc5309da9ff4f8b86a564de0fc9d0d9702da04b090322fb5c62a971806fc53fed8d91b9dc200d79ca4ba436272e3c20394c4a19ab92bd980c5d9f548e237e96a9c191b428f35cec1921f6a267e3e7d2495f62664d0093e0d3343a88b92b48f07eb05882f610fb4bd53f6bbd7cba5321ac0956a15d0d6d5dec4514d061712fbb430f4cc770e4d9fe123a96dd38058957515376451b8b2ccd14971509f4772cabe50b8677a3aa49c5521e793afa4f96abf136b41fc523e61e86f1c1c3348ef8ef9577d1c4a261ba8e6ea893835a1f0631635e86d1593d3b01cf467a9269dfd92383f1eb70be9b8858e2aec00f86b34eb4e2ffd787caee24c912d97a951540031f3e8d39b7e22b1892f96a03272ffe70bfe052cac7dc7d695c78fc207f0938b290a5afd57e0488cde1aab0308c173f9c4de2fc53c2deae5640044994bfb2ff65517e80fb92b1b964853dfecd33ef221d19e61ad589f8ea23f2328fafc26839434b0323827b422bae6502ba7650a6d718097f24b5a3c9fd40bfb639d489ba484939d22cf5ba016a779157f98998577ef20241837a6168cb4f247722bfbc17545be683c4d5f8110f3443b1813f07fdb9d9c3edc03785a442af3d646960b538b70f348429af0f2d85b2e78e7b669e6fccd9fb1419760a241c99e3d37e5a2bdb22698fc8897c150d8b7c33c8a2f2ca7ec0697ea8506e4080ce05ec224be03034cd60132d604f41975dc6aead9e0e7568f1936c0ca9331208a5d307f1c67e381ce7009957497cba6713fe766426fc180648f9fa14d7f953d52c569d0542a17922054f01f1a1ecf6acae8146e775c5c2c375ce6ac263b3d37dee49d26faca26dd42f662adf16b77f894875a998976dbf8c3813b478a36f8c7f65260ac8ab2bf6c06b17059711de91c4d6760b0a5a6ffcb7f66983861d46a14cbe0283eef74d17bbd6159cc4d338a254c5b768466ec427a0ff26a546e52b22f8a5f00778ec09f83345a9577346432e959f8d847ccf26dd708cd9bc3ddbcb0c1d9ae39e2ca24cc7109f871c0b61e0e6effe1bac1d6a5c9330657abae23fcf97a03a5990cbdeace742ab6b4f892ec712ebca93580a9b86da80ca78524ae17f15647e7b4da06f62420461e028e4dd6ed673c23441af8549d857221864f7dd1ad5f7a314cdbcdeb865f7df6c7ceb0048b7ee5d85384bc651272c71ba3100c928b6e5d078941f620adb03c6950df7fc1b96fe9680423c73d3d26b45ee477caade94fcf2a5eea6b91777f83fc8b8644e2273144c46d1baf83842355db9f901ebd4bd3f1b167b549e1a21fc1d48e70481aff75ab1434081bb2a3d39d9f0fbb69a5c318d78b8eaf8f5302d61e44a2ac8c9616e4da60bf2c2ee3cafcf4b4f297c28e90c2bd65f44bd5159e125bac5abe83396cc76942b3b98b53ba44502a2c9a085c249b23e2392cedd2774e78c4bfd7fb837e1a7d47e0a110ae6aaa11b6e5910c1b36c549a07f7c16b51be928ffefd7bf9f1ad9a166509c8060ed10ede5cf5415ae792f30da607c00ab024fbc0b1e0ee74f3286174d7dd70afa83626615d14cd5a40c985f44aa7842bf686f58c85e892500bc013ab7f25322ed773cd9633a1b72b0e233bd29e7209baabefb96cde4591f96446a7fa680914a2d11dc0f139dd905da1f7a06ae94b135c715a48845eaa9aeee1806bc161fef01a61dd97ca880b4bb8552de5a483b3ed2428fe6ca003cf116e19e5790321518265b4bd657599c3ce3855e0d374b1d39eede4fd1be650e73a5bbaaee2a2e1699f2c4d11d78e3d4cc82ed5e38b79171a32e6ccf77a5a9f669cd828170f6aa769009305c7730e3192e3abda308697dcf6f61b0319f04b73e19f53ef490ce21e84c7e849c14b6b4b3cd847060e487eb591ac14cd1e7096fb67572141d7910eb9c4721d9de18a757b9420bd0b9363ba05a2bb1d96eae192b0e743956c2b93184c54430a0676506edecfc912656f3e8ff81f959571dcd4aebe177e250282e66f144ef752930212d2d0d623acce5be9bbc824e7cd08c8fd2c6e25ddd815905525a3351164839ecb03b65f74c3a5c751e4558060faf664a42cd88007664e53c366e7c026c0f694445be7807aef0215d81ff1c80a99ddadfc2e2efd12f0ab692d19456ccbd630195ad4e052d20f18fac9f91d3608b94e492f207641ce78252f94cfba99d55c2305d06a555501f80ab590c7549f5f31c167acbe38fa5b451928d6918a9ee433cbd3643f75f009885f1b206b26dcd521c96e7b111634706e147ca273ba4d46e7b81320125f9bed1a6bf315b4a088a19991856ed672fb4c579eb368e1c417ada1c738064febc0a8f601c1c59b100ec094c998064f6b5ac8babf0086a398c126a36680ba30a3007166b7f5908c77d458a8778ec3c3b3be4b16d430d0c09939d490032f2a5b403c801da19b849fcd276108eb792a50eb48b07f83b872d00a88af386dc3fad7ce8fab1689892662d8f07ad1b0b00023a17879de36a9104029066adbb79d9e360bbe5bb3e74cd4176558c83d31799eb97f7b40b48f84bb2af80d506997e514b72bc1f923a50bd41783a7befe5b90a6d43a67c31ade84b9b119d70513ef26dc45820732b125ed9d8865298bc930e6b9b526b04bc33741bd01d4c6092232a1fdb95ddf6245519ff6ba8eec3313de336ebf79fc7416327a5dbd1da11ca76105949f6855a62787254b44d7bb32b0bbb78479318a1398400da3e420d7f609561504528c44a1cec8077f3b3545d5"}, {0x50, 0x0, 0x9, "49034950e9f2f68a01033e58d37c57aa37ead56355566b7be5c2da4283d1ec4835b3d1f41032687e3be70920b55b15efc1476bf09f1e20154271b9ee4d"}, {0x1010, 0x84, 0xfffffff8, "82d1fac424483a1f65d96511d373a4b5ca0c5ce89671443d72784d76bd4cdbfd7d5519f33ee57be16911ab590846cd3b12ed37332748776971bbd7a968b593a0ec8d54b457c630b6a3aa792370e2c1eb550a4395f7de1b5306e3f531ffbce38bba9a07f9bf64be003bda37dd7f576c61c173fa2b578874e66fb05463495719af9ec4157af47eccc242b15d7cd3dd0e0dc4cc9ac49ac04f5eb7d6e3bceefe831ff7f96a3a1372b36078cac0f5f8c078d1261b86fcb3b54b6a7b39887c2c8e07e1ea765186158da553fda4d2f283837bf8d77539a52a1a0a1218afec10f61ea38135ad9aeb7ad3ae0ed1c4dfb5a5fc01858b5364e96f1a157565e02c164284a0cf7315b960b36da329fc710f0879b99b9686359045dbf9780ae0ff1239a1d7a2ce100a48dc06380cc9dd3f9fae7ea9c6064e689ec973c19eeeb2739a5a917609c813e17ce349b1d29dcb4aab527b186593c38d06ce938d7041f7ccb1e4fe28805f2260c89e49df2aef6a6c3cbe6e303582443a1548ae4fe9792b33e88846163d8019ec34f44efc9348fdf2581262a4e7bf83d92bd995d30385745b886290c204eb5347d4cd75c0adede71cff6f851fe43dd41ea9b6fe4bb470624d90c9182b61758b83fae941055542250925bc8f0bc176a16372c59d470702111b46ee99e4890f9840cbdfccb2405557f06a1fc1b1d627fb6638ae83bbe152f2f19bd6befb1205d7179806b8382194b19a25020a035bb7840b10da13f1b6a7734c5b01fe03bb9fd5de080c9c853063df435469a41dbd64a9538e1ac94e6ec09ad250d217fde4ae106e1ef9df6283e659a312b87ba6b87b81022e3192e321cbd77b1bed604fdae765bd512a16cdadd61a5cdd8558a3dd4a6c7e495f0f8d1c9c67b7e2fa0b4a2eb2d75e2e532e2930538bd78df0ce1452506d511f5c3cc5660504d59cc0c7f545d34dd88d829fc689a630ee7ef94551ae59f596dccbab9013b4d0dd4dff2b69aa9fd7dc18691bbc4bf04b9a2a1021848d22e985af5171b6ebc5f3796d6f13a8bb5f3ab7de6744690949b46e9719cca7f24ddc3205669f1c11f72b3aad591d45d1cd2166a14c20361b5a1cb3e7949636cd38205e134bbb04a39dce3916529012e5452ed6922567b845b34c453ede857afc93140f833327a6974912cc544b87489ff312433e09ee775d3f847a87f5cf1882700174578d13f4d8e8c786b9553d1b762b903a62e19f350d1d3ce78494a7fce6601df5022c248ed78dd52d967f5cfb72ed55b55a4f981b56fadc076661a3d1517c1b7527a114cd18e3c625321e66d8dc6531ea35690e0e633150af2817d82d89086053a6211010078173e1d37d21c5b1d0babe3525aad6807e200c9bbc3061ebefd9ec24c6b804367723342271275e05a60f1e7afe4e05ffe9b74b8ccf14fa683f386590743a47ee7ea43dd128dcd0924594b0ff7a264d09f8132ba932780283a5eccb1ca097d5a77ea8ad7cffbff7ac58bc1a4755511146c8a6f3f6a65e518887a9a19b2f6c6fbb56ce9334d7c30e8994d4e0ee50e667fcef3a7dec16fd5d709b594bf1c2c4cfc95031205046f0e11d5a87997a0fc535898982ed88c45998d3fb37a01575d355dd806a97e88398639bbb3f25029fb254f1b7d129973b9c1a601b40e3cf239e06dcf1cc2cda7d5f887f61ea396e060398b47186d8deadc51e535d675f1cc74c2fda3aac6b9c8866b314eec5b27ebdeebde622de51662b20fe101d4e031d45b2c773e7360306a7075e14c24d074053f0e957c14eb024f08679af73f82e7bb7c4b40a03bf530b53c559ceb517c6e8303ac4ee1f6c2236167a8a2988dc707cab0b3a01dad6612ad59c22a25b810434375ce3c5f318d3be9e844c1a96de6c6cb90b3cd639421462094f1ab0c33e8808e09976b870c566ac007fb65b66c6d9468e6cf75e282ae7d60a5cce2b9101fb9812f9e029e60318b4e67dbe1a3eb89be5361369d257c2994018d73fde01d1c9c67d2e180929c6a9766dfd94f6b0cac35929464a9e048326741f833c0d725e7fedbd9afb46606b5322aa95e2f881d541c782fbdc807bf8402e1bc93c4ae498ca41bbfd5a4d1722310044854c1431e4c8dfa24bc54bbc5074d1c32692ec65d2a853b66109c14fef9d64aa7858da303875a9552008cc1ee780cf8bc962dfe05e2d9889c627e65bb2e76be4804e612f09bee7f840424562003fa058dc2b5ae446129627818bb921e7711e5a3687127c48a6caec3c935ae9273a44e5fc89f329b5586abbbe0b268e85cee37604b759e829cefc432888f45dad968f89d112fbf016c6536cdc76f07253d41a4f0cdf74175c1d9b30e7a05ed194801773de2916d65800f136485931794bb83f9e6a5fc688a26df933ecea6fd7bcfa81397c8728ca90b9143f914239d8816f3c717df3d767be5041b18d644c7780bc99138bb33c801b50508db785650369800587b49c378185ad401411dadab8af0ab499a720085457e66891f73d7d1ce5e7af6ede86ad2d49a2ccf1bc3dfa8e7cca1ac332f8b9c469a67cadedd47a53f7c52d95aa1dc047407bf5e5b8a16293c64f70d197953c27e1877bd5b6266524b3676ac057ed48a9e8645748eef573ef24ee1925b84b4a5f8388f9bad59455a8994c2bca5facfdeb5730102e70c90ee5e29121a8d0d26d70ae11ff370817a7617fe4ac0913fb9ad86193715ea7dd50c6d47da9b671af3af51b9055f813ac9477a4521e9cc0f8c0f442c5b9fd731f93738daec28eb81a230510ab4d92a9a55a343e69fb00efd7edefa3d6488037f06a63bf587a9840a884d96256633a91b64b509034a317d1a5f1f51c008664f68add289da999dcc6939d094b4b2a6e2d1a04a1612578b22d9ed0d217b110aedb964101425a0733aaebf90cac376067ed029d65e29f74b0a62a798f06312978896d50729325e1f6d1f40158118237f23f06b884c4c793f51eacc721f0c12ac79b01e3b598842b915343531b523b1ab852b044638c8998917d927b82d52ddd1ac3a2b23c2869d7f52d3e8d5b19efb9d7565624c1cd4d76a2f63102762f960a3f7a4d79a8a01f3c89346edfe1eaf7baf2e960ff3738f3d7e03d832b829ce67d928b6d95bbb1e9381b25b321754dad81770899ad19427125c64612034cd30dee761a9e0208cacdf2cc13ebc804b5f74324f72862be37d9a78678b4c0e1f7fe864adbf088dfd0a7a88141e87c4af60d37cebe280329e0dc47033c8c1b4076447e16589df2c09ce25ff43a5669618c2bf1a1f0146ec3707fcc84268153b75deee8edcb3a7a1e217bb2ff64e3ab94df57bee1feee71b9f398ac959309768605519748cc1abe678f79603b1526001e0858522104181dc99d48f2091701709dbd1e2dd7f64c3ec12da74dca8a3756e52952dacaef3df6a90256ff8112ee85cdd70ed47278b9eaeb103d1e0e383359e4fdaa6cc066df712d0f0be094767d17c7464240a8e75d5024255118902b88e3ae0a95a15326e0162f08ddb497c8239e79a55edcf140177e8fab6419f599b383b25dd344f68dc10081ec77d606c7aec429972656ea0247ef373be1901935b3aadc714cf69af770672d32ef43687901ddbf10af0aaaee529c91d7a36b001e5f912bebc4d728bbb3d2302a97e34fcc27450c37d5ac28915b782e1cea180d2dab5bb50ec0287aa4178a0a52c49284a555d9c79566bbb56bdb160e628d7572283112c1d230c0c463d0bb1f8c072b8ed9e6f918d018062eb7461a6023a47c9df5110e1cd41d851bd994b12061a158f3f503c65c1652ca63383fb089cfe44dd1761446974f0e001478303daeb2a4323dbaff5549a5277107c149940ab13b9d34d7c998690360fb92592cc0ddaebee39623a70ab9dbe8b064f5d91d3f99dfd3e1d6557fb7695e35324865d84bdc210610279b29b2486812be44066aa0a129000b74a78faf205219404b017f282a13c1ce9d603546c2efde81088d2b19166b0b691b9b762b6c912712439b6bde02fd69b21321ab6539da3af1c7bdbb9dfe1d64f63a942cfa047bf9a351f419b008c47190c1ed8c52b3950b046a2cf65ab2fa46d36c22a0cfd4cc3579dd6f04f7ebaa90b1ff447188055047186255915702ecfc65e542478643c1baf742260a8adff028a21f48c96b0abc0b515554b2d39c13a1bcd7a098a6b3d533c951a9f9a3227b79e0daec9b4ce8e757cd2e3798cd2813e04863ba1e5da2f7497620df123253a445b435476656883037f1de98eeed85fb886dce798c340bb6b29fa2eb8320959861e5cf5c2356c63ed0aeeb3250e989fb2f3e44807f275cb429789eb6347aac82bd77888c6ed6f161fa009d9c25a57943a4ed56810f40dc634205621ebd33f7cb02d38dba141c8948836829c22b16421cf3026596d409387dd1c8b3c73fa814d5232ca4ffbec4215a66fbeb402b559198dda7436bcafe9eaa2f0274d25a294af663c0d549e1b07fdf7623cb7a00dc9a57abaf1191705d4ddc7903cb3486bbefe53bc88d2a4f7f5bf0ea4b53bb552675f8fe564e7afed72b3337af68df5e05982f984612b0682d0c6f8a9fa467b75c3097eea211edad6d7da8abba9ee95725d453a2ba2f5dd2ee75a82501bc3a3f36d6cf413bc644643a740e4b118590b94f8eddef7e7194d6a387d619eadf52755204e36ad7fa16f37364c65249de29e1038ebb38e93e99ca244ecebceac232c1e5b549b6954020f67136ecf3542d5d79d4635ddac794613aeb288cc837de7f5e5713caadd9280c717d7bbf7acbcd020d0737492d1a9e8f481d714b3c16cf1d68e1d215e098d334aede163a9ab1fd6b68566953667b0879b28ced7d2c3790a0eb719455607e5b4c744d41a6f1babe375803da0309bed0bcf7a93787ce40c187d184d953dc765dba2554fb54943b406c6c5deae788bf44dbccb26c3737a2dc5f391000df030469b27f3cfa41e9680ea95fa207c149eee68376b3bec4c10e0f2f415911d0b987fd77e316af2fa06828c6c51f27ff7260838faf6ff77f60a06538645663309ac61f093a8a78bb9f6b93d8f698cd7dc345c39563dc5abc94808076f609176e049ca45cf66c1c9844ddcad465158afbfeecdda7777ea26eded2ed1c4bfecfeccba841219546a1db2b6a23619ff3f074b07d354b6237bb4c6d66fe1eec97036788719b1db6a4d29ac4dacd03981464908d6824410aa040113a374d2310e2990d41bcfc17b98ef02f828e564dd4e33c9728ed387068fe96c40e1b7ce94e9b20cd066f54a5c53026094f82070130e659fc8081751b7f46ae61507f7b6cc2fdf6c88fcc2b0ed96a5c9c39ac7437898407639fd94e4a63fe1c7065b5e20f86f9f9b2705a8056e0c39037c78d4295eb303f4c9947b24cf73e07997bf3247ded3b172555c1db8167dba32e2fc980c43dfd86fb76ad76873747fa035a44d34b342730bc20d5327103e0850676326ad79ccb5dba2833f9774b6c15429900180a0b3be4cc36c43041e2eb8ded806463a66bd9dcbf6a3c3d18c41d1dbbc50abc99b3a3d65a4baa9329bec7fe0e954c90e0217a523b50c60b654205728e85860d8fe94d5e1a25cd891ab3418c34666895c7f7733f74d5d51e3703e21ab867600eb4a4e7ade97051f9aaeee4bd1190dc1e8af186e44de7a4fe9cc2377c63201fa070e202fb3a9453b524fa968148134eebe4c22c515c439746dd9bc7e788d3c94c60a81dd967e2fb25c398a4a50d2a24ec3b1360fd0371411778ff184b5e788815141ac4841bc3f601d8a0f2939bd5bc6090dbd823a0e49a9ca734d412dbd00c28b9d53ddc8a00e060f6c431"}, {0xa0, 0x14a, 0x5, "fb9cb5abc2c7dd2a323b572dba54e0b1d96aed8ee69cc7fdce097686894677a33dd8bd2659e3b23181219a9f0f3ff6051983928e16c286ea38e957d8f52301d25f9db66c505b72a473495d070275009955b06b065384e0c6c7600b1c16f7b37ea5bd46228bc1ada8945c5d66a69c5be2aa302b788ffa0a21f4ed6cbf82c2b54194d2403ded223885469388a2b9"}, {0xc0, 0x100, 0x2, "ff6b8bf76a1729172043e4b401541a6c8ec22f69b429a70d3ad6332d0472c6e7dca826229be1808945fa74c1049c3911811f4f53e41b5028238ed1a0b26d0fa9761290704c874543b13ddca07c634e2bc3f5e0a2ee984e78742ce7ee59d42b5d386bb4f96cd4561c4ddc70fa355ef472a21c959518a9d03fb41941579118083bbbbb54089ab70eabd9c583ca8024fd107dbf9d403201f9a518da613d4270d18043d78a1ffac5f8ed5f5148f3118bd1"}, {0x78, 0x112, 0x0, "ae883f7f22374457eb274331cf6afaf0baa286ca47592ebbd19c608350df2475517fefa708facf5b22e1b8c67708701c8574303e33cae804bab42357c64b7c0b86e361b9562cd44802516e0e241528686f06d00e683778b2e285445fca25debc08f0ce25524d"}, {0xd0, 0x104, 0x3ff, "8015a87162a914248942ba81f06c48f6ae5658525d0b17a09866320635eb4fdf2ee449b3ed443ef9194416d4a5ebcf174382788912c3689aeecd12858a8cd529ea609beba35d51b71372f5e96b3612608cbe2b5fcd1394af306ad409611b8d3ce23c2bb4af7090ce30d9a6e0c88016a10eca6184f3d4af4881ac9bf02c9254c3dbe849c87aa4047bd1338027a41e0ced5f353736aefa690a9d4ef97e628498e9df6d397617f6315615d1176b31f8bec4190c538dd1d1f9a95987dd"}], 0x24d0}, 0x0) 21:30:19 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) ioctl(r3, 0xfff, &(0x7f0000000280)="c6d148515083b2a571e1c02a00517b17d3452c7896942a43955af2bde8a3928aa9e6e90836b1a088c310f3a268da8a6e931287749e12c6e7a5b6c84d15d432ed5586c2f9d2abb953264400276eb4bf1a8e9a41be1cfc2188538280a9de0c1346f0ec54797ef4281e6480687f63b53eec8cfa9f8a2b301539ce6cc56d1ac3926351cbd2c9094cba7817463c3fac7cb6456c70162b44f57d789b9faaba1206ea1f0681e136f659c998fe41d9d4f23714f56a38724d8399d294bbdbc4e7f2d4fcadbcaff5d201c63c5f68655986bf3eb559bafefc679af56ab381b8487acd92f043") setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) ioctl$TIOCSPTLCK(r3, 0x40045431, &(0x7f0000000000)) 21:30:19 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) getsockname$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000340)=0x1c) ioctl(r2, 0x100000000, &(0x7f0000000040)="cae1b4b142491c1ef89a0e73235931419f03c89df29b6b7bc1826e2f73b5d0726b532eba9009008120ff2d07b537aa6a8153164a9ecf") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000)=0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r7}}, 0x18) r8 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r8, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r8, 0x5411, &(0x7f0000000380)) ioctl$UI_DEV_DESTROY(r5, 0x5502) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f00000001c0)={{0x9, 0x2, 0x9, 0x5, 'syz1\x00', 0x8}, 0x2, 0x100, 0x4, r4, 0x8, 0x40000008, 'syz1\x00', &(0x7f00000003c0)=['*posix_acl_access\xe9\x00', 'btrfs\x00', 'btrfs\x00', 'btrfs\x00', 'securityeth0#eth0@\x00', 'securityeth0#eth0@\x00', 'btrfs\x00', 'btrfs\x00'], 0x57, [], [0x6, 0x3ff, 0x48, 0x9]}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 298.438751] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 298.446470] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 298.454507] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 298.461785] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 298.461791] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 298.461795] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:19 executing program 0 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 298.595020] FAULT_INJECTION: forcing a failure. [ 298.595020] name failslab, interval 1, probability 0, space 0, times 0 [ 298.606683] CPU: 1 PID: 16329 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 298.613731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.623095] Call Trace: [ 298.625694] dump_stack+0x138/0x197 [ 298.629595] should_fail.cold+0x10f/0x159 [ 298.633764] should_failslab+0xdb/0x130 [ 298.637936] kmem_cache_alloc+0x2d7/0x780 [ 298.642099] ? __debug_object_init+0x171/0x8e0 [ 298.646689] ? ext4_alloc_inode+0x1d/0x610 [ 298.651074] selinux_inode_alloc_security+0xb6/0x2a0 [ 298.656181] security_inode_alloc+0x94/0xd0 [ 298.660513] inode_init_always+0x552/0xaf0 [ 298.664754] alloc_inode+0x81/0x180 [ 298.668463] new_inode_pseudo+0x19/0xf0 [ 298.672430] new_inode+0x1f/0x40 [ 298.675780] __ext4_new_inode+0x32c/0x4860 [ 298.680035] ? avc_has_perm+0x2df/0x4b0 [ 298.684017] ? ext4_free_inode+0x1210/0x1210 [ 298.688423] ? dquot_get_next_dqblk+0x160/0x160 [ 298.693085] ext4_mkdir+0x331/0xc20 [ 298.696704] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 298.701473] ? security_inode_mkdir+0xd0/0x110 [ 298.706052] vfs_mkdir+0x3ca/0x610 [ 298.709759] SyS_mkdir+0x1b7/0x200 [ 298.713295] ? SyS_mkdirat+0x210/0x210 [ 298.717181] ? do_syscall_64+0x53/0x640 [ 298.721150] ? SyS_mkdirat+0x210/0x210 [ 298.725037] do_syscall_64+0x1e8/0x640 [ 298.728914] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 298.733754] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 298.738941] RIP: 0033:0x459317 [ 298.742123] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 298.750009] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 298.757730] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 298.765311] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 298.772585] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 298.779856] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:19 executing program 0 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 298.875862] FAULT_INJECTION: forcing a failure. [ 298.875862] name failslab, interval 1, probability 0, space 0, times 0 [ 298.887667] protocol 88fb is buggy, dev hsr_slave_0 [ 298.887717] protocol 88fb is buggy, dev hsr_slave_1 [ 298.898094] CPU: 1 PID: 16336 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 298.905229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.914597] Call Trace: [ 298.917206] dump_stack+0x138/0x197 [ 298.920869] should_fail.cold+0x10f/0x159 [ 298.925166] should_failslab+0xdb/0x130 [ 298.929223] __kmalloc+0x71/0x7a0 [ 298.932694] ? mls_compute_context_len+0x3f6/0x5e0 [ 298.937632] ? context_struct_to_string+0x33a/0x630 [ 298.942656] context_struct_to_string+0x33a/0x630 [ 298.947498] ? security_load_policycaps+0x320/0x320 [ 298.952641] security_sid_to_context_core+0x18a/0x200 [ 298.957942] security_sid_to_context_force+0x2b/0x40 [ 298.963056] selinux_inode_init_security+0x493/0x700 [ 298.968303] ? selinux_inode_create+0x30/0x30 [ 298.972831] ? kfree+0x20a/0x270 21:30:19 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r4 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x2, 0x0) ioctl$EVIOCSKEYCODE_V2(r4, 0x40284504, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, "7c7c0f4cafd545f9f59096106716af409eed7ae97185343cced4a785efc5346c"}) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r5 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) sched_rr_get_interval(0x0, &(0x7f0000000240)) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r7, 0x407, 0x0) write(r7, &(0x7f0000000340), 0x41395527) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r8 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x616040, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r8, 0x5411, &(0x7f0000000080)) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={0x0, @multicast2, @initdev}, &(0x7f0000000280)=0x314) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) splice(r0, 0x0, r6, 0x0, 0x10007, 0x6) r9 = openat$selinux_status(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/status\x00', 0x0, 0x0) ioctl$SIOCX25SFACILITIES(r9, 0x89e3, &(0x7f0000000200)={0x38, 0x20, 0xc, 0x6, 0x8, 0xc1}) [ 298.976217] security_inode_init_security+0x18d/0x360 [ 298.981425] ? ext4_init_acl+0x1f0/0x1f0 [ 298.985494] ? security_kernel_post_read_file+0xd0/0xd0 [ 298.990851] ? posix_acl_create+0xf5/0x3a0 [ 298.990887] ? ext4_set_acl+0x400/0x400 [ 298.990898] ? lock_downgrade+0x740/0x740 [ 298.990910] ext4_init_security+0x34/0x40 [ 298.990921] __ext4_new_inode+0x3385/0x4860 [ 298.990943] ? ext4_free_inode+0x1210/0x1210 [ 299.016179] ? dquot_get_next_dqblk+0x160/0x160 [ 299.020874] ext4_mkdir+0x331/0xc20 [ 299.024527] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 299.029213] ? security_inode_mkdir+0xd0/0x110 [ 299.033807] vfs_mkdir+0x3ca/0x610 [ 299.037521] SyS_mkdir+0x1b7/0x200 [ 299.041088] ? SyS_mkdirat+0x210/0x210 [ 299.044995] ? do_syscall_64+0x53/0x640 [ 299.048975] ? SyS_mkdirat+0x210/0x210 [ 299.052880] do_syscall_64+0x1e8/0x640 [ 299.056785] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 299.061707] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 299.066898] RIP: 0033:0x459317 21:30:19 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r7}}, 0x18) ioctl$KVM_X86_SET_MCE(r5, 0x4040ae9e, &(0x7f00000000c0)={0x0, 0x4, 0x1ccf, 0x4, 0xf}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x3}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000080)={r8, 0x7f}, 0x8) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r9 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x79, 0x4001) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r9, 0x84, 0x76, &(0x7f0000000280)={r8, 0x9737}, &(0x7f0000000380)=0x8) 21:30:19 executing program 0 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 299.070094] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 299.077923] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 299.085220] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 299.092652] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 299.100101] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 299.107456] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 299.164022] FAULT_INJECTION: forcing a failure. [ 299.164022] name failslab, interval 1, probability 0, space 0, times 0 [ 299.175716] CPU: 0 PID: 16351 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 299.183051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.192618] Call Trace: [ 299.195226] dump_stack+0x138/0x197 [ 299.198850] should_fail.cold+0x10f/0x159 [ 299.203109] should_failslab+0xdb/0x130 [ 299.207080] __kmalloc+0x71/0x7a0 [ 299.210662] ? mls_compute_context_len+0x3f6/0x5e0 [ 299.215670] ? context_struct_to_string+0x33a/0x630 [ 299.220698] context_struct_to_string+0x33a/0x630 [ 299.225533] ? security_load_policycaps+0x320/0x320 [ 299.230567] security_sid_to_context_core+0x18a/0x200 [ 299.235768] security_sid_to_context_force+0x2b/0x40 [ 299.240889] selinux_inode_init_security+0x493/0x700 [ 299.246140] ? selinux_inode_create+0x30/0x30 [ 299.250625] ? kfree+0x20a/0x270 [ 299.253985] security_inode_init_security+0x18d/0x360 [ 299.259322] ? ext4_init_acl+0x1f0/0x1f0 [ 299.263529] ? security_kernel_post_read_file+0xd0/0xd0 [ 299.269674] ? posix_acl_create+0xf5/0x3a0 [ 299.273909] ? ext4_set_acl+0x400/0x400 [ 299.277871] ? lock_downgrade+0x740/0x740 [ 299.282025] ext4_init_security+0x34/0x40 [ 299.286290] __ext4_new_inode+0x3385/0x4860 [ 299.290652] ? ext4_free_inode+0x1210/0x1210 [ 299.295077] ? dquot_get_next_dqblk+0x160/0x160 [ 299.299747] ext4_mkdir+0x331/0xc20 [ 299.303365] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 299.308049] ? security_inode_mkdir+0xd0/0x110 [ 299.312650] vfs_mkdir+0x3ca/0x610 [ 299.316201] SyS_mkdir+0x1b7/0x200 [ 299.319858] ? SyS_mkdirat+0x210/0x210 [ 299.323770] ? do_syscall_64+0x53/0x640 [ 299.323785] ? SyS_mkdirat+0x210/0x210 [ 299.323795] do_syscall_64+0x1e8/0x640 [ 299.323803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 299.323819] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 299.323827] RIP: 0033:0x459317 [ 299.323831] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 299.356794] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 21:30:20 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0xfeddc2f5dbbef2d) socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x2, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) fcntl$addseals(0xffffffffffffffff, 0x409, 0x1) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:20 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000040)=@ng={0x4, 0x4, "bc6d3299cd29"}, 0x8, 0x6) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$VIDIOC_S_EDID(r0, 0xc0285629, &(0x7f0000000100)={0x0, 0x8, 0x4, [], &(0x7f00000000c0)=0x8}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x3, 0x2) getsockopt$netrom_NETROM_T1(r3, 0x103, 0x1, &(0x7f0000000200), &(0x7f0000000240)=0x4) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm_plock\x00', 0x0, 0x0) ioctl$TCGETX(r4, 0x5432, &(0x7f0000000180)) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:20 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/sn[\x9epsmC#D#c\x00', 0x7, 0x8000) 21:30:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f0000000140)='./file0\x00', 0x10000000000000, 0x0, &(0x7f0000000300)=[{&(0x7f0000000200)="9563edb6bc044ccc988356743e85f7dd0e19e7f7225bded4b52ef987f35cb0da463bc7c3d6e27b886bf27b", 0x0, 0x645}, {&(0x7f0000000240)="807d030a57a9d214029c131a4477708ef37f724697675ffaf5538553fe470e1a1bf1ff7738a36d32362eb0ab52de222b8820476f55bd1ede7e9fa739910a86b6940fe8243735b4abfae15cc59b4fdd8df726d5d121a21827f21628cbe9cb781737a92390a2961d66b52a17950b349f69c6bc9258f02a981acaa40c55c81544e5334c76380070fa769748ca90197e42e666f856da0a400c8244bd8fa5a1cc9b97e1c19a8622fc242862", 0x0, 0x86f0}], 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x101000, 0x0) setsockopt(r0, 0x20, 0x3, &(0x7f0000000340)="d0fb1e1d01e95a16f6fa5e9fadd97477ba6bdc7470087a702f17c24e063a11b23b3eb10db62af1cec98d1e19b3b9342d95f8bbc0f78dd0682fdb0d2d1aa6c73efb5d85ad239d94ea04ceae02e2667c460ceeabe4cf528314e0e19fd851bcde8820614362110b33cdedb3097ecb65d9b4888f229c9dea0f5817f6a242989e173c922645e1cac43b53fdb4ef193b1eb333ed9e88627954", 0x96) ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000000)={0x6, 0x5, "266b237af81f32d2803799bd75fed1b947b72de72ba9264da6a21d1242e800d7", 0x7, 0x0, 0x7, 0x81, 0x68}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 299.364079] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 299.371369] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 299.379116] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 299.386409] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:20 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$TIOCGWINSZ(r3, 0x5413, &(0x7f0000000000)) dup(0xffffffffffffffff) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) getsockopt$inet6_dccp_int(r4, 0x21, 0x1, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$CAPI_GET_ERRCODE(r0, 0x80024321, &(0x7f0000000280)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 299.440104] protocol 88fb is buggy, dev hsr_slave_0 [ 299.440135] protocol 88fb is buggy, dev hsr_slave_1 [ 299.445230] protocol 88fb is buggy, dev hsr_slave_1 [ 299.455468] protocol 88fb is buggy, dev hsr_slave_0 [ 299.460578] protocol 88fb is buggy, dev hsr_slave_1 [ 299.465879] protocol 88fb is buggy, dev hsr_slave_0 21:30:20 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') ioctl$USBDEVFS_RELEASEINTERFACE(r0, 0x80045510, &(0x7f0000000240)=0xffffffff) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10051004}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0xe4, r1, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0x48, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fff}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@mcast2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x1}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x42}, @IPVS_DEST_ATTR_TUN_TYPE={0x8}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7ff}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x81}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_SERVICE={0x24, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x58}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x34}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x20008080}, 0x14000010) 21:30:20 executing program 0 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 299.597439] FAULT_INJECTION: forcing a failure. [ 299.597439] name failslab, interval 1, probability 0, space 0, times 0 [ 299.609515] CPU: 0 PID: 16384 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 299.616552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.625926] Call Trace: [ 299.628736] dump_stack+0x138/0x197 [ 299.632627] should_fail.cold+0x10f/0x159 [ 299.636940] should_failslab+0xdb/0x130 [ 299.641053] __kmalloc+0x2f0/0x7a0 [ 299.644622] ? ext4_find_extent+0x709/0x960 [ 299.648973] ext4_find_extent+0x709/0x960 [ 299.653147] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 299.658632] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 299.663156] ? save_trace+0x290/0x290 [ 299.666993] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 299.672029] ? __lock_is_held+0xb6/0x140 [ 299.677352] ? lock_acquire+0x16f/0x430 [ 299.681354] ? ext4_map_blocks+0x402/0x17c0 [ 299.685711] ext4_map_blocks+0xd3c/0x17c0 [ 299.690026] ? __lock_is_held+0xb6/0x140 [ 299.694330] ? check_preemption_disabled+0x3c/0x250 [ 299.699379] ? ext4_issue_zeroout+0x160/0x160 [ 299.703907] ? __brelse+0x50/0x60 [ 299.707393] ext4_getblk+0xac/0x450 [ 299.711044] ? ext4_iomap_begin+0x8a0/0x8a0 [ 299.715388] ? ext4_free_inode+0x1210/0x1210 [ 299.719822] ext4_bread+0x6e/0x1a0 [ 299.723389] ? ext4_getblk+0x450/0x450 [ 299.727306] ext4_append+0x14b/0x360 [ 299.731046] ext4_mkdir+0x531/0xc20 [ 299.734701] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 299.739397] ? security_inode_mkdir+0xd0/0x110 [ 299.744010] vfs_mkdir+0x3ca/0x610 [ 299.747588] SyS_mkdir+0x1b7/0x200 [ 299.751287] ? SyS_mkdirat+0x210/0x210 [ 299.755284] ? do_syscall_64+0x53/0x640 [ 299.759285] ? SyS_mkdirat+0x210/0x210 [ 299.763250] do_syscall_64+0x1e8/0x640 [ 299.767187] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 299.772193] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 299.777407] RIP: 0033:0x459317 [ 299.780617] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 299.788765] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 21:30:20 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_open_procfs(r2, &(0x7f0000000040)='net/fib_trie\x00') fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$EVIOCSABS0(r1, 0x401845c0, &(0x7f0000000000)={0x101, 0x101, 0xfffffffb, 0x100, 0x10001, 0x3}) [ 299.796059] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 299.803456] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 299.810743] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 299.818057] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f00000000c0)='./file0\x00', 0x3779e04f, 0x222, &(0x7f0000000080)=[{&(0x7f0000000240)="8da4363ac0ed0200001e95a0b36a4c2d8cad8511002e060000ebffff00004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efdd76e0ff63df29a000001000000000001fffffff60000005f424852665301001f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bf3a6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118fa9a52451f6e41e38896248f447472ab68b77c366736e04050532b09094", 0x34e, 0xc4b}], 0x10401c, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000140)={0xfffffffffffffeed, 0x4, 0x0, {0x6}}, 0x28) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = shmget$private(0x0, 0x600000, 0x0, &(0x7f0000a00000/0x600000)=nil) r3 = shmat(r2, &(0x7f0000e80000/0x2000)=nil, 0x0) shmdt(r3) shmdt(r3) fcntl$setpipe(r1, 0x407, 0x0) ioctl$KDDELIO(r0, 0x4b35, 0x100000001) write(r1, &(0x7f0000000340), 0x41395527) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000000)=0x1, 0x1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000340), 0x111}}, 0x20) r7 = accept$nfc_llcp(r4, &(0x7f00000001c0), &(0x7f0000000040)=0x60) fadvise64(r7, 0x0, 0x22b5, 0x9) 21:30:20 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000080)={0x0, 0x1, 0x4, 0xffffffffffffff7f}) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:20 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) ioctl$VIDIOC_SUBDEV_G_FMT(r1, 0xc0585604, &(0x7f0000000080)={0x1, 0x0, {0x7ff, 0x89, 0x1009, 0x2, 0x6, 0x13, 0x1, 0x7}}) ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f0000000040)=0x5) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x480080, 0x0) 21:30:20 executing program 0 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 300.036390] FAULT_INJECTION: forcing a failure. [ 300.036390] name failslab, interval 1, probability 0, space 0, times 0 [ 300.048905] CPU: 1 PID: 16405 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 300.055941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.066443] Call Trace: [ 300.069068] dump_stack+0x138/0x197 [ 300.072790] should_fail.cold+0x10f/0x159 [ 300.076986] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 300.081930] should_failslab+0xdb/0x130 [ 300.085935] kmem_cache_alloc+0x47/0x780 [ 300.090028] __es_insert_extent+0x26c/0xe60 [ 300.094603] ext4_es_insert_extent+0x1f0/0x590 [ 300.099214] ? check_preemption_disabled+0x3c/0x250 [ 300.104975] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 300.110790] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 300.116382] ? ext4_es_find_delayed_extent_range+0x31d/0x960 [ 300.122437] ext4_ext_put_gap_in_cache+0xcb/0x110 [ 300.127594] ? ext4_zeroout_es+0x170/0x170 [ 300.131855] ? ext4_find_extent+0x64c/0x960 [ 300.136205] ext4_ext_map_blocks+0x1d4b/0x4fa0 [ 300.140908] ? save_trace+0x290/0x290 [ 300.144818] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 300.150200] ? __lock_is_held+0xb6/0x140 [ 300.154290] ? lock_acquire+0x16f/0x430 [ 300.158713] ? ext4_map_blocks+0x402/0x17c0 [ 300.163259] ext4_map_blocks+0xd3c/0x17c0 [ 300.167709] ? __lock_is_held+0xb6/0x140 [ 300.171789] ? check_preemption_disabled+0x3c/0x250 [ 300.176829] ? ext4_issue_zeroout+0x160/0x160 [ 300.181507] ? __brelse+0x50/0x60 [ 300.185513] ext4_getblk+0xac/0x450 [ 300.189161] ? ext4_iomap_begin+0x8a0/0x8a0 [ 300.193807] ? ext4_free_inode+0x1210/0x1210 [ 300.198243] ext4_bread+0x6e/0x1a0 [ 300.201782] ? ext4_getblk+0x450/0x450 [ 300.205831] ext4_append+0x14b/0x360 [ 300.209667] ext4_mkdir+0x531/0xc20 [ 300.213325] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 300.217998] ? security_inode_mkdir+0xd0/0x110 [ 300.222932] vfs_mkdir+0x3ca/0x610 [ 300.226719] SyS_mkdir+0x1b7/0x200 [ 300.230282] ? SyS_mkdirat+0x210/0x210 [ 300.234186] ? do_syscall_64+0x53/0x640 [ 300.238169] ? SyS_mkdirat+0x210/0x210 [ 300.242064] do_syscall_64+0x1e8/0x640 [ 300.246056] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 300.250912] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 300.256317] RIP: 0033:0x459317 [ 300.259499] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 300.267568] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 300.274995] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 300.283603] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 300.291221] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 300.298711] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:21 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x441002) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000040)={0xffffffffffffffff}, 0x2, {0xa, 0x4e23, 0x6, @mcast2, 0x8}, r2}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000100)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r3}}, 0x18) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:21 executing program 0 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:21 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@local, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xfee2f44808fec297}, 0xc, &(0x7f00000002c0)={&(0x7f00000001c0)=@newtclass={0xd4, 0x28, 0x8, 0x70bd25, 0x25dfdbfe, {0x0, r4, {0xe, 0xfff1}, {0x3, 0x8}, {0x9, 0x3}}, [@TCA_RATE={0x8, 0x5, {0x3, 0x3a}}, @TCA_RATE={0x8, 0x5, {0x7f, 0x2}}, @tclass_kind_options=@c_dsmark={{0xc, 0x1, 'dsmark\x00'}, {0xc, 0x2, @TCA_DSMARK_MASK={0x8, 0x4, 0x35}}}, @TCA_RATE={0x8, 0x5, {0x2, 0x5}}, @tclass_kind_options=@c_hfsc={{0xc, 0x1, 'hfsc\x00'}, {0x24, 0x2, [@TCA_HFSC_RSC={0x10, 0x1, {0xd2, 0x331b, 0x2025}}, @TCA_HFSC_USC={0x10, 0x3, {0xffffffff, 0x9, 0x1}}]}}, @tclass_kind_options=@c_qfq={{0x8, 0x1, 'qfq\x00'}, {0x14, 0x2, [@TCA_QFQ_WEIGHT={0x8, 0x1, 0xfff}, @TCA_QFQ_LMAX={0x8, 0x2, 0x20}]}}, @tclass_kind_options=@c_dsmark={{0xc, 0x1, 'dsmark\x00'}, {0xc, 0x2, @TCA_DSMARK_MASK={0x8, 0x4, 0x5e}}}, @TCA_RATE={0x8, 0x5, {0x80, 0x7}}, @tclass_kind_options=@c_drr={{0x8, 0x1, 'drr\x00'}, {0xc, 0x2, @TCA_DRR_QUANTUM={0x8, 0x1, 0x9}}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x8000) 21:30:21 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xfffffffffffffd4d, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) pipe(&(0x7f0000000180)={0xffffffffffffffff}) pwritev(r2, &(0x7f0000000100)=[{&(0x7f0000000280)="ea1cb5b7363eb0e746896a49807aae12e30da359ca7d43f95c96f352606ad0be7f3ba9e801802ff1e9748d788eb28ef79573412f5ff96db1536eb3487b3d5c0dd0ff698f4f9ca4bd76b61c5332e8a7cdf96be1f0cb059d66438444eb79980581d907690ea8da092e8b0e44b7440ac1d67a5cf9cc4f6768e704157dfad6a16cac738819005b33faade9f3c46f588b9e93052d735d9825213affc1113d1755628fb9f216d840247e443967986aad83f1177adcd7df79", 0xb5}], 0x1, 0x0) vmsplice(r7, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r8 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r7, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r9}}, 0x18) ioctl$EVIOCREVOKE(r7, 0x40044591, &(0x7f00000000c0)=0x14c000) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) write$FUSE_INTERRUPT(r3, &(0x7f0000000040)={0x10, 0x0, 0x1}, 0x10) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r10 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r10, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r10, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_mtu(r10, 0x0, 0xa, &(0x7f0000000000)=0x1, 0x4) [ 300.428306] FAULT_INJECTION: forcing a failure. [ 300.428306] name failslab, interval 1, probability 0, space 0, times 0 [ 300.443738] CPU: 0 PID: 16418 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 300.450777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.460405] Call Trace: [ 300.463005] dump_stack+0x138/0x197 [ 300.466651] should_fail.cold+0x10f/0x159 [ 300.473081] should_failslab+0xdb/0x130 [ 300.478683] kmem_cache_alloc+0x47/0x780 [ 300.484501] ? lock_downgrade+0x740/0x740 [ 300.490700] __sigqueue_alloc+0x1da/0x400 [ 300.495398] __send_signal+0x1a2/0x1280 [ 300.500141] ? lock_acquire+0x16f/0x430 [ 300.504152] send_signal+0x49/0xc0 [ 300.504165] force_sig_info+0x243/0x350 [ 300.504191] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 300.504205] ? is_prefetch.isra.0+0x350/0x350 [ 300.504223] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 300.504241] __bad_area_nosemaphore+0x1dc/0x2a0 [ 300.504255] bad_area+0x69/0x80 [ 300.540959] __do_page_fault+0x86f/0xb80 [ 300.545051] ? vmalloc_fault+0xe30/0xe30 [ 300.549129] ? page_fault+0x2f/0x50 [ 300.552948] do_page_fault+0x71/0x511 [ 300.557896] ? page_fault+0x2f/0x50 [ 300.561572] page_fault+0x45/0x50 [ 300.565068] RIP: 0033:0x453aff [ 300.568337] RSP: 002b:00007f4523547a88 EFLAGS: 00010283 21:30:21 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) clock_gettime(0x3, &(0x7f0000000140)={0x0, 0x0}) utimensat(r2, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={{}, {r3, r4/1000+30000}}, 0x100) r5 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r5, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r6 = fcntl$dupfd(r1, 0x605, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 300.573693] RAX: 00007f4523547b40 RBX: 00000000200000a8 RCX: 0000000000000000 [ 300.580955] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f4523547b40 [ 300.590302] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a [ 300.597590] R10: 0000000000000075 R11: 00000000004e6620 R12: 0000000000000004 [ 300.605428] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:21 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f0000000180)=""/94) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = socket$inet6(0xa, 0x2, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r2, &(0x7f0000000000), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_int(r2, 0x29, 0x12, 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x1e) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$inet6_int(r1, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) setsockopt$inet6_buf(r0, 0x29, 0xcc, &(0x7f0000000240)="3357b143fcceec9923116d89b6eda2825ecb5551980c35ced6a746aa340f72213d77281c364b837cbaea5ad67c44482c0c5454ee1f10fd09296a38f6e97d82921ffeff16df9120f2bf50a63b7d988a777ed3e575aebd62e3e5c1fadeb9d24308b0a3036fb6881e1ba436e3ae483b8b7e668027b80aa9c63fdd4c21d3648989133e8c135bca98b136442c6a6ec303d13d9c37d983015bb60fbf70fa565191a9f044671ebb75e63173a4e43b408e8bb78ad83317ac40d561f7902229e53961207446b94f9975d0e4a1d60ba3c1ebebfedfae3baa3ddad70397509185b250a69d22491a811d12094ba21e906fedf67b8ffbf46195dc41c1fa", 0xf7) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000040)=0xc) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="b6ffffffa6f62a1fc620cf63c849a9637dbecdadeaa4d372f0aa2ff863a92b26df2a60940420a7c10651f777e15f76a3963b7a0110f60d534bd7032424a20e888e16e685f1eefa2f1f67"], &(0x7f00000000c0)=0xfffffd26) 21:30:21 executing program 0 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:21 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/mcfilter\x00') ioctl$KVM_GET_LAPIC(r0, 0x8400ae8e, &(0x7f0000000580)={"debebead0581c5b97517bd04040ead53fdbe6996361e0dbeb31dac96a41a1e79e3d8d35e607a9176a43fcf0f164a2c3da1ff8ae107d7279e5314106f487c8a024c27df189579ee1e07ffd036941911c3c83f95a1debe2df59445ecb4f4c2bb4db19eeaf4120ebd4890ad1ab7aa7463c8389b2bcb0ebfc5bf676f7205116b958fe3528d7dd1e8a933a644bfdd3a78a313fdda022fbc3db118d24e5c1f07aecfbcea9a9374b5c9596dee012eb1c82ad45d8e7fa624dea68a72ba16bf5a6b18e8b9af6fc0817ac5276e14417cc752f18e4bb9b110e1560bffa8e20b44b1c8d1318c87bbb18c514420e395543f64b5a9821e2db561a2f887d615c1e771e5caff0800c51887836727f68f20163007ccdbe8f0ac13d08523c85cccb6afde3ac565003ae685b3cb0618391c56156631ed3fc88aad4c05015f51080dfe7de46382b07ac23939074637d9155d4212742319fdd1e98c6c101b82e55d7f8aae0e66ff06c314f73701f8d61e1401d980d59b97551517e8c668126ead324d94e1e529dacae2153280b26980688be08127d7c8e1ff5d121ca536d8587e9f221aaa62987d863cebb15c8dfdc7ba72d3cf2fce3c614ee736de9470b987622b9fb0d50d8bfe3c8b72b27598c4f7fa4af9d0d0f1203233f1ad6cd0d3cc7c6dba90d257b6b8b7e1acf8631994d7814b5d18d5eca65fe02f06549eaee2ce37f72fb1403ffdd71a16708180be4acfe935412b1045f1d16c6e6f2dce20be420ee54849c7f1853c82fa47970e1a59ab6b0ac4ab6f348b710981db21c8a4b7d57e8cd66f089ab3701be0dd0275ef523ca379403720d6a75910fd4b5ead281717f5f7bb2da1cccb1e2068beb0a74a1a159d489fd39748b31274ac5ac1d360ce3716e4ddc81e85177ab5b5cef8f0bc24c98dff23d78c63f0fb7306088414bc61ba41a807dff592971f456b01a93afcbdcb52469ca621ebe1f7b28e4a042b47fe6bbbf5b00718bbe4c3ff1c9c99d4c98882c844abbc4ccb8db7ff6104c40edd40a784bdbab26843d6028cc7c2d5fffa4ea4b526a061d49234f0315bf4aad26549501533633067310bad0db0ebf1ee3123979790651db36ff1c601ef73ff0026e3297573a7fb42cf9f5de955281f9d8ea1390735545d8b44b8d72d104600491ffcb0b66bb3a6b6b3e553433a0d62dc793009199f6f6bc447fe69199eff0ab7d6924ac47a8f021e92bc715918fd107635ab7e3eeb87dc44d2d497f909586ac378d03edefa1456837682787874e74046872cd550500033de84b605ba7e3f7c45f5bd831a960c225471c673abedc942bd1b029893560649f269b5b01c16558d164a1740b1b0c627552f51e0fd76a3413c2c3fd48acff68988ee577b181434845f3cdcf730fa913f9d32f46882e2763744c146c10f109e3cda400bb801eadadf7a36d3a6235449bb0b372ab2776e46a6"}) r1 = getuid() r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f0000000400)={0x0, 0x0, 0x2, 0x2, {0xb8b, 0x2, 0xd56, 0x2}}) syz_mount_image$hfsplus(&(0x7f0000000040)='hfsplus\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x3, &(0x7f00000002c0)=[{&(0x7f0000000180)="16f2c0faef028d61257499ebda23bf6d78cc33f0d190db0295f0705b1ea6c1c627b441fc70b9da09a919ddf67dfb14", 0x2f, 0x9}, {&(0x7f00000001c0)="4a8fac11be4867014950afabc11f197f8a207fc902a67b8005a59f470f6329e0c945cb303477b96487354ecdc90e579241a167851d233b48a2a5838b0fe88cf95395afe4fe5cab6126bf08ce91f5d2e59780b46b973261fd5bcd2df9fccbd770f64c766ad532f8904f84a716bd87d618dac7fcd83160b58851835e6f0841c68c5737", 0xffffffffffffff3e, 0x100}, {&(0x7f0000000280)="0f9f680c30e70d2441830669f754d21ea28e2d686f", 0x15, 0x6}], 0x5b190e174f0ca998, &(0x7f0000000340)={[{@creator={'creator', 0x3d, "9414db38"}}, {@barrier='barrier'}, {@creator={'creator', 0x3d, "ee05cb1e"}}, {@part={'part', 0x3d, 0x5}}, {@decompose='decompose'}, {@force='force'}, {@barrier='barrier'}], [{@smackfsfloor={'smackfsfloor'}}, {@subj_type={'subj_type', 0x3d, 'trusted-'}}, {@dont_hash='dont_hash'}, {@uid_gt={'uid>', r1}}, {@permit_directio='permit_directio'}]}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 300.744507] FAULT_INJECTION: forcing a failure. [ 300.744507] name failslab, interval 1, probability 0, space 0, times 0 [ 300.801514] CPU: 1 PID: 16438 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 300.808575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.818036] Call Trace: [ 300.820641] dump_stack+0x138/0x197 [ 300.824280] should_fail.cold+0x10f/0x159 [ 300.828433] should_failslab+0xdb/0x130 [ 300.832409] kmem_cache_alloc+0x2d7/0x780 [ 300.836788] ? rcu_read_lock_sched_held+0x110/0x130 [ 300.841841] ? __mark_inode_dirty+0x2b7/0x1040 [ 300.846434] ext4_mb_new_blocks+0x509/0x3990 [ 300.850863] ? ext4_find_extent+0x709/0x960 [ 300.855208] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 300.859841] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 300.865094] ? __lock_is_held+0xb6/0x140 [ 300.869191] ? lock_acquire+0x16f/0x430 [ 300.873188] ext4_map_blocks+0x881/0x17c0 [ 300.877472] ? ext4_issue_zeroout+0x160/0x160 [ 300.882029] ? __brelse+0x50/0x60 [ 300.882115] ext4_getblk+0xac/0x450 [ 300.882128] ? ext4_iomap_begin+0x8a0/0x8a0 [ 300.882138] ? ext4_free_inode+0x1210/0x1210 [ 300.882151] ext4_bread+0x6e/0x1a0 [ 300.882159] ? ext4_getblk+0x450/0x450 [ 300.882174] ext4_append+0x14b/0x360 [ 300.882187] ext4_mkdir+0x531/0xc20 [ 300.882204] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 300.917771] ? security_inode_mkdir+0xd0/0x110 [ 300.922376] vfs_mkdir+0x3ca/0x610 [ 300.925943] SyS_mkdir+0x1b7/0x200 [ 300.929548] ? SyS_mkdirat+0x210/0x210 [ 300.933574] ? do_syscall_64+0x53/0x640 [ 300.937705] ? SyS_mkdirat+0x210/0x210 [ 300.941618] do_syscall_64+0x1e8/0x640 [ 300.945517] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 300.950392] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 300.955604] RIP: 0033:0x459317 [ 300.958838] RSP: 002b:00007f4523547a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 300.967028] RAX: ffffffffffffffda RBX: 00000000200000a8 RCX: 0000000000459317 [ 300.975394] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200000c0 [ 300.982942] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 300.990327] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 300.997611] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:21 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000), 0x9, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000001c0)={0xffffffffffffffff}, 0x111, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0x6000000, 0x4e22, 0x0, @dev={0xfe, 0x80, [], 0x11}}, {0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0xff}}, r9}}, 0x48) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r8}}, 0x18) epoll_wait(r6, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x1000) ioctl$NBD_CLEAR_SOCK(r5, 0xab04) splice(r0, 0x0, r2, 0x0, 0x4bcc, 0x6) 21:30:21 executing program 0 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 301.123025] FAULT_INJECTION: forcing a failure. [ 301.123025] name failslab, interval 1, probability 0, space 0, times 0 [ 301.134298] CPU: 1 PID: 16461 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 301.141712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.151106] Call Trace: [ 301.153720] dump_stack+0x138/0x197 [ 301.157380] should_fail.cold+0x10f/0x159 [ 301.161693] should_failslab+0xdb/0x130 [ 301.165693] kmem_cache_alloc+0x47/0x780 21:30:21 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x200000, 0x0) r5 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r5, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) getsockopt$SO_COOKIE(r5, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000200)=0x8) setsockopt$inet6_MCAST_LEAVE_GROUP(r5, 0x29, 0x2d, &(0x7f00000006c0)={0x7, {{0xa, 0x4e20, 0x8001, @dev={0xfe, 0x80, [], 0x15}, 0x10001}}}, 0x88) getsockopt$inet6_buf(r5, 0x29, 0x23, &(0x7f0000000580)=""/219, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r6 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x1) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f00000001c0)=0xc08, 0xff3b) ftruncate(r6, 0x80003) sendfile(r5, r6, &(0x7f00000000c0), 0x8000fffffffe) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCADDDLCI(r7, 0x8980, &(0x7f0000000580)={'nr\x0fjc\x00\xff\x03\x00\x00\x00 \x00', 0x10001}) r8 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000700)='NET_DM\x00') sendmsg$NET_DM_CMD_START(r7, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000780)={&(0x7f0000000740)={0x14, r8, 0x400, 0x70bd29, 0x25dfdbfd, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x20040801) sendmsg$NET_DM_CMD_START(r6, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40200800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r8, 0x10, 0x70bd29, 0x25dfdbfc, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x14000180}, 0x48001) sendmsg$NET_DM_CMD_STOP(r4, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8600000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r8, 0x200, 0x70bd2c, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x8030}, 0x11) sendmsg$NET_DM_CMD_STOP(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1008600}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r8, 0x8, 0x70bd2a, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r10}}, 0x2de) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000000)={r9, 0x0, 0x401, 0x8001, 0x3ff}) [ 301.169878] ? lock_downgrade+0x740/0x740 [ 301.174053] __sigqueue_alloc+0x1da/0x400 [ 301.178442] __send_signal+0x1a2/0x1280 [ 301.182443] ? lock_acquire+0x16f/0x430 [ 301.186479] send_signal+0x49/0xc0 [ 301.190073] force_sig_info+0x243/0x350 [ 301.194171] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 301.199738] ? is_prefetch.isra.0+0x350/0x350 [ 301.204374] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 301.210122] __bad_area_nosemaphore+0x1dc/0x2a0 [ 301.215132] bad_area+0x69/0x80 [ 301.218565] __do_page_fault+0x86f/0xb80 [ 301.222658] ? vmalloc_fault+0xe30/0xe30 [ 301.226721] ? page_fault+0x2f/0x50 [ 301.230353] do_page_fault+0x71/0x511 [ 301.234385] ? page_fault+0x2f/0x50 [ 301.238628] page_fault+0x45/0x50 [ 301.242080] RIP: 0033:0x453aff [ 301.245333] RSP: 002b:00007f4523547a88 EFLAGS: 00010283 [ 301.250805] RAX: 00007f4523547b40 RBX: 00000000200000a8 RCX: 0000000000000000 [ 301.258086] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f4523547b40 [ 301.265378] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 21:30:22 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = shmget$private(0x0, 0x4000, 0x800, &(0x7f0000ff9000/0x4000)=nil) shmctl$IPC_RMID(r0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffb000/0x3000)=nil, 0x3000}, 0x2}) [ 301.272683] R10: 0000000000000075 R11: 00000000004e6620 R12: 0000000000000004 [ 301.280189] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:22 executing program 5: r0 = syz_open_dev$dspn(&(0x7f0000000000)='\xfa\xff\xdc\xb4A\xe9\x8f\xe7\xca\x00', 0x100028001, 0x20000) ioctl$int_in(r0, 0x80006080045010, &(0x7f0000000140)) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000200000000000000"]) sendmsg$IPVS_CMD_GET_INFO(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x81000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="416177dc02f8b7098dd39ddab94fb1908e01df8752ec0dc82fda52185f18c600000000000000", @ANYRES16=r1, @ANYBLOB="020026bd7000fcdbdf250f0000004c000300080007004e230000140002006e6c6d6f6e3000000000000000000000140002006e723000000000000000000000000000080003000100000008000500e0000001020005000000001f3400010008000200330000000c0006006e6f6e65000000000800050002000000080004004e2200000c0007000600000002"], 0x3}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x3c, r1, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8}]}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfffffff8}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xd18}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7ff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4800}, 0x1) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file1\x00', 0x9, 0x1, &(0x7f0000000080)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:22 executing program 0 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:22 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x500000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:22 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = syz_open_dev$radio(&(0x7f00000001c0)='/dev/radio#\x00', 0x2, 0x2) ioctl$RTC_VL_CLR(r0, 0x7014) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/commit_pending_bools\x00', 0x1, 0x0) mq_open(&(0x7f0000000140)='GPL[procproc{mime_type*\x00', 0x0, 0x8, &(0x7f0000000180)={0xfffffffffffff000, 0xf11, 0xfffffffffffffff8, 0xffffffff, 0x100000000, 0x1, 0x0, 0x2}) ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000040)=0xfffffa89) [ 301.421638] FAULT_INJECTION: forcing a failure. [ 301.421638] name failslab, interval 1, probability 0, space 0, times 0 [ 301.433488] CPU: 1 PID: 16487 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 301.440901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 301.450592] Call Trace: [ 301.450614] dump_stack+0x138/0x197 [ 301.450632] should_fail.cold+0x10f/0x159 [ 301.450648] should_failslab+0xdb/0x130 [ 301.450661] kmem_cache_alloc+0x47/0x780 [ 301.450675] ? lock_downgrade+0x740/0x740 [ 301.456958] __sigqueue_alloc+0x1da/0x400 [ 301.456974] __send_signal+0x1a2/0x1280 [ 301.482684] ? lock_acquire+0x16f/0x430 [ 301.486674] send_signal+0x49/0xc0 [ 301.490213] force_sig_info+0x243/0x350 [ 301.494202] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 301.499871] ? is_prefetch.isra.0+0x350/0x350 [ 301.504417] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 301.504433] __bad_area_nosemaphore+0x1dc/0x2a0 [ 301.504450] bad_area+0x69/0x80 [ 301.504460] __do_page_fault+0x86f/0xb80 [ 301.504473] ? vmalloc_fault+0xe30/0xe30 [ 301.504484] ? page_fault+0x2f/0x50 [ 301.504495] do_page_fault+0x71/0x511 [ 301.504505] ? page_fault+0x2f/0x50 [ 301.537493] page_fault+0x45/0x50 [ 301.541536] RIP: 0033:0x453aff [ 301.544735] RSP: 002b:00007f4523547a88 EFLAGS: 00010283 [ 301.550118] RAX: 00007f4523547b40 RBX: 00000000200000a8 RCX: 0000000000000000 [ 301.557395] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f4523547b40 [ 301.564898] RBP: 0000000000000001 R08: 00000000000000e0 R09: 000000000000000a 21:30:22 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x404001fe) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 301.572579] R10: 0000000000000075 R11: 00000000004e6620 R12: 0000000000000004 [ 301.580310] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 303.040294] net_ratelimit: 15 callbacks suppressed [ 303.040299] protocol 88fb is buggy, dev hsr_slave_0 [ 303.050593] protocol 88fb is buggy, dev hsr_slave_1 [ 303.600141] protocol 88fb is buggy, dev hsr_slave_0 [ 303.606549] protocol 88fb is buggy, dev hsr_slave_1 [ 303.610099] protocol 88fb is buggy, dev hsr_slave_0 [ 303.616639] protocol 88fb is buggy, dev hsr_slave_1 [ 303.621932] protocol 88fb is buggy, dev hsr_slave_0 [ 303.627129] protocol 88fb is buggy, dev hsr_slave_1 [ 303.632466] protocol 88fb is buggy, dev hsr_slave_0 [ 303.637534] protocol 88fb is buggy, dev hsr_slave_1 21:30:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$inet_buf(r2, 0x0, 0x2c, &(0x7f0000000480)=""/118, &(0x7f0000000040)=0x76) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r4, &(0x7f0000000640)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r7 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r6, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dcac13b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b98147ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff6b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b118fb3ac06879c84e322122784fe00c44b292dce26da8813d107826cc09291f8ec178d2b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a"], 0x24c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000001640)={'team0\x00', r6}) sendmsg$inet(r3, &(0x7f0000001740)={&(0x7f0000000000)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000400)=[{&(0x7f00000000c0)="53b44982a4cc6914a06f648f40529d9e339b061d4bca7b088127f34a42956588a28f317eab59779a9c44d1886629a5f08bac49f09cd9e4680a888f6b0fc3409bcfabd2f565e47ed8d8a50f79487853e4c450665b3ef03eb523d99cc6dadb6bd129e0428aed061ff9a4f6c7434e72c0f623f72770b9624fea4653689b7252d3700618e15e3a05963f47be2cc97deae854ee0c7b253f486fd58d3c3676e746aa36d74a2350da4e291ec235f5b0d9fc4031e837755303c98726687da116231dbd65f4aa37648ce3e5b4e94040cdce6e4884", 0xd0}, {&(0x7f00000001c0)="83e31df2eaf540a16921a9bd40fb4db1c8ed748fc7be2f64abd50f3d345b8b79e8c4e8bf9fc068195fb4dec40e6a7e36c72f845c8dfaf212a59318e76cb5f04a541fdb1406313e1d8194eaca8b85f11c13be1f9cc5946d99b4134a5f42e5d530e04da922014079e7bf5bf5422f29c3d6504bb03d4cd7b380844eef6e93cf3e02e2aa7b0560a9394ad5c3ded3e1c82ad2d8c05b435db3caa04c", 0x99}, {&(0x7f0000000280)="915bb49a6b779fbbbecaf1946e1625781e925252bdf0f0f443daca253cd643bac07fd469f83f777503d6198da4c66d1d63e0321954327a91b5e0a2d4917fef9aa5d1d402b2489a05b8f2b0f9de7a43ed92f959f451afb2b500dcb8d731fbd20e2dc531e9b538ee5107bbdd9c89d91764b8ba1351b76710d2d333a10001756f6cdd7c95581c0b98dd128ca83b356fae9de522cb3dd341534920c19489e3a2e7a558bf2ed204ca73eaf3aed577b92934b60a2ba4af6a4dac326462e1115890f93f75d8e181f68968b77fa0873db2e4cf6a8c07279c8ee7d366c5707d99ed82bc86f7", 0xe1}, {&(0x7f0000000380)="739b6e6a7c557339509859c0c14718c1a7af1390a6d00dc98b27617c077dce471ea23b64c484a615e3e2ee1183208c3346c4ef3958039b79fb98bc1503cadb42ef97d559fecc6a36340017de896b52c9ceddbe504da8e692d61c1952e1b3468d57447030b48f7d69af", 0x69}, {&(0x7f00000005c0)="c386135ef0b86893aaafbaf447513a39118a20caaeb3ff9cfb5445544983ce421446a68f24bace2e98c6e8a61a73c16b53c4353991ffd6e5600f6918e74820a644289fe5336a34b7a04881581531b0df851c981e419dc97ab19d62aaad005f4d9a02f7935ee7af27d333eea2462772b94658c52893873f9627a4044a33014e393ac28aa96f6b182f76af053312c22103c51781106177a773262d8add4dcb47caf17628f898f8f7fc646f6818cd687fc575b2916de183c319c2e4ed8f5e75f1ed02f899e2063d3f00f9321d5a282d4130f759516d80efe6f079d1ea5bd5f0dbec3fc7a12b8da0d42130b24dee84246eaaadc86e35734ae21ff987f3bb55b4f0fb1a0b861f4db387cde37e30c9f1384e7c1c78207ed58f74265e9b43290a6dca59cb63dddeba9ea74377c679812b8c3d8ec1e9af9fcf9b2fd105b1548c6c8791244c85de8a6b0b918cc502e4fb97d6e2c577192b522ecd70edaa504260d2591e43d8df11e9cef352ca576a7494a57f0e8d12cbecaccb4d38b6e3b0d0787c5e8b2a735aaa7c8fa35a12cac9a505bfa36e2cb5cf1ba7b507482bbb1eeb3aa3c160062690555452b5c0c734bbb76d7f35719f8a1f482cc20ce2ebaa3ae72142021f8af11a62fcba8db6287ca3f6461f57b466c5e47a906c6ef5bfa1816fd03ff797cd371ef5df555356ab61f76ad8de9177d2dd6f3015c7fc0a5177a3eb9d86dde430f2c68916e487db88f006517fe2b731f778e953a5c288174c51899413abdf49d29da9ab6743c5c9cc2afa153ec1c782ce24a7a6cc7590f8a60fe1fcae81426bc7f914b27e7c8eeb7d7aeb442aa886d972d8921235cedc3b451b426b94698297a64c8a771b0b96611b9c64458ab10d922fcdf9a9bf9dcd904e1e9cbebd1774c123d4b95b10679a7cd17ccb57eaec3dc9dfefa9933b7c6689ba2234e18c4edf49b25455b54e12eabfe9733d77006b54a1e523beaf96f21b2f71649766646ddf830ca282b3a7147133b61f99dd2d48b4bb66e2b742f584fa24ddcd80ee2a486e91ef29508ee9fb849e6b6ea7b5819260fb5de5b82e5756fcc67cd9ebd4b8a3255b68480567c90dbef86ec0dfbcb80606a35ae284346b99a8a09e6cde96aff4d3a434f011cc59e20289117e6fe4bc41ed0f402bee162c572ab5439e1456ea2f9cb3c295c5d3346c4ab128585dd080d2f0ed1990684926c85eade4046ea69adf9881f47e5fb25fe856aa1fc44b0c5dccb7feb41e6d094dab80bdbfb7df8d50f77c675e93aad8645e45100714981eea4a5502830c83592bac966c8183d057c3727d621564cd33ff470df24ebd0630796330a5c0cc7fa7e31b82d7693ab69d4a598a977ac434a87e8945e587dcd92c0be37c6c96d78e2f7ef54d281767ef12598bd4df2ec18d33d199de0ceea77286aecdb69a47be44f743f144b0598a5ae15943f26721ee3b0d800d17c4fb38905953ee15c5e68891322ad5f0aaa3a9a700febb269095744481eef84fd01d416324b606a93a6a186aa138c8d8c22b93ee3f23b4d9bb475f21ce6c80add6173a09ed357ba66f9131c6da9a30779b28cc44fb575db620e0df1a7e2daea4e69deb55ed89511090f9ddd10474e800a3fba8585fb83c168a9c5dc9d44c12754de7bacc1e4f17794a8b053a774df456ec20e91046a02db51dfc98bf02d5b99813e66dc7fb00494cef3aa8760302dc82530e91299a99fbfbd6f14a439ab37a7c9e74ce7f404f58ecba65736ef4454b1a9304239b974480a59f4150339f9619711ea5e3bedafe9655b4ced855c8b03722992e2288ffd48d1669ee9c7493092eb02d2397015a4dade4d88ae09dd1009c3c8929939ef4c632722167683b38469b09a6c93c86d549b3768d734cb63a05e91d2d9d9e2f8d6c24989863baa7549dbd664331d2486fd284af36a1008d792568462aaf030ec2915ad70fb7979990e75928e65b0789fd015e01100265138517d64e42537b8204e25df545800ba92ae7777212226b8d15a0a64c57b68b74f52b77c8b8ebfc11b74debcb3cdf50d86ee498a57f447dba9018901bcead64e1e6cb34677d18541362da98cb406e995bd6eb5886a218599e866751faaff45f54914633373c55535bcf37cbbf4a4e0f4bd2528b5c21a79c4285e1998229abc4a95e4c2d85f2a2763b824d7cf86b189c0c540fbd2a7157355202630533d6356e4457af8c051a67d9344bb4d7455e9dbe881c5b4581c46502bfaad8439f08f9f697ba2d93c3200eb84edf611e93a54e008088d3e3f50bd41025dd5a23bfdf57a8b1ea45e16dc0ce8bb4a1b2c5ebd024dc0d0e863c2c42623f5c62b1a61fbd9749c9c365d803cb8f030887b828ee968547e6027e66a66c84b6a0380b8b975f5eeaade2f2bf399ea510abb1c9796193b6d859e075d94ddff3f5e94633f45b5d6ea62b729e5b33ce4c897811eecfb1fbaec7e20f946f1a04696e419db3eb28c51e3f9ed0bfecfc814a70b856c37edb960dbe33a1a3bb801ff72272abe7b1154a4f888799c6a9777d0bb7e2e3b297b67ec16bc77f18e5416b5f6a713bcc996c33148e9f0e319211380281d0ecfd5edb25217908f7d12c2a79e8e61a84a3a091abd10bb2ce6876d885e80099032a7de2e1592c952dd39eb26904cd934d76b6d2627da3c830c0f57d242e5d0ffa6b708cae7ccb3cba18f60e9157cfe6014f979e75b0c2ae0eaac3c655d60033239523c88725d381105f6f7fcc0815d8513b2eb561e33c82ebeb9b94440bb4430d5da424fb19053f4a9f59036b70ed7f7d3579af029344517e49bc03fce202b77aa10b0312f4073613cbc7418fd6d5867a70efe0b461c14cfae5e3b26e80eb7224faa831a9d0c86a854731ff1eedd88659fc0fd6922181b35f186c746b1b08d9c097b2edf59a28f66b316c29bcfac548fb74cd6663e3a25192b37f6259c073cc4cd497dadacd6f658b67b7342992a108383df80ed084750a4f2b096880cd44b5514f62ebdfba1ddd0559c49780222a867b9daca68ea6028be25b599155df3f50e0c96e22eafe8af8d8eeeb66d55a815f72ff9f46c21cc023eb471e10766a8c1b9ad995f53b3439de0a532c872b5895aa0c66352cc27dbd8eafa323908d8557f43970ced4046163c455cfe1a6685430929e301c837ca3cbef842c0c19d1f6258f3243204ad4dea153d8bb76ff653c3f646821c1c89b5bbecb9bebce93d092df5d3fa25e8665fc47c4ca618c4f362420237eaf91088f947eaa5d4481cfa42e988950d25ea38d6a7b622938654b6760044f0cb4f20f5b9bc69a95c6653b754573d736ca25c9142bc6b2e502cd84ccc702107f38fd5cf8196b3f247863397f994bf7cbb7188f1c8eb816ae0aab2860a23fef9c0265ad3a6841b7a4aed041a237040e3813532b68f96d81a3c79cc5f1bf507a1c7a35a236799e98296bff2369562a6d5cd1dbc5683b25b8f5177198f85c8410be3b6a40c747e60747802cb26f2cf299d489481685ef13ea624e568c945b18a56bf0423052a82a94854b4d06d5c5642afd0ebdcaff48df86087a3b9d70a0dc26dec9e195fb978daffe9b81ccd5667062fa8ce948ee6fddce2b0b6a9b9ce66a31986d58c06aa17e33b066f5d05bea682d8022d48c2294d3c949b647ec4092ae16bec9826136d2bbfaabe53b622e69187ff017b8040463d1d9665d08f4114bcced4725abd92bd677c197c9b43b04b73a260a2869a62dc083f087567781265820a4f4db8daab09e42172f1a7e1743687cff864fef5a48625eade910d88d3c688000820679b70f0b4bff342329f685658c9d4eb4540f6fa6df2900e1a028b50a5e63aa55e0ab49dd4674e3fe80f2663c12d66021274afbe425ec610b17acd49ab26e368130d7bc887af546bbe0ab6bd3abf96eda122d2fdca1038270b222605624d72a9d557fe6c06bcacd278ab108fcbb77ff73bf1dca347697022b23ad246b117cc82fb8acc5abfe8d714e9bf820f4dba4a167425d22ce66d402910c5d248b7c065e9da65130ed8457f555cf18e26521e059df135640d72593b522e5a19f6dce81a0b1e05460c22e6dc435f1d987f0a80b90a6ac10d5729b42222418ea6025dbb9d69c31f83aac6ae03408261bafbee17076537e1a152c006b4f9565e67848b889b4785f4bf50efdf4744e4b4dd2af3fb6cba7d08ee3d5bd310102a7f6be88760cd54c114d29dae603a2631a1fc200022a1ac3e4fc3902f4f47f8f27e094a52caed8c5ce61b33c9cca9b324dbae4d9a8eb818aad99d1290a1ebce280d16bbc4dc874a47c48a7cd75cb6e82941c798bc481a80562bdbb0c7961e23fc0830d8d0d7ab36ab48665b03cbd172ede92d91605e60611463e9bd89660dcc8da2f5339994694e49894054d62ec1f5097e22389b67a151b67a69910738dd230f240b9bf8c00aa3b750eeecd87242f37eeba070fcfc90d8af9cfc33e9059782ed08dbff2214179e96616b254a64ba818f473d5c9525cdbab29538c0e75b3977cf567ae5ed4a03af8b4b5ecd026ac518bf7945090c8a8a16d7d63aec7e764527c425d999f9d87dc7681fb645b9655fab53eabadf8af81343ef23f0dadcb6d5a19e54078e2a4f706a76e959a7b19230efda76b4910a5b2fec81f16c411ea85da73bf892364da2af2fb42bca41c293f41e6d80637f7599c7dc9b4ebef86f775ac0eab4a27d7ee6fd688b0ac9b02805d60623126bf20636d9bdab5af6b8b9d9dc92fdbb22d8b853c6736e803c716cedc1cbc734602ff330820a612c770a650e55dd272f7384760e1186a9b4e6605db41b45de2fb3d74378c746a593f4364648a4f52e41225188b98f9c637bf7bc1cb02a81326f1819a96c3a9bb4688e41828a9dcb57619ff51cfb0f981fc594110666b096794d8cdd03f2e804e4ff48d1264dcce362c96011f11695981c1de25dc34ac994356ca4e42aa2d2d8887576eff9db97913a09fd089b2851d66362deb778eff76803595ff59531b4b84c283c19be769b874e41fb401995a2b5d131525c2065ed326c19238631aa5d2c2892591624d2a42e9dc978fad032ee88f16dec6d58a99d9c62e6d4b2a010932bb85eaae90f6ffed8742c5cceccf3c326a3c68ec075538d016eabf8cd67606c714cfb92cd1358abf9d8ede0250c8a7ad9cefb995e572bf67f1eeeb83fdc909e67b28575ae067bd8075e0ef884aefeaf628f0bef07f217cb82de5bd292bfe91a93f05d2981222a7ca83437a2a1be02aa7414f4bd5470548f9739799a2b6cce5cc61289669b59d389bfca74e9759d0ea69f55d3dc114369313bcf134a6d1e81ff35351851cb636adda6ad115bc70832416949f39ab144b46d16e87756823e58e3146b9c33b612b257c6be8e3f3d4fa8e13ff3aaf54e74738f4b00934b07ca93ac7a9c1c1dd0c2658db16845a31d5eaf61b53beee8028b748e080948a8f3e2e386ddbce238b9142e5b3be07a650ef2107b1a1501f66c8b405fd94f28bd6729ecd045281017ad68c30ab8f9f0d236601690109d074d65610777098a4c5d55ced45706188de408d5b1ece133b15c3726ca0929727c359db3ec71fb19ba00febb88ac5acd75b498d1debac93e01349ae6766c89242cce966ee3e643dc9467a5e2300d1b909c0f2262c621b6c6bd0e10397e54f67b08e9b44f652957df7e5c2cfe54554c334a0a2269f86e6f8cf174d316ae1e52a12cc47e8b8dec1015b53af52332ddf5c1d8452d4bd27fc478786c738d4df102da0fbd3a1cc358c1143b5b332027adc63f4c8c1b9c4166f21470b53c2e503bc8887e79e12b9c09b31e0d29cdb03187fa2ab2dee1e", 0x1000}], 0x5, &(0x7f0000001680)=[@ip_ttl={{0x14, 0x0, 0x2, 0x5}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @broadcast, @loopback}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfff}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3f}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x98}, 0x4000000) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:24 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) ioctl$TCSETX(0xffffffffffffffff, 0x5433, &(0x7f0000000000)={0x20, 0x8000, [0x9, 0x0, 0x1ff, 0x0, 0x1], 0x3}) 21:30:24 executing program 0 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:24 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) ioctl$MON_IOCG_STATS(r1, 0x80089203, &(0x7f0000000040)) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:24 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x180040, 0x0) getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000040)=""/111, 0x6f) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:24 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffc, 0x80000) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000000)={0x4, 0x7ba, 0x1f}, 0x10) 21:30:24 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xfd5e, 0x18200) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0xfff, @remote}, {0xa, 0x4e22, 0xfffffff7, @ipv4={[], [], @loopback}, 0x2}, 0xffffffffffffffff, 0x1}}, 0x48) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 303.741197] FAULT_INJECTION: forcing a failure. [ 303.741197] name failslab, interval 1, probability 0, space 0, times 0 [ 303.775458] CPU: 1 PID: 16514 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 303.782691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 303.792054] Call Trace: [ 303.792076] dump_stack+0x138/0x197 [ 303.792094] should_fail.cold+0x10f/0x159 [ 303.792110] should_failslab+0xdb/0x130 [ 303.792124] __kmalloc_track_caller+0x2ec/0x790 [ 303.792136] ? kasan_check_write+0x14/0x20 [ 303.792147] ? strndup_user+0x62/0xf0 [ 303.807937] memdup_user+0x26/0xa0 [ 303.807950] strndup_user+0x62/0xf0 [ 303.807964] SyS_mount+0x6b/0x120 [ 303.807973] ? copy_mnt_ns+0x8c0/0x8c0 [ 303.807984] do_syscall_64+0x1e8/0x640 [ 303.807995] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 303.845792] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 303.851290] RIP: 0033:0x45c94a [ 303.854478] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 303.862289] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 303.869684] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 303.876963] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 303.884347] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 21:30:24 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x81, &(0x7f0000000100)={'filter\x00', 0x0, 0x4, 0x7e, [], 0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000080)=""/126}, &(0x7f0000000180)=0x78) [ 303.891758] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:24 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_ax25_SIOCADDRT(r0, 0x890b, &(0x7f0000000000)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}) r2 = fcntl$dupfd(r1, 0x0, r1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) getpeername$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000100)=0x14) ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000140)={@dev={0xfe, 0x80, [], 0xf}, 0x7a, r4}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:24 executing program 0 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:24 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x2000000, 0x0) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) ioctl$TIOCLINUX7(r0, 0x541c, &(0x7f0000000040)={0x7, 0x7}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 304.014702] FAULT_INJECTION: forcing a failure. [ 304.014702] name failslab, interval 1, probability 0, space 0, times 0 [ 304.034203] CPU: 1 PID: 16546 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 304.041273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.041281] Call Trace: [ 304.041301] dump_stack+0x138/0x197 [ 304.041321] should_fail.cold+0x10f/0x159 21:30:24 executing program 0 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 304.041339] should_failslab+0xdb/0x130 [ 304.041350] __kmalloc_track_caller+0x2ec/0x790 [ 304.041360] ? kasan_check_write+0x14/0x20 [ 304.041368] ? strndup_user+0x62/0xf0 [ 304.041379] memdup_user+0x26/0xa0 [ 304.041387] strndup_user+0x62/0xf0 [ 304.041398] SyS_mount+0x6b/0x120 [ 304.041406] ? copy_mnt_ns+0x8c0/0x8c0 [ 304.041418] do_syscall_64+0x1e8/0x640 [ 304.041426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 304.041440] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 304.041448] RIP: 0033:0x45c94a [ 304.041453] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 304.041464] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 304.041470] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 304.041475] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 304.041480] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 304.041486] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:24 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0x6d, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 304.183588] FAULT_INJECTION: forcing a failure. [ 304.183588] name failslab, interval 1, probability 0, space 0, times 0 [ 304.206832] CPU: 0 PID: 16553 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 304.213900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.223267] Call Trace: [ 304.223294] dump_stack+0x138/0x197 [ 304.223313] should_fail.cold+0x10f/0x159 [ 304.223329] should_failslab+0xdb/0x130 [ 304.223343] kmem_cache_alloc_trace+0x2e9/0x790 [ 304.223352] ? kasan_check_write+0x14/0x20 [ 304.223362] ? _copy_from_user+0x99/0x110 [ 304.223375] copy_mount_options+0x5c/0x2f0 [ 304.223386] SyS_mount+0x87/0x120 [ 304.223398] ? copy_mnt_ns+0x8c0/0x8c0 [ 304.229638] do_syscall_64+0x1e8/0x640 [ 304.229649] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 304.229666] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 304.277069] RIP: 0033:0x45c94a 21:30:25 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x10000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = gettid() ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000000)={0x20}) [ 304.280277] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 304.288243] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 304.295577] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 304.302841] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 304.310210] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 304.317480] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:25 executing program 0 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 304.392173] FAULT_INJECTION: forcing a failure. [ 304.392173] name failslab, interval 1, probability 0, space 0, times 0 [ 304.404196] CPU: 1 PID: 16571 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 304.411256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.420615] Call Trace: [ 304.423196] dump_stack+0x138/0x197 [ 304.426993] should_fail.cold+0x10f/0x159 [ 304.431253] should_failslab+0xdb/0x130 [ 304.435362] kmem_cache_alloc+0x2d7/0x780 [ 304.439512] ? fs_reclaim_acquire+0x20/0x20 [ 304.443933] ? find_held_lock+0x35/0x130 [ 304.448269] getname_flags+0xcb/0x580 [ 304.452190] user_path_at_empty+0x2f/0x50 [ 304.456351] do_mount+0x12b/0x27d0 [ 304.460174] ? copy_mount_options+0x5c/0x2f0 [ 304.465078] ? rcu_read_lock_sched_held+0x110/0x130 [ 304.470119] ? copy_mount_string+0x40/0x40 [ 304.475172] ? _copy_from_user+0x99/0x110 [ 304.479444] ? copy_mount_options+0x1fe/0x2f0 [ 304.483938] SyS_mount+0xab/0x120 [ 304.487488] ? copy_mnt_ns+0x8c0/0x8c0 [ 304.491382] do_syscall_64+0x1e8/0x640 [ 304.495282] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 304.500118] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 304.505290] RIP: 0033:0x45c94a [ 304.508576] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 304.516292] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 304.523779] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 304.531167] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 21:30:25 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:25 executing program 5: r0 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(r0, 0x891b, &(0x7f0000000000)={'tunl0\x00', {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 304.538689] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 304.545967] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:25 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffe, 0x264000) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) sendmsg$netlink(r2, &(0x7f0000002a40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r3}}}], 0x20}, 0x0) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r7, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x40, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r3}}, {@fscache='fscache'}], [{@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/midi#\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/midi#\x00'}}, {@func={'func', 0x3d, 'PATH_CHECK'}}, {@subj_role={'subj_role', 0x3d, '/dev/midi#\x00'}}, {@fowner_gt={'fowner>', r5}}, {@euid_lt={'euid<', r7}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'cgroup-^'}}, {@dont_appraise='dont_appraise'}]}}) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x3, 0x90180) 21:30:25 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) lremovexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='security.apparmor\x00') ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) r3 = socket$can_bcm(0x1d, 0x2, 0x2) writev(r3, &(0x7f00000009c0)=[{&(0x7f0000000280)="847de7272ee370f669832ceb250c86b3e08b113f4bf5c76bb53440b15a18c2c9708432efd8851465638af1682875501dfda82e11adaefcef08146bb953a876a0a6c81d0670eedcac4e01256037d99127b7a917533c5207fedff89acf6018b8fd6850c817346e690461a1c0f0cb1c62832bd0ff1d519a3d7c492048fa0f9cc35c633d77479c6c852e875aaff5e4bfb13a895009d43b0a63975eefdd4717bb66ddb898", 0xa2}, {&(0x7f0000000340)="cbaa5d704fa36159f42910424c14ad4203fed7e41b027b7d6c11dfb0ae630c24a77a9b3e4a542836a7f2d1303fe35ebcb8241e383e7edecdc2fb8825a073bc731b06f477583e1cb5e7b43673", 0x4c}, {&(0x7f00000003c0)="0f3b259fab04e1bec6f9b53acf79b2413973774b069fa7f90f9b7fb85ef6abb4091920d038e9a072a6feb871651aad158e8d1d8ed91ff52480c13198a22d63405bd10995a7efb49c01dfd6ff5d178472", 0x50}, {&(0x7f00000007c0)="e64943cc4fbc216890bcfc14a9066c66851c4e5fe4339c82db98d60e0060f572b9da704960c605e6cdf5b4c16a817a0c43aea2fa77995f5e919c77e4a761ff795f9cbff7a3a1f5234e9d722c79b95cb75969ea37b9e745a77a4d29c3a5ac58e9e67e0a429fae9579d813dfc71dab2896025cea59bf536e8a4819aa0628c6d4daa3f8ee61911524b9efc3e268253c5b2d35fbda2877e752940e4184332c39d74ad2a3ade1eb6b8471945f3a2adfcb773fc3498b1c82378bab1abe60edde1e6bfb3e67844c6f4f96fcfb0d8fe7ce", 0xcd}, {&(0x7f0000000440)="e0c4109898e8fdfae2aede2d611f322f985c46e8b3f3d230224cc9bac3d67651436dd5569e550ecb4d52ad21ed19ddb33e2175c884a6d9b4551814", 0x3b}, {&(0x7f00000008c0)="c1c5144c469e575abac3ed0ea323438c7763cf08493a84f1ba506367a9155af6276028ee1b21a37888cf575227a49aef95e070cd9f0a23ece97c5c3acb8892555def817408784a4b1896c917bb799c679509065a8f4b6e92796c5f23657c00f7b457c8df18d9a3b86693e129dbf7fc8c152df8a31cda24dbb5f1b51819c857c2045124c440e8712ed9801c2c3b2a0491c289b48faacf0c36998d1e5e4b596e379c6ea9c281f4f9a6d262292cfe4b76ab75d4af13eced7576609bed66d30e2fe11d42e05a6900c9db6076adaa709c0b76435e", 0xd2}, {&(0x7f0000000580)="38ce3fdbcf2b22913ce91a445168d6da24b575ef5b56c2c085", 0x19}], 0x7) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$USBDEVFS_DISCARDURB(r4, 0x550b, &(0x7f0000000a40)=0x400) setsockopt$ax25_int(r0, 0x101, 0x2, &(0x7f0000000180)=0x10001, 0x4) setsockopt$inet6_int(r0, 0x29, 0xd1, &(0x7f0000000a80)=0x10001, 0x4) eventfd2(0x101, 0x1c0800) r5 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000140)='cgroup.type\x00', 0x2, 0x0) fchdir(r5) 21:30:25 executing program 1: syz_open_dev$sndseq(&(0x7f0000000040)='?dq6|\x00\x00\x00\x00\xf8\xff\x00', 0x0, 0x6000) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f0000000380)={0x2, 0x6, 0x0, 0x1000, 0x6, 0x1}) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x77, 0x101000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x86}}) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x100, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000280)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r3, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r5}}, 0x18) recvfrom$rose(r3, &(0x7f0000000100)=""/65, 0x41, 0x20, &(0x7f0000000180)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f00000000c0)={0x5b}) 21:30:25 executing program 0 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:25 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000240)={'vcan0\x00', 0x0}) ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f0000000280)={r2, 0x7fff, 0x2, 0x6, 0x9, 0x4, 0xfd}) r3 = fcntl$dupfd(r1, 0x0, r1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10) write(r4, &(0x7f0000000340), 0x41395527) getsockopt$kcm_KCM_RECV_DISABLE(r4, 0x119, 0x1, &(0x7f0000000000), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 304.815409] FAULT_INJECTION: forcing a failure. [ 304.815409] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 304.827427] CPU: 0 PID: 16599 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 304.834443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.844029] Call Trace: [ 304.846625] dump_stack+0x138/0x197 [ 304.850256] should_fail.cold+0x10f/0x159 [ 304.854406] __alloc_pages_nodemask+0x1d6/0x7a0 [ 304.859077] ? fs_reclaim_acquire+0x20/0x20 [ 304.863396] ? __alloc_pages_slowpath+0x2930/0x2930 [ 304.868410] cache_grow_begin+0x80/0x400 [ 304.872473] kmem_cache_alloc_trace+0x6b2/0x790 [ 304.877141] ? kasan_check_write+0x14/0x20 [ 304.881396] copy_mount_options+0x5c/0x2f0 [ 304.885633] SyS_mount+0x87/0x120 [ 304.889071] ? copy_mnt_ns+0x8c0/0x8c0 [ 304.892950] do_syscall_64+0x1e8/0x640 [ 304.896822] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 304.901658] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 304.906834] RIP: 0033:0x45c94a [ 304.910011] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 304.917820] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 304.925079] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 304.933307] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 304.940569] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 304.947840] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:25 executing program 0 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 305.048914] FAULT_INJECTION: forcing a failure. [ 305.048914] name failslab, interval 1, probability 0, space 0, times 0 [ 305.060698] CPU: 1 PID: 16610 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 305.067754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.077293] Call Trace: [ 305.079902] dump_stack+0x138/0x197 [ 305.083577] should_fail.cold+0x10f/0x159 [ 305.087733] should_failslab+0xdb/0x130 [ 305.091707] __kmalloc_track_caller+0x2ec/0x790 [ 305.096634] ? kstrdup_const+0x48/0x60 [ 305.100513] kstrdup+0x3a/0x70 [ 305.103692] kstrdup_const+0x48/0x60 [ 305.107403] alloc_vfsmnt+0xe5/0x7d0 [ 305.111124] vfs_kern_mount.part.0+0x2a/0x3d0 [ 305.115637] do_mount+0x417/0x27d0 [ 305.119174] ? copy_mount_options+0x5c/0x2f0 [ 305.123573] ? rcu_read_lock_sched_held+0x110/0x130 [ 305.128587] ? copy_mount_string+0x40/0x40 [ 305.132845] ? copy_mount_options+0x1fe/0x2f0 [ 305.137338] SyS_mount+0xab/0x120 [ 305.140938] ? copy_mnt_ns+0x8c0/0x8c0 [ 305.144865] do_syscall_64+0x1e8/0x640 [ 305.148751] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 305.153616] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 305.158822] RIP: 0033:0x45c94a [ 305.162038] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 305.170332] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 305.177746] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 305.185143] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 305.192413] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 21:30:26 executing program 0 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 305.199667] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 305.275433] FAULT_INJECTION: forcing a failure. [ 305.275433] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 305.287284] CPU: 1 PID: 16616 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 305.294318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.303894] Call Trace: [ 305.306488] dump_stack+0x138/0x197 [ 305.310128] should_fail.cold+0x10f/0x159 [ 305.314772] __alloc_pages_nodemask+0x1d6/0x7a0 [ 305.319580] ? fs_reclaim_acquire+0x20/0x20 [ 305.323900] ? __alloc_pages_slowpath+0x2930/0x2930 [ 305.328914] cache_grow_begin+0x80/0x400 [ 305.332963] kmem_cache_alloc+0x6a6/0x780 [ 305.337111] ? cache_grow_end.part.0+0x92/0x160 [ 305.341902] getname_flags+0xcb/0x580 [ 305.345718] ? lock_downgrade+0x740/0x740 [ 305.349867] user_path_at_empty+0x2f/0x50 [ 305.354006] do_mount+0x12b/0x27d0 [ 305.357527] ? copy_mount_options+0x5c/0x2f0 [ 305.361918] ? rcu_read_lock_sched_held+0x110/0x130 [ 305.367065] ? copy_mount_string+0x40/0x40 [ 305.371301] ? copy_mount_options+0x1fe/0x2f0 [ 305.375807] SyS_mount+0xab/0x120 [ 305.379241] ? copy_mnt_ns+0x8c0/0x8c0 [ 305.383114] do_syscall_64+0x1e8/0x640 [ 305.387008] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 305.391852] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 305.397036] RIP: 0033:0x45c94a [ 305.400353] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 305.408043] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 305.415311] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 21:30:26 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r1) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) write$binfmt_misc(r3, &(0x7f0000000040)=ANY=[@ANYRES64=0x0, @ANYRESHEX=r0, @ANYRESHEX=r4, @ANYRESHEX=r5, @ANYRESDEC=0x0, @ANYRES32=r5, @ANYRES32], 0x75) r6 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) pipe2(&(0x7f0000000140), 0x4800) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r7, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) splice(r0, 0x0, r7, 0x0, 0x1, 0x0) [ 305.422581] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 305.429834] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 305.437087] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:26 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x40000, 0x0) ioctl$KDGKBENT(r1, 0x4b46, &(0x7f00000000c0)={0x3f, 0xfd, 0x9}) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003700)=[{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="fe1c8e1a31271594f9117956d5e0d5308ff67dc3728c76dc47591f69476897f6928a1995b64cc32854104ad3fe682cf4cd7a0e8d2d3cef0620381a3f6f5f32128d1cb324bc471e35", 0x48}, {&(0x7f0000000180)="4460249b3fb4e5d8a14e4abe18b956214edc9361b1634ed611a5", 0x1a}, {&(0x7f0000000240)="acee3c39ff07714585fcf1f06aa5c8bd3e72e8eb0403ba53e9b78f496927b99ff627e3edd245ae633c3de4e860605d07ec9b024a8386d00a2a734941aa7e0f9a1961a97062fd036aa3395f28d3b51c5ae30b9a0ebd6b08c3d7462637b93d084b86000f11c45454478ac57161a26891afa7b2e78ccab732311583af63e9ae66099d007470bae85e5a86f5829d60de2a4af8373ba30afb839d45f3a5388e63139f7058190de9d338016d7c6388a3b9d978024067b6399b2fcbdd66a960fd79e622f823", 0xc2}], 0x3, &(0x7f0000000340)=[@iv={0xd0, 0x117, 0x2, 0xb6, "df85d3e11ea8246c282874c0cb358e3d82e239b49285dbee8454b9156637ba7232907a109d2f78d6d131ff41c8a71a82ce545c10dfe6d3646c6496bd7717fc333051c1115ee2f3e456a3a19f3cd17bb8fa26bc134ee68b25e0a4cfb7435462d91fcf910850c2fd166cd51328ad61438a0f736f3509b9acf63c1ac88796166e0a4103b3fba5b0f60e8774bf31bbba42e5777a44a49b04d8757c85e712124c431979e1148f529f7f3e63ac987bfa322a4bdcbe87ad58f3"}, @op={0x18}, @iv={0x90, 0x117, 0x2, 0x79, "39a214a90bc84c4f5b09a35d0d9b6db350c0fe5e9ecbac6b2c632d0022c565aa10161a47a5555b75d2d010db24dac3b74fdf0945113b6e3efc771835b9f979135ab30fc57505dd23c685a11a3fab4c278d987f2aa125e04f177bbbfddca3df3c037434cc612fc5d56eabc90090359e7fb98ec0aaac38b3c372"}], 0x178, 0x4}, {0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)="17ce9c56c31abd8bcedd250f0d8fbd4ae7775d220a48f5a1769f0768c6493209b3ea503dedab5efbe33f177567f0f5d3f34e506ef8e6f0871a734d49a0f770e814bd7fc7d1664c5d69a51bf7", 0x4c}, {&(0x7f0000000540)="171458281372a3fdc4aebf382c00c7e2686baf4964c117e76471ec16cc9f2cd1082a7db70b3f766547996bc0a9956788c1a6e80db6fab27e07d5d3ce3df1a4aceb55538ad8e669bcb314c00a9ed8568a20263253e7074f38", 0x58}, {&(0x7f00000005c0)="8dce2982563d5200e25ea6fcd2e0219f782e0b4114516ae77acd1ee5ae5ea500702caa29de6272ae236be7c1c7f911d42809a6ad821a1d8a7f502a474fb65f08d7267c82f61a6c5bc5436545c6c4d7ea636ea0ed36f2494d66112cc5b24f01c1705168b41021ac15488379bb3daac998435ac6ed14902c0620818f33706a6142d596a5492b6cbd466f2c2c720017104a76d1e8998070e3917dc844c917efc9e21a67cb6e4bccf8f4a4522b3dcbe21ae1bc182af8231929733a1cf8c946", 0xbd}], 0x3, &(0x7f00000006c0)=[@assoc={0x18}, @op={0x18, 0x117, 0x3, 0x1}], 0x30, 0x8112}, {0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000700)="ac37cc468e6be93d4732a75fe7fa0380e66dde7ce5cf7a4d844fd0cfc4c2362c5d83d520104e0ad0e7a3636acda49f629c0aa86b5b1bd2a37ae7009bfec3db3fb02270fea611e6ea654d3d876e3bfa73c6f1652407ad42db5a67ace1b8e837eb7d8e7550d9246e8237939d3dbfc2b63b153655a1e8b1ad1abd80f67b0485bca50da3dee808fb3a83ab1cc3d696b1f36c49fe5c57ea75e56ae85e6d3e3252e66f990aee6e46052112991a7df8ceed0c449ad83b00a846e9f58b76", 0xba}, {&(0x7f00000007c0)="1b45413b2c139fc4ea7ff21243ba629b954a676ce9c99ac040f0caa7e8", 0x1d}], 0x2, &(0x7f0000000840)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20088080}, {0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000000880)="bcb80f0e7623e4328d3b1efc7a1566b73c7e0e27f84444e7460c271baafdb8ac8ee885b0dfd8015142d71cc4680a03a8a6840c7ad6f22e2945d2754fd88e123992dbf813e1dd83a479e4124c1a32e587d3130ccf3e3bb58bb10d67f298058ed1ef3ea2205d37e716764161e0b85cd1d160637e52db8abc0283e87927e4ac897f3685ba1cda2d11f86e2c127f8b186b788ac9b1a311b6e9c14d761e2c9e959035e9539330718a609c13ea0bb489e3c169a378832d7107ee7c1560343ce8a622656678e418c323aa949332049bb7b7bc797011b1092479d558cdff1401f9a02983c1e9f8f923f48000adea6d041242ea0d76812e2a2f01b302fb4807245bdb467086e35ac9a3b1ecdcaf17a8c28ea932b9742ff22b063f69839677ccd2e075040534f514e2b19afffc03fb4da0c269f91bbe0a283bd28a257ac189a31ff70de5fb9f5625c7260dbf74b8b0bcb3960a3572208cdf78fa4ebbff8a485f5fd16902b44b954a382cc211d59c001837da3b68f99f93de04bc67e053729213045aa05c6dd0243ebe02fdfbbba995cf638d32e911ed717f2de3cb9235ff1c6eeedaf3c44c3172009d209f2c399a72e5a1633233cdf4ac0ace45a7e00285c49826720ad93c6e2835283b15e5d685109bb7e7056af8fb186b5062c180027e08186e831524fbabc2f721a32f67439fd221279b131d2152aef53d94fb3080a8f4d3638f899c142a91c670665c1553c6e6c8f9369e95a90c1c2dc1368c7b869def08726976ec3d4bfbc43890f4aa26c201cb23d0f879a68e02ec96639a379ff33625f60a5ffce8cb20f560d7e5bd8b677e19101b9b9bd4b116cd99e920a2f56062136dc23655f22a309b559cde81493ba845da7437213e3359bc427c71aa58e1c31cc33592e8f7e12444bdddbeb9222a8e567b0f5d4903f1dd9e15b03027408e1fe4a7f19f6c7bece685600a67700c1a11688920bf7a97603d423fd9d52bde4701647da6f204220c97cc68062dbe5643e6a5508243dc3a9fed7a10b3f81768befe377f647184a17db635457e73baee2e9088a387ee8eafc45d6508d88df0b5babdfec0bc2b480775e6df66c8f498436bb4a85d4651f2408daebf387754d92ab4fb23b1a05903fc21f035f1e4e0200eb9a18abf2a26ef5d4efd05e9b1654d7725d603c4c4f97c3a8f87fc108be49be589613a3738f46c7269fa4a24628be7b9d46ea374ec610c22b70bdf704ad5fc510c0924a216f4efc9211d5ca194056117c1077b264f783d5634473c6edc7c6ead532f64de2d2eada602095f164802397babceae4e89f459e95917a5c52270a5dff14ad27ab227128d08cc5e7fafc667fa54797039f22274c62daa756f01eaabc7de60393eb90feba3b6ea9b89cfe68030e956eb00f1deb1ac5edeab7d0daeb3c0fe8e61c5b24d837213fde3181111a9b90a9d7e62964b3bbf21c5fb86a704c68a27a05e62f2eff93db37fb5240da8f61e0803da1b67208d6068c2d6fb4d5c2a5e3b4fb20ab60b52ff148c4197b265e29e17d1100ed54f219b1f451ea81819a9ec4947fe9fd7e11acee984c4900cbb6543da5dc4cac0d5099704306ab18177deada09d68d913820b193ee5cd15fdc55c9940157c8e1803323bc5e555ec963f2c24198c2a4b1ec81fcc5820dea008141c62e479256f3e291779c6f76a37fb058da0f9c4dfc9ea25c90aff26b08ee5c565064105b794b007193cbda321fb5e310fa2a39a53e5711461a81feaedf2e1ab438d8bfa236ed1a106ccc8faa778478908abbe3fd2fb5e3ae2a38afdf35cad35ef42dfe23553651ec87058985eee80821dc3ca73279e2211e39cfc6405d45bd2e20e8b8b1d0554f71205d480e8bb51cbff3a04ae545c5e445a2c4de3d389f364c5e95d73cf167c3badd0b54ad2bf0b6d53112f9f7597fc63fee6f8854ef63509ce63a94807bbca20e990b5c8eb8d85a4ffd0f882bb0b1bb3159745c368e1055aa293a9c34e0933177e2c0a74d6b2f61dd4163bcbd5a6b408608138cacf0651e4b652fa1d50ef449a03af5354306984a3faa6c31fb05e63ab9b8074111cccc2e3bf620e9c39cb2bf7478015df97fb64e216720f66a7ce89a0d13a591945b601c048d1a91ec0a35eaf6a95ef5c58ca6e4f5996bcf0d9509d7e4808d62811ef7a8104b4796d8d5cefb7233bba2fc216cc5314e08cb25de87a77abd13cb7170eb4e77d723d3bad19c197d7104672d306bf079ac16ec5cad714409ac9ef7009b7a2d2fce890f0af453b10f0b90bf960e138a725c378bf388264ffaec0ce9962e4d1b5265eafae020ce2382320acf30cf6fbfc93f50408abfaaac35e9d106aedf9357cc208d4d29d222ba9147e5a1cbeb63e30b9dde35bce0514851793b94b0c8917d9bcebe74bd9aaf6d5a380c75673e81ffad00099f9bc28d05e69ed3418e53c25e9e7d40387e971346d42a0b1dec29d43a191600077764c4d36108666e2f594c1c17c56878bf4bfd1bcdb9620af06dbf52de4625dd469de6b7e7bc2b6cdfc61df8bb13d10e25f177ab4f80e00405f0df50821fd7958367781b8c222626bbea8db325956e543460eef94b369745db27640c489200c91211e2e233ff7fa3464b4b2029426bb92339b791b0c63c496e95141ab7ebb2763eb0d7f1db37bb6fe560e1627e905a5ad139da02d6f07582c87e266ee79f1d2d64c251dc6d51f84b1c868c9de0b1f81210dfff1bdc8331df8263fc534b6c7b6282ffc6786d662612da5b11b031a1750b3724b41c255ccdd8c0b17f66beaec8a5de2d60ef4bc9c06154da9f1ee5e7a49a1b48649baef1eb51fa56ae125bae057be930525490488631ac0c8f8e5343a234f80a964cc631afa3c94ebb195d7b7225c32a8c8323d1460efb658bfab7fdf80adc3ad796f2ecf17e7378104da31745cc040c3c215356c1f1c0c21f0b46b309ab223626fc839d701f966228af2a469bc8d12d0aec0ce0d83b914b3368895333fcc3580cd98b92f5353fed3040c99501695e2d11ac123e38bd58664d2455ff828b5bfdbc5a2596dab781523612a0875b703958d154cfeacbf703b3cc9e360b62d7ff00ebcf5d61b9258b7886f639f7ae54cf922408c86b7a427afc812c11d47b7656d6b0d573fe15bc20ede5940c792d78935d74af08223664070dccc1dc99a9a8d69c50e31156890120b48a585e36283f49c5e4aa858ff89a318dbe6a42d8eb2f5e1beae39c85ea422d0fff8b1c31896f254952e7b5f1d6606c5abc46e80bf02fb07287e6cb2046bd3d7d65390ac19d83cd6940ce35c62e7fc235d6becae34fc4632743005b5e64be2b950c281146ba711ff71987f4e9fbaf68d28e406492cf5b04de38c8a56efbc899509e11bebf308a8aba0fe495b6ffd50b4dd5eb549aa3276ac5d8512cf2423eae37b6cf443d9505f2d409487c5bbd96921f155bb80eeb9fe118522c9b5720a72e67b0153046d484f9d1e31fcecd150f60c6a8b038a5a0c18e7723d4cef4a4e8d78f174907c44aaa373ed89c0d3f5e0b2d0250542456c40ea27d604baf8da50ed23d7ca450e9b70e6b2878be3519a19587ad527b1a5658491f48e1c12db75f7b0e2dd0f9d6be3b6e2f24844849b298c4ad4eb0213c914cb083d965784483da9711ebc16af5a0b1de5d1151d3a08b919b87cc9c4b20af5bb8cc31f4ffb0112828d67058225cc06f38f4c57be358d19010baab136f7bc38ba28ba643dfb9a49dc4ee23fbdbbbe6b8927591516c99fb7df72e155b461fa6ba1cc5624102c18725634d1b9b78f2aa66a73396f73ba7eef40300cd330d824de8c74c19c09cd5fc7b4408cabe3fa243d7bcbcec046f1d6392c1e261d049786433a7dcf6bb6ea2b3f254eca10762553a0f0efea023461307a20d4f14b36d388a5fa6a7e388fe32e7e6ef5d531500eb7fd6fd6783c220267b74a8c2aedba2bfc3c1b61f56e7c62ffe3f2d1e0e938c62b8ab17eb3341aa3ca7f9da779f49f2ce42349244effa08466f7eb9a282d2cc9a5a09d00e08887d9a7ae7e1a4dead9e04af49987abe04733a298cb2501224ea8148ee957eb0dc7a7fa8bb59b684da9afb47ffcd54efb918693313cd10ba363f910522b0fbde9df9d19004fa2faa6ad3e7bc0669050d881c9ce0a8bb74835e5617bd3a8776063076c8fff6f7a913ca666c427ed9de86a7429a1cad1f980cf554543ccef8be65a1c586d19be416870b22c2619edc8af5b4a9de093c2c1270738f08a8fece51eceb4125a2890da2b29c6c0cf86169c4c6f140485536503505e3f7aadd90427ab12c0559e07e88fe72becd1fc71fb815b9a05d875712931072b40bf98458bb97f266a68344fdaff3b6becc32137a399f1f0810aed190c1698ed841c718ec6bc11d8c0737946aabcc02e6f7236e58ac4d7e4427fb4f89ca1f11730e87cbadb4b0e36c498cdbcf146fa28d4f30d991fdee6071fa31df23b977978ea15936b62ee1d937f2db01f7b10bd0db62c0ddb5b68a6156e28dac2716d5e1156084a98a637a56d128982e8c307800de7f056365f6b96b05f097e118dd67f1362726db8b739f5a79f0142a2d67babb6c6127efef4aaf02355b6a14968a081252c7198af4147ddc525ea54bf05a417dc68335b2b5b420a2efbcc84b15c6194e3b8f1673afa500bbf2a93f3c58471d781366458394ec6c4b4df1f1c5247743bca25110e773cca41a28bdc11a28f4f4e0cc2c702d2c35b24361196a85a9ea410b290406311268d9b2551b1850eeefe61cec10cc16bf944f5a1bbeef2e83c7fee103c276fa6bb0200f9e7aa36ff84c78eac432d25971cd1ba8b99c47cbf8dd22f33eeff7ebe18d21201abea22ba99b58b18a5ce38dc8fb1eebe17e6249cbaa43eead75bccabdc3bf12def15d659ddbe5838f2a0fde31f5118eda0b5224e0dc52acfb5fc7e408e4b785e57599533adf62329c317f2698d0534872e33327f74e11e0eb0d664a90db294cfc06eb6f1eb63472e63a731fe40911f5f8ef3f4df764ed9fc3de30603a2bca6129b8accf32cee9e3a497d1854d7e2ba7fe8cc5ec5bf04402dc67a3047c53420e00d4d39da94afe4eef74b2bfc3feb258b3f6c6fd464b75787fc4d56efb8e129d9486cbe3834cacdd7735fc77aad72fdb02ad605eb123e5ca1486ee6c693a457b6f659f6da7823abdbe138986b27179c06d25c1b60318cf2cf6bdb72b0509bf825f4ce1456bfc93d1cf61037215809c2930b99032fd131a21034165dff99a189ae32912ccf587ad2ae5c0e41566fb32034aca40d73faced689206f5bd92e2e88dc856e71139408edfec2c2959d1e74539801754cd1cb266e0e3e56825458aa99b4b4df53ae8f31eed53bbeb2bf12b3c702f79b31275f4a749d37ae40d836e6fe32e911dbb7e7f75bc0ed941a666f396c051c199c5ac9ac0201adb635cf8ecd8a5a812a6e34416abb073f447825f1b5577696af97a17a15d5105f8ffb6c431db14a76942b75797b93bfba5878b231c21024a6cd1e1b9ac8ad86c8da99c1cbb93127441e9b895ce9bf9206a1a7348c585937d512ac3e4eb4eed0ecf0b0d53568b928e2e4ffabaf8098b5966eae350b75d20abb9d28b2fbcf7bce5d5a215daef32f134491a7f12d3300631df58257448e42459d2479694e478b0fd5ccb5fd5970ad07dee2a3923a887a19b6460677aae8ba21a0012dffe5c43bdcfe4181ad6f3176fe83242fe586563e13dd773312054669b19bd97b0e53ce1bc63007698efb03e0b718cef40ee6b882673e35915f294ed39fe70b5fe97c12c610bc6bd5a9b1e798c35fb14d4950edd5c5189f20c2d4c354b88db4a9e3", 0x1000}, {&(0x7f0000001880)="6bdea3ee86d8858418e54da18204c24439b8918e3bfd637d403e6a74a2c45378d1a3c15c1b6ed7d5abaf73c04a093802f704e02f71a486391af3a2e35a8d9d16860d36e86c68ac3866840fed41ed33a2e51c17ecf0c05af4f99451b9636306079502ed5d6717354f1a7679d65c7cc9a6ee2e24d5cfd0aba459", 0x79}, {&(0x7f0000001900)="b9308ad449d103bb16fb9b44399e93fff28cf9226d486e37dc14f6768064f942d51e2d57e6f529f65713a20daeefb458edc823e032ec3562d9b732c48197865400172866722a3b76ccb38ff49b42c7a8d488267c78d5725ed9421b378d5b2642efddbc41a3d69a0ebf8eb12a580d591ff3f16a1189d35209f41d0480", 0x7c}, {&(0x7f0000001980)="83186fbffc141c9af4786d6e780897e16239150335b42a9063013aa0887cb3167400cd79607ce7f869c421fc95665119225b991f146566bd27cb54daddf1c54bcd8af60b39afae39afbe3e2ee0ba4562d624c548a455ca865cda22bf23cf151bb06857c34402751783300e72a56a8dbfc733def6c6c2ed7b9f8f292759f5e8959470242a506ec9c8e5a08802d3e87785d2d9a3ef1ddaea7937486e54d21a4b4bd14da67aca0e5ef9436c45", 0xab}, {&(0x7f0000001a40)="6563a5f255b6e3ee54a45f02cde5adc94c186654bc44f23e8c0e9311cde64509133e788234188c8368ad92ba5bf6d492bfbc30f71b143552448a6fb849ef22156fffb87d7757d5f8e9dd11b9a848d3cb5a3b5805b72d470fca", 0x59}, {&(0x7f0000001ac0)="25930203bf6890096fadd3da8b4facfabed61f13e113efb50731ca66bc931f5f041b57a04ba8255bb950e19eb178589313f49c7d72b0039f6e6030d1d13b66d8b3ed9e3ca212951e78ccd1524fcefc848193e66e6eef46eb853fb482f9b90c3460a7d7081cb69eb52a9bfcfc93035381948bb2e3d501628b86", 0x79}], 0x6, &(0x7f0000001bc0)=[@op={0x18}], 0x18, 0x10054}, {0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f0000001c00)="6076b9752a11d3e69ff5a7bb5629398dbf814860e6264be904c73ac7b2ab1ec608f95c4be6dcb10b76371c0024422274e31d6333216262dd63bc71402f538ff8a80c08615e8724c38e559f2f7325bfaebdf13d827ec07c6784aec070870fb2d4d6aacf3ecb21e035255cb6f7c37fb3282028985f34442c2eb8abe91599891369a832d620fd16011c6089b37161db89e878dc84a99fd81a6c617a3ca8b2c68d970217faf4b738bf38e6453e4da9d691a4f4097fe90424da2f84dd3387d7e7262a04dd75e0eeec434769f2fa9b7e4fd1285befbaf3de135cba47d4e8248b1e91b7", 0xe0}], 0x1, &(0x7f0000001d40)=[@iv={0x110, 0x117, 0x2, 0xf5, "fdc8747d29f103fdf75dfcab9abb2e27ab16ebe844f098543733d6aae3d7d18efdb679b8077b612a6280a5a91b0f40b06eae085f1876d172daa1e482c54ad6feaa7bf7776ca555727251a4ffbf1f39617c40349d9112e8b9d792990e6dd1fcea48026566905ab8b426689b9829e34cd7be6c32e328ba7bbff70c5438bb4ce07704e8ad52cc19d5eab4a5298d8ebe926f80e3020b097f43dbe607e5651bd6ec42d73dfb9ff1f328d802969dc0be5a88aba8bc77565e45311e0c81038c11d6ee2948d2b6519d5118b27e0a0f5aedf3de954a78e02f1809a8e52e965c22518eb35924545418df374640782f9ab2b14f6b3e993e054011"}, @iv={0x18}, @assoc={0x18, 0x117, 0x4, 0x80000000}, @iv={0xd0, 0x117, 0x2, 0xbb, "bf622c896f3444ec70bb1029c95c4d91db6919a663b40097cb5cdb6c8c6a8e84c9d8878093aae955aca37b3527a08a81380c9f75ea50704d05e45e9e08fabda20eb037209388108fcb807fc2ded9512b0f8329507b56d5fdd8fbc729a384f78aa733709a7b9199753bc131c220f524d229278357e5139487df550e54f520be5e61d99e7ee4b44cb68e9d98a1722b6109afe7197fc5f4b0bc9e86d9749b447af71b1f0c2dc26550ca2548983d394e203bfa6cdf2046b8d0aaa3a622"}], 0x210, 0x14}, {0x0, 0x0, &(0x7f0000002500)=[{&(0x7f0000001f80)="72410e90966a90cc8176c12461cb8655b5df98b815beca70d59626dc895c0e4fbff48285d2e087dc003e2e79c15aaa206270d3ae656d5af9c8b9b273e9077ab763b43659facadf9336fb0bde4ffccb46046bb0c862889434d61ab7c37df559f5a04a45e09067991361fd5f5f67b9d5ee33228369216be7f47432a81dc5bb79cb3dc0d83cb165b40477f7d4c33f24407cbe569863b8dca2c6a939742d4e73b4d1a873b6f6514f9ae273eb2408eeb2c56f201f9902501eab9e8b30a3e48148943a30fa654e0463cec7bd", 0xc9}, {&(0x7f0000002080)="f0be55303954e86fa01ca759801c8d6ff1374555bc5ea612d61785af95ac31f5e699f8ead9921a9427825185a18ac798d56d216c42cd8a6ef4a019a11a3ad1019062fd21022d8eef089b533d1e4d90960e1670afe2439e2b2896a2cd7bde156ab77064f4b5dbcb6ec8aa1d837bf13257", 0x70}, {&(0x7f0000002100)="47e021ca5c5a0e2ad15026fee391f5887d43758a2583429d95e4d34d2391ce06dba1f15f8e5dad017464ee245fa9ac8cb517f2d9f939b5bcee2c4134a69fdfe86fa1e472efa7bba9ec35863f25af0442aa58f7e188afe3217367a38043f78311b038cf8061bf066d7e2fc2e0d8e24e0a802d84df4361e0d364bbfb6cb7b3d80772129b54c0a2dba0e4aa2aa68d35f196991f8e986d49c205dd77f59ae3f8014e21b0b817c748f148b7dcaa6d08c6c6351e5084874997cda22de30647ad877f0f34ab0a543b8a4c547aad24e2adac6af400c250217f8fb3fe7b7bb9b9b5b6dc198cbe9bcf001a69a4022538cc558abfd3", 0xf0}, {&(0x7f0000002200)="b8396fa28dbded870bd8d0083a893d4d1804bde8e518ef5b127810226d93ee023eab09c9453ce8d7f86ad45ebffabf5205218f140e1e0ca6f8aeee1723bcba39aa744c281dd60b8bcbadbcb8fb4caa9978acd9c191bc2d5bbaf50049ff4bdf7493d85d02b571a5e7f9292d29bba55e8f51db528e77576f7382d03fc3ca161ce897e2ea543b4498e6865dcd3b44abcb736570abfbf335621b5ad37088c73b949605762b89cf141652486b48afbdd35af7cb4ad3fdc77cd44bb8da08", 0xbb}, {&(0x7f00000022c0)="78481ccfa3ebb7f1f051d7bb7b", 0xd}, {&(0x7f0000002300)="91077ad89932b01518070f365f4cef3053440ca55a35eae0ab500963f540a424fb279f26e25d7abbf5cb29aa730c0d52e0a70a6f1dc1c3251fb3a7be8dd0148f6cdccd8e51f451226a1f7cf272c8f2131c58e23f860f6e87a3b7f3e8e6318faf607871334b226b6077bad988ccd27fc1284d420ebde2522d6c9d3d06c45fc705005964d20aeff699b521f5821d20acb02775084056f7440dae5fb20cb8f091e06caad0ede687d40697a4ca8b1eb5a7fe1ae9b4d41ef0235b2bbc97139e469e6b077b76f590ecc99f33bd46300959f05c9da46c9e2567e9207697c1f9b359", 0xde}, {&(0x7f0000002400)="0686ad31d476059a5678f76f8b5916cb3b807b2df4712f20558faf5e1ae9b5", 0x1f}, {&(0x7f0000002440)="dcd51169e7b3d029b90a85fbc563714adcb96d966b1085bfc20e67bf02cba704af80fa1a940a51de3f558bd9c4b39495e8e8e83bf1b190af22abc22ebd0bf76e536165789fcf8cbb6e84c2ef6513f426655cf3213528b1cc047282fc9d1d71936c8bdb8a1bab85649f52da32510082f700e64a9ee61a306f8f65e55e3e5cf84e5c7862e5786639f2c7c6976dfdc0b992d37597ade420c1f9c68a58a9e9fe407ac6293c103469c1d8c22e", 0xaa}], 0x8, &(0x7f0000002580)=[@iv={0x1018, 0x117, 0x2, 0x1000, "dab72cc4bcdd8f0e9fe9ddb067511f0a44e92d0f3002236b852ac10359a5b2f0c31eadc3d42afe6a03e805a59bf515504660b624177b308dc143b2a4d7ddb3dee4afe7451cec947fa5212a30b8a51c17d209a44ce0a2a225ce722830069e74db9530105502ce3a2df7f54e31c639c8e1f6d7aca2f9876b58304bd5a25499d11e2f38500f30e752bc27ee135f34bc7fde68e6af650f3d696ab75b29cfa60627c6123e185669f0a74737e81ca0816c8ecdbf970d083a3c37e82b5061b250e22a16eea276bc356cb5e959e0f7ff2e789fa8da5e610694b243dae39c73383ee567676c1e3b87052b0ef78098da27dad98e47e3c8c6ba17039db36b8e7d6cc641e07f01d597c3b3eb5da9bef4bed6e5f854dda1fd228d3b77b618db71699fd8b4932dc7273b5a7ccd3f2a30e5f1c703b20985fab2144678f62081882394b5cd10fe56a63ea4c4d2762d3c45b2d4931182ada1c56c83edddc1b61f9e5bc8294aa15af135c32d00779c39b5c4151194388114696b81f9af88bf156a3651e6aace6aa667065dc0cd199048640b89433dc25a1f7e5004af55aa86604a2bb2482a2a6f3cfa0b5c57de8565cc18c8d144deab9fb1039c24a8ff0a3a1a6051bde3e203f2b66a862c2e7919bffbfaf69310637df7e6d997e8bc0ac6864bf43ee5b9bbb3c20d8891c39952b724616685a5ca31433654bac9d197db5791e67c7c42873f3acefff3a4d6eafbe3c9d0a126ed8b1a8937d54d0bdd5fb36f384ffdfb982610d667f055c4ec9b09a76be7467ec1cfa8fcd003f0a52a0db3c1b5c006f0c852ef87bc45ddfa925ff9673aefe60be1cd7db40d8bc47fe34ed82e934ef06b6c375476bbd88858f23040ca6dd055097c0b307a6aac9fda62d35d029b08bfe085196a39ea72d7871945ceda872a18523bf781a0e4baedc7bd82d848491d0aa7be2e1b1b7639032d3749cb413f06066b56e200cf46870f04b0a93881288a9b8bf1014b7d1f7a4633ad79aacd45671156a0eeaa1bccd4ad4132cf270084182b45cc3664fc4e161612e7f8ecf2194272e35244ed7732a0766e4028a990208f18c1ae7470376bfd66f8e12800ccfed91d6599e308abc89bbe8bb1df24381ab1fcf2879fdbfcb44ec3ef819994202421a9ddf29854887610cab425f22fbbeb46cae2f1f90e8e63386f0ee1b112decfad409fcbef2dc8150429a6c14c77fc05ee5b74894d93bf958d8c9a17a601c48b3c0de42a421d4ccb997a857b7f6cb78186abc7731be4e40e9874c616bd4f2a41c538a4d24c1c1d436f6c8a9c5fbec4fa08b33be7f1c4929e3a612b6b82544e768663bd7c52409dc817ff70b124278cf85fa461347f2da12a38bdd231b120d5badd4eb19c8639cd9188e6c82d5d026ae2b09e623c4abd14c233db0b0200e8b748e923b58809f9bf1ccd661ac13da37353636e242b7c6e5db32dacd3c61fae0e5c3858ea068d2010e96e998aa0e1333ae65e2bdb497ce7fb623221ebb92bf9e43415a88f02eb1dd3e38de5acab8c601b6b18608e97ae4b1796fea18d4e78a9541c52cb70ac223d44e21d0141a6bc08a4c54b2983270b29fbc809a9ff90bd2f41cca6144900a3d7ca94e2986afaca153a138838a60b3a18843c215d66208427d89ec7046c961b18b5e7fe3e9ed3c97e04ea48b600f7c1d4d962216afeea95c6f8b4e014940864a6d21d63ba447a44b1e89d66f2cff4d0c8fb755170f1a0f1ef945d4e68206d64fa984dc91220a58eb3bcdd79bed4ca07c0243f6910ff0dfc378994fb02da59bdeba1cfaffa998dda4832d45391e2e4a3246ff820fa9d648d7ee27a59cfc4072b4cb5e5c3315d7cfea1d699f8c44aeb510a3f8a30a246044baf79a2f8b5cbc9f398b3d0107354bae02b7efc605a74c567e86ce9f9a0cca4987f795eddfcb3d385257db70d6de2b6f808c9e435137ae51d5aa8414916e369a788067ee3b1c36630b7f29687945bdfb4f54af3c8999ce9dba08b1857d11a038feb3a5cbd662a3e5fc28e9407d68358503f121e69aaf566a4aa7bee570d1f4fe6a84db12be781ef248aeadd8bc82b4b6292cbe60f559de19c243b5faafed1eb7b083c24aa4b1c11111d9495f0d6eb710da8711b0815dc3c52490830c18f28def4b9f581151e9021e6240394abf4ad5ecbc032924736e9cc1e4f89dc30da661ce128bfb938100e342441ed87f890abc18c1a77411ebb044335cc77eda295630e9dd35bb4e8a960d0251e9cc871f8d0a307b59229415bf11686075ae6ac1b7654a39774672016e27ebf2605394f14610a480cd2ddcc02272f41e3d9ab64e03302640665023c1f1a07052d4317dad3b7c59de26f65a9befa3f4d2b1a24b8724d86d9992a5f9c589c8806ae8319fe047da764aa5653bc4cfdd88976598d369424fb01a55c64e9d95618a3e88c99f098b4dc588a6d99dbae0f8d191f52f3868b58e87ba45f72fb585541b967b81df814f99c00b61cc55d5056562a9659b6f356f76f98e547381f75acf7540731076f5f63f25cf9a33d38151551f5c08725feaadf4225c47413a6dc3f4e72f06ded967554abcdcac626ab0705defd20b73ff7e9319db12177c5aa3f28693dcd1a40ffc33bf1c259b0d572bd7367904a5d05d97006ccdb914a8d2c1bb4ae0128d709e145a8509dd56cc7f902fa86a32e1e2534ec78ee882a862cac9109527cf6c89cdcc15c32a33aa05dc6860b6b1245b874b921d802741684671a7588edd700fc2a980c2d2eb157958aba101e037073977db9cba91526dd08344f701f82fe072e66fb184b1c04cb89927864be74724b29d5afd4015b655e08514a9f143f440bb6d988e16b0ddec698280c974231e1447f10ef131888873b12da2b878eb619b92b608c76ae47afab03b0e315db50a1d0f688158faf499aaaabce25b90439dce09d13ee2af641d5f1aa846843bddb73ad5017ec6760d0b30aef7071c81917fb92b6a715e25b3e46223c7fda867c7ab246fedbd028a130aab7dbc6f302de5a8c94de09fa86cfd18c0d2392c316e7d3fd8b0407e4476289795c8ea4d807371fc791b616b6e0ae0408ff6ca5e7b1d53e1ff3e46b3240d0f905feee89062756318aae0e296c8ac5dfb80640c5c20b8b0ef532e7a8450e61d1c626bfb5a09c8fdd2976ace6911bd5f122f9bad53676a06165d7b293472e1aaf2369cdc5b2926cc3a1b66204a966999f3dd4c4b21045df616b5e2f6f4cd66845a608263480a82048df655e7e146cba7c33de8ecf262960182d734761f5b172b0ec0c10ec8a3a2d7f392e69e620c96b07d40844877c35461d592ed3249f461272e63464a6ddbe8476422bcb482ce5046186d0cf4cc1c81e43ad5548a9fd0c52f4238d5b5bf5867ed082e44e6d3b341afe2a4ef513db0954d41a13baddb4d9c9f5950121c96e03645ac46b799a7d39f32f543f823aacdde634407ed0ad00e77d5f257fc516e50f1a130c3934e42e6d319253b6d460467a8ee77be8b4e79a7256a17003936ce177ba8d36cd3cc8eeed5efea733edb9b89b23320c489be1d30a095d1ca825676640c91c582e748f55a361beeac4c6944cbefe7e095a2a1c2682680db6c13cde279833b7626788c87c7a051a9c3c92e0459fac90bc77e21849be82e05a3c12dd3f46ac5e1f5cda427a41ce767b769f895149aea0ca630418ba2224d165dc5a8f2691748b2910085c060b54f0387e5d703e1fef66bbc23cba5b456e8b9c99abfbd3507e38fdd9b6d420ac5402a0263e3e70d1d71fa0786c63fdea7db5a8d51d1bcde04330b4b827a807aa1b9ee64086890d2cdfd70714826502dd0aa63943b0f402c5f5e2c7f625e5905c25c38162ffa09c618acc590a15050ccf9edc4a2e7cc86325d41b7b59f1af6e6944e3ae94955782c94bb8183ad520105077d85b36d7c6c0efbbeac3c25f51c1810f115d884e0c183b7fe8103c99a6cf259d67bdd94dcdbba3ef892d178497a6eb612114f687feeab3a629e94910cdd6dd4ccb405cf1337dd47cd506695d74331eafa4d915114954dfa71136d1ef217095f0f1e0493b511bbd0d50562d67ae7e53c261a52a8f6ad505f3dfe9587f55336e50fbf95eb2dd195e68cfcb1a40512615c2a1692b68d1243368acab443bac85925c410fb013c9789e50104e0a5e8d2d68f151beed5c9a5014fe9d5f88ddc6ee1a1c01d34be6634891a32203d25caf4b063f9177098f71bc2109a2370f9f23f2e2504851ddbdf5271b310cb0a877513927cdc82b404158d1b8f9ef2f3537a588375edae5d05d045be7230f2391d5525a0380cb17dd7084a3a624fb69946f60383ee13591229f331b334f8b224420c81401b8f11d913a93484a8a6b71e2fe1e0afd8cd224a8626976a440ddf62512febb35dcf3fe2e15a9cfa006891da24a317f3c7bcb4dfe7d78891dfb0040aa6044c5d253dbb6a7dd880f1a3b16aa81498e30e7617823e108b70208bc56477121fbd03889ed378b3ff77cc5ef2446ae328a0fa8f61ddd7c08a818d09287088586b5ed5309d8b7ae396412263e1a73522219b0513a572e187c832cc59f27ad68e5e3d1430a557f30bc248238f75ee5408cb8f4b992dc2a220462c13a59067ceee4bfcf46e5f06f8f1b2ec6fe3bd2841d0b743bb6dd769e495b0f3915e9aea856dd3e50a3d6451a6b596a303abe2b23a5f7d73064aab90ec7d1724a9889ebf18f7affbc5e02639791c23c94a6ffa89637492d97b3de031f9a599db81d6505c562916c884fe03b66baffe432c15c5818cb46224f320e3729d6f4d6998a8bca4b7cf40cb28f4ed9539b0b96b409060c3cd9512f6a633910b40374992bffa3692d2f19f0799209756eabe0f36aa931a6a0573ff8d91d03c94929bfbccbf99bf58da42365a8be4cd032efc55d87c0e2c858f7a7f74bde45e921f3ff55211f779447db00a16c72b3df81be8251891fa488802dbe1852213e03b3320ed683ea07c3782691b3cdb75bfc0793f4299629e6054bb79a6a522b88f4a1825994cc160f89dce3ab39dd2d089b63fae4ac2337b24936851dcc586ca5aa9001cea2fcd35dc2fe7f5542dd6ff521c39d398e94533bc0fa90b26ce20da753405586ea57c6b2b0510e888255657b094361f32b56b20c943bfc0819a4e729c60bc4be5acb56d07feaed1ea126cffe2515995a987dbd85f45ebbdd2d4a93c4e0fcf2ce27c9039528505da16631235456a2ee97bce3b56b144b2b4e23ed06652d1ed1155797aa8628ccb256fa2eb51002f75fd28e5cd282b898d8d5a2a2248a99cfb0684f7a83c02273b93c6cc99eb9fb90ff7b0f705d35221691693189ceebd7c18a75845a4675ecfaa1298f50db0f768ff22a8b9b720f4e71aab0a15bc4d43878103b0dfa28b1ee8bd16d87bd5b033fa2dbe76bbb0b3183dcfffc5c8b188536b3e07e1071c25f60b11b69ef1063c124da4d2651daf43242028b3749fc6f4b1f44c700fac8ed5ab8aede5082b3c7fd16e35c834ce8929936ce5c83c43932dc19539f702c413f60b4eb193a58bd7a2c4431652fee958a81f325e1c54e05d0890cede70ca43006a87684d8bb998b4df75c71bf2e63cdc9ac2b609a8b39190f2673f1fc8c4fda49bb3077dc98d772ce42cce81db54719f4039ff413d5a62d3ced3ad8eb356b18e79cce358ce48832f0fdde35da461d59818ffcfcc4e9a7cf02af6dff0598a60f13c662512f81e3c392445a83a27ddf2d8cec15443a9a02ac54a5589f4faef68537679df294105860a89406283e6dc2cddcf10ae632c9b86603452532a230098a32a0795fdda069cf3ff707f43532082f164be08e7034bb114e"}, @assoc={0x18, 0x117, 0x4, 0x7f}, @assoc={0x18, 0x117, 0x4, 0x58b1}, @op={0x18}, @iv={0xb8, 0x117, 0x2, 0x9f, "993cf05063f81b75197a9661f241cd4014374b9464f488973a08e593c56224bd4600082cc2f24d80737a24a2befbf24caa2675a1f86cc7a30736459da632a037b1f7a986297f7afd3ae91ce09f95186ad5e528e202e6def72d80f63cbe9c944e90a678819ee974ee8c12b4fb762b6203d43284b3289edcfb8a13b92f1cf6d1f9d103010f21eeaae05a9e2b1aca2359515c96c27c5c7a28128ea0526eea28bf"}, @assoc={0x18, 0x117, 0x4, 0x7fff}, @op={0x18}, @assoc={0x18, 0x117, 0x4, 0x1}], 0x1160, 0x8000010}], 0x6, 0x4000) 21:30:26 executing program 0 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:26 executing program 3: r0 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_stats\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x111, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000240)={0x9, 0x108, 0xfa00, {r1, 0xb5, "d69e7d", "06ffb17a5e7a81a8ab5b957bf87515d62179787881219347bd57c4543ab3a3f7f5f68787ff0a6c51e320f435500babc421120a1a3714aa213e8e5324758258b8f865a449849335449218c2b5485abdae55137baf6c0945116921629bc91068d9b3b7ebe0c6b4c0950e0c20dd9ad05160bacc00384feae1d7b4b9d11460d445ac457c135342b90066ced9cd1a0a7ae5d74529f1974b4de8e69cc618aaa0ee2677c53c2cf4a880e1e0130a8e53a8cc9d416104a5f72f88eeddf7f265d6258c595069a37ac9773efdaee669d58afc29acca6e95068dffdabd54c1b42d22a6e58cacd1bc7c159a5c1049e8193bba46801bbaacda3d7864461777f9f583e823be6671"}}, 0x110) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:26 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = socket$caif_seqpacket(0x25, 0x5, 0x5) socket$bt_bnep(0x1f, 0x3, 0x4) getsockopt$sock_int(r1, 0x1, 0x2f, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/d\xe6\x88\x14b\xaa\x00\x00\x01\x00', 0x0, 0x10c601) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)={&(0x7f0000000080)='./file0\x00'}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 305.574775] FAULT_INJECTION: forcing a failure. [ 305.574775] name failslab, interval 1, probability 0, space 0, times 0 21:30:26 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x109100) ioctl$KVM_PPC_GET_SMMU_INFO(r0, 0x8250aea6, &(0x7f00000000c0)=""/165) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 305.648554] CPU: 1 PID: 16635 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 305.655630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.665124] Call Trace: [ 305.667858] dump_stack+0x138/0x197 [ 305.671555] should_fail.cold+0x10f/0x159 [ 305.675833] should_failslab+0xdb/0x130 [ 305.679843] __kmalloc_track_caller+0x2ec/0x790 [ 305.684530] ? unwind_get_return_address+0x61/0xa0 [ 305.689505] ? __save_stack_trace+0x7b/0xd0 [ 305.693844] ? btrfs_parse_early_options+0xa3/0x310 [ 305.698913] kstrdup+0x3a/0x70 [ 305.702130] btrfs_parse_early_options+0xa3/0x310 [ 305.706994] ? btrfs_freeze+0xc0/0xc0 [ 305.710813] ? find_next_bit+0x28/0x30 [ 305.714719] ? pcpu_alloc+0xcf0/0x1050 [ 305.718796] ? find_held_lock+0x35/0x130 [ 305.722879] ? pcpu_alloc+0xcf0/0x1050 [ 305.726800] btrfs_mount+0x11d/0x2b28 [ 305.730623] ? lock_downgrade+0x740/0x740 [ 305.734788] ? find_held_lock+0x35/0x130 [ 305.738899] ? pcpu_alloc+0x3af/0x1050 [ 305.742810] ? _find_next_bit+0xee/0x120 [ 305.746915] ? check_preemption_disabled+0x3c/0x250 [ 305.751960] ? btrfs_remount+0x11f0/0x11f0 [ 305.756226] ? rcu_read_lock_sched_held+0x110/0x130 [ 305.761279] ? __lockdep_init_map+0x10c/0x570 [ 305.765886] ? __lockdep_init_map+0x10c/0x570 [ 305.770408] mount_fs+0x97/0x2a1 [ 305.773803] vfs_kern_mount.part.0+0x5e/0x3d0 [ 305.778320] do_mount+0x417/0x27d0 [ 305.781926] ? copy_mount_string+0x40/0x40 [ 305.786180] ? copy_mount_options+0x151/0x2f0 [ 305.790701] ? __sanitizer_cov_trace_pc+0x4a/0x60 [ 305.795593] ? copy_mount_options+0x1fe/0x2f0 [ 305.800150] SyS_mount+0xab/0x120 [ 305.803621] ? copy_mnt_ns+0x8c0/0x8c0 [ 305.807547] do_syscall_64+0x1e8/0x640 [ 305.812066] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 305.816930] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 305.822132] RIP: 0033:0x45c94a [ 305.825355] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 305.833085] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 305.840567] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 305.847890] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 305.855442] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 305.862903] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:26 executing program 0 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:26 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r3, 0x84, 0x4, &(0x7f0000000000), &(0x7f0000000100)=0x1d6e84990543c34e) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 305.974546] FAULT_INJECTION: forcing a failure. [ 305.974546] name failslab, interval 1, probability 0, space 0, times 0 [ 305.998858] CPU: 0 PID: 16658 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 306.005936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.017333] Call Trace: [ 306.019952] dump_stack+0x138/0x197 21:30:26 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) setpriority(0x0, r0, 0x9) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x406, r1) write$selinux_user(r2, &(0x7f0000000000)={'system_u:object_r:update_modules_exec_t:s0', 0x20, 'user_u\x00'}, 0x32) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000080)={{0x6}, 0x0, 0x0, 0x0, {0x0, 0x4}}) [ 306.023626] should_fail.cold+0x10f/0x159 [ 306.027803] should_failslab+0xdb/0x130 [ 306.031803] __kmalloc+0x2f0/0x7a0 [ 306.035375] ? find_held_lock+0x35/0x130 [ 306.039467] ? pcpu_alloc+0xcf0/0x1050 [ 306.043381] ? btrfs_mount+0x19a/0x2b28 [ 306.047392] btrfs_mount+0x19a/0x2b28 [ 306.051221] ? lock_downgrade+0x740/0x740 [ 306.055411] ? find_held_lock+0x35/0x130 [ 306.059493] ? pcpu_alloc+0x3af/0x1050 [ 306.063411] ? btrfs_remount+0x11f0/0x11f0 [ 306.067679] ? rcu_read_lock_sched_held+0x110/0x130 [ 306.072719] ? __lockdep_init_map+0x10c/0x570 [ 306.077244] ? __lockdep_init_map+0x10c/0x570 [ 306.081763] mount_fs+0x97/0x2a1 [ 306.085157] vfs_kern_mount.part.0+0x5e/0x3d0 [ 306.089680] do_mount+0x417/0x27d0 [ 306.093245] ? copy_mount_options+0x5c/0x2f0 [ 306.097676] ? rcu_read_lock_sched_held+0x110/0x130 [ 306.102739] ? copy_mount_string+0x40/0x40 [ 306.106994] ? copy_mount_options+0x1fe/0x2f0 [ 306.111595] SyS_mount+0xab/0x120 [ 306.115064] ? copy_mnt_ns+0x8c0/0x8c0 [ 306.118979] do_syscall_64+0x1e8/0x640 [ 306.122907] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 306.127777] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 306.132988] RIP: 0033:0x45c94a [ 306.136187] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 306.144202] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 306.151495] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 306.158804] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 306.166113] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 306.173509] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:26 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x50f100) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200800, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:27 executing program 0 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 306.292404] FAULT_INJECTION: forcing a failure. [ 306.292404] name failslab, interval 1, probability 0, space 0, times 0 [ 306.327681] CPU: 0 PID: 16672 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 306.334900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.344297] Call Trace: [ 306.346909] dump_stack+0x138/0x197 [ 306.350566] should_fail.cold+0x10f/0x159 [ 306.354773] should_failslab+0xdb/0x130 [ 306.358892] __kmalloc_track_caller+0x2ec/0x790 [ 306.363585] ? unwind_get_return_address+0x61/0xa0 [ 306.368542] ? __save_stack_trace+0x7b/0xd0 [ 306.372881] ? btrfs_parse_early_options+0xa3/0x310 [ 306.377926] kstrdup+0x3a/0x70 [ 306.381135] btrfs_parse_early_options+0xa3/0x310 [ 306.386036] ? save_trace+0x290/0x290 [ 306.390109] ? btrfs_freeze+0xc0/0xc0 [ 306.393915] ? find_next_bit+0x28/0x30 [ 306.397829] ? pcpu_alloc+0xcf0/0x1050 [ 306.401735] ? find_held_lock+0x35/0x130 [ 306.405838] ? pcpu_alloc+0xcf0/0x1050 [ 306.409756] btrfs_mount+0x11d/0x2b28 [ 306.413577] ? lock_downgrade+0x740/0x740 [ 306.417751] ? find_held_lock+0x35/0x130 [ 306.421827] ? pcpu_alloc+0x3af/0x1050 [ 306.425733] ? _find_next_bit+0xee/0x120 [ 306.429814] ? check_preemption_disabled+0x3c/0x250 [ 306.434852] ? btrfs_remount+0x11f0/0x11f0 [ 306.439124] ? rcu_read_lock_sched_held+0x110/0x130 [ 306.444195] ? __lockdep_init_map+0x10c/0x570 [ 306.448722] ? __lockdep_init_map+0x10c/0x570 [ 306.453252] mount_fs+0x97/0x2a1 [ 306.456655] vfs_kern_mount.part.0+0x5e/0x3d0 [ 306.461176] ? find_held_lock+0x35/0x130 [ 306.465267] vfs_kern_mount+0x40/0x60 [ 306.469105] btrfs_mount+0x3ce/0x2b28 [ 306.473035] ? lock_downgrade+0x740/0x740 [ 306.477212] ? find_held_lock+0x35/0x130 [ 306.481400] ? pcpu_alloc+0x3af/0x1050 [ 306.485314] ? btrfs_remount+0x11f0/0x11f0 [ 306.489605] ? rcu_read_lock_sched_held+0x110/0x130 [ 306.494647] ? __lockdep_init_map+0x10c/0x570 [ 306.499130] ? __lockdep_init_map+0x10c/0x570 [ 306.503641] mount_fs+0x97/0x2a1 [ 306.507006] vfs_kern_mount.part.0+0x5e/0x3d0 [ 306.511540] do_mount+0x417/0x27d0 [ 306.515083] ? copy_mount_string+0x40/0x40 [ 306.519524] ? copy_mount_options+0x18f/0x2f0 [ 306.524015] ? __sanitizer_cov_trace_pc+0x2d/0x60 [ 306.528848] ? copy_mount_options+0x1fe/0x2f0 [ 306.533335] SyS_mount+0xab/0x120 [ 306.536771] ? copy_mnt_ns+0x8c0/0x8c0 [ 306.540641] do_syscall_64+0x1e8/0x640 [ 306.544512] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 306.549384] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 306.554561] RIP: 0033:0x45c94a [ 306.557740] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 306.565704] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 306.573212] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 306.580737] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 21:30:27 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r5}}, 0x2de) r6 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r6, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r7 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r7, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r8 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[@ANYRES64=r1, @ANYPTR64=&(0x7f0000000900)=ANY=[@ANYRES32=r8, @ANYRESOCT=r4, @ANYRESHEX=r0, @ANYRES64=r7, @ANYBLOB="523ddb0bc1db8848a70fd6521a75b1973994f4141fba2fd99a8f8f04bbda4bafb4515ec751fbeda971980255c027b695b19bacfc4d38277fbc5eea0be6baf9eebdcf2956eaa7ae45e7fb8bfbbd11", @ANYBLOB="1c6e6874c5f221dd6ed748fffdbe2f9456af3744d23c3395a0a1e3b2ae4fa13fd6f567881bd1c827752b2758dab54621dedebde7ad95651f915b0a04f3982731e21dd69c5009d7ffc67c648debd2f636292ebc531fae50f1c500004c3f5c0b886338ef8d5189f169cb7137593693c145229842e9a819d4c301faadcb38c055f204f02f52e06b05a146d184c2061346551c27d63ca4946f7690822d0cede640be4f263158ddbdb4a315ef80b1cc83c92b5932e2f364ecceaaeb6067f69ad396b8658072d1e8b12b09719da5090ef74aa0631f950c68efb94a3a25466f5aa322005d40eac9571232ec860fbd433fe967db4b504ee737deb3f0c992b5fc41a57630f60c251c9e05a3395e666d985a6f21855001a6151de1c59b4aea0d636f94977cc98c92af3b5db52e835d1f180a691a27e370379be44666528ceb03a7bfc3baaf6afdc4", @ANYRES64, @ANYRESHEX=r7], @ANYRESDEC=r4, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES64]], 0x337) r10 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r10, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x2c1) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:27 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x28a800, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snapshot\x00', 0x0, 0x0) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f00000003c0)={0x0, 0x7}, &(0x7f0000000400)=0x8) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000380)={r5, 0x6}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000100)={r6, 0x8d, "45b41b42e5a5688f4248cb09f352167bede4541366b39334d5031d2f7e0bb41d787c8b1bca28489f32e64d30cc9c7f4054c370c0162f3d8f7bdbe8a98bb265f1505f787003ce847e71331b3a574486f4b0a5a1e12922a3b6bf00b23b2092de0b4716a09f409c7864912b221c11f259053fc2e86fa954effe405a4452c6e73624ee77b4269226620e2a1902578d"}, &(0x7f00000001c0)=0x95) ioctl$TIOCCONS(r1, 0x541d) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) syz_open_dev$usbfs(&(0x7f0000000440)='/dev/bus/usb/00#/00#\x00', 0xed8e, 0x4c00) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={r7, 0x4}, &(0x7f0000000240)=0x8) 21:30:27 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0x8000, 0x0) ioctl$TIOCGISO7816(r4, 0x80285442, &(0x7f0000000380)) fsetxattr$security_smack_entry(r3, &(0x7f0000000140)='security.SMACK64IPIN\x00', &(0x7f0000000180)='/dev/snd/pcmC#D#c\x00', 0x12, 0x1) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r6, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) open(&(0x7f0000000100)='./file0\x00', 0x18041, 0x22) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) lsetxattr$trusted_overlay_opaque(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='trusted.overlay.opaque\x00', &(0x7f0000000300)='y\x00', 0x2, 0x1) sendmsg$netlink(r7, &(0x7f0000002a40)={0x0, 0x0, 0x0, 0x0, &(0x7f00000029c0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r8}}}], 0x20}, 0x0) fchown(r2, r6, r8) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r9, 0x407, 0x0) write(r9, &(0x7f0000000340), 0x41395527) ioctl$UI_DEV_DESTROY(r9, 0x5502) 21:30:27 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = shmget(0x0, 0x4000, 0x4, &(0x7f0000ffb000/0x4000)=nil) shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000140)=""/177) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(0xffffffffffffffff, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r1 = syz_open_procfs(0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fdinfo/3\x00\xc9\xc9\xec\x80\xe3\xd7\x19)aF>\x11\x9ed\xa4IWj\xd4$,\x86\xf9\xa0r\x02A>\xb4p\xb0\xbe\xcf0\xb6\xaa\xc1\x00\x02\x9e\x9b\".O=\xf3\x86r\xffp\xcf\x93Z\xf5\xfe{\xd9L\x92\xc3\x1a\xafx\xd1s\xe4$\xf1\xd7\xc4V\x05\xb4\x8d\x86~\xed\xa1\x84W\x1d\t\x00\x00\x00\t\xb1]\x01\xf6\xfe\x0eP\xcex\xc6h\x16\x81\xb1\rO\f\xb0\xdd\x92b\x00\xacAp4\x93\xf02\xba\xe7\xed\xaeG\x1dL\xd8\x91/\xc5L\xc57\x94\xb4\xf6;\xb6\"b\xc0\xcf\xf6\xf6\x1a\xbe\f^gZ\va\x82\xf78\x8c\xa0=Q\x9cm\x0f\xf5\xdf\x9b\x1c7\r\xeb\x15\xc9\xd8/,\x0e\x11\xa6e2o\xe4^\x83\a\x9aLm)\xae\x10\xeb\xad\xed\x8d46\xa2]\xad\xf5\xf2L\xfae%\xc3[q\x11\xab\x1d\xa1\xda!M/\xa1\xd6\xc1\x84=\xef\xe6\x0f\xb9?\x93V\xb9\xe0V\xf1\x91\xdc\xc8,n\xfd\xcd\x93\xb6/\xd9K\x04\x99\nV\xb7\x02\xd5\x02\x84,\x817\xae\xb3\xf2!\x9a\xc41\x1a\x83\x82\xbf/\xd9O\x99\xec\xd3\x87M0\xf0\x19\x8b\xe8t\x82\xf6\b^\xf0\xb2SP\x18B\xb8\x98\x99\xec\x8e\xe1') preadv(r2, 0x0, 0x0, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000180)={0xffffffffffffffff}, 0x1, 0xffffffffffffffff, 0x1c, 0x0, @in={0x2, 0x4e24, @empty}}}, 0xa0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000300)={0x11, 0x10, 0xfa00, {&(0x7f0000000140), r3}}, 0x18) write$RDMA_USER_CM_CMD_LEAVE_MCAST(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x10, 0xfa00, {&(0x7f0000000000), r3}}, 0x18) [ 306.588254] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 306.596071] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:27 executing program 0 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:27 executing program 5: prctl$PR_GET_SECCOMP(0x15) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000280)={0x0, 0xfb, 0xfd, 0x0, 0x9, "0d1ee99e2f5b0000005813990524a52c", "77090aa2e4f8429962d972fb57157199e761ea1367ecaf7cfa2e888152f2fa25674e685770917907682c03f27c553d07f7fd6effa59c64ae83bd09f718c23f5472824b560862f5ca551800ad68a86fba90b9f505112a3fbe07a4a438b61ce6fca8ee80d9c8b6d414b341a74fd7ad8d9f22b1b117716970a214ef73195954e99af7995e84498644087c32ce8dd93b43636c03306771a870b086e0874c2eb27a38d36c084e8890c7dcaf5ce430c1c304cdad813b78ef0ce0df197768d6e69e405f0afc62cfdf4685973daccf3ff92f51f18e527a4fab39c5cf2e4727beea6974d8b0fd1d1aee0e100f"}, 0x1fc, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:27 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00K\xf4', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x800, 0xc2) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x7, 0xfe}, 0x0, 0x80000001, 0x6, {0x0, 0xfa}, 0x0, 0x2}) write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000000)={0x20, 0x0, 0x7, {0x39, 0x4, 0x5, 0x8000}}, 0x20) 21:30:27 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x1004a, 0x6) [ 306.740975] FAULT_INJECTION: forcing a failure. [ 306.740975] name failslab, interval 1, probability 0, space 0, times 0 [ 306.752619] CPU: 0 PID: 16701 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 306.759675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.769049] Call Trace: [ 306.771659] dump_stack+0x138/0x197 [ 306.775324] should_fail.cold+0x10f/0x159 [ 306.779499] should_failslab+0xdb/0x130 [ 306.783510] __kmalloc_track_caller+0x2ec/0x790 [ 306.788389] ? kstrdup_const+0x48/0x60 [ 306.792298] kstrdup+0x3a/0x70 [ 306.795503] kstrdup_const+0x48/0x60 [ 306.799231] alloc_vfsmnt+0xe5/0x7d0 [ 306.802961] vfs_kern_mount.part.0+0x2a/0x3d0 [ 306.807457] ? find_held_lock+0x35/0x130 [ 306.807472] vfs_kern_mount+0x40/0x60 [ 306.807487] btrfs_mount+0x3ce/0x2b28 [ 306.820232] ? lock_downgrade+0x740/0x740 [ 306.824400] ? find_held_lock+0x35/0x130 [ 306.828481] ? pcpu_alloc+0x3af/0x1050 [ 306.832399] ? btrfs_remount+0x11f0/0x11f0 [ 306.836673] ? rcu_read_lock_sched_held+0x110/0x130 [ 306.836694] ? __lockdep_init_map+0x10c/0x570 [ 306.836705] ? __lockdep_init_map+0x10c/0x570 [ 306.836722] mount_fs+0x97/0x2a1 [ 306.836738] vfs_kern_mount.part.0+0x5e/0x3d0 [ 306.836749] do_mount+0x417/0x27d0 [ 306.836761] ? retint_kernel+0x2d/0x2d [ 306.866075] ? copy_mount_string+0x40/0x40 [ 306.870326] ? copy_mount_options+0x1a0/0x2f0 [ 306.874845] ? copy_mount_options+0x1fe/0x2f0 [ 306.879368] SyS_mount+0xab/0x120 [ 306.882835] ? copy_mnt_ns+0x8c0/0x8c0 [ 306.886737] do_syscall_64+0x1e8/0x640 21:30:27 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$can_raw(0x1d, 0x3, 0x1) bind(r3, &(0x7f0000000000)=@nfc={0x27, 0x0, 0x1, 0x1}, 0x80) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:27 executing program 1: lsetxattr$security_evm(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.evm\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="021a43885eda4dbcdeac84c675a087331455f633bff564d148f395fe430da4abd986cff447a12765a1bdf9b4bee49e9e7653f24e932d6dfd2bafcbfec7ad5e87bbc3f016d3ed1ce78fe2d014b9718db8610588f5be5047be3647cb7b619176db696d46cb7cf83725c6713f60d5c706255712fbc89cb1f7d7be3a9e787c2630db24c4b87c5638ade1999e48d4a1329c0477047190207b4ac32f6a16a927463a6fd47a5f225356779b4eca4005cc6bab2f9ad88e7bd613ab53f801e0a53b2443ad55e66b059b9f29b2a2fe65fc8829f38bdca527b5a4fb698c24f95a0a26c615f4a92e575523f1a0f79ba90ba50e9f68ffd6e179dd9372a38ef9b9cf71e1463f0f300f068fb873b2a4d4255d29d404"], 0xf, 0x2) r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 306.890636] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 306.895501] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 306.900702] RIP: 0033:0x45c94a [ 306.903900] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 306.911630] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 306.918912] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 306.926201] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 306.926207] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 21:30:27 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000040), 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f0000000000)={0x7}, 0x1) 21:30:27 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) ptrace$getregset(0x4204, r0, 0x202, &(0x7f0000000040)={&(0x7f0000000280)=""/244, 0xf4}) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) ioctl$sock_inet_tcp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000000)) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 306.926213] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:27 executing program 0 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:27 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='\x00\x00\x00\x00\x00 ', &(0x7f00000000c0)='./file0\x00', 0x0, 0x5, &(0x7f0000000380)=[{&(0x7f0000000000)="a7242b8ff909946fd0bf87d9e8", 0xd, 0xffffffffffffffff}, {&(0x7f0000000140)="fad2ca15b465991ef3ef41694406b7cf0f9e28f7f2229c1ef233de13f2ccd5c8738d179339bbd42dd281e36f8705616109a6dbe48b5a8ec91eae7751f788047b4c1b1bab1e445c3f9ccb7752c3224a6a1041365882def4f7ab3a8d962dd31c2119ac4887b7a04a1c88757f1fd83bdefeee148d0b463a49f9edea2ebe1afc630a3ead620ab9f454f0b4262138d6a5a505b87958cdfc2a672f2157738bf77af03e977ba2662632f44cff423830cebdf2ee07564a7104f8801bf3124b12422fa9e8ef84", 0xc2, 0x354}, {&(0x7f0000000240)="6a7ba033150028ca345277b6d77eda55c58eb0e0acff8017667eeb7b8826c9d25619980cd26c178b407507bb6c6b6233465c23b1d6417e2a8a2572b9009d42855cb8de", 0x43, 0x4}, {&(0x7f00000002c0)="b814faae20d8bd16b54da939e98c0514cf81a940de3260de4da57f75ae13048d5ea9ac62749927857f9cfa4f7c732bb5d2b6df495dc9afd32c4426914f99339390babb613cb58b7286288e9333b82ca3116891933e54f21c98c20b21a761ca0f4a3205b04856e056de51b2a3736660c45370911fa788f91c23ab81197c0c2e42f8438c300439eaaeae3c05", 0x8b, 0x8}, {&(0x7f0000000040)="28569f20275f710893528a27969167535a36ef31d9e5e8bde279e87b1f0c5145e3554956a6", 0x25}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:27 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0xc8bcaee680caa036) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = dup3(r3, r4, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e24, 0x4, @rand_addr="3928af871dbe17b3444122a8fa6c81d7", 0xfffffff4}], 0x1c) sendto$inet(r5, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r4, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x7a, &(0x7f000059aff8)={r6}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000100)=@assoc_value={r6, 0xfff}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000180)={r7, 0x2c4}, 0x8) getsockopt$inet6_buf(r2, 0x29, 0x2c, &(0x7f0000000000)=""/116, &(0x7f00000000c0)=0x74) r8 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 307.067623] FAULT_INJECTION: forcing a failure. [ 307.067623] name failslab, interval 1, probability 0, space 0, times 0 [ 307.106979] CPU: 0 PID: 16739 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 307.114055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.123421] Call Trace: [ 307.126025] dump_stack+0x138/0x197 [ 307.129681] should_fail.cold+0x10f/0x159 [ 307.133886] should_failslab+0xdb/0x130 [ 307.137883] __kmalloc+0x2f0/0x7a0 [ 307.141440] ? match_token+0x22b/0x480 [ 307.145356] ? match_strdup+0x5f/0xa0 [ 307.149188] match_strdup+0x5f/0xa0 [ 307.152862] btrfs_parse_early_options+0x241/0x310 [ 307.157830] ? btrfs_freeze+0xc0/0xc0 [ 307.161641] ? find_next_bit+0x28/0x30 [ 307.165546] ? pcpu_alloc+0xcf0/0x1050 [ 307.169447] ? pcpu_alloc+0xcf0/0x1050 [ 307.173365] btrfs_mount+0x11d/0x2b28 [ 307.177180] ? lock_downgrade+0x740/0x740 [ 307.181373] ? find_held_lock+0x35/0x130 [ 307.185445] ? pcpu_alloc+0x3af/0x1050 [ 307.189350] ? _find_next_bit+0xee/0x120 [ 307.193427] ? check_preemption_disabled+0x3c/0x250 [ 307.198452] ? btrfs_remount+0x11f0/0x11f0 [ 307.202690] ? rcu_read_lock_sched_held+0x110/0x130 [ 307.207709] ? __lockdep_init_map+0x10c/0x570 [ 307.212202] ? __lockdep_init_map+0x10c/0x570 [ 307.216707] mount_fs+0x97/0x2a1 [ 307.220066] vfs_kern_mount.part.0+0x5e/0x3d0 [ 307.224551] ? find_held_lock+0x35/0x130 [ 307.228621] vfs_kern_mount+0x40/0x60 [ 307.232693] btrfs_mount+0x3ce/0x2b28 [ 307.236837] ? lock_downgrade+0x740/0x740 [ 307.241000] ? find_held_lock+0x35/0x130 [ 307.245102] ? pcpu_alloc+0x3af/0x1050 [ 307.249188] ? btrfs_remount+0x11f0/0x11f0 [ 307.253500] ? rcu_read_lock_sched_held+0x110/0x130 [ 307.258521] ? __lockdep_init_map+0x10c/0x570 [ 307.263029] ? __lockdep_init_map+0x10c/0x570 [ 307.267543] mount_fs+0x97/0x2a1 [ 307.270917] vfs_kern_mount.part.0+0x5e/0x3d0 [ 307.275411] do_mount+0x417/0x27d0 [ 307.278944] ? retint_kernel+0x2d/0x2d [ 307.282854] ? copy_mount_string+0x40/0x40 [ 307.287088] ? copy_mount_options+0x162/0x2f0 [ 307.291587] ? copy_mount_options+0x1fe/0x2f0 [ 307.296124] SyS_mount+0xab/0x120 [ 307.299583] ? copy_mnt_ns+0x8c0/0x8c0 [ 307.303468] do_syscall_64+0x1e8/0x640 [ 307.307369] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 307.312205] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 307.317393] RIP: 0033:0x45c94a [ 307.320569] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 307.328287] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 307.335552] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 307.342937] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 307.350332] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 307.357975] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:28 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) ioctl(0xffffffffffffffff, 0xc1004110, &(0x7f0000000000)="ca92b7b563763ec5a57350da06bd0e5b23") 21:30:28 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002a00)='/dev/ashmem\x00', 0x90002, 0x0) syz_mount_image$bfs(&(0x7f0000002a40)='bfs\x00', &(0x7f0000000200)='./file0\x00', 0x8001, 0xaaaaaaaaaaaab09, &(0x7f0000002800)=[{&(0x7f0000000240)="7bded8dd12326d86c70ee057fa859440b1f10c7773b29195e9ac25f5464aeddbb333ee65c032d8a4fcab6dd8ba0a99c5b67e8931691f3bfb059df35dd3c3c74598952717f0a704ffccb184aafdca80bb424296c7b68a25dac8c2049b70a63020c8e40c4f23b4e1", 0x67, 0xf308}, {&(0x7f0000000580)="e8f88d87fec1ee8e721f09719f11fd986fc69dc49a508b81950f0483c85b3519be7d3b1f9db6d3a1505fb5edcdf444808bb4dbda41c8e1aeefc9da55c76db7e3d6d16f852fb569053e2f121463530a7cb81c515bca8683b2368cfbaa4a15811f2101ccfa130ccfc437d354b940fa0efb0b05a7cc1046202c9c0a4b24153dd985e34712bf6d831819126ac21d12dacb5e5ccf4000a459f809f4cc47a3888c08aef4d905dc67bffe7de55e314f4a23f0919d0cf88b190f8065354bbe18a10773c0065b7d4c724eabb717d93bed51f5e86854caaf93aa616ebf9d909f592080238d35b6a2bb688fb7e1ac33cad58796718febcfb1439039a94a6c447aa2070f6e6d6381fd36b96e7b48ea7f28834756dcdeb2377401b3b394a56dbb7cd221723e42bf011636f82ee1463df64bb90e3ae15ea752b1f44b41c73b33e39e0adfe98c068cac5c3da4501213b3a01231351e4b09957944d6e5f309d9975ed79a0e8077b5fed2995d8a0c7fc73e67913495f9c3bd24e71da4d8bdb2f4ec8d7275e19f6b168f5e8fce62a1ae7487d2f97cfefa2696675c308ddf7ad55dfd68b419c484553b4caddfd22f67db5ee26640b67fa2f5902221efe844fcd57a5f13a7b16c08967a9603f50cb7faac487829933efe38e2648754c408e4706d042e22a9e610c662330662d915eb8c35d19bfdafafc19b5ffc6b48e90f412f9e9838a7b85e1539887d075f8242d879e6cf3fb28f677eba435cd324b3d6dab519e920a48ac148fed4650f1b57b0fcb9518802417f4417b907655aafa91a35c4df66f03bc1cc74517c77255edcd6ce1304ccd7a48acf2aa7ce9956af603d59438e2fc79cc1e38d78d6330123014397d3817bf8a0d076ab0c18e67b9b9733ae158e14d642ea5990ca13823b6007ba5aac5f0254a17a3f692620f7cb6a38d19643509e3d6228c1e9b6defc68d7e25f43487f148d0f7d176dce000e589d08a959b31911ebde118bcb00c11691ef1b03f513c00d4db4cde8ab7a04a2803dcf0653d8274852c34da87cd8bec5ac9a13328bfc8a7f6ef140bcc1dc24be0347637e6fe3952a9de3a1373bc94a53d5712551cf3fad83f66af6038105ca258a00ea9b5258de1b1bfecb316ff17a49b750702624866d31c25c92dbb731672930bfaf01116a78ef19a19b9fc53b473d1bfd6b11aaeda68c99bb104863e6e16747d6a16d10785e7110514791de9814311a53e61aabd58b78afef1f09396957886b7624b5f72b79ee377573f1e9ea4fd7e892d18f618f5bcb0b22fbf9947129bbd4ec5452fc22e793e5f2ab5a29f62caca328a8dd22a957033e50935edf35bf7376adadc7534d21167264aa8b97e483fee0f1fb93b6d97a58787c12a6858fbee6feae94f4c0a708ac9ac02aae8816919300100c31a8014cae1b4b404ca2a26f2622dd28f3ac615a87e8220b04401617716ce31992e54a427891de9921da31596c74c559694da4ba0d969e1b630c18806129800ca296fea15645ae3cca6a5156029d7b585596928a9c536c42a2a11a646e8c0ad59b8e473c14edc8515c3b2438b286050cac414885df33521a2682eb64e9c7c91979e6f7479d24a0b8c54b21f5e856ce2ac1cfc5beac1d3ab168070ecf67a4c327216f49b47b30b7ba8aabf14fa98792ac075441f64b06ccee704a10e94e19b1c3236601eebe376fc1d601f790835c04650221b0d91ea0ff3321d6b569c19678f1449bd4c91ab743db5697b0caff9a7824a9a844ed509a63d5a3719811f9460569eea020a95c4e150093d5a80e5dfe38e1a375f89f8a11430c2a02809ed7fd043d6c3b2c75e897653a78d240256f0f758d7245ff5b2d57a26a65219c48eb5c90c94f7d0db108c16487c6de10bb019ef886607abd47f31a9256b9a22817029cb1aee4522112f98d9328037ec6d967b5f088447f2471daf78e008d2685780e24ab56dceceecb7c492a569c2c4c11eee9b1656bd2c513629cefd128b6c56bad38c6f44e483cf68008af1569996f38ff2653c4388ce838cd1dcb577fc6f22f6ba6f2a456f5face8f07171552562c783125bb1ed49bc472ff0f7e00a06f1629aad7431e11d7ac29890ebf086d8a2d3ed437bb2de87014c3018f2a34c540e688b3916b0786390410f972965c6a149a53e6e59b58661188b38f4ffa70298a0255b286a616034cccfbdddaa4a2ec5fc1f41585aacc90ba5c43e84c41f0d25c563f06600a08434bc057d4aa6a48eff4df82479af0858af686b94cc8ec130fdd70a3bb12aa2a2e61c76c623f5adff95b114f3ae0c5a45a45aca8fa1c9998681a9638454bce826e8ec19d03b991b0dabf80f2edd47d15a381a7fc621b658d62b4adae3a6ff653fb6a731c5810d8b93c790cc70829911b8be1d3d84aec4a52b784feddc509fbee5380c8fd25966f2792a4fea5b570b39fe59e7ad901e1213e973ebb153ffa3f3405cbe262969fc8444cc264ff7f790104eed7955947c3c028107c5994e2975edd9d312490f3b849b5dfb68f8f0f463e735bc72f4f17c56107a77afee96d98a9bebe67ff47ebff10d071211a85b1b6eba837b426eb9bdd0ec578a2c8838b8d76ef67658376fa2b289788822755d97e85b4b0883910f237800dba8806d9c94c04df26aaa0e20862c980e8b7eccea2f4f34da02600517da64c84e17afae94c3f1d32df86bb953f5f57116aa93f0647bad841c86deaeff4a523f6d276076c4e7d9dcc93b033afbdc6a22c6b736fae4c33f556ceb8b16736eb66925b65910f64b9d7756dadf3cc66dd154ed17e5d6692b592406d78f1a2f5b496fd4e171c0dc961c68f8cd46af7232b38bd6ae44fa9fff15faa06cade45fe8571f0fa112d1137466e504c2bcd1661f6d829c17fb459bb355c9769856af2aebe0fc87bd2e5fa3601ea94685595be572fdbb45ed3f32f0f28b77d5a82daff576a00b13f884ac55cf4d5fd7fe4ddaff95be67c50a6e09dbb47bb5f607c2885062560edd76e0adbe745860cedb49932838993ea2154dbedbf65a56af1ae5e2f3202d2f30aea0c9e54480af79a6c21de2c224938e4a36e106ff70baeec3cc9a3e18050296dc0e9466752c21b8d89c5be995eee13ebb1f94e063f0227c3196a7f78aadab20adc172bc1f75e24b8952414a691ca60ee6db4cbef2a5e32bb1a55eee9ff757d6867b6a2b1613800ce2f15f55b866470bccf0a09e147766a1033d0cd1289b99a7218928a18f6455a157ae73755d73ead6a07d9353bc962fa3120041703ac4990adbf5d7962b724b01731838f881de6a16c7a789b6be9a1d033e32f97a0796d72f219e9322a4e5cbc493de5709f20ae4c73a487c93f5df9c4d4153d2472b983f6f8aa3ac23419245891850c1c3d4fda40a466fe1a2125b9e1d31d04b0f8e5903b64203e4885682463d2f1f6492f43d24414256fbe553ff142abc057bdbb3be8c1daad26fa9de5e7721370b3c4cf0a18d8ac9516c3c5ec0773a4c79ab8f6196ba89bf18bc29b0b1f29d263fc73e2412ac26af6aab91fb445fe4ab8e7a2bbf316abdae957010a0d5c3eb876af954e4011e027a86efe5d89a2006eb81e0a9a7f7d36e7c43b59867f14091b43e28e94b5b5250ee2c6dfbe0e4c1313c6e11e22bc699a12fc163eef123ed0a725ed6af518fb1a0e0b25f02ef4f7912809d478431f1a34b9898842fc32792da49eda52c3d837d85742c3e92489f963872882e3f51011a95da0b6bf10adad46efa12b9f1b4be34576ad03f5f891b18ddefb77bada4c1856128961351c0bba223769db5ce0d399ef0e584f4d713de67ee6acf04db42ff412cd5febccb32b3c712689705118a1b83967bb4ae141584447ee3cf5b9e92ff7ef47b670fe094bf8f5283dfa1d418a038dfd77df4a28407510d730932e75b53535ac7695fe022aacdf6a6c9713c4042bfa4e48f9c6f816bc497a821a91169e697ea110eed5511fa4308a3477b868899268e8e013429989a6d82386c35a386e67c001250e87d61c3204a938da88afec1c5707c7c806684e44faeafd13d66a6b966382c4add65166f5c5c03efe30fea88fd703c3926989739c8a60756beddc7c73a9f0e9cddcdf69e40ede6e5fd8ba34be7cb037d6f18872a8df66f4b92f4c65db9104d32766ac1c41c8bf618a00d8c1ee85d18a25cc1ebddbee0566017cd54d468c08f88a799ccdf92fbccb1c8f6d637b67b755292a29acef108664aee30a9c98b1e3a27e7ffb65b1d5ccfb583209c36f9b5646d19124c22ccc122dedf203d2c568ad3cc065b34ca44801cd7ac27148f9495a1c35ea3ef36c58a0c229534fadc606a8754396abe088cfb92e47ea9b2e771614b8d3b3c1589348f724ec6dd2d4312e5a73a3ae4db8b2783b1ff9a69c6231d1b7abde2e3c1b1a7dbd90da967bc698f7405fc8d314c58cfd719a9261177b4cbd0cf0c30b5ff467647edf4899af7bde779c3f1d19e99e7db7ce420300a391a1818cb7c88bea2c7df8d5c08d819524ced178c775c603c7424f04535faf474780ea9c2ac3555ba4ae6ad294d9ce1ff2f6a80e59cd22fe98ea808ce0b9c4550c259dcfcce1af03963181573faf12a07f0cd9086d1439d8d7f2dfb2b203ca2eeee10f5ee7977610acf28fd144b5327f221a8225b77bed9ddee46436ee89cdc69cc1d4c0fd8931a299cb8bf5f21b2ef2665bc7a946e8e8157a6493e1111342f407e62dc1f25784eff027770bafe83019931dbecd84b7dcffba4dbc85f1412ef7d6612fa639becbefc3c98aa9cf4e6f5bd197dd484ca9e158e9fb85e954a49f9aa7c1e7403a25c1e9d00e07808c2ca80081faeecdfbc6142a0424f198f698b02241e4c657af81b6a38f76a03e919d3c6f0a52a2a79b3f9fa71d312630b0483d6eb27bd69940cedd1448c12d4c1829c91bdeab02ae4a0115bc50696fa8d1c4d876afcafa6ba0c356969b224bf5f8cd9540c8b615879ca8c118e8a40fefb71769475ffbbd10df5f9dab80b658d46ce1502f0a7fe6e2854d44935275b2f15b448df46ea7eb0d4b8499aa78cceaca376a5f1b0d29cacc4b7726ff9cc88757128189916dcd121cd2711294058beaf790f41edf8db8c9cf3f7252e9a0c6f37263e2f2f4892f74049e16db9f2b8760e973e44500bd3e0f6b679f7118940bcb582392bfb7551bf2fa7e36e7d4c5419c4813a7f34c60ae695c83d1d1a172a0c835c776c8d777970ea6a1af876dbe4d1b1685646a8554703e3afa5ece6e5608b2c03738399fa0dc094e86c97bbac29aeeb70a46c40306a9bc356113e2a2a04533c8df7a4045679bb7f37255610924b5e84ff06a73545426663988b9acf41353f08df8f87027e24a43cd4f2893ed95e07acf7c39ad8d1631738485a56265eed0bbac331b2997aff41c10a6dba9e841bc4846ca296480ea16b544da6d833295f859ca84fbbf6b41abf896aefa7bbc301d20c6062422089e47d680310b49e986e53e9dfb5a230dc09c17b167b682ffdc309737289662140e0c552b7f8cb3ba838fbd4e7341aae2c291ff0df598410be31f00bd74518425131cc438e3664c62395922ad5c569cfa328e705cb307c0c1c8e9ac771ef7905cf53664935d7dae42bb7ad30d58b35c40e7831678f9c64e9138e0b1810ea6930a367e2555f7672265b64783435ba9e16bc4eee9f75b23fdb3b1a8c6bff4887ac2405569b2b98780652e164edfe7a18cb5381b7e16ba3f5d3c6bb491822b35687b7985f1de0cefcfb01ebc102a18baa75f09edcab45363baab271b1dd3d6fc360742b2a36611bc98fa52b164190aa29f144be482560731041e54e0ed51971a3c88215732953e701363", 0x1000, 0xfffffffffffffffd}, {&(0x7f00000002c0)="035b57b5dfcfb7caa0dfb9aa7f4c892d8da67f9cffac49d5758e21f37cb68ad0bbf919a0b019362b876d5af4b9d25db70b8c5e4b851b98ddd46a77123ffde3f2f3253896a9f5fa51ee2451b2a27a352ab3fb5eafce06f06088bc5c105910ec198b693a02a9391cdac91b6447f19db4197ef6ef7d176bdee29d0339d414ce5ee92529", 0x82, 0x1}, {&(0x7f0000000380)="538f97ea4ff541192e4a6cc82cc46f5379dd8d35bd5ff2594ffc0a6141f43fb3492cd3435126e0257756797489adb3441d75c9ba64d4085882d378a788aa924a0d741b70dcbdae08c6232cc835065af15ae3fc4d17429ea3faa615bc72c5bcaf3b0054847df6f43bb21d0b10b4261771446ee64a07411fd3642482bdd15da944db0f8a108bfd83b377e0dd5b4134a59a5b8becc6a8e43922a9b72678a8958b92bed4ec1ce136", 0xa6, 0x7fffffff}, {&(0x7f0000001580)="24e037dff0793d9e6304220c4500d7c8faf4317d3762058139caa56aa2f3df81362cc14d0dc588f5c6caadc6665106cc911ff485a7bb24fb25e095ba8e5cf3a069866ad8899b7f76aa7e04e4165976c1029ec1ad2699f47205e9625c0ad7427541c801ebed874a27d0898afe7388ee8d5800f0fc85c5195428bde25a880f84afb9865684879f910d643cf04f3fc21be693f69e846f4e6f0b867dd7cbdfcaed60d9ce50cfc55148829cf1bd7e4fc5e9b702b719d884c8d982f30cac609c3dd8f3d2fd1ae7f610332f0fb9c8d8", 0xcc, 0x9}, {&(0x7f0000001680)="991cb283bba4c54330718c817b6555052744b8ea07707e2c334115ed5bc1b72f61e9fdb026ebc510c9e210a2e73cf6d8df8fbcf5825968c846251251a0ac1232cff92d025ff59599607c5964390907cc0feda4e409dc917f85395abe8061efd7409997f3159c4667ac72b0267c5bb212713b318ce0f53f8045d4c5887a0ec47b23aae6538b0208c98900ae364b2c79b000aa098be7973e800b5204283099937ba36622b1fd232e39580564e9764ab5104a0c71dfa5bd63c08c93a5e94dcb1ece47213bb8100454ba08ba1ea5b8e9cccbb352ce379534ff2163ab1bb293b469653b1fba9362b0e75d85ab14343d30e0444f96e3bb32d1ef170ea2917c8c3dfed15d381cf159a665323c62f82035ae42cb81fef0bbdb3e783debb91b1fcc88d97076040166f2ce93aaf469476fdeb5a5b47d782b9b532191dbcc3ca7cc52223d4b5c5d85b130347773d8fa4b29c3e51bf97cd63b4cd5c41a175632da02a8141892dc9aeb279781bd6fdac76d0058dbeddb9ee97dd015be536cdf54073bb83a309e2f5272a6725233338e782092ad5a46a46c9de884b68f25150f8ad87731405df7e863b08ac5b13da823ff31865f5d5be18968ee1878c7d1f4a0a90c317a953e3ab706316c0585521e4fe9864653d436f657e3a0b2638e0838d16131e0a856aa7af14c46403c7f965b2b3aed90f45cb55552c369e263ec3ae6d10e99a18d3d21dcc914af38e4f0b4499f1d26413612948258fdca29569596b571ff7ddeb42b4dc63bd06efb415915431cb5a67cf89ad9a935c84c8303e48b12faba53ff7295cf7e384551ae8f60cdf17809159b9f503d24416d90b5c1eafd4fbe46eaddf6c5acb5152f5af6f19b074a89e3b45668fd1a40d69585f29716adf1b1efb4c9c1100b4fc59c99a4bbdbcf1d4ef0f7ef78af120f2dec48f400db1a7a59a1cac03fbf8d159d999f487a4c28859268ee1181390c6de48c47ba675731c2e27dbdb1e84f359b7a205c03b4be2e7d6750cf888c2da8b075e9921262440698f31571015418505aa03d372cb46b57923980987c0c2107ab24fbd82ed87bffa2ad30631e2a88d858bb75746606912692ec35f70feb434e6ce93bf354f548b040dd4507740d54e1dca494b6da2eaa509f6f90a435c781f700180a070330407b79ee38683930620014c8f05baf34eb4211bd0eef903053da1e141c0084807f77db930985a1d99d219b5d5e5ee95c271c39b1b6671f8b38912eb306ea353469d9f203a40280df426d9145d7fc78c02bc0a25af95f927f67c588c7f038edc54db69b59f6bc4912b5fb6e6db39d7929774ff374a5cb8da65ab90aecd9e6750c94647eb86d6a96269acbe908cfb3df3b25c70c89507d168dd52ad385f8f071c2082a0ed26e8c88c3bdccd702e89005649578951013a71f5c9abcbcf789c2eebbda81661d11f7cabc6a18f00ed5869ee0162322a2dfb7c37b856961c1aa8ded2ed786c63cf86772a52a7e05731ba8f8da4866ff29648b5b48434a38c04446196837e32100a0704c8c72fbe84c5f4b4482c69ca6b4dcc95c95e5b753d732d3bf9b6ed2131f56af7dcd5230a332c454e47434c916f9ba4bbbb46d207a982787b57ff3dc8e392e941b4bd8ffcdfe22012c8e4aadf5a8aa21fb1bb8eba359925bff5c4c3dbb5cadf8d2284ee5fdcd199fc74d933f2ea56e915c994fda3cdbfd695e6326c70d395f82c153520fce3946cfd71014dfed616cc3d39440daa17e8dc24bf5e91678fc3e193f279924f06f1f9dac4c912579fec95e0537d5cdf9c34bdc90e07e0fd236dbd4e6dfe9af5a5697d13d3ae35f14cf0b227903c9d7fd7c558fedf611d906a05f919f12b021e4811dae42ab5d55ed170c81f49f4ddaf3ef062d0a3de0e159149b65df73999deb76f770fb85c0c91ca1981d7c6e931d20e4258e23bf82694ad718fbf3e56d3e73c84c99da51c101be4917669bc01bbf19df26194a2c2475a65c012e58109549c40e4f02b55fd0924b1ede645b9d42d917d70625316d09c49b2e10e3515d1bcdb494b5418feb9e5dfbc94b3e2926026dfa1ace9d1f47c46fd2382b106af9bbeb389a3ae7c5857f6079c3a17f0dfae581c3d5247b0441e907e39264eda21502d120797a058377b68b71715bd199a6ec21ece0a70c63fa032d7f6fbb1370ba32443aad60c505083072847701687a4098f39c333d0cded19e6218813aa24913cfb2dfcd3035cb13bd1d63561d761f743d84a7dd728e714ad66b275ca39444b16b25dddb7f0b91a0b576f26dbcbac17a2f55947538e52cd50727e62e9963d9e687832bf66ac36e3ae3a40b298fdb76794ecfff1e5639c7b2d7883db7b0890bc63e213235871ff39393249f0ae75c779b5bcd0a0955686bec43f292ec8e2bf1cd992b2677234ba7f80ab07878f76d7936156fa5e76774dcfebdb27d5279c80c7b56a6a0be6eb3125310db688c83e7c4d81a35835f22ef67b8610e99a857bdcae6f9b280e5d6510a4feedfaf8db35f085b01a52bb2d57a62d0b571e71f6a2ef9e78ceaef067f6f59f63932d3ee0117acc0956f203816bf282bcf3dace3f9c3bccd50672de202151df2b18cc484440d3689ee71316d8f7c2ab429361aa1705c9eb8992df3c67a1edb02704f6af1bba8cc1a7e65e928b810ec10b088accd42a299aa2a89ac2b4775200f351bf6f2511266a3be8500818558b98013ea446bbb2eed279b33501ccc98e52507c59f4939a42959a032103862925cd474ed393a70c7cf10384744017a51ee2bb660932b090a9985ebb90f4b05460b296154889073eb52e7758837f18042c59eff7cfb95b81589273a7086c6d7b9e036c9b73769bbdcf85922de44d361d84f384aad2c770cb35a0dbf118a870b08be14138a0ec07104bd2428b63ae0f36465012eb03a325d9354fc548604bea49fb61e650b6afffe6c1168abcd0a5b1fdb44a88b48004d6207bda14f143c515e075607fa941e2871e622395b0eeaac7313f3e13f9aa7757209038ad9850e9bd2dd18de30efbf25042b63ff5fb9134aedbe191c8334ffae36bce3329dc6bce9382547bf724e9c30949a2536559e5231b6516b779e774062e2dba32bac4210c3ab3de3bc902e2243de7d56957e7d0e9043f432124a665bf5f53141ff66cdbc7ce7a627f5529d8e2d8ee3f1210917af7a0f7381efce6d7e176bea64a1b674a68e2b48f49d263d34ac1ec3dbc7496da50ee5cb4c745b68c21fc5327753272ce79a3ccdc5932adc99baa2fd81f339e688add2b301c9c48b03052deb3bd293cd9da155d06323b3ab02b4fb690faaa3f5457371b6f3c7f9ce98eee6c2442c9d2f2d2c4b8793a5b625f0580a2deeb753cffa13a3695745e7a921d1887a4224de87c1bf27d6e3a85227ba12a46cf19075c98b8e0a2cd4521004ddc03db1ebf96f80f1290916e9e8592f18f871f28a3499cba9bffe5518f84b36d2e03dcb2413a7870ce2ade10594adb818b1bf80933c589f088ae28740530cfb1fddebaa98d5fb68a6c7a13005e29af7349d988fdc6c8912f903f208b65d10498fdf40f586b0a6099935d2c8f394d913d83a45591200d407917326116dfb63c5866d51481c7bfa5aa507a0419fc16194a333e69542b09a6b2e62eb2af87bf3be08a2c53c836dad48318ef4dedd621d4d1b76f180d2b05bcbbf1ee41a6e62a0ae40bbc985914a1b29bb1d2d52edbc7f313853cadf1b670ae1028f059bbfde52e39cfd0c653baec8de56061b627d6acff56a93d6459e6ada1967b4248dd711598d5a17a6f86846177a872f2dc04a3a5e7b03db2c4f1997c679db11054ebf75315a7c7b002f93d949d61c08c7545d128d6a5f44c76004802292347ff5a1c3452f542e8bbac30b6dc2663bdb68fb667142cb2124094faaf78e0eb29485ba4c881799a56a5a7bc27a3345fb31283ac728abac79247a662cdc4ff93b50873d3f920b1a76ba15e984be42e4ca3cb109cefe2a860864eba7de9bf909eae9fcd354ea28bc8a98652894a87e56e8150812204b1981eb9786b75e8c845dc3400175cdacd09c648761552289250259ea66d8b8949fd45b5f7fa44cdbb7c037a1e87ac648244150fe8642324393f27b3e5cca2ee9bbec9e3ffb8d597494518b29b91c2b42f6d2fb977e1217323778bbbd8587b08abd5c425581b5a30b3b5ceef9e520884408f66aea9e717bb6c6f3a6279899f3759a22b387a8eee6e7a943e9c0711e9944bcae3be7bf0985e307e3525b56d94a156ce967d2f7ac5380364df445073d4d7675208c5ed5f54819778038bbab6ea3a6b72f92175ce4af5b45dc05f9874132135f7e8db7f09e7ad3635bdbe8318dd2ed4a24cb353ba825dc5e4b6facc4f25ddaf94a64f40f847dd903a0d08c1901b6eee15c5a222841941dba775ada1dbe703095a9612c8c0c6805961d939509f50aa6bfa9d6a9e17356f691b67580fcd3d41c5a2642aca89c2047355cc8d7e3883b28ddc7743693c8f2ccaec1546769544621a7c38f647c7efa06bdc6df8007967f488f1249ec1850c373fef7969fd8f4ea5139fe170bda1200be35f67a1b4bd3dc0776414a35c9bad88698c882abc2587746593720bfece49cafc6004a0522ee89693a2641122c5e735ffc6f9876e82deba3a3c6010dcb60f26afbbe7d21065277abf278fcb9aeee8c0e9253913e0a6ae4d50034ab9346f0bef83262e4cd4ee553bf7dbec35518f41e9c6598dbd18af5d2024278af86f84616e8439926d8a72a63a0a61a6e6e43b97b0ce8b63455466589cd8887c6b49eeabcc763b6a98214e5e71bdd0fcddb93b8e8b7fed16d1ad2498716c13564eb93653298db5bf3278acad1fea2638b2e54863719502045c4ab377263e56860d95f2771712396d75d7a89a05fa3935a151bda0b7f648007e1f5d4424fe5f39aab423adae87558e1fd7790888925945e96b027edb77f6c986295121b0149c63fd178fbfd6c781407df76f0423233f7761c4c45583101522903224d307f3c35bebf244490abd8b72c1dfe99b7a9ffe51c83c26e6c2dc7e9b763418f9780a25d629a2a29a55302387a2ad8fde07ff7b4bb54812dd8683c1c2256ece829106eb9a5825e9dd82680b8f431abd40a3feca94aa7324cc74d3537df2e15f4a1d9c0337943638cd2f38c2171dfc4ea0c41fd1a9e23994d4602a469b031c447f946996bc6bd7a0d8c4c12daba9fa7a536d13a8c6b9f94b84290e34b08b719e7a5ca4906579ab2d1603bb920ac5fc6612553c03f8a881bf3452ce87d71f51ceaba350805c0e72183dfa19cf71510d6007b02f9bb9d7b1f98316b9eead8ddd04cace3b068400633d06f231447447bebd13bf9c8bdfdd2996ac8ac2ecd7c7033bc12e9f6c25bf29a474c15f7e0d2319aa196bf928622d710e7b78fa26f560411e8eaf1a717f1f795c22da124420503361e960dc1ed932c5403af3e1b85e43c824f4439b61873a8381edd9e688621454475526337b0cbd2e0d2fdd495182edd5e9777ae06edb6150725b7c20bb359e6808da09352bdec2732f09b64471d607b4aa8bf0d75a8ade414574678648936ff16180776055cc0dfb299aaf2e4edac44947aa7794aea1364e5aaa1862a0a24afe17d874be5b7749b532edd49f1ee75f3c5502eaeda86f42873d7baa8e2920086db03069845d6e153a00a3ade720a11e85a5e163c385da630e051310dc6911163a8a14b4f463b96948d6be9bf435a0cefb25d35216129975cfa0adbeb42062af6fad41cb67d50d877cda6c6b095fec2c806ddf17bb32c316412eacf2ce7846cce949a72108506aea11e837aac0ebca4", 0x1000, 0x5}, {&(0x7f0000002900)="efc59bacbdcb243ee3e76c8c5213ed372bab02193520c5cca7c1e81de15f82b3666c52edda2909b8b1be407cce65cac1c436ab697a30c69fa3b031c1076ba672ca769dffb637b3b84e628830b40b45f1e370f97526ecb0c56a857e26945993ee43dbb961068245dc7546b44da754403e5180dddc99d29bca08185e8a6eafc134008aa1526c91d03c75cad13c59a7b5d4085ef7197cbc905e94ae95cb85a1ccb37081301c5ac3c0d2c68a7150ababb5a88ac036bff87a81b83b3d4fd4cda060bb6801dde950af51f4652af9", 0xcb, 0x5}, {&(0x7f0000002680)="23645a2dc48278312d34c0ee904fdef0928a439275f58e99f670f017717ed58cc1362c77164077942270798474527facc3b5792a28b7c131fd2f12ecbf839487df22", 0x53, 0x1}, {&(0x7f0000002700)="2aaad91f57189fb99322949246b0acf7d6bd0a383aa48356487f5ffbd8272522696b63ce3addd1912cc979aa8d76b9da5f1193c4c4cdd44a9f030b935b612c564db82caab98d913051c9a3fc3ae923e21558cf492b4a4d6c94559dd54866eea6a3e0efb9d251d8b1f561ecb2b3503f36c469b4fc46e1b50a25bb3e38f9faac4763a7aa0f99c881e0ea3650a750fd43566e17bf623c1a417e2278c60ce1718ea78ef453378f6c514ce89dd2d35775f0fe9ef6cf94981740ae783a8c20cf073b", 0xbf, 0x80000000}, {&(0x7f00000027c0)="8715bbcd80d8cf002144e3c648146107e88f8619063cb11677c1b1c74db90b25cf2f84e1ac1b01165f2282feca87be64decf34da35", 0x35, 0x400}], 0x22024, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) syz_open_procfs$namespace(r0, &(0x7f0000000440)='ns/uts\x00') mount(&(0x7f0000000040)=@md0='/dev/md0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='afs\x00', 0x210864, &(0x7f0000000180)='btrfs\x00') ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:28 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000040)={0xb, 0x2, 0x1, {0x800, 0x6, 0xfffffffa, 0x3}}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x1f}, 0x3}) 21:30:28 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x1, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) r3 = dup3(0xffffffffffffffff, r2, 0x80000) connect$ax25(r3, &(0x7f0000004040)={{0x3, @null, 0x2}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast]}, 0x48) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f00000000c0)=@filter={'filter\x00', 0xe, 0x4, 0x650, [0x0, 0x200005c0, 0x200007a6, 0x200007d6], 0x0, &(0x7f0000000040), &(0x7f00000005c0)=[{0x0, '\x00', 0x0, 0x0, 0x1, [{0x3, 0x2, 0x806, 'yam0\x00', 'bond_slave_0\x00', 'veth1_to_hsr\x00', 'bond_slave_1\x00', @broadcast, [0x83fcfb878f30bce7, 0xff, 0xff, 0x80, 0xff], @link_local, [0xff, 0xff, 0xff, 0x0, 0xff, 0x1fe], 0xd6, 0x16e, 0x1b6, [@pkttype={'pkttype\x00', 0x8, {{0x1, 0x1}}}, @realm={'realm\x00', 0x10, {{0x20, 0x7e79f9a6, 0x1}}}], [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x5, 'syz0\x00', 0x1f}}}, @common=@ERROR={'ERROR\x00', 0x20, {"50ff3d77ae3f08213249e57f0a40d0f860d56f91b9bca18161799c3efbdd"}}], @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz1\x00', 0x2, 0x4, 0x2}}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}, {0x0, '\x00', 0x1, 0xffffffffffffffff, 0x1, [{0x9, 0x10, 0x609, 'vcan0\x00', 'ip6tnl0\x00', 'team0\x00', 'veth0_to_bond\x00', @empty, [0xff, 0x181, 0x0, 0x0, 0xff, 0x1fe], @local, [0x0, 0x0, 0x0, 0xff, 0x0, 0xff], 0x6e, 0xce, 0xfe, [], [@common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x7}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x7}}}], @common=@CLASSIFY={'CLASSIFY\x00', 0x8, {{0x5}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x2, [{0x9, 0x40, 0x6001, 'lo\x00', 'tunl0\x00', 'ifb0\x00', 'veth0_to_hsr\x00', @empty, [0xff, 0x7f, 0x0, 0x80, 0x0, 0x181], @remote, [0xfb7d3270a45dc224, 0x101, 0xff, 0xff, 0xff], 0xfe, 0x12e, 0x15e, [@ip={'ip\x00', 0x20, {{@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x80000000, 0xff, 0xaa, 0x4, 0x31, 0x7fa7ad3e3b4d1885, 0x4e24, 0x4e20, 0x4e24, 0x4e24}}}, @ip={'ip\x00', 0x20, {{@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, 0xffffffff, 0xffffff00, 0x9, 0x29, 0x20, 0x20, 0x4e21, 0x4e22, 0x4e21, 0x4e21}}}], [@common=@AUDIT={'AUDIT\x00', 0x8}], @common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffb}}}, {0x5, 0x0, 0x0, 'syzkaller1\x00', 'rose0\x00', 'rose0\x00', 'syzkaller1\x00', @remote, [0xcc32453d7296bc84, 0x7f, 0x280e4cb6036206c1, 0x0, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [0x0, 0x0, 0x0, 0xff, 0xff, 0xff], 0xb6, 0x12e, 0x17e, [@ip={'ip\x00', 0x20, {{@dev={0xac, 0x14, 0x14, 0x16}, @loopback, 0xffffffff, 0xff, 0xff, 0x1, 0x44, 0x8, 0x4e22, 0x4e24, 0x4e20, 0x4e20}}}], [@common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffe}}, @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0x80, 0x80, 0x3}}}], @common=@LED={'LED\x00', 0x28, {{'syz0\x00', 0x1, 0x7f, 0x400000000}}}}]}]}, 0x6c8) 21:30:28 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_int(r3, 0x1, 0x2a, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:28 executing program 0 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:28 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x200000, 0x0) getsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0), &(0x7f0000000100)=0x8) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000040)=0x100000001) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:28 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0xe21, 0x0, @loopback, 0xa}, 0x1c) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2, 0x1000}, 0x4) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) ioctl$VIDIOC_ENUM_DV_TIMINGS(r2, 0xc0945662, &(0x7f0000000140)={0xa6a, 0x0, [], {0x0, @reserved}}) [ 307.641026] FAULT_INJECTION: forcing a failure. [ 307.641026] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 307.657721] CPU: 1 PID: 16780 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 307.664782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 307.664788] Call Trace: [ 307.664805] dump_stack+0x138/0x197 [ 307.664823] should_fail.cold+0x10f/0x159 [ 307.680415] ? __might_sleep+0x93/0xb0 21:30:28 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', 0x0}) bind$packet(r0, &(0x7f0000000640)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r3 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r2, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dc0000b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b98147ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff6b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b118fb3ac06879c84e322122784fe00c44b292dce26da8813d107826cc0929b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a0000000000cb5971e352cf9b7bba5c22038cf9d40602243e862ed74c8f310995ad9f912b78fb54eea53809997093a157e4b5bc6cea5d2f4595b92805b14a782f89b442cb051edbb5698c46a4b7af573de8874cbdd815a8146724e45f583c5c1c18c5ad1e0279c2fa83693b096e3b969051fe981b5098f9803c4e49382d82da913310edd3de7053c5aa6910699d6a80633d196ec73f9f3a8d98"], 0x24c}}, 0x0) r4 = geteuid() setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000000c0)={{{@in=@remote, @in=@local, 0x4e20, 0x0, 0x4e22, 0x7, 0xa, 0x80, 0x70, 0x527605a8156701dc, r2, r4}, {0x10001, 0x3, 0xc1, 0x7ff, 0x400, 0x7, 0x0, 0xa68}, {0x5, 0x100, 0x10000, 0x100000001}, 0x1, 0x0, 0x1, 0x1, 0x2, 0x3}, {{@in=@dev={0xac, 0x14, 0x14, 0x16}, 0x4d4, 0x4}, 0x2, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3505, 0x3, 0x3, 0xff, 0x2, 0x0, 0x100}}, 0xe8) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 307.680431] __alloc_pages_nodemask+0x1d6/0x7a0 [ 307.680442] ? trace_hardirqs_on+0xd/0x10 [ 307.680460] ? __alloc_pages_slowpath+0x2930/0x2930 [ 307.680471] ? btrfs_parse_early_options+0x1a2/0x310 [ 307.680489] alloc_pages_current+0xec/0x1e0 [ 307.711867] __get_free_pages+0xf/0x40 [ 307.715780] get_zeroed_page+0x11/0x20 [ 307.719686] parse_security_options+0x1f/0xa0 [ 307.724189] btrfs_mount+0x2bb/0x2b28 [ 307.727982] ? lock_downgrade+0x740/0x740 [ 307.732120] ? find_held_lock+0x35/0x130 [ 307.736169] ? pcpu_alloc+0x3af/0x1050 [ 307.740060] ? btrfs_remount+0x11f0/0x11f0 [ 307.744288] ? rcu_read_lock_sched_held+0x110/0x130 [ 307.749317] ? __lockdep_init_map+0x10c/0x570 [ 307.754013] mount_fs+0x97/0x2a1 [ 307.757417] vfs_kern_mount.part.0+0x5e/0x3d0 [ 307.761916] ? find_held_lock+0x35/0x130 [ 307.765990] vfs_kern_mount+0x40/0x60 [ 307.770188] btrfs_mount+0x3ce/0x2b28 [ 307.774077] ? lock_downgrade+0x740/0x740 [ 307.778213] ? find_held_lock+0x35/0x130 [ 307.782267] ? pcpu_alloc+0x3af/0x1050 [ 307.786365] ? btrfs_remount+0x11f0/0x11f0 [ 307.791085] ? rcu_read_lock_sched_held+0x110/0x130 [ 307.796562] ? __lockdep_init_map+0x10c/0x570 [ 307.801187] ? __lockdep_init_map+0x10c/0x570 [ 307.805701] mount_fs+0x97/0x2a1 [ 307.809257] vfs_kern_mount.part.0+0x5e/0x3d0 [ 307.813884] do_mount+0x417/0x27d0 [ 307.817458] ? copy_mount_options+0x5c/0x2f0 [ 307.821882] ? rcu_read_lock_sched_held+0x110/0x130 [ 307.826924] ? copy_mount_string+0x40/0x40 [ 307.831171] ? copy_mount_options+0x1fe/0x2f0 [ 307.835681] SyS_mount+0xab/0x120 [ 307.839138] ? copy_mnt_ns+0x8c0/0x8c0 [ 307.843022] do_syscall_64+0x1e8/0x640 [ 307.847132] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 307.851978] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 307.857159] RIP: 0033:0x45c94a [ 307.860333] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 307.868112] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 307.875538] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 307.882808] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 307.890095] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 307.897371] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:28 executing program 0 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 307.977742] FAULT_INJECTION: forcing a failure. [ 307.977742] name failslab, interval 1, probability 0, space 0, times 0 [ 307.990758] CPU: 0 PID: 16794 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 307.997808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.007289] Call Trace: [ 308.009997] dump_stack+0x138/0x197 [ 308.013641] should_fail.cold+0x10f/0x159 [ 308.017904] should_failslab+0xdb/0x130 [ 308.021942] kmem_cache_alloc_trace+0x2e9/0x790 [ 308.026618] selinux_parse_opts_str+0x3c1/0xa30 [ 308.031312] ? selinux_sb_show_options+0xd50/0xd50 [ 308.036378] ? free_pages+0x46/0x50 [ 308.040174] ? selinux_sb_copy_data+0x21e/0x390 [ 308.044853] security_sb_parse_opts_str+0x75/0xb0 [ 308.049724] parse_security_options+0x4e/0xa0 [ 308.054275] btrfs_mount+0x2bb/0x2b28 [ 308.058081] ? lock_downgrade+0x740/0x740 [ 308.062325] ? find_held_lock+0x35/0x130 [ 308.066382] ? pcpu_alloc+0x3af/0x1050 [ 308.070409] ? btrfs_remount+0x11f0/0x11f0 [ 308.074649] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.079666] ? __lockdep_init_map+0x10c/0x570 [ 308.080139] net_ratelimit: 24 callbacks suppressed [ 308.080144] protocol 88fb is buggy, dev hsr_slave_0 [ 308.084161] mount_fs+0x97/0x2a1 [ 308.084177] vfs_kern_mount.part.0+0x5e/0x3d0 [ 308.084186] ? find_held_lock+0x35/0x130 [ 308.089149] protocol 88fb is buggy, dev hsr_slave_1 [ 308.095069] vfs_kern_mount+0x40/0x60 [ 308.095083] btrfs_mount+0x3ce/0x2b28 [ 308.095092] ? lock_downgrade+0x740/0x740 [ 308.095100] ? find_held_lock+0x35/0x130 [ 308.095109] ? pcpu_alloc+0x3af/0x1050 [ 308.095126] ? btrfs_remount+0x11f0/0x11f0 [ 308.136362] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.141408] ? __lockdep_init_map+0x10c/0x570 [ 308.145934] ? __lockdep_init_map+0x10c/0x570 [ 308.150433] mount_fs+0x97/0x2a1 [ 308.153817] vfs_kern_mount.part.0+0x5e/0x3d0 [ 308.158325] do_mount+0x417/0x27d0 [ 308.161881] ? copy_mount_options+0x5c/0x2f0 [ 308.166289] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.171301] ? copy_mount_string+0x40/0x40 [ 308.175527] ? copy_mount_options+0x1fe/0x2f0 [ 308.180020] SyS_mount+0xab/0x120 [ 308.183476] ? copy_mnt_ns+0x8c0/0x8c0 [ 308.187362] do_syscall_64+0x1e8/0x640 [ 308.191253] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 308.196097] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 308.201281] RIP: 0033:0x45c94a [ 308.204487] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 308.212183] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 308.219442] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 308.226956] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 308.234870] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 308.242142] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:29 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x2) getpeername$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000002c0)=0x14) r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$sock_bt_bnep_BNEPCONNDEL(r2, 0x400442c9, &(0x7f0000000380)={0x0, @broadcast}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lapb0\x00', r1}) socket$inet6_tcp(0xa, 0x1, 0x0) fsetxattr$security_selinux(r0, &(0x7f00000001c0)='security.selinux\x00', &(0x7f0000000200)='system_u:object_r:var_lock_t:s0\x00', 0x20, 0x1) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r3, &(0x7f0000000340)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x80000001}}, 0x10) timer_create(0x0, &(0x7f0000000140)={0x0, 0xe, 0x3, @thr={&(0x7f0000000000)="f8f0ef82f7ff106d60", &(0x7f0000000040)="bf55e45fb3c26d915fc95cbd763b2c312c197bf1494dbd170f967dcfd001669a60193a0fb70ddf490a6c8a4b54f61326f695599edd22db2a5528ab45e24a364355578ab7bfee36f72392421af8d361a50063a9243b05bf14d43f7367abf81007de93effa28142eb2af210c3d125e8964e5d5974a05c04d2998ba340fbe82e52befcad73dee555e331fd8373ad6c112217adf13b62bdf1cbb4267783aae945d9433a93bef311f48de3be931446365b18f40eee46faab919f52719ff8be5cd880f6f1176ce92"}}, &(0x7f0000000180)) ioctl$SCSI_IOCTL_START_UNIT(r3, 0x5) set_robust_list(&(0x7f0000000500)={&(0x7f0000000440)={&(0x7f0000000400)}, 0x5, &(0x7f00000004c0)={&(0x7f0000000480)}}, 0x18) r4 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, r4) keyctl$restrict_keyring(0x1d, r4, 0x0, &(0x7f00000003c0)='vboxnet1]vboxnet1\\-(self{\x00') 21:30:29 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SIOCGETNODEID(r3, 0x89e1, &(0x7f0000000000)={0x3}) 21:30:29 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) 21:30:29 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = semget(0x1, 0x0, 0x2) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) write$UHID_INPUT2(r4, &(0x7f00000026c0)=ANY=[@ANYBLOB="0c0000000010187843411195be47edcbe1c0dbd80d55ef9a0d0425802fa62fa7ae9dba6902549f7fcd17b7fb64a28879072944b49051e5700c7fc62c3fc7c3415a41a1dee120b00f0f203d5fbb11127ee0c0aa5608f785ae69394adc4ad0d4f5f92fbec6604813c38577d753051a984931f89528210260756b1b4e78f09f9ed368b24dd6638f1cf907857b2b64335a946adbf1afad3e4fc424d6bae5c41c8371f7e085cba5559c588fad75b68d475daeee834f2c12a38c13a9d9a758757906f6bf80198f2f4fd84275aa8b9f385f6270b2bd0fe614de1664e9be71fed3c4dea90eb414c41853b105b7a27f8814a47d67e591ab7f2a665d16780acf2d3db06f88566b047e25e28647a2b7e457524d817813a7fbdf0cc49b42d2c06376c9988eaca2a46b16e039aa684700ebadc385910ce3004258c07c0eabf77a294ab54de8cf02c817b862a9ae38477e9a85efab36d766b3f96b9f4cd8b748300bef77941762f499e3b7f465e7275cf82b78684a0bd7f546a009af21944ac8e3f27ca5e74df9e3dc48983058da9195260777549c012bd0c3c96e9db0e24e686dadabe898d3c63f8cf899c56a7a24f731ff1b4482cdcf8dbbdbe0d46051134a6c9e9528202cbc2a8b17d862ec7138e5fb56a737b50bd67a2e7913c60f5facfd6f38ee618fb61fea43ed54985e26b4138d68645e39b8389407c840a26b068fe0fc58b879fe71d2e52ad08368e91ac1903e751fe93018aaa5c16ad386de6d7738dbd44533a5f2f5f9334917cac082c93716dd19c7fceb8581fb629f2e735d411f9113d146e425d3d6dde6035885de050e047cd1e0bdba1e5fb01f640c50c61eaa5d8fbdba8794cce87ac59cc1b7c41cf95ac6ca36655ff822cf72f10ce300f42b81795a1f97f2ba74b0b0a35e4ea161627fde571e2d6054222890d9e915c9e7105c52463f17dd5c6c71a1aa8e4ebff26fa5cd68bdfa17b386e9e200904b19e45d410e49eb1978c6ff4b823c29e824d68a22c0a4b0c16a5db5c0b339dac361dc5433744646d6897488c705dca3e3096631799a9d21bc2421fadcf39a92e8234b8bcd732c80e2abb01919d26d963fc4953d55b3e500d7ac5f553556e227f4fdc49a3796ea99f026d72abe5099235f21e221c37b0da59615a4b2091a5ef5e0246c87a814b1dea6a5f93a96bf7af3e07914e39f1a2875c44b0b64815c116ab59b560fde32b9815046108a632e4546929869d68eb5e20b3cffa873e359d2605cf997dd5cd08f63c512029c8ee6532bb74c47f5172f3ce0b0a4d6bab70870206cfa98db8bca94a406fd621d3ae1f382984e1066abe142f275ef431065dc40f6670608227b9444fcd45c0b4d6aa1d766787376dc89ba7694f6f06d0d9f54315ebd32edba7d9f658bfdba4d39fe58e392b554f7025babc8e2480159375135a38c853172d4de258236f48263adf275b8050c0c1a7d8ae8b7ae4db2396bf4faa7cee7530e01dbebdb052c94d6ea6d0db9cf982de2bff1dfcea0a4c6a106a4d216a9820b1f525ab1dc9d5bb600e89f5db2bc1c9538faef0c73ea96de390002d762e6f96f59113b579426e69631353505c4fa85772c9585fd1be99afaebd2f436b523b40ad045aad4e887fd31f9dbbdfa2492e32630adbb76988b4e4b93fdfe2d15c788f96bd909e8752106847ab3a0bb60f5fe71099d585daa515f255c133d9eed4449b6f96df5699cc98741d8bed5029ef7bb83ff63e845cbaa5ccd7edbbf5badbb666d9ff855e4d90e86b0651dbe43b280ff1e946c99d4be92ec52dd75cad741f85b9c655355a2eae0c0a56dcad9fcc4f14c77a017a146e27d4da8094d90f306041ef0695c8bd4d3d12614b184ee31238ff3bedd31c27f9b9d708949969da6e87d30748116343725a429194f680b8075fab3e93d98edf8d398c17db0dcdb3aef9bdf6820056d1b8d569647f753d3706da1aa8eacafc421576bd245eb668c182cb9f74912642c70970c107225a9228e591545972c94c0b8797f9da1e302f61bf005b750add9c26c543e3147852abd7920f5409cdd0bf3315e3a6c11e9fc0fb12516915481e7cf11dffb9870afbf4282e580dcb38c8822d774d8c92fb5bb18a763fbf152615c3477a890bc5f6a0dc212866507ae62b62792c48ab25c6b1c262e631f7a97fa20362d79c58f4f6f1756bd5ad9476b021035989460d004b5d3a719f32bf7559a1cace643b7d958f674ee675a7e7795cdf3160168cac1942251d91f8fe0c1e0795bd0270b9857bdc348ee80389dd12877dcc1fd1a6ea68250a19daf0dfb2c25be1bbe702ec81b252ba3529340fca7fae5abee25cada08cfb2ec4d7a3f55f4b990889aa02684ffa92f597446e7c4e6da090343fa103bd3b178c97c3937dc2064e986459c55d5359d89835fa8d80d9aef4a9de53657eb1d6a48880120601a659aae1963875744d09d471e01d4acaa8ebde906e5ebfb79f68342a4f6f7a6998aacf8375c0b5f7109c20b72b63c3a462121001cd2cc03f7dc505d693ad7d90f5e73876b9f9db3cb0f2d0f0cd8872461908335527ee17fd8eaeb62acb54401a39040d9f87ad1611ca2a8c28ad64611aeaff7b883617790a0845834b5cf9c23c0ec168d23d7f010ee7b26b2e0958ca08fff564d12308ebaf7ea34338d1f3078933a377ccd7eacdddb13134d299e62a05a73cc3c6062a0ed7c712572bb9758985fed1156707fc2f6f1efba54a01e710a3314d2eb5207363d960d4940cc005cc3183967f03d3b699f3954221a844af233eac65dfdd67f19351652e67a65bd4f43b875bbf4b8b9738cee3215be1bf96fc10ba8124a723abbf22a8abc04d4372d8ea4f4a02215777cf70ceb1b2d65324f0deb31b640b8efd58afc13edc5018ea641f197cffac289270a343e617a1be25bcc1aac3b7e7a9cfdd720dcf8291fbefe9db6b6126a04645ddd17489aaba52f9bc5de571dc8fcd0eea92b4c5864db32394203011053ecfa0a084dffee65f6c856012a6f4ecdb4b69b7bc34be743d80ff8ab1a27f9778340a9544a47594b8a4b790ac0ff3d48b165130daddfc8e7f543918d98af0ee9e946a558c7d567996123f1d710f4bb046d72e78db886110b2dc0ae51cc148d2dbb7a13ce9454d0912f4d38f99541b044b23a56d745bca5c4b83358ee5f0f8479bb47ade1503b7d89ccf9fe4cebb25a66e3dd844e94bde5010c9639c4b6c5399ae512603ff2d3b916781b1ff2747efda4651087b7cbbd64e5a99e6a2c2d501a3d865545aabf9a9d7024aa66b4dce0e16de0f8e013289f86e97c3b437532b55a54e102f442a8bd24162af46aa82c74a0184fef5fd6d39b8b3fa19dd535508a4f5524072f5fb3ed58cb1a176c806324022d26b8fe01e49d5d57a0cda265609ef7ba6d5169668af05af31b5f345a3c9e5c4cf565c0823e36aa0601cf4d1d9b00d835c282c730b056a253bd3c553f3c8f67914a61d746dc20091c69fd46b2c32681dedb5d83d608de38f2a0b9603d512261a05d4a350bb9c8885eb05fc6cc34ccbd7ec25e1831ea590acf621ad4b2622c4ce4db5c342a5275ae392125915d39fc09cbe6a5d4753d4e1286207da06cd989b08ca21b4ff74c3b148616d4de372bdb6f3be0ceb0c10cedd7e8309cd254f38b4df1bca08a5bfda514022e74ee1e2997d59a265385ce463d5da2e3ebfd4f1e4400cc8e9cf41ecc65c2f94e58820f9ccc96b68fcce76bc2eec8f071f1aac06606cb0845fa922c72a1b35959c1595d17331fc5b64ec332404617783afb9abd129b1c72576b298943821a7ab119fdea114e0960b05242d8cad9e14f359c942b74b8c8d506b02cf27c08ba7d86f77e58414ce3538c556a2445ca86ffe5c0ff712112f4369477d84621ef22110199657b654a99e5e1079e7f52131413aa2a6a86cc71146ee3d66bc611b3410012f3a76c627015362b81b4fcffb90e0f5c12fca151f401763dce328cfc4f5a3f47cecf6c8067b66c06b5eae44c1dcc43d34fce7478dc1f217636a5f67eb2b28f1c898a3264770509386a81da977a2fe1fb2cc0d9d084feb877aaa1198c2b3f69391cb0b41458dfe5dfefdce7f2867b3a146d4af68e9a71fcc61783b22927d4728fdc1dd8118044525e8aa452c60f11d704bf75353ef9a100be9761ebd2c73093b37d71cd736cf0fe744badd2476899456e1cc2295eb167595010291673561882ec0ad1e4b6c30deddc360fdfe0d4d3d495f277e27d437a0a0c8a574fc2a22226cd87265f1019cc6188fedd63377ce23e7135f4a119c1978e4aa289ddb6fc1915e2f7470586a5a6d6f1ab061b1cb406fe3c6833e3fcc901609703c7911c08d6780da3c5c0c8d3d3dcd4c0a43b6b3441fbf9a70c208fe10714b63cc1a3add57b7da3991c0340365ae27f8e689050888114a9f03bec5fb15ce1666d95d45045b451068c8afad6d94fe45e4c20df689eb25fe7da88893dc5e482012fe72822060c920ff3a475d2fdd551ca77d890a00110040e613010635e7201f2e8e5a1f8db12404cf3de9fcd1393c7534366a828306a137fb1cd901173397e9b696a7a380961e79df12b5ff6f567f725387beb0459468a7396cb37eb81cc52e76f628281932e2d95ee508f159c093058cfbd9895d91b5c22684438fb2d8b23cdb18821e551f694576f2005f0232247e18d7a54b6974b4fb17723bcbd4f7aad861d9d8324d7328cf6bac07530e01d8db602270d5ba208bb380d15e7d2bc096854ad06c62a8d4643955e23716b29c7e91c55bb13b6c1e826a70d20e87455a43db9eb55794391899408515d9e5c75e787621b69948e5f551063032edbefd8508db291d81c2ec3def92eb64709f0f431ea38eb133346ee4ae0e1de681d51f21e4b87706d564252912c8e989495886968ab6c74c37c1c28bc0d6d0ccdae23cbcc0b72f55df3d3689aa32f2f65e1e8f059186e77505d00b4447654e8e8b9f967f12e0ea9eaa512d9aed566916fdcb830d42adc8bc12991926b33ed0b248e89b69cc7c8babb8f5fc56dcfda9435b7a4eb2bff6f7b84d08a7f9665b01a987fb7577c73570aa3edaacf1a385a835cd980cb3c57e396fd7e57f8abc77f6d9c3db9aaea29180e51e9b07dc9d5425e6d25009f1e916632103e420dcbb77989003d3302b7128ba532710fd0d7cb1def12a68d1a2c95e9bf07722d4a90c5fc3c345a675ed67f8a2aac869d65d762b429c3f6afc2b5244d57cc435170bed7a03ad6d6ebf809e727f98fc108c16bed7afde1a953acd59edaf001bedfc4673a1dca84f446e44ace18014914c2d079c29af706a38873b02a5792d4c59185c7817eb8b9a2a6cd725b4855a072640d46536af95dbab7ceb9bca5e7398ba622debc3796a2d33b2a32c713c22dba04a3d3b726cbaaf1a21d7ef00a2e62e4bfc9d9ec80a725462bdd6ac769daf5bcd9ec673457db798f741f4ea1abd3f5a829f1598ecf26ba485b4c1e23c646187e12862541b6cffdb2dac2db43f9d5a6e7c3cbdaeb3e879668538bc3ec43ef53f68f39a12326998ff060564999a005fae9095b20894341abd0f508c8b3b286422b495fd6867fbcb1653a85eb8c81b2380828a5200f70ca1096b3b82a09d2541df7d097b35436c4ac4100b2e1253ce20c4682f1e713fa9ae655fef8ea8e892f69444f6958708c7a68e1692e6cade98296d77317e1ddc6c8d3f67cd90062bc30af02886f7ff537c5c1a996d8b8ab465c89e661aeee2732d217afadd519402d133e7cde374f6c55cb2c2b3ca3d59e3bd63f49e2c0b141c4f379cebc6e28f0e56721364c596d081ce5880d3784f6d93fb937f6701e62bc1c3f9573f7650373792f76fbaf886faa117db9124dda5e8669768aa4feb56505ac319bb47f733f3a547f8b3367c7bfdd75269f513dbf184648dcc9a1a343f3a4b823947a0c9f1a2b9c315fab49b0059a24f52756f41cfa6b1025af049ad39ce885f17b636eddf01135d249913be29260059c4f2cdd3701e044b8c46dca6f541c175abc05020d4174702a8dd34d91a2978ee02e55acc1d4d03f3faef7d79508333c4a7a960689bf82b831fe4dba8973007247471f300d9caca29fbfdfa4d51d92a8cd9b6925137b6b5c8273f3302ed21d4045726c36dac073108672eea084ea011a5b834b39cb9702416d998083"], 0x1006) semctl$GETALL(r3, 0x0, 0xd, &(0x7f0000000000)=""/43) getsockopt$inet6_tcp_buf(r2, 0x6, 0xb, &(0x7f00000005c0)=""/4096, &(0x7f0000000040)=0x1000) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:29 executing program 0 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:29 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x1, 0x201) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 308.402447] FAULT_INJECTION: forcing a failure. [ 308.402447] name failslab, interval 1, probability 0, space 0, times 0 21:30:29 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) keyctl$revoke(0x3, 0x0) r3 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) lseek(r2, 0x0, 0x4) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:29 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x1ff, &(0x7f0000000240)="cae1b4b142491c1ef89a0e5b233586d68f48f0aedeff") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r1 = accept4$netrom(r0, 0x0, &(0x7f0000000000), 0x6d8776b24ba722c2) close(r1) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000040), &(0x7f0000000300)=0xc) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) fcntl$lock(r2, 0x5, &(0x7f0000000340)={0x2, 0x1, 0x0, 0x8, r4}) ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000000280)={{0x2, 0x4e22, @remote}, {0x1, @broadcast}, 0x8, {0x2, 0x4e20, @remote}, 'team_slave_1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 308.483161] CPU: 1 PID: 16813 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 308.490223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.499597] Call Trace: [ 308.502209] dump_stack+0x138/0x197 [ 308.505866] should_fail.cold+0x10f/0x159 [ 308.510040] should_failslab+0xdb/0x130 [ 308.514047] kmem_cache_alloc_trace+0x2e9/0x790 [ 308.518805] selinux_parse_opts_str+0x3c1/0xa30 [ 308.523505] ? selinux_sb_show_options+0xd50/0xd50 [ 308.528456] ? free_pages+0x46/0x50 21:30:29 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x200, 0x0) ioctl$TCSBRKP(r1, 0x5425, 0x101) 21:30:29 executing program 3: ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, &(0x7f0000000040)) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x4000000041, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, r2, 0x1}, 0x14}}, 0x0) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0xb8, r2, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x401}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA={0x50, 0x5, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xacb}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x400}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x8005}, 0x0) [ 308.532096] ? selinux_sb_copy_data+0x21e/0x390 [ 308.536793] security_sb_parse_opts_str+0x75/0xb0 [ 308.541659] parse_security_options+0x4e/0xa0 [ 308.546190] btrfs_mount+0x2bb/0x2b28 [ 308.550038] ? lock_downgrade+0x740/0x740 21:30:29 executing program 3: clock_gettime(0x0, &(0x7f0000002280)={0x0, 0x0}) recvmmsg(0xffffffffffffffff, &(0x7f0000002140)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/240, 0xf0}, {&(0x7f0000000000)=""/21, 0x15}, {&(0x7f0000000240)=""/228, 0xe4}, {&(0x7f0000000340)=""/244, 0xf4}], 0x5, &(0x7f00000004c0)=""/66, 0x42}, 0x400}, {{&(0x7f00000015c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, &(0x7f0000001a40)=[{&(0x7f0000000040)=""/30, 0x1e}, {&(0x7f0000001640)=""/218, 0xda}, {&(0x7f0000001740)=""/155, 0x9b}, {&(0x7f0000001800)=""/113, 0x71}, {&(0x7f0000001880)=""/152, 0x98}, {&(0x7f0000001940)=""/195, 0xc3}, {&(0x7f00000001c0)=""/48, 0x30}], 0x7, &(0x7f0000000540)=""/25, 0x19}, 0xffffffff}, {{&(0x7f0000001ac0)=@alg, 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001b40)=""/165, 0xa5}, {&(0x7f0000001c00)=""/158, 0x9e}], 0x2, &(0x7f0000001d00)=""/119, 0x77}, 0x8}, {{&(0x7f0000001d80)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000001e00)=""/244, 0xf4}], 0x1}, 0xb7}, {{&(0x7f0000001f40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001fc0)=""/9, 0x9}], 0x1, &(0x7f0000002040)=""/197, 0xc5}, 0xffff}], 0x5, 0x2000, &(0x7f00000022c0)={r0, r1+10000000}) sendmsg$inet_sctp(r2, &(0x7f0000003580)={&(0x7f0000002300)=@in={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000003500)=[{&(0x7f0000002340)="f8c81493d5fd0c41a3bf16d2083081403b5d9e94dda0c3e7f4c354f9ab139ec0ed98a639c33fbd04569ad728d83628e7a1d1a14e441fe02949b1cc2e46170d3b547bb04426615a65dcda047e923e20b12df92ae5d80f642c03345f08fef4269acb851549196f4ee7c6096238c970107036853ccc02ebdd840dbcc6420edf7f3f7a2b534518e455b705b783877bab1cf9a4f2766e303a4e07a3d22d451ec411c9cb6468143da7128565dc856ba9d9e58c12d5019b4404734d962caf69cfe0843137bfa422953ed1d04d02c5c63b5ec082766d8634", 0xd4}, {&(0x7f0000002440)="19e127c726b1d03982102f58db6ace0542ba1b5922ea3723e0a16ffbddafa15b669b7841461322d5f50b251349a1e1391adc1199588bdcf7095f94fc", 0x3c}, {&(0x7f0000002480)="b57a7bfcd1ce80204dd9c701727552160ecffb971617ff64170151d50fc8f51ef14b365816642e6987d0ea1aca8ef8ca489b342c95ee1bf13562ed15fd7ace443b9d478229a431ec7d308572a12f51ba6076e47ad6a63bb0164e3bf5635fa2102bcf17b557ce8ea47f1e1318c5d31d8b0023156a6262910539d1990287639f27", 0x80}, {&(0x7f0000002500)="5fb1e3d2ba236494304119fc76e1a1db901081a4a98865a69da2857860e18730b3dc3f982c33781ac57b78a1783ffcf5c1fe279bbdc2c29b2b119f1275ffe65307e6b059302bd931b92ec59ef52563809fa19e8d62c257a0559c32773e69029f2bba00ba6f75e72799a05394b3bb634dfcea741a9bd865de6710a02c4792a4b9942d07d02b24ea7b9f00fea12d5f1ce85ef02766fb8136fa66f1a1c65621b65062a164eea22a756fac80f10b51dd5ba58aaacee686da227b5eae1a5f6116edcb9cf3336960c62e2a02a8d277db85df5c5e5532d4b22db98e24077ecf15a25539397381bada7103e6e22f269e5f158269efdd3004b68b20efb5670af3feb549d4e299a9799e408d4d4946adc5f98ce378ebdd4321f36b515dbf15192960a3e4d53a980f76cb4454ebbce6bcf4c748a79093eba5b0a99c69fe57927d647efd4db9bc040c071bfc3ceeef702983672c059dd78f625c7629d0cba8275f00edfcc935aee4c0629f2b8dbc096ad9da89c4cfdf249764da9ffc87bd2834e5570801518ffc66b9549fcd10248289a5dffd17e0a67f5b696590ad9b5802d3381dde474044af84a2f89f7d916653415b6fcb98dbd2a9848b9b1283cce56b892f9367b778d3e7d0bef0bb7be5488fa850fb997cf3fe64f47e10616925c2274f7b522c5501db2e2cd552228bf4bb009a5a95dde49dec505073e6d2dbc2d8f6aa244590aa4bdb80530b998c87763aba445fd53c99e9766ad0b49aaf012ea24ac315f20097d466a28f0e309e24f1c3feee67d48ad7875fabe1d4bf8c19804a4f1b88cc2096605ce8617a4a2fc7b082c32bb00964a212b71b1e951240ec963e765310518a0613644eba611c80dabd000cc223d5e28ed759462f896aea05d22b5e8fe23abb11f482bb6430900d18164d38a1d55d9704f7128d2401761662693b36229c1bdee36be78d2fb4999169df5487c8722e4341c8e0e64d1205baf61ee70285b99ad9ce37078caa3ffb10faaa6586bf1ee34eca0475bd5beb59c920594d5830d4978e3d36872c6cc4aa344ce5c5c325f1a9b2493d5fcb5692d1d358865aaca260b0b79435008db43f1511474b6f59e8b67622eb50d6864e3a9273af03d5e8d4a3c1eb296586699e3a1561dd2b304b1c3bf078dff432bbd463c05d57b215cb7dbd7c76df10c1d32d9cae308f00627975bae7e2a3ff4f3a186630d64fb765eacd1eaebeae77f450c4983352ce39df8524180add6e7efe4292db5588d1377c1626eb8478c76412f255a655af3ef08e111a83a98362a2876e6114d92c76166ddfb606545ae4bdb3169a2b1c73535058ac60a60347e3814276ef8c2ac26135877ce6c9602a0c7676c4a6b0b13048b32851dc60435ea8ad5c9ef084dff798b7d39a6b1626e49f5a00dc77b08a27d945dcd6fe0fd1af6fe3b5e396d15458d0a5e799fc43cff0f28dede46d4f324f65bfd99c07112c499366df85194f5199dd2db7f8897b1e2d9bbe37a7443ff50d59f7927d38d03c3edf28ca7ae8ae9c7e87a05380c76f674679bb235f9127854c5212b3af25139b6114cb611146136e89f368f60d9ebb4a922e7e80a246b2f3b84c8971a949a35a48a724e1c4055f4734817084a39a1619a1b2d4218d50c27a7a7995366b7dfa755b002610f4c615326e2f883fa99ae7a43fe3bf8be9e8ac43a0dcf9da9990bf6bf66c9cd9d1abac6c090992c7acbdb130095a48d0fdd80c0d048062424aa0bcabee0265bda64e119ab7037311b734171b54532b69c0ce8191f70ee6f0756fc8ad2bdbb2e825deeec7ed90157bfe7219edb51b5671e5972f62be37242caf0b2a8611b9d3733bf67309296e4cc15f55a2eafa819af389c414604b4342b376176cc9e832117c93939e081667a64fc251d05f79746655363f92e3e8634c6478727021b184d98679f163faded3adbf550fd6cb2f96155915515c24b6d562c1dfc314dd35e20404cedcd826a2bb2172464d0b8e84ad2d8e7fff1ac12560b1bca0de8b8ef996e590f5f11120d22c8f61b428fa70556cc1fa3d907445c26f9202b56381c9473f32f9a3501982925742e3a8b73e7e196d60ed9e69dfff3a43e917ebc5c78f9f88598a63d92e94de3cfd786836243472521458134ca3c0d9a791852b3bde9a7ef7db99cbd4a7ae080e7bc5a67cc42392e98ec98250fa621a3ee8c2dca57661d1375dcd6172c2f2c4f3bfa113786b5593872f971aeba8a352dc969e9ebf980193a8dd39e30ea30cf90217dd1f8c3e50694333edf4441ec5e25c447d4ed22380ce5d2a49eb0794ebb38d4ae560bc4261143e71bef4c824b2609dac49c7663b1f5e95759b7265a2f501e48c5b4a5ae14179f41aac490dd2e67f994e9fab1789496eac77a8772e9b9948c5b331831046d107b4b944221d775d72e5df3e86c7c35b8521cdd34051fffe392b669fa070ae14f7c5bfd5405643d1ce1cc9ec2d4b1286263e4f25f3feb11480abc78db201de694174aae6db2653a80e747368f662ac7f359862081e287f12ef62e73a2012df1e7e3e82c4827718488b02e9155666e7ba902fc360752fbc046cac05957f8dd580bc19085ba56d7fc77326350941d0235a57f945d5e52b865fa6c6ed4ed2b5dbed54be129e0865a09b1adff38c4ce83a692c1c2b58cbe20b0b55f7d843f067bfd99b25ce0fe11b6a5222d8bafaf18b43531ae7b2adb567d24d20ac5f0c9f695136a0f989fe6087c6ee3944980373b724ca738a71ae3fe816e84d26e910f17c7603bed502ade80a1184fc95292ca4f432f755e13b3236851755301fa4354e5d93f3f19a7ae2249d75b6d39bec4562b44ee3f6fcca8eb2187ce58df08e0f3939da973454cdcf240dbfd6743267686b3d8fd7ff27059fd7ec4626d59dd52791f0d301ecf792a099936e418182649d9ea1dc275eb13826149cf9aa9fcde692cd94e40128f01c61ca542ff64855c4f05a471d750915a36b34d4025e03709f9d40650496ad6c51582188eb5f07384c188ab0505ae42f57dd73b013a8a995a59908100bcd52bae5ada8c64426493ebab4e866c89010f9f22f81a40e2f45e279ce725de0d6db497fcc995d0b2529b74afecc386ae4df7e336d0c0493bff15021b78fb1088e0da67765f25dadf94592a437e214fc4560e81fedb57cf5c511477a8ae8e6554736c79f2ffb5a3778f3dd696b9c8a7df1896736ed48c793779a60f737a044f6c7d811a9149c85fefc7edb8f3926c3824844acfc44fdbfa7089b2764eb78b20f978bb86b27bc4e4ab90bb5db5cef554c5922b9cad3f19992a76ce721040e4cb6d3ed1e86787c576ec8c668ba14dddf1b0b3f78160f607b68b0a210e276f138b05eeab3fb7e91887c10d277d99600ece53a2f10757080a09bdbc1ef736c2b6acfce9867f4da558bf89eab92abfb00f0cb9bfc151b5add65cbb1d34ed33941bee785aa1854989d016b81567becba9e96b738cf201f65f81fbdb2eb17051db3a725bea3f21c3bd2ac9fad9ee4dd6e9fca1a34aa38fe4347fd6903f01dd5949ea2ed976a2ff7000920ce189ecc426c152c396f2fe9755497cda7572453e909d4edc11deb126596750eb6ccbc32636aefc50e695149bfe8fcb36d4c2267ec80b69dc6401d465ae44e0f43a49dc55408dfaba96479c6eaa1acd4a47bd8b0ea2ab982483ef49c9cef71674f6542592d84b95c30acd0b7ac3991f93dfbb95478f34db876505f0d473a1d2052dde209794eb48110af85ef53d36bd8ae51ada89e6b87d3edd131c2b00f03eee21c5d268c110e07912d7fd08e08764f35986c91247890e5f1f48c1977e5af0c5c1306973f2e805f33f19a4e84886c9f5f6ff2f5192c20a32d64a4207841eee37fc5ea372f8fce03020aeefbd090ebe5554843437ee57faa976dee90e6a7098c23b341aad1bdfb6733fe915c5f79a4175014fa179bb5c9f60214b9aeb50eb2a3f3d10f6e51b6413fd2a09c1e7f729a08cda81ddee9f31bf7531c10c9aeb146a9acb2dec79ece95b2e227283d330f6144d455ec184f3dee34f2e02c19f6e6fbe34d9858421c86b43674d2a52a8ae4b704dee9c53a91cdc8af2408be79cb48be8ff5bbd6498e9eb6cf01bafc5b5244fac428ee0546f5f201c3199c67f1161022b591ba0689048dc0d32d0f8bfc95a2a895954f047f2a9b5ec4db7e4b06490a60e418fc0126a60257abf0316ca229d86118bcfe24e90e316730bd1da496cd1611e8af32e6cc8b191805dd5c741a91f9e289bf40b45da45bf99dd29a72e2d5251be38401dbee3f7ed54b4694830aebc30dd53df70215e4137be3ecdd17e5f5fc7b1099a690e7d2394c802ed234d914ae2e7056dee8148c055d67fe7693b859521f39b66c8cfa4c89bd362bfd540f0cf6afb0ad9cd0b45b3d71834a4c57203d3c30305c72222e84646927a421c9a16e8eb4a33b71ec424bf07475545fe40bc0fff36dd19b1c29a48093d71976527d62c8fc2cdc1823c2ca443c7d101f015640a0543e69c6b3594ed49daa2892635292c2e5c7316a6af0b3be0f091221ac28eb0609f7fbd8a93103e3f88f70ab36f83fda039de0d1517919f3bbcefb4f3eb4dd46f8b3f59f089d38c2b377e0430cf76a38eebf3a5cda843712ed05d70e1e252994e8c4a61d67416fb2638bca516b00eb4c75517bf0930066cf64c740d2adfbef9ad069e9448e41446572afd4872b9b6e619cdb7f8c9ba913f3dd79e5d3f2ad1a0291ad35411618a45a096072ec71634845377582f9b00be0cc3355a41a8e3bb71683d363ef47a17156a4a481dba9b69ae2548044578abde34d5b6b3b5ed07fb02131a7744ae03ef88c304716f07e647d5a08c015ee79051cc078e6f32940012fa971a8dfbbdfc2915ff71ea4395c3565a2e5299455de03973d098f8b54ac5a398da6325f8aac867767f484dbb74b360da20be8e0c1123affcb931c982e250140fe69f959b61be018d0c3bd89f7ab90f9d70b21a1fbe5fd8f3985cc14473523088cee807a40e6df12f7e61a15630ab4c7d12a7e14aa9c91ddce763e091658b40b4b318d4d7c163903be7a54f8ad75d6d351b38d670d2e9c72ab9630cd781df9b17f4a4b0d665827c22cf8bad55aed84a7fc8c51eeea9fba739ef7dbfae4ce46886428bb765ee8ef8ab6187aea272479fec4ecc1ca65042cb4ed39918298c09eb315f2ed26d43e5df72fce893e7037e42dde9188855c5f6c4356f42ebda9a9d7b69d93bf2da2e9c68edaf7a3e448394cf7de591f45af6f3a0002e3416bfc5a9a7296d2419cb68363680064adb054f61ae8ed31e2a34ccdf877ebdd49e3c0c20b360010dc83fceab7bb92a3ac93eaac87c93d2a46117d78e525544dd3dc8b4eec314d1674e7555534d22de4ad5f789ac7e6ed541feae431999d2200f83bc18bf6bad0c82657bddc9f75d55de7ea3f0e978e0fe9115f9ef6302cbf8d76a43761521dcb04a92c6fab675f26237674da708831a03f84a8e8eb903ab032d0c9f47f161890c1326e552b0e6cd629c22c66e5b993feb5a4ac0a5e4fbeee7d584d97221313cf2dd50658a64891269d0d18ae342f004ff17279c27e5250d4a9b45d301d51e7bf8bc7c99c7404c64cb7661a2e0cf21cee1316b8ddadca93c22f9bbd7283f0637bb1bc0e8c50e191a5a7641d15b3f47cc6161798267467b1c36ca00c80d3a63b1a94a52d848ac585a732f339622440653fc126cbfd020778337996d6d3ebdb303be50a02f03f09451c72f20c39c0b38e1676aacac658ec71dbbc6f020bd2d3558c1fb3a9976ba80191a6dcb086f89899c6b9a9e86af8dc6b08f2f5160f414f96f8", 0x1000}], 0x4, &(0x7f0000003540)=ANY=[@ANYBLOB="3000000000000000840001800000000000003f000c000000920000000080000001040000f30d000009000000", @ANYRES32=0x0], 0x30, 0x24}, 0xc1000) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$VIDIOC_S_PRIORITY(r4, 0x40045644, 0x3) [ 308.550049] ? find_held_lock+0x35/0x130 [ 308.550060] ? pcpu_alloc+0x3af/0x1050 [ 308.550079] ? btrfs_remount+0x11f0/0x11f0 [ 308.550095] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.550125] ? __lockdep_init_map+0x10c/0x570 [ 308.550143] mount_fs+0x97/0x2a1 [ 308.550159] vfs_kern_mount.part.0+0x5e/0x3d0 [ 308.550167] ? find_held_lock+0x35/0x130 [ 308.550184] vfs_kern_mount+0x40/0x60 [ 308.550196] btrfs_mount+0x3ce/0x2b28 [ 308.550206] ? lock_downgrade+0x740/0x740 [ 308.550214] ? find_held_lock+0x35/0x130 [ 308.550223] ? pcpu_alloc+0x3af/0x1050 [ 308.550241] ? btrfs_remount+0x11f0/0x11f0 [ 308.550256] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.550278] ? __lockdep_init_map+0x10c/0x570 [ 308.550289] ? __lockdep_init_map+0x10c/0x570 [ 308.550311] mount_fs+0x97/0x2a1 [ 308.550328] vfs_kern_mount.part.0+0x5e/0x3d0 21:30:29 executing program 0 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 308.550353] do_mount+0x417/0x27d0 [ 308.550368] ? copy_mount_options+0x5c/0x2f0 [ 308.550378] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.550392] ? copy_mount_string+0x40/0x40 [ 308.550406] ? copy_mount_options+0x1fe/0x2f0 [ 308.550420] SyS_mount+0xab/0x120 [ 308.550428] ? copy_mnt_ns+0x8c0/0x8c0 [ 308.550442] do_syscall_64+0x1e8/0x640 [ 308.550451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 308.550470] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 308.550478] RIP: 0033:0x45c94a 21:30:29 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x400000) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x4}, 0x0, 0x0, 0x0, {0x34}, 0x80}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000000)={0x15, 0x110, 0xfa00, {r3, 0x8000, 0x0, 0x0, 0x0, @ib={0x1b, 0x8000, 0x9, {"8e2ce78e66a9e39493d9942de5b9b22d"}, 0x0, 0x200, 0x7}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}}, 0x118) [ 308.550484] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 308.550495] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 308.550501] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 308.550507] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 308.550512] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 308.550517] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 308.812874] FAULT_INJECTION: forcing a failure. [ 308.812874] name failslab, interval 1, probability 0, space 0, times 0 [ 308.835788] CPU: 0 PID: 16850 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 308.842853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.852393] Call Trace: [ 308.854997] dump_stack+0x138/0x197 [ 308.858655] should_fail.cold+0x10f/0x159 [ 308.862858] should_failslab+0xdb/0x130 [ 308.866923] kmem_cache_alloc_trace+0x2e9/0x790 [ 308.871636] selinux_parse_opts_str+0x42c/0xa30 [ 308.876333] ? selinux_sb_show_options+0xd50/0xd50 [ 308.881284] ? free_pages+0x46/0x50 [ 308.884933] ? selinux_sb_copy_data+0x21e/0x390 [ 308.889631] security_sb_parse_opts_str+0x75/0xb0 [ 308.894497] parse_security_options+0x4e/0xa0 [ 308.899030] btrfs_mount+0x2bb/0x2b28 [ 308.902858] ? lock_downgrade+0x740/0x740 [ 308.907024] ? find_held_lock+0x35/0x130 [ 308.911096] ? pcpu_alloc+0x3af/0x1050 [ 308.915015] ? btrfs_remount+0x11f0/0x11f0 [ 308.919269] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.924338] ? __lockdep_init_map+0x10c/0x570 [ 308.928894] mount_fs+0x97/0x2a1 [ 308.932297] vfs_kern_mount.part.0+0x5e/0x3d0 [ 308.936920] ? find_held_lock+0x35/0x130 [ 308.941007] vfs_kern_mount+0x40/0x60 [ 308.944833] btrfs_mount+0x3ce/0x2b28 [ 308.948659] ? lock_downgrade+0x740/0x740 [ 308.952824] ? find_held_lock+0x35/0x130 [ 308.956915] ? pcpu_alloc+0x3af/0x1050 [ 308.960829] ? btrfs_remount+0x11f0/0x11f0 [ 308.965099] ? rcu_read_lock_sched_held+0x110/0x130 [ 308.970151] ? __lockdep_init_map+0x10c/0x570 [ 308.974690] ? __lockdep_init_map+0x10c/0x570 [ 308.979210] mount_fs+0x97/0x2a1 [ 308.982607] vfs_kern_mount.part.0+0x5e/0x3d0 [ 308.987131] do_mount+0x417/0x27d0 [ 308.990692] ? copy_mount_options+0x5c/0x2f0 [ 308.995110] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.000139] ? copy_mount_string+0x40/0x40 [ 309.004395] ? copy_mount_options+0x1fe/0x2f0 [ 309.008914] SyS_mount+0xab/0x120 [ 309.012384] ? copy_mnt_ns+0x8c0/0x8c0 [ 309.016287] do_syscall_64+0x1e8/0x640 [ 309.020184] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 309.025064] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 309.030265] RIP: 0033:0x45c94a [ 309.033484] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 309.041203] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 309.048495] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 309.055778] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 21:30:29 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x4004, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000000040)) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x42e401e7b2b5e57c}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, r2, 0x100, 0x3, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000012}, 0x20000000) [ 309.063064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 309.070346] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:29 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000040)={{0x6, 0xfd}, 0x0, 0xfffffffa, 0x1, {0x3, 0x7a}, 0x9f, 0x1}) 21:30:29 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x33d2cbab56ff0088) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x2) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:29 executing program 0 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:29 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r1, 0x4090ae82, 0x0) ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000000)) [ 309.250865] FAULT_INJECTION: forcing a failure. [ 309.250865] name failslab, interval 1, probability 0, space 0, times 0 [ 309.287085] CPU: 1 PID: 16874 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 309.294155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.303550] Call Trace: [ 309.306164] dump_stack+0x138/0x197 [ 309.309831] should_fail.cold+0x10f/0x159 [ 309.314150] should_failslab+0xdb/0x130 [ 309.318181] kmem_cache_alloc_trace+0x2e9/0x790 [ 309.322890] selinux_parse_opts_str+0x42c/0xa30 [ 309.327591] ? selinux_sb_show_options+0xd50/0xd50 [ 309.332558] ? free_pages+0x46/0x50 [ 309.336231] ? selinux_sb_copy_data+0x21e/0x390 [ 309.340934] security_sb_parse_opts_str+0x75/0xb0 [ 309.345809] parse_security_options+0x4e/0xa0 [ 309.350340] btrfs_mount+0x2bb/0x2b28 [ 309.354174] ? lock_downgrade+0x740/0x740 [ 309.358341] ? find_held_lock+0x35/0x130 [ 309.362433] ? pcpu_alloc+0x3af/0x1050 [ 309.366366] ? btrfs_remount+0x11f0/0x11f0 [ 309.370663] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.375723] ? __lockdep_init_map+0x10c/0x570 [ 309.380248] mount_fs+0x97/0x2a1 [ 309.383642] vfs_kern_mount.part.0+0x5e/0x3d0 [ 309.388163] ? find_held_lock+0x35/0x130 [ 309.392256] vfs_kern_mount+0x40/0x60 [ 309.396086] btrfs_mount+0x3ce/0x2b28 [ 309.399915] ? lock_downgrade+0x740/0x740 [ 309.404089] ? find_held_lock+0x35/0x130 [ 309.408171] ? pcpu_alloc+0x3af/0x1050 [ 309.412089] ? btrfs_remount+0x11f0/0x11f0 [ 309.416350] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.421396] ? __lockdep_init_map+0x10c/0x570 [ 309.425912] ? __lockdep_init_map+0x10c/0x570 [ 309.430434] mount_fs+0x97/0x2a1 [ 309.433822] vfs_kern_mount.part.0+0x5e/0x3d0 [ 309.438347] do_mount+0x417/0x27d0 [ 309.441905] ? copy_mount_options+0x5c/0x2f0 [ 309.446421] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.451461] ? copy_mount_string+0x40/0x40 [ 309.455727] ? copy_mount_options+0x1fe/0x2f0 [ 309.460248] SyS_mount+0xab/0x120 [ 309.463717] ? copy_mnt_ns+0x8c0/0x8c0 [ 309.467649] do_syscall_64+0x1e8/0x640 [ 309.471560] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 309.476430] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 309.481728] RIP: 0033:0x45c94a [ 309.484932] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 309.492678] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 309.499968] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 309.507251] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 309.514533] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 309.521816] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 309.529421] protocol 88fb is buggy, dev hsr_slave_0 [ 309.534558] protocol 88fb is buggy, dev hsr_slave_1 21:30:30 executing program 2: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x2182c0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f00000000c0)=0xc) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/expire_nodest_conn\x00', 0x2, 0x0) getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000200), &(0x7f0000000240)=0x4) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x10000, 0x8, r1, 0x0, r3, 0x0, 0x80000001, 0x3}) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0xa40, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r7, 0x40086607, &(0x7f00000002c0)=0x8) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:30 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r4, 0xc0385720, &(0x7f00000001c0)={0x1, {r5, r6+30000000}, 0x2, 0xfffffc00}) r7 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r7, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r7, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) recvfrom$inet(r7, &(0x7f0000000040)=""/158, 0x9e, 0x2, &(0x7f0000000140)={0x2, 0x4e23, @loopback}, 0x10) r8 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:30 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_G_CTRL(r1, 0xc008561b, &(0x7f0000000040)={0x8001, 0x1000}) 21:30:30 executing program 0 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 309.768750] FAULT_INJECTION: forcing a failure. [ 309.768750] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 309.780604] CPU: 1 PID: 16902 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 309.787615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.797003] Call Trace: [ 309.799617] dump_stack+0x138/0x197 [ 309.803265] should_fail.cold+0x10f/0x159 [ 309.807437] __alloc_pages_nodemask+0x1d6/0x7a0 [ 309.812127] ? __alloc_pages_slowpath+0x2930/0x2930 [ 309.817161] cache_grow_begin+0x80/0x400 [ 309.821241] kmem_cache_alloc+0x6a6/0x780 [ 309.825410] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 309.830542] getname_kernel+0x53/0x350 [ 309.834485] kern_path+0x20/0x40 [ 309.837874] lookup_bdev.part.0+0x63/0x160 [ 309.842126] ? blkdev_open+0x260/0x260 [ 309.846032] ? free_hot_cold_page+0x763/0xca0 [ 309.850573] blkdev_get_by_path+0x76/0xf0 [ 309.855095] btrfs_scan_one_device+0x97/0x400 [ 309.859625] ? device_list_add+0x8d0/0x8d0 [ 309.863883] ? __free_pages+0x54/0x90 [ 309.867708] ? free_pages+0x46/0x50 [ 309.871358] btrfs_mount+0x2e3/0x2b28 [ 309.875174] ? lock_downgrade+0x740/0x740 [ 309.879346] ? find_held_lock+0x35/0x130 [ 309.883423] ? pcpu_alloc+0x3af/0x1050 [ 309.887341] ? btrfs_remount+0x11f0/0x11f0 [ 309.891599] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.896645] ? __lockdep_init_map+0x10c/0x570 [ 309.901169] mount_fs+0x97/0x2a1 [ 309.904564] vfs_kern_mount.part.0+0x5e/0x3d0 [ 309.909078] ? find_held_lock+0x35/0x130 [ 309.913159] vfs_kern_mount+0x40/0x60 [ 309.916985] btrfs_mount+0x3ce/0x2b28 [ 309.920819] ? lock_downgrade+0x740/0x740 [ 309.924980] ? find_held_lock+0x35/0x130 [ 309.929063] ? pcpu_alloc+0x3af/0x1050 [ 309.932979] ? btrfs_remount+0x11f0/0x11f0 [ 309.937356] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.942523] ? __lockdep_init_map+0x10c/0x570 [ 309.947045] ? __lockdep_init_map+0x10c/0x570 [ 309.951570] mount_fs+0x97/0x2a1 [ 309.954965] vfs_kern_mount.part.0+0x5e/0x3d0 [ 309.959485] do_mount+0x417/0x27d0 [ 309.963157] ? copy_mount_options+0x5c/0x2f0 [ 309.967585] ? rcu_read_lock_sched_held+0x110/0x130 [ 309.972697] ? copy_mount_string+0x40/0x40 [ 309.976966] ? copy_mount_options+0x1fe/0x2f0 [ 309.981491] SyS_mount+0xab/0x120 [ 309.985050] ? copy_mnt_ns+0x8c0/0x8c0 [ 309.989006] do_syscall_64+0x1e8/0x640 [ 309.993187] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 309.998207] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 310.003418] RIP: 0033:0x45c94a [ 310.006624] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 310.014371] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 310.021654] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 310.028941] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 310.036225] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 310.043537] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 310.051076] protocol 88fb is buggy, dev hsr_slave_0 [ 310.056172] protocol 88fb is buggy, dev hsr_slave_1 [ 310.060200] protocol 88fb is buggy, dev hsr_slave_0 21:30:30 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) prctl$PR_SET_TSC(0x1a, 0x2) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) r4 = getpid() sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r5 = perf_event_open(&(0x7f0000000280)={0x3, 0x70, 0x20, 0x4, 0xfa, 0x3, 0x0, 0x800, 0x12004, 0x19, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x4, @perf_bp={&(0x7f00000000c0), 0x3}, 0x10421, 0x5, 0x6, 0x0, 0xffffffff, 0x7fffffff, 0x5b}, r4, 0x10, 0xffffffffffffffff, 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) mmap$perf(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000000, 0x4010, r5, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) r7 = accept4$rose(r2, &(0x7f0000000000)=@full={0xb, @dev, @netrom, 0x0, [@default, @default, @bcast, @netrom, @bcast, @rose]}, &(0x7f0000000040)=0x40, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x400000, 0x0) r8 = fcntl$dupfd(r1, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:30 executing program 5: r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) shmctl$SHM_LOCK(r0, 0xb) shmctl$SHM_UNLOCK(r0, 0xc) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:30 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1f, 0x80000) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r3 = open(&(0x7f0000000180)='./file0\x00', 0x40, 0x40) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)=0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}}}, 0x2de) sendmsg$nl_generic(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x202}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)={0x13ec, 0x17, 0x0, 0x70bd28, 0x25dfdbff, {0xf}, [@nested={0x10f0, 0x5c, [@generic="1dcc63fb57bccad36683c55eb2ffb951b3bf077bf2f75333364801cc33e1e1e3a3cac8606f21f5bd91aceffc406be049c1cf7b971a44533e25bfd5f12ce005b18a1f3a1add5cd10cd807fe9aa16565313f9af8f1d230cf68d013fd1ef558419a53848c5614323798537d1b09b7aa5a0e8168f72d2c1b64e40ca08cf46f32ba56f55299932bbd5e79aeef8c038c1b56311e1329896c40fd1dc273f8c727fcf3fb10c023a854c8aab21c075a463cf9b4395f759994b2a37fd1fc27afa75b9ff76041081e5eeb91ad1e25ad683c0cf9541b1fd60c4342cbadb94580399035688aebeabc6b9a091c9be26655831f6a6ddd42c8755f87a3d9ec5fdd274e57dfbb4304e523a52fbd2ff33ea59651ac22b6d02572239cbd2333d078614bb76b9ef4b3ada14fe6c7b08e3106d08137f23287a6cc2c90f650ee8165914587252c23d4b72750ec1dde7826c32e34f8cddb706d159890f35a0c768a8c342156fa2304adb6110489595941e7a45d0b016d484c56edcf565a46f032bfccb489b1c2bb8100f8cd30a70796c1f80073dbb35cb8782b7902cb2425ce4082d198c161ed1823c96bdc0d6b65d0e1ca1584af08744073b58f71a7f5a76d48a41494d50672a4c2aa7463ad87e2c8b26d07fe7a2e324964408cbc2201d0ac6ae079e2dd88f338f4ecab7de9223b34bb145a4e7e9fcac01e8c1d4de5687d5999fd709f9e8070ec1c1d7ce618251eeb83fd8d5c3a06ebf57ef0e3c79d8bef914ffd2d91bcd23ee793a428d5f95ad8b9ef07d02f52e4bca9ba2f97c101cd001293c9f8c6fbc6c43f000e704e863f26eaae72af67f2f5d978eb555f500fb1093295affb0c02a9daf2a2d7683265f4eeb2c9415df3b8e6b4ad22bdfe6ad10c054b51941bdaa50dcea02a2d39919a1fbbb512277c5e6178ae0326624aba9cab3f22da14372632b1a489997ddd0321053e032b118faaa0bffc8f7e88fbab77055c3800b032e698ac266a98b450e2f6344bbba07f3d6712f00f294e1cb9f5cca4b40ee31651149e0623a17c1f97810fbb94fc6ac95927d1698c80534a1dca9013aba774b9311cc17767f1bd12872e0d0911d22243b08da6f9c6ace6d156db5cb1bad08e03ce8984eaad4695755125cfbbe9db23fc1c523e240f4be1e7bf48ab059d1b849dc115b08b74f212441a827d6c670a2e2fab5f1c7ee52eaddd5038c3e6c6c9c49ad28c8f414db8342e5a4573b4e0c66288eda1a25456fda972fcdb5501b111e599babe3e705152a2d66ba0b9b7d4b5da829beb5bdd000028d1f96622916fa93778b9c2e587a5d1d7de8a9aa6b98ab7499e436c1e008c15f7ae156df77c12b58db746b0009be2003c359a0034d15f9e1fa40e3ee706f572c08684a63d3c247e7a6c34c618d5ab912a47eae99dd43a7507e48a2cc8fbbf9bcdf52162a5358ad47e3c621a88bf82b049be272a36f5e48d718a3ee12536b7daa74c842e23b576597736d88593199e88575a3504633e796d3e950248b7b633128721327426a06754bb9cdff9db325c03378d64a96ae639592fdeeb3fb47b4b937f2f9200ebfbc600089fce4adf8c6b024c29c4685ee1d14ac751f70d937a37cba918f6f7d063462fc48f1aa974e03ce9a1d248f5352ebaa119b6c90ca2fb1a0c813a976c6dbac9677ed34996b2201c000f981f80a6487b1d1ce6dfacb8bf009027372e994bb0ec1f6745ab4615f8f32eec60e17b61e52fdbf6eaaafe97b44805bd3b9f6c0d3a1cb0333b7fb44cb5a620a0fa171ec5f8f237a6f7ca963fc7d8d1f374018795dcf7158a3f0abcdd6d855819aaf94368e438b6e60de602da854e0139456a9e30932ee43ea470d78d4ba0508ef72f7a626f7017d9b49eea75a243eda5105001a9174d5d838faaa04fda58af311ea24130bb9cd11d15c3b06368b2b04e5457f5bc158eae1361fbadb71b6c08a6065ea009fdcde844b82c7543a63952d3a305211a19b25f4e95da7bf740c0cc40fa3ec5b3ba3f692ce1e259ce832c1dd1611af3fbd3493f3fdacb7a9717ed2c519cbc15d9d4c4f89629326515974fc9de5fd1e3666d1140b8ef736eed057834bf817ca24e2b774ea854e64e9b6cf69da0e83b377c13f71475b0a9e86fe807ebdc28db5823e1eff732ce26da914cb6cef1996039af35a22aaf60b9b01de498afb07d0fa8411f9441b4ceab28bd6a827c072f18f0bf7a99c66d2dbee79dbd858b36d4469f708f314e894ce357dd83be61d6129e6cb787eeeb830e7bb7bf21346d348ffaedd6e38d54410dbc729c0e7626a552814876ba901b0d7f2f4c6fe618fc6f757f8deba0a20038524220e36ff614552a3581558057451f1c3ec08fe22f91ac09a7685f9386f0f550de92322b5348ed726e65651b0efb060bdabe8b2b8763aa350a84da352d791e2b1a80f5e3aa6d5ce39ca8109fd5cd97657412f1819a9bf2a3c830c437b7d891affc06e824d1214db5794d05945b3cddc2fe5b2fd755976fe8de706537b511cb3ebd4ce389f4882574954913ec496dca7b65d8fbae4dc567101907822b53bf118e0c71701d75bfe6de165a592d3ffb865f15c121b0986edce9aa7ad5ef5690b0182c559ce6c342c7d54053d98c3f658909012f0d83a35e5bee316465aabf94e24ea5ba7e98f327e2361690cacdf918934bca9adf216690d19e95e92caf707728f4820ad1bee75142d914af211985e0a5a82ad06c84bf840c84a598f1c69730fabd07b362d2cfd4a2fc0a5080adf10a809ff12e6d8adb84668fb49e2002ed2c10cabc3e263edbd5b8022ac79969e340da19d8d29c62ec5173bb83a6a5de871986c3dbb7b82bd36e3ff8c4e2497797066e6c2bf347a9f0121b8b7a2c0745fe871dc01bcdde5bf527f889dcda43af77f4eb97b85463d1b64525e28a6e1dd7e4e097fde17b704b772c2538f48074936c0cae84fdf977e852344163806586d07be7506dadb02d174e39571820278dcd03cb405a009b3ea3d1a06ba22e6335c8847234b0e4937cc35295f8bc28e19a08d46ef49cffc29f1647a3a4f1df57af5e0eade63f738804629d6ec0e98e5564c575dea4e7dc1fc7574a1d258879843e52670f2d880007532ae59697abf15d20dfb11b3f7575c7d5974004639ceae0340e0132183d128d3ce4b180d6e8d72b59b11dfbab40162b243e3a4a4b379015683c691c931d39bc419276417ba93cd927fc24a636c4846a99e7bc8077e6612476cf688d564dff5d1e9af2de848af0e04815400492f87ea7f866be9f5c030eb70f702895200617ae380e3e1329c18a9a0df2a57c450b10d3fd0be66acfed68b8b72c6cfdbcaa8be61d48099fe9bab086f9e10d59a94fc8dc8783afbd223689865f43decf09fea6e425332cf71400ec41507e364eee9989df41ca89b9a611c3aa0dedc7e5fd000e6fe015d62e81bb4c3885ee5a940cfb0095399dd07a576a636444ba5526f6d13c78068b9911f365dc52117eb8f1182eb80d8bf7894184c80f5707df74946ae430f360c8be233a7a2cb4ae2e26957ee3d7f2afa274821e6cd104dbc92945ef2d4be8ea0c907c2460e6b12fee1d0ec4bdeda640001783c620422e9fbf2d1e643e78e73d69bc5e7d8237e1d167d9e92c477b6ce7f91e586d392811e2354151ce4e37a5e5d33b76a287cba820f3b103aff8d8b310245fb2cead683079950c2b4021c3c8fed079266394d0b2304f32da6ae79ed38f0e5a252b64e7b7cbf8692a19c51ca7377caaa747ff11cd35d638ca66c2520ab6dc7951d99e6e0919355ece4ccf15fa2ab9f6aef29a91383d79f9756afbfa8557334918910120d30900d6aa02baab2dac87d628937892f13148869681f66d7a1bd72b05b421c9111b95f0eca1fcc235d1dd8c81fdada9a960db4e68316aa7d00aa76b63141ad2dc13bcdb0cd4f26bdc544d11346badc236c951a8ce2dcb4d123f3429b6059de4250496fd4a96c4c541d02597ae2eb87d620e51da6d93d9064d7e7e6d20fb67626cefd29af1263fd5b750987af541456582c3ff30ed91e57a5be41f1e86ad329d33e4890f4520e9b519468766db5c0b868f2d9d3c42efc48c5db0bb51f10dc4b8478199dc88286944bc6e81ecdfaf1c4530cc0cfcfc23986c140df61c06ab55b6213e5e6c58d07d708b18f4efa21364397cfcbeb1a4da5ca212051124c69c5a534964aa76b520f6e118cd61d233d341871ab516597ff9ca9733b15b44f95e1cfef13410178f9427db92ad48cf4005a062198f52e4df862adc03ff5b973293c157b69727c14c693fda88e5e1d6ec1f615257cb6d51e808d587a47925c7689fcf1106f11f779e9f6944539ed9461d1ce1f0f6a4bc8716794fd250385a661b773e10854282e54551c4cc66153ca1a89a281c109a156818d4fd31845ac41b9862124a404cec45201bdcce6567749c43e794e4cc220198d4030d8ff51a5d0a2dfc9e3a264e5abba18167abc9c66c19ce7344a589af5b8209d0a4d52cb68dda5a18d82e27650e5dcb4b5a3d51e8496dbf8e76fdd714ef611b50a93181af78a7bd507b95b31208e9f1c69e25a1e37f37875a6d0c83999685e19dbec970272886fe98bbf953121e4173451572cfb05b038cf86fe934c86dda7e52e731916e2799a8df74aa7c4eee2031ae9b2407bdf50989cc25f99530919d2c4764c432bb2ff968ed3f345c58a11753a3b403332b504d5be031c1434f77b5f9950ce4602bc9dffa3ee5f20b8c95a828133b84a42ec5dc64c921e7706191ea16aff994d70e80a0b5c26d042fcd76223d0a40da86d16bf9874624491391f4ba72ec68ef0d9a912ba1e1ccb9e8621f4c2e98c84e601bb10b39e67a01487729c74f7a87b52947348d1536d6b1955c494da848a65b26c530821ba07d5af12796fcefb0c6b6227107cf1bf22baae2612435810506c27708165303c9d60ac2514e4bd9b552fbd65c3471444b13b48e1c751ead4ae17b37f21307361adeebc65f0f1a640cb1297fc5cd62aee1af90279235c5abfbc2724a865dc9ad0d18f1a63aff92fb8e51ad2a18e1bca6e41f6f5d3fa747be22297c92938e63cca9755ae972b221101e3ae8b48f7049ac77df23f65467074920709f92a8fa09e49aa1fe815d71742e53f03f83ffc5f7702520d77f9822de54568a817ab8e46cbf1715c5cf9c1f5f2b1292e453ab99d49856572b3a3209925adc31bc8ee7e0ae4782d1c25da5ea36c67e6b1887bb82cd8277f7ff44ca5d6e191347edca66e8dc283d53e74cabc56222a67a2ab6ebe0c9e42eeabea6de6db717cc7f2b1d960d4ab6afd6f7cce4f9f8388f94fbddd4134350a103fd591c0defcc41611cc2437603e489f19d63e99e7fef51200d31c5cd6e200e480551d4bcda66bf490312c8328cf025df86a517f45116542d4321c22d1b1928a2cc03af24f15899b3f290aa50691613f1a308f3c488e47ceb9aa3ba1a8cfc88a2c86c08b42566269009980f92fc411c6114ec632fe5593152020db942a2e859451d4c6f7ea323ca78f7fc79094fc4961fb60810364f26b81bbc3ca9b24c5aff4b711e70b47202df15c610a3f8f4b5ca179b7ab2e8022867c091e757c6daed2c74dc4ff24e134a01020f474c97e696a35f6760d6b5741e12a81efc4a069e9e954182b4c3cd026d628000fc22e4670f0978fe4f9b99dfa480bc8dc5afc2af2b8369be59ec30289101def4178fe04d2acaa34b7482e45c6a53f68b64f6d08b3aba3b87f9ad3747c795ad46d36248e90e9d693a2de8d1ac8b2c756b7519984e7e1cd0c1e7ca4d76561c17a54c381630e5f033641d51fafda7ab958a4fc51b95b52ac880bf", @generic="d2c5f7238cb7c150a6da7368277c231831185010ce667241def0ad88a72128dae11ba39d886b83efb0014aeb584c027a317477a210de35af34e3067cf5af57f4714f35ad4fca0d7ef6d05935e4d091c5913cc8c95581eda56c95ee0eefe2b932239906533ae161ab758e2bf63ac1677c663a", @typed={0x8, 0x28, @fd=r3}, @typed={0x8, 0x13, @pid=r4}, @generic="4a74a55e0931fc45c7644423f7a6fc1a65af995c63c521cae715d2f1fd70b141c0f14cd2f8c88ea28732be1059ee42c06331b32c2d18f95c10189aa0e8", @typed={0x24, 0x63, @str='$\x17-selfvboxnet1vmnet0(cgroup\x00'}, @typed={0x8, 0x3d, @fd=r5}]}, @generic="c60c301ac82e2f202dea4697111c791d639e1dded63c0f257bb13d164e632b6db7a6728c759efc3dde67d717018b707b1edaa642ff59b28d4a9eef61a9d68a78baea8a7ee99d6d13401eb75f63a8ae05f770193ffdd8b0a54c8e5c065ce89283ce37c422cb475fbce2f975d9c6bab6eb9e414972776421bc71e5096443d52d388dfa5da13da1470754be5c3d49b7bccff722bd084f2fdcf06165ae0d1f5848d63f3e20ab69a5bb538a530442fab6ce38dcc5e7700b5373c55e1252ab060c384c93e076c16b2d3f1f1f8a1f389a3397a5a4e670cc8c32d10aded506a8722203d070233901fe41ff6358ef3d113c", @generic="975132bd1423635820e213f646c1c72cd5e873c4a059af43107a7d4c77eb3eb06e42b6fc00331fe74222390bfccbc55c1ed1ec98095b4b99779ad73a8e2c781571fe825e622057cc158d305cd3d74b02fee9561988772e1b8641dddf228c546bb54b07df0870b175ad3bdc81588b31bf7834a5a5536e9b6a3769b066bb0aa752b8869f3052058c79158d5ae8bb0d05ac35dadb72a0bba81f70011b32f9c6c77031a8db337d854e276cd0a71b20b327ffd8c77f6fb11585ec8f7f63", @nested={0x140, 0x1, [@generic="704eefb0cb9418514dade2613c548c309c72ca3384e39738192641032b8f28b287ad3ce1aeee0b4a61ca8b5b886a686d14a127a0a5f8a27e08ac4c", @generic="875962b6ae5206e48ff7ba290b", @generic="d0813ea6b7f85cb7773f2e90937f6227da91cd4779d29835f1aa4a2649a4af9a5592e2c91f9c5aebdb9c2f71d87d42205b49020041060df339fece54f254e8d37eab5f4c4ef8675947110f214fc0b49fac34e3b6e7efee37514d791b78e566cf0d3891de60f3d2ed9ed1a8945d95127be26293161c747ffecae7785ef82b1214ce4e436ae1eca45b732c882386db1ddbcc5248f2be5f63c409843f825abb26c5d0eb998e46242f0bc3ceb91f70f2077c4861bad27bec86bfef2f01f00a2440ddced7f852476589924ece3cebee2cd3b4b9aeed0d57d398c8b9c570a7219fa5693070badc6c981ef7a6c81a59ec4964d79a445e75"]}]}, 0x13ec}, 0x1, 0x0, 0x0, 0x400c830}, 0x8000000) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000040)={0x2, 0x2, 'client0\x00', 0x0, "8ea0c55a49878e56", "7ec1edfff35404bc191a69fdb30e09d55da88bfc5ab36fdb29c3a72611288399", 0x9}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 310.061445] protocol 88fb is buggy, dev hsr_slave_0 [ 310.066590] protocol 88fb is buggy, dev hsr_slave_1 [ 310.071640] protocol 88fb is buggy, dev hsr_slave_1 21:30:30 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x2a0, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:30 executing program 0 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:31 executing program 1: r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) accept4$tipc(r0, 0x0, &(0x7f0000000040), 0x800) r1 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) r4 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r4, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e22, 0x1425633b, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x8000}}, [0x3f, 0x3e, 0xaf, 0x101, 0x7f, 0x5, 0x9, 0x0, 0x5, 0x5, 0x18a7, 0x660b, 0x2, 0x5f3, 0xa75]}, &(0x7f00000001c0)=0x100) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000200)={r5, 0xffff, 0x80}, &(0x7f0000000240)=0x8) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, &(0x7f0000000280)=0x8, 0x4) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r1, 0xc058534f, &(0x7f0000000300)={{0x6}}) [ 310.266159] FAULT_INJECTION: forcing a failure. [ 310.266159] name failslab, interval 1, probability 0, space 0, times 0 [ 310.302756] CPU: 1 PID: 16927 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 310.309822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.319804] Call Trace: [ 310.322431] dump_stack+0x138/0x197 [ 310.326086] should_fail.cold+0x10f/0x159 [ 310.330261] should_failslab+0xdb/0x130 [ 310.334269] kmem_cache_alloc+0x2d7/0x780 [ 310.338449] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 310.343762] ? btrfs_scan_one_device+0x89/0x400 [ 310.348583] ? trace_hardirqs_on_caller+0x400/0x590 [ 310.353797] getname_kernel+0x53/0x350 [ 310.357734] kern_path+0x20/0x40 [ 310.361129] lookup_bdev.part.0+0x63/0x160 [ 310.365389] ? blkdev_open+0x260/0x260 [ 310.369902] ? free_hot_cold_page+0x763/0xca0 [ 310.374427] blkdev_get_by_path+0x76/0xf0 [ 310.378707] btrfs_scan_one_device+0x97/0x400 [ 310.383233] ? device_list_add+0x8d0/0x8d0 [ 310.387493] ? __free_pages+0x54/0x90 [ 310.391327] ? free_pages+0x46/0x50 [ 310.394985] btrfs_mount+0x2e3/0x2b28 [ 310.398928] ? lock_downgrade+0x740/0x740 [ 310.403096] ? find_held_lock+0x35/0x130 [ 310.407183] ? pcpu_alloc+0x3af/0x1050 [ 310.411103] ? btrfs_remount+0x11f0/0x11f0 [ 310.415373] ? rcu_read_lock_sched_held+0x110/0x130 [ 310.420467] ? __lockdep_init_map+0x10c/0x570 [ 310.425081] mount_fs+0x97/0x2a1 [ 310.428477] vfs_kern_mount.part.0+0x5e/0x3d0 [ 310.433003] ? find_held_lock+0x35/0x130 [ 310.437120] vfs_kern_mount+0x40/0x60 [ 310.440961] btrfs_mount+0x3ce/0x2b28 [ 310.444787] ? lock_downgrade+0x740/0x740 [ 310.448956] ? find_held_lock+0x35/0x130 [ 310.453180] ? pcpu_alloc+0x3af/0x1050 [ 310.457105] ? btrfs_remount+0x11f0/0x11f0 [ 310.461638] ? rcu_read_lock_sched_held+0x110/0x130 [ 310.466884] ? __lockdep_init_map+0x10c/0x570 [ 310.471411] ? __lockdep_init_map+0x10c/0x570 [ 310.475938] mount_fs+0x97/0x2a1 [ 310.479335] vfs_kern_mount.part.0+0x5e/0x3d0 [ 310.483974] do_mount+0x417/0x27d0 [ 310.487539] ? copy_mount_options+0x5c/0x2f0 [ 310.491975] ? rcu_read_lock_sched_held+0x110/0x130 [ 310.497020] ? copy_mount_string+0x40/0x40 [ 310.501298] ? copy_mount_options+0x1fe/0x2f0 [ 310.505822] SyS_mount+0xab/0x120 [ 310.509296] ? copy_mnt_ns+0x8c0/0x8c0 [ 310.513238] do_syscall_64+0x1e8/0x640 [ 310.517237] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 310.522112] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 310.527785] RIP: 0033:0x45c94a [ 310.530990] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 310.538801] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 310.546091] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 310.553419] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 21:30:31 executing program 5: r0 = getpid() tkill(r0, 0x37) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:31 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x0, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) r7 = socket$inet6(0xa, 0x80002, 0x4) sendto$inet6(r7, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1b3) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/user\x00', 0x2, 0x0) sendto$inet6(r7, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) write(r7, &(0x7f0000000500)="6e90103614072af7b8c0ec9a4c10c37511ecaa665811f9e92cff8bbdeae4f34833bb7e707ff4e9de3f7278900f85e5b489817a448292dbca751477534963a5be424a9554f3c8541d0488a183fe512cb7e7a05ece20a26f1a68b6ce39957115bb4780993bcd086614783d66b94b4ada22f5bfcc0a971cffbcde1c9ff4553a273bd4cfcebde2bec4289be0a8430648e550c160001955743035facb8a1c888b7fad562cd024b27d73953b813148036e6d0dd0b48e4da19492689b998e5aa926122c49c134fab1cb31c75435a2c6445535826b4a42e3092ad62b2cfb4f7a0081bce5b56bb1131718404be91435f8830d7e45b8414d84c482480cd0b9e0b04891cadee324f1d98c5b01681268eadd54e91af480c507f6135dc224b7896501626e945ba437abc456266964eea412ff389eb4df062bcfdce11824df0cd1d3eb0d62406ca15baed14b4efbfa8af2e1b1f55116cd4ecafc67a19313056fa84b0761327b74c7d823e7fd4abab956aad893b37f03ce1367a8b5e94223bb56961ed5dd6561b890c2bac556b9e2d798c5d696befa8146993af171791fe7ca8c8331cd57c3152a476c85e22d6ba97cff812c9455301dc5be743287c34dc48f2500e91a85d12c6c04c760922100bcb392c107ccf6022ce78730c27be3e7c633ad77f0dcce90c3a2be1c97ee2071121906a450308e2d3e86a9316454e75a916c1cc2af5e5dd29d423eecbe8e740dabe1e6aa203c8eae426134ecc8d4c8f22d4be00258c512507193e390e2969c4d0f65e887ef522190f3ce8c176fec78ab4cc31d036f00d02ab698e4cf3e7abbac68381205abb1aa65a89ec5ea25d32106f8315aba4e18e0b0c8845d5f01116fcc8accc65c42981825a88c61723e7bf8f734e7b8e267c277a6c7368992d827a9d220632ecf262d5ac319eb3a0a073c57318357eb0f1820fa63b8c4902e8ee53ace3cec522e072f1e837afdcaa53aa6859d851233cdbac2056aec654658b0008f29623dcd8cb9346460f3222cd1d1f8af20bd9ad031b55d061e3d00b756eea43aa710611355baf625b4e18502be36ed6251a70de491c1d8bb0ddb95b2795516d15befcced4d0ab2cccbe06ef7cd3a60220676467b7504c963a1db8b2269e67aa0faba818182c89c1a48d2dddd2573ebc172793b613701f0d4dd75a93a3d2b8704b8f735d752fbf20e4e706fda325302fd03b939f1f3b6f44374438cc2b6c4b22f226e0a994597a302faa549496456146e31f041562b5da506ad804cc40c3694a2625c228ccbe1a0612c85ce62596eb93fceb22d3401bb34909b2fbb47e8dc528a532b0e49ccc00e711030078f8d9630784dd3ac959e3569629af842d5ee8d38f04057dcbc0b606d42083800ccee0d9943b3e5b8d3eb619699c61883e4e69627b191f85560a7c873578864d73aa8c867c322729ce5452211ba3ade28f188a164580ccea68e11251609d8d39909e500196496eb14ccd6679084f837e43557605b60deba08088341fbcc8f8962bce4e4c961662d67f8725f972ddeea91f97514945dd48b80dfb168901e12641fda9e9213e1962413f886b058c4ac90af5c98c0c710a9e59fe3122f44a285d578798b8b8ca55d6e4e0cf10aa9f3738d88d92cfbf2627d96d9c8457e7e35fa7b0c6434f8ae40ee257926fbccb2cb17c46a9da1d42a66a806c433e0b265993939f5a66cbcfe58838485c898e5a1bf3a958d67909e05fc021a9908d8364e8e0a2759b41469852f25280fbe24ced814093fc292a415b76c64161387fa19bc5ab3b1538eec23ee5835e8e36578c7c3d70f4cf505c98d0235ff0ec5caec7541953437a9ce2c2f2601de1f017448d42a81f63e19f1b9e69042c6d4b8a0860accf0771a63b607500f7c1d798b3abde0481a098f40b9aa881e7172c841bdb369844b0e63ec4f306276e604e17011a08a239df9a8179830b5646fd063116103397c23a41a887c96f9e2ce86ef6015e8db92e67e11f8e160052b865fdef0d1d58d24f1c6516aad4d17bc65dbb8f711ca36525caaa3b64a8fbbfd673724fdcb21edda003b869e9cf1a4d22e1fe1f8b7e9d4f5d9ddc6fcab6a1eec21c78d1dcb603be79c6483dff2bea50d37ed4370c4657d3dfb0e57eb65eba90ce88b48b4dba0c52f049ad8a11c015e55861e914a14422ea9588a6ff93b6a3fad41844431b0268738d40717db839cf9064f09aca4630056d8db8e760c975b64206659badc0dd4b61633b9f60a07ff522943277fa8a3021ca49209fbff4a4c2f02a07473d932033137d17fe1cae981124b40e30eae86e0c423be29375575f194bb83b5ab6f8236b693fc7092b2fd99491afa5ae42fe7c894bd745b8950dfddf25ac1888ef7e356e3a8216fe1cddcc6296792b4c7d762316cbb02dc574adfc1e27490f05b98a9795a5465c0c97e55dca39d938b4b1d847b7ab18691eae2375db9b47b13bfc50ae72e777baf563f8737f6c34990169a0ed5092f5a29ec5d0bedb0088bcdc60cb643e4b237771bbb205e9ae9fb0e056eafa7529047c8047543f02bc4fd8ce3c42bc7a8c8e3927f1566f7699831c60a0cc995c7467269957e6c22a2f6086aa2b47c9a4ee4e202e72b2101e194458e697900dbadcb20727c89af1db6bf8e593b07a2bcbf7757445c8aec6d3b88378858d952f9c609471d74e6937683474b4fa8d99afc225a57f6d20582a4179699a2b61fb85661378a3a8a846be3298ce1cf1285b5f29585358fbf3f5830ec6e783b13c9b5c39ffdb2b0af9a7865e49bd95bf5858acbb5b8ca66c8a77b4238c87972616d38339cf84d0dd862ae0a40126df69dac21bdf89e56a11967793040873b6a74d4ade67915f58ca7389f8d627d232780e76f9cfafbf5ac949aaa22aa15e344c5d7d7ec95415ddb2d664adb5c0120200cd0909c8252ccce67a166e7c25ae3df859baeffbd81a5aa8e2b7f85e38a5fbee3d56d057c63abf648873c1230d9e34cda671afad84af33aee4d16ca0dc91f8d434419c60ab265f814988a0d733cdd1fa4504ad1661702c73e98f52b1b7d0c7cba09ffda329b105ef9f8838d7dd350f7f30cdaf1d4fde8ce036a60e6c47eef547ec4f46f6d94f180459183be0d6db46077b687d296278e318f0a8c87328de2eb1546cce7fb707c937b981b8ab1257ee8097c664fee74e101bc3d980ffdbb7d25e1e4a3efc79868e0c0d5fcf8253b6d52268575b57b6dfae0f2f9446b8b0110ca62572b918e9a84d65984fec9f5f532ebffe218dc57fdd84df6745c8c973a063fdd6e503140fb0227598243ee79ef8d6b3d904c0a4d09e4b7b19efe209c3e6ea2a49082dd773830fcea156376492d1a7559f2ab7734d78d98535375ed1abca7aa5990aaffac0fc10ef50eabb1b309d825fbf2ec6b57527b6a6e5789b6d171c9c1e4cf17f2994aa981dca4905ec44c431789839ec721a504a6dd661a2684853df3ac70a729d5b7ffd0fa246c427a090d58cd7f9fa23a8e076e09f4af3a7e9cc6ef681a72474aee6cebbb7b77c70f6a163bc4683f93f0438df17a0e0f9fd1fc7527c2a47888aa466bb4073ee2afa5975e34459a3b052651d2f3652cb92684060b80d7dc770a3ab0fcba1f4a2931da033d2393171bca8e404b3371d1e9e364cf5027718aaece942264a0f472b6955511ad68ad15a1ed298e09da8a088d8401e6e62a175e4d44a9a4abfd1f2acf3ea7d7a8e2775277fbf26dc5d73489a3c5f46c559b5dc98ea5722a832132fe761f03fe006d81307d40400aebee7540ea07b2d429e4f58b8e6fbe2420e20bd53f4c10b5504f5d93cfd5733ff438ad5b2974e9230b26edf6891b2bcc9b4d2e1a794b0067d2175ac66a7f73c8f1ee1d11ee790b9a96509de745aa54a0871b07940222765bbc6b3fb2ecd95e4cb5aa84b0a793441ce7d044c442722e01a287eafd9c8c7222f469349c954c8592156e1f6824a62e95ecdcf8390aa89918d11784e8ebc793386783365faf0e32c9e18cc4acd15cbfbdee526a5fff163a0bd4c6cc8c5c9a09e3b759a4d7d99c43762420de8c81b450d3368e4c51046985926fc9b08600b2bf6e390daf8c13c8b1a4849df764965a40b7a10b39a2e3069676441f5b335398bb2658547d76a5e6a34a777a968f8a0e5a0a3edddbd262be3b42314571b82e63f73f4066744196dc79a3dbd1810af5db8a7f58f5dfdf70460ea43bde4d10d272a104996418986dbdf3b864efa1a3079407a8112ba805c6178f35d7e6fcc9c2a283e4bf924289539cfccf0bf573904ad493401da03b57a4862308ce924f140f6bdf87337054e38b631733a77fee04242012b016a0d9dbc56a0385620f928baa9fb03bedb95c98dc4537a086db0c332269635a27cf9da9a6fafc9eb59d083c74e1c7d5f8b3baaaf3f05ac8fd4ed5db2b2e977e0b7afd1c5f83e3af2b2b5ec13c274cae087b2987562bba5885d4f56aac85b9cbee11ea26974d79ad5ea4e82196705e7edb3522556c7247e2aab5f14517b8670b4ec9de2b453a0907eb6bec4d24e01f0772ecf37dbf8c4d451dbb4dfe3c2f4ade6a57c5c2853f8124a1fbfc51499db23361cf4757db63b4d37c7068f1d6c6dff69ff72da73ee0e777da97ed18c30b930815935c254506217a234c26e6d07476acc8b51dd0f912c01cb216cbb2dc5b89e48f7a340a2c18c518407cee7889f88feaae2066ddfeb62fb380d69a674f2488e4c87067445a3832f5737f208105b63a468c8aa1a14230e5bebc8d6f0e5699c41fc567828a820546b249394eafcfb9fdaea53c77fd1c21f1fc50e74b71689e508be73f169269e516f91d4b9483676bbc388b00b53330ef438b700abde0313fbe204e24719a35c9165b3a2350ba7e552e4cd04595226ca67e1ba977414de0209b1f64f2a0b8c889b12d27caf86e0275b35596bf3df8e6451ebc0ecd424eb0fc9d83ec19e4d88b37e405c2985f92ac8a54543e9b722b5d72daf8f3d8a4bb8991ed374a1d6ed38ee12b5ff2702678261d15d2e6f166bee4814853bf95055449c8b4b6123cf6b3ad72b59ced3321c08d67dae1d96f5aa5513bbc01f68e8cc0eb2afc294fc7b8d49af26f94a22279a2fc57cc9a0f70762d5be96e09db7048e223889afad8ce14f43e3e00f0b4301ebae2e9d9e2c000be2610a60d1444984e5d1baf40301ff92002603454997c3eec70917a4e662cc11adcfc6d6b7808b0d63f2317a7aaf2e79891786890c9677d3ee0499599e6f0ecce17943267cbf84260c59b452a26ff8bef8812c66f7b697e526d7b779fa799610e003bac38dd59868b35964e23bbd1bf479323a19da4910437eed469c78c94d7407c2604e543aaabb9f5030a08308961f0df9da45485ade41dbb74f19c3b012948b30e97e817cadfbe4a58462488bed96f254a31c7660f0d93428493a61f0ed8ff7cf32e975698ea856a5d3f9a3cb121c63508050f38725f7f6387cb219c217d6ff6b4826a4a2b903a3dad8f5fe22d6b96bc337d63915602561957993462aff69f0e06ff5ab30780e2fb166ccd695cf40beb3ed5be4e913210d756ab99ef5085d71fb990e8d56f16a63c95195e16d7940574152f62dff82931dbf55d5e33359389dbc25e274d57d68b94790eb55f4d7276501ddbe4b00546f12f7e98f4cf6376880ca903c3bf63b5efba0bcc0387e6b0f378e552a55628ed09f3a05387afbc86f37883662d0eaf4fe4692d928a16b1057176453d5f1f66fb65374a3157d9761e835d861bbffefcef31fedc1010012ea2e1113dbfc50fe2c34dc0bf0c9bbb48fbd1566b69edd633515c433e21179339f3b18ab4d8345aeef77c31", 0x1000) fcntl$getownex(r5, 0x10, &(0x7f0000000040)={0x0, 0x0}) sched_getparam(r8, &(0x7f0000000080)) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) [ 310.560705] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 310.568126] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:31 executing program 0 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:31 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/tev/vcs\x00', 0x14800, 0x0) r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000200)='/selinux/avc/cache_stats\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000240)={0x8}) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000180)={0x0, 0x6, 0x2, {r2, r3+30000000}, 0x0, 0x3f3}) r4 = socket$inet(0x2, 0x4000000805, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) r6 = dup3(r4, r5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r6, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r5, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x7a, &(0x7f000059aff8)={r7}, &(0x7f000034f000)=0x2059b000) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f00000002c0)={r7, 0x1, 0x7f, 0x4080000}, 0x10) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r1, 0xc0096616, &(0x7f0000000280)={0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) mknod$loop(&(0x7f0000000000)='./file0\x00', 0xc022, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 310.683922] FAULT_INJECTION: forcing a failure. [ 310.683922] name failslab, interval 1, probability 0, space 0, times 0 [ 310.695513] CPU: 0 PID: 16945 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 310.695544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.695549] Call Trace: [ 310.695567] dump_stack+0x138/0x197 [ 310.695586] should_fail.cold+0x10f/0x159 [ 310.695601] should_failslab+0xdb/0x130 [ 310.726502] kmem_cache_alloc+0x47/0x780 [ 310.726528] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 310.726543] __radix_tree_create+0x337/0x4d0 [ 310.726564] page_cache_tree_insert+0xa7/0x2d0 [ 310.745405] ? file_check_and_advance_wb_err+0x380/0x380 [ 310.751060] ? debug_smp_processor_id+0x1c/0x20 [ 310.755764] __add_to_page_cache_locked+0x2ab/0x7e0 [ 310.760809] ? find_lock_entry+0x3f0/0x3f0 [ 310.765066] add_to_page_cache_lru+0xf4/0x310 [ 310.769593] ? add_to_page_cache_locked+0x40/0x40 [ 310.774459] ? __page_cache_alloc+0xdd/0x3e0 [ 310.778925] do_read_cache_page+0x64e/0xfc0 [ 310.783413] ? blkdev_writepages+0xd0/0xd0 [ 310.787674] ? find_get_pages_contig+0xaa0/0xaa0 [ 310.792455] ? blkdev_get+0xb0/0x8e0 [ 310.796422] ? dput.part.0+0x170/0x750 [ 310.800332] ? bd_may_claim+0xd0/0xd0 [ 310.804146] ? path_put+0x50/0x70 [ 310.807616] ? lookup_bdev.part.0+0xe1/0x160 [ 310.812088] read_cache_page_gfp+0x6e/0x90 [ 310.816344] btrfs_read_disk_super+0xdd/0x440 [ 310.820867] btrfs_scan_one_device+0xc6/0x400 [ 310.825378] ? device_list_add+0x8d0/0x8d0 [ 310.829643] ? __free_pages+0x54/0x90 [ 310.833464] ? free_pages+0x46/0x50 [ 310.837215] btrfs_mount+0x2e3/0x2b28 [ 310.841041] ? lock_downgrade+0x740/0x740 [ 310.845210] ? find_held_lock+0x35/0x130 [ 310.849299] ? pcpu_alloc+0x3af/0x1050 [ 310.853226] ? btrfs_remount+0x11f0/0x11f0 [ 310.857491] ? rcu_read_lock_sched_held+0x110/0x130 [ 310.862545] ? __lockdep_init_map+0x10c/0x570 [ 310.867075] mount_fs+0x97/0x2a1 [ 310.870474] vfs_kern_mount.part.0+0x5e/0x3d0 [ 310.874993] ? find_held_lock+0x35/0x130 [ 310.879085] vfs_kern_mount+0x40/0x60 [ 310.882927] btrfs_mount+0x3ce/0x2b28 [ 310.887113] ? lock_downgrade+0x740/0x740 [ 310.891283] ? find_held_lock+0x35/0x130 [ 310.895367] ? pcpu_alloc+0x3af/0x1050 [ 310.899292] ? btrfs_remount+0x11f0/0x11f0 [ 310.903582] ? rcu_read_lock_sched_held+0x110/0x130 [ 310.908631] ? __lockdep_init_map+0x10c/0x570 [ 310.913147] ? __lockdep_init_map+0x10c/0x570 [ 310.917692] mount_fs+0x97/0x2a1 [ 310.921081] vfs_kern_mount.part.0+0x5e/0x3d0 [ 310.925768] do_mount+0x417/0x27d0 [ 310.929320] ? copy_mount_options+0x5c/0x2f0 [ 310.933766] ? rcu_read_lock_sched_held+0x110/0x130 [ 310.938884] ? copy_mount_string+0x40/0x40 [ 310.943137] ? copy_mount_options+0x1fe/0x2f0 [ 310.947647] SyS_mount+0xab/0x120 [ 310.951135] ? copy_mnt_ns+0x8c0/0x8c0 [ 310.955025] do_syscall_64+0x1e8/0x640 [ 310.958903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 310.963756] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 310.968946] RIP: 0033:0x45c94a [ 310.972118] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 310.979813] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 310.987071] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 310.994326] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 311.001582] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 311.008837] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:31 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) listen(0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cad9b4b142491c1ef89a0e5b23") r3 = syz_open_dev$adsp(&(0x7f00000002c0)='/dev/adsp#\x00', 0x34e7f36c, 0x101000) listen(r3, 0x563) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r5, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000000c0)={0x0, 0x0}, &(0x7f0000cab000)=0x6) chown(&(0x7f00000001c0)='./file0\x00', r7, 0x0) r8 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r8, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r9, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r10, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r11}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r9, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r11}}, 0x18) r12 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000180)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r9, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000480)={&(0x7f00000007c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="2503000000080006008100000008000300010400000400040008000500020000000800030002000000080005000100000014000100968d80beb4f34a2f51cff708d784bf5803d63158186786278f15346c000300030000000000000000000000000000000000886b247eea2e493e94bc897042bfbd274f157f8fd962af805758d5c4c82e34b9b8934d88cc166214342326ceb11b9139d2219363e054774b0fc2abb2aa5cd046b25a04f99f972aa6b2fabecc038453f1546770addae385127a834fdb2ec3049b04f5c024a4a524c90579d8b7924a526a413cbfa97db6c7937f57dd8d2edb138d879bdebdad89eb61a5c4c8bc3e077de4f8de89c468315011d1834c8ad9ddd64a66bb94e97f55dc3267b701a5fbe80391241260c043492ef17da64b69"], 0x5c}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) setsockopt$netrom_NETROM_T1(r6, 0x103, 0x1, &(0x7f0000000100), 0x4) fanotify_init(0x18, 0x800) read$usbfs(0xffffffffffffffff, &(0x7f0000000200)=""/161, 0xa1) fstat(r0, &(0x7f0000000300)) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='9p\x00', 0x1284011, &(0x7f0000000380)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[], [{@appraise='appraise'}, {@mask={'mask', 0x3d, '^MAY_READ'}}, {@appraise='apprx\xca\xf02'}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/snd/pcmC#D#c\x00'}}, {@obj_type={'obj_type', 0x3d, 'appraise'}}, {@smackfshat={'smackfshat', 0x3d, '/dev/snd/pcmC#D#c\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@dont_appraise='dont_appraise'}]}}) 21:30:31 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x80001, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000280)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x16) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x8, 0x40040) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r4, 0xc0605345, 0x0) 21:30:31 executing program 0 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:31 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {0xfc}, 0xfc}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$USBDEVFS_DROP_PRIVILEGES(r1, 0x4004551e, &(0x7f00000000c0)) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) getsockname$unix(r2, &(0x7f0000000000)=@abs, &(0x7f0000000080)=0x6e) pread64(r0, &(0x7f0000000380)=""/193, 0xc1, 0x0) [ 311.173897] FAULT_INJECTION: forcing a failure. [ 311.173897] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 311.226568] CPU: 1 PID: 16971 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 311.233718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.243096] Call Trace: [ 311.245708] dump_stack+0x138/0x197 [ 311.249359] should_fail.cold+0x10f/0x159 [ 311.253525] ? __might_sleep+0x93/0xb0 [ 311.257433] __alloc_pages_nodemask+0x1d6/0x7a0 [ 311.262127] ? __alloc_pages_slowpath+0x2930/0x2930 [ 311.267167] ? lock_downgrade+0x740/0x740 [ 311.271434] alloc_pages_current+0xec/0x1e0 21:30:32 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000000)) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r5, &(0x7f0000000640)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r8 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r7, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dcac13b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b98147ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff6b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b118fb3ac06879c84e322122784fe00c44b292dce26da8813d107826cc09291f8ec178d2b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a"], 0x24c}}, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000040)={@ipv4={[], [], @multicast1}, 0x45, r7}) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r9 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r9, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r9, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$UI_SET_SNDBIT(r9, 0x4004556a, 0x4) r10 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r10, 0xc058534b, &(0x7f00000001c0)={0x40, 0x7, 0x7ff, 0xd5, 0x3}) [ 311.275781] __page_cache_alloc+0x248/0x3e0 [ 311.280124] do_read_cache_page+0x625/0xfc0 [ 311.284469] ? blkdev_writepages+0xd0/0xd0 [ 311.288730] ? find_get_pages_contig+0xaa0/0xaa0 [ 311.293506] ? blkdev_get+0xb0/0x8e0 [ 311.297261] ? dput.part.0+0x170/0x750 [ 311.301193] ? bd_may_claim+0xd0/0xd0 [ 311.305017] ? path_put+0x50/0x70 [ 311.308580] ? lookup_bdev.part.0+0xe1/0x160 [ 311.313025] read_cache_page_gfp+0x6e/0x90 [ 311.317287] btrfs_read_disk_super+0xdd/0x440 [ 311.321810] btrfs_scan_one_device+0xc6/0x400 [ 311.326355] ? device_list_add+0x8d0/0x8d0 [ 311.330630] ? __free_pages+0x54/0x90 [ 311.334460] ? free_pages+0x46/0x50 [ 311.338150] btrfs_mount+0x2e3/0x2b28 [ 311.342087] ? lock_downgrade+0x740/0x740 [ 311.346505] ? find_held_lock+0x35/0x130 [ 311.350596] ? pcpu_alloc+0x3af/0x1050 [ 311.354512] ? btrfs_remount+0x11f0/0x11f0 [ 311.358889] ? rcu_read_lock_sched_held+0x110/0x130 [ 311.364158] ? __lockdep_init_map+0x10c/0x570 [ 311.370075] mount_fs+0x97/0x2a1 [ 311.373534] vfs_kern_mount.part.0+0x5e/0x3d0 [ 311.378050] ? find_held_lock+0x35/0x130 [ 311.382221] vfs_kern_mount+0x40/0x60 [ 311.386048] btrfs_mount+0x3ce/0x2b28 [ 311.389954] ? lock_downgrade+0x740/0x740 [ 311.394126] ? find_held_lock+0x35/0x130 [ 311.398212] ? pcpu_alloc+0x3af/0x1050 [ 311.402137] ? btrfs_remount+0x11f0/0x11f0 [ 311.406410] ? rcu_read_lock_sched_held+0x110/0x130 [ 311.411464] ? __lockdep_init_map+0x10c/0x570 [ 311.415984] ? __lockdep_init_map+0x10c/0x570 [ 311.420511] mount_fs+0x97/0x2a1 [ 311.423901] vfs_kern_mount.part.0+0x5e/0x3d0 [ 311.428426] do_mount+0x417/0x27d0 [ 311.431992] ? copy_mount_options+0x5c/0x2f0 [ 311.436419] ? rcu_read_lock_sched_held+0x110/0x130 [ 311.441487] ? copy_mount_string+0x40/0x40 [ 311.445752] ? copy_mount_options+0x1fe/0x2f0 [ 311.450276] SyS_mount+0xab/0x120 [ 311.453751] ? copy_mnt_ns+0x8c0/0x8c0 [ 311.457660] do_syscall_64+0x1e8/0x640 [ 311.461596] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 311.466468] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 311.472456] RIP: 0033:0x45c94a [ 311.475658] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 311.483388] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 311.490831] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 311.498117] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 311.505410] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 311.512695] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:32 executing program 4: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) sendmsg$sock(r4, &(0x7f0000001440)={&(0x7f0000000040)=@in6={0xa, 0x4e23, 0x7c0, @dev={0xfe, 0x80, [], 0x23}, 0x20}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000140)="6667f7acb8ca24fcb83cb192f814d382f5e7da253931fdbcfbfeda49926a9701357f584d9b81741cae45657e132c2e1f3231ff3bc3f5a943f9cf0f4323b036bab5e4d7cf929d305d9d167000ebfcdfc10f54dde1149e63c3ad0eda1cda04587c40b8c6b00bf13c", 0x67}, {&(0x7f00000000c0)="561844ca5475a94014927bb040436800e7ea5a429df1e3de03be3cee8a2e", 0x1e}, {&(0x7f00000001c0)="73daa52a82cf50189308e0104056dd00adf47511327ec92bcab13bad9b626bf01af24ee466a949edf0918bf04b00ec2e979deeba37d2b767d02efde06ae347d73bacef28446817541a874765bbfb77afe786262771b641565badd5d964949295810479597dc1bbbb67ca452a5ab7a20d9c73c83088514039f8d50911b7dfc56d685dc76d8a3e9618d79cf282da304c531121ceae7d4d965954d1ee8dea545c82b307f09e295a6662b498cd60c14859c5f68083988b577e2e6c11f51a2f8b58e5d5b109a06e49717887fc905f05f311a3032a40d4712a4c77338b537eb5a82fac78c16b382007550f71dda238", 0xec}, {&(0x7f0000000340)="e0f6f67e49c1e96937f585ef87297646c34bbfe65e1431f2567b5459f3f3fae278b075b175f7a1b4139248785dee9fb70961aff7c18c367a6e3867852564b23fe2041c93669e5a0e21e48e49ba162d458c893f10e96b44b797a015791b499b55c6a88254a12edd572be2e4b04415bc8cd5c7488483972a2baf52ca430461757b72c7d787c8a61a8dac5e6015602822da1b409dc638ef6880a5b1f80a55ad4a638d5bda47d6d0aa528a022b032592cc172d7b6ba10b71e17f3657c5080f18cf65c16298f672362597b7651b5d7235aff4bf0a2c1d775825cfc595e05332de825ecb4ec5af7106d5411e3051218d1841a4a49c17fdc3ca580571b064890f79b482793fe3586d6ea060a2aaf252bee6212862f323259d7cf2e8a4faea2f3380f8858ae6fbf5a013f808c1e91884b7900a6ae364ad5472854c7e952731ac3c0bfc79d3e36508740145fc2b7929a394b983095827cf70090fdf6fa19c95cf8d2316142fe7ccdc02cc4a4775d38f9fa8d6bb87c8a04dacd7707ff5eb34c3f5f09af3bc39ca3c59b7026055f6608e77de66cc65966516bcee72ef077d3eea516161145072b92e57fd0aa6cf51d4aed97439f4219f394a038b3ee7ff6c114a91be210a7cffb4a19313c1b237dae42d9e6da3ab64e7c6dcf17333f1e0fe81ab45b72ad8bd9032d35ca5c9985fc79b9ef20a12a4efc628153339af9cee18bb22d4fbbd6494b6c66ac67b1161b259439ff27364d63735802f8182c7d402143b7852130640e61fe276bbb0f4fa2155b6ef045fbed9de5b3bf09c63ea857190be7a7889aaa2ae6d0da582c69cd1c3b2217ab061e43aa9f2954f9d297b57546d081b627f589d63004fa51931f2791665278c1cf8036ada5fefcd2bf134bfa1c3c92c8293a3b934383e51c3a47825928834ac21e39051fd1de9c1fee6ed7dce8d5de5b4dc90a6ae69b3f87c5a488110ec0c87a5678ea6a1dab2ca18c242c23d70664eca22108ebbc9218eec31689612e251c18ea77baddf434738252a3ded618aa52732ffe21e1d2bbe4da5988ec09e3f5e970c6dd904f3fd2ef90b4b0d4a3e11c0a5f49f5476314ba16feb03e40226f144be4766c8d59210216876375c90970a1f4cae0b42c99899ce76a1b8a75e8b682f98ea88c2fbfff14b00ee14d6c3c0b6360922e3e11da42c20eb61a2392ba4a1e1e00790ca4f474a850b684c1ea1437417aa89291566b3e8d5eebc0bc9dbf9ff5f5ad949a081ff572374429524db1e104f57bf9df189f4c05be46e3fe93d808adc4de4139d0d9c98e693c448f0f7bbb9bae1e82de00925e083f235002ceaa847b7017a6e609afed63924018c39b823ad82db14c97ea3d688a78ecce50d893711ff06f7a1de97565b17ce655cb15e8247a546b2289a37e7a97fa1f0288a93e4c2181c0598cc48b583427a3b1787963edc2aaff96d822a77ac2c85f616f2dd9b13c09a1a2d9476166b96a5fb2aeae36e383bd57d697144d446b2b47b38e9946b7c37bdb951b6a6b05e76c0ead5a9885d0d14754f14607f8c31c4a8a5b8ac368b5b5528143587d1e4cd415424113f28445fc4b6dbc5f55f050db54b8679add0fb86140a1eed004d9c3318577184e0ccf03478b26de08987a0e2cedf25378f4530d40054b67d76cfe430b1f74858c45acd3f0555d78eb54b7aa93d6859611ab4a9dc336a42cc6789fcba30201bb1578057b0621980d30bc39a4d7b5255f406501d4a399ed418335903c556d27f01a4ae4d013e82999a5a12d095adda73dd8143e6b6f3c72a427a9755d16b7d87dea5582042a7ccf9963f7bb2687cbfd5849998834a64cf17871323042976444839d8304e02618bbd2abb504037f982d663c0fdc5c0f9c97df91650871b7fd7deb9254b1f11a369bd9b70d4d26fab1b58799548c8bba520e22919547dba2ad0f4b302eb474c0049c869acb91d853d2d5709136519881e0c1da49a877027762b83e30a45da1ad3c21561b798e66aaab90f19e36c3520cc623b30db8878ebe2bdf3fcfb4ffc67de2338979b1bfc051b139a828469fcaf1f0ce6a2defd96ffb4a6b478035d29c087bd9358331b72d1a9ec2ce58c5080b70b3c6221540b1bbec2bde77ad024616da2f83cc6a1281a5eaac411693f2538294f229537a7f6aab628712263d43dfda098dcf40a4c9f78d8c3a17db3c84ea0d743223b59313e51eb8c7e4c0f3cbc4605257999962be9acacb8432955c210424d09592c9bc112ac57065fdf87c142456b07acf21830fefa07bc6f00684c0a0d372ea90289e4255815e9e733e010d324f26b9e8e64539001a93f21e6e6919eff08e61a775ddfc225b32a385742ec829e555d9c758ee86ece22dcf1636d7776c112d88c14cc0868f65c2b958fb9a140794a951c779cb067b93d938875a03286ab528ff259c0697fe83d594025d9abc8c9c065fbd1db02e30b4b4b3a206249fee43dcaa6ab94a5cf4f8a291a710cb27c84f869781ceba8f4ede99ee8f577c000f962c25876b2968659cb56f21cd6c40c643d7e26b14b8322a0e81e81d33d177e19300adaa95c93485aa8f9df52d53420ff03f1c4f5461dcb8bcc3de273525f5a077fa4fa91ccef2eaf027e3745ce03101180d0a3f386ad92a75931793c61cba8f9393331ee6cb086cf6585444ea6c16d4db50427404104968ed4d4bf6bcc78931e89c28326a28858ba78ed885abf17dfa16093a34432ad1ffa1f36019c1740b243971fdb958cde708a4dfabaab89b89787657c952884a1dbd7a278840e240169fc1f6b784590f02d22e40e883c788c7ad3ab9b585b057a8604266ab149383fc550e7cc829f6c63720b8176cf1e2aa72419b800e007632c8c3af94438335578e79d515ba4a9f87321e0d0a691e4f0c7bd67d785faf011cd928b75def075a03fc0bc844a64c98f481922558fd3fad69b413fa1ee9e33dc77061a039526c4de25b5d70a3f53e54952388a4e8a245d4376c0c7a978e0c033f5098d59c690a184f43c3961a265da9b7d5848cfcb54dd119ec8489115283b3a0c285f920703f816f4614591d83f81717f55811a5320cea788be9943025b19518c340472bc17de1dcf592daababf3f06455976017e15895e5a861e4a4312f3c68ad97746bcfa23f893c6ceb50e7e1e0caafaf0c189ab641ef8265c68bdf9dc9821f2d66106f56ece168b82b9c613b63bc89f392f5ec2f436bbdd1aae83421087db3194e772d93c96a16836f24414ad0fcb23e9658ed3f2d595f231326dd24059602d5f74591c321677720ff7cadeba5990b6d0e5b503ca20690881227f1c40cb7354656e90af3543d5807e0a479932d9acc691431e0733765baaae41835c3e8e3e402228367f9b1e446f228a01ef9356b94ed4e44ce3666591587ab88854b15ebd1e4167519e91f58fb8f9536cbf84cf8366d1597159d82d36f3643655cd869e3d0b21bffdc6722d028f3e3e3e932709803b3682aa01e5e12de1d9fd4ead46ec98ecb3a87abb77540653bf517c327fa34c5a3ffd8b0aa0e565e07bd3dd4ec022a338cec580f477ddb216af1eebe49b65f0db6ac3ea60b486adb8ec155d0a46635bc2bf7030fbd935e8ff753a8918ceeff8657e8ea21e63f52d28cdb2876d994eeba3c561ea9df8f43f92119caab263318682116dfc9594bf904a1dab5025e434df95dd3b97ff3c09e5b9f04ea41e88a33e7fd5db3daed9dc67ef387eea4efd5f66e6c0d57c525cac5ef8fb09e62c55b2b01e10c8ba1a6f62dbac47a884f20061e945c3b3d5c184a6264dddc41d51e4fa78e073d03a4b752c36ce59e7f1a09bfcd59d6a667f3638fee20dfea4893b17d8d7c75aace35a09e9eec938b71fffc61d120e94fd124b86da1e67427c632948c445e1bc7efc57cc161c4fe5d579b76d8bcbacec460083219447ab7153135ec04078245321e54f9c009c4c5ab17905362799f54e26dbc87e84dfdb62a6d59c118bbdd2c33d86ba5a33bb0749b94c7cde59c970ac3b89c516f7bbfcdedc31a67a4349db654e0d4ebcf11a9bfbcf96874b85235ce418636b63aa4a1304e4be0661acd419c43bfd8c35f8e600677390b5a663d4d26648b579447a459ee17d92985ec8824f4c4fa96e27f29e902b69dc2685b5df0f9269e4ed31e7d4eaa311863f4b9118b92a79b69fe2edafa76f5ce05e1d584edd4e037f6f8e4aadb4d8a181247a47c367e1886eb2ad93a8904f8101c8ca5519f9f0912b7f784d5910533aa6b355806be7f3e0e179b117329820cad1148706e287480d1d8e4c5bce16a25294fe87f0f29d055e9fd9b05888ace1c7219afdfd4c9ae451e8587c9e8fda8a9945a00eb763d077f828c1aaab66b9d8b1531b89aa77707a3ef8fd0e61877b59c6ebcb1f2bb3086d374629ab7cd737cfbc2bf1c91d7c17a1e643842b6e07cab9e6b332ec3c618e20ce7818f11162372861ef046abd6f9389f537d6c21ef75b3af18c5ea59ec953610866186e71a3125069ea2ce64a6c47b136eda2626684b02dd51c3f580b37f17d8fff78acc231f296f4376b732b26f5f4c278f3a8c8a79ff5147a68015bd723b98bb1594cf639e532c3f07e83e02e833d5ddaca5e0b8ca49a35ad567a7a7429c2aaac9be254f9a0b8d82da7143fc52f9ac8a2651fd764105c3d1bb50fffe75657835992bb822a28fd94f230fa5d8e5d048494d7d7936687506b033873d4c5a746c8abf1426a68c892aa980cbe20c5f7ce8a43ae9bc813a8363bda9ce0cf8b33ef7796c5132bb06d50d27e5957ebd7a04e6ebb67bef227498be31beb324142d0398635df84c7bb627b32ece95a8631afb4fb96f69dd1ecc5ddfdfe0090278f33d00faf910a7e254115876d6bb86e0e758eeace7d102a6d81ee820f646f2f26d196be85a9937d027f80c35d68c57c681b09e1fa6223f6d535d755fb98174745eb31f14eaeeb8fc90f1386ca21ccd62e3d6c6f05f5d391941b62c55b4f4705307bd3e6cc02bcfd9cb80d765b330c5a8a0693a797dd82b73f9db13f1779382cf8efa851688553cf7fd46c3d9b390e5ddd3559d7f2e8dd683702c97eb86d78bec46fe67236416b7f23b5085234cd8e8cceb5387247243f9b7bbc03385dee8c2908b9d8af03f4c5ce603373085061a3c356d4410d06e221e24153bfe5d105494989dcfeed476bc0469e0811ac7d18e97edc262122dfb17e14a245fbc1d3faa0bd57a9a7ddbd40a2038bc476311988aa07980a71c90dbef292f97e0700528d966b767cadd51479f9e8613d3e1a74d982ec47c7b7d943b0189b47bb6633f54aa4260a88ea82f9eb74862efd97c65a655587dbcfe168c811cce3eb0300a0e56fc0952a8f46d288746777a3e5844cf14299b34de1b1c0882f6941adc98e2ab5b43f444c0895932043a0b4aad591e8ab8ba45f22ecb22145104dfa6f74e8e7a59d94e58196c10b303ede174e6ac5b9fd3b4da64201ccc13c954df824bdeab6a9af4802b6905fe40d2978383b339430df712d5258a2827b1423cc2adebd718fbe60618b19ae579b9fc1654b0a3fe7b215cc62d7a78d6193c51efe26ceef7414e5f0edae2622eecd13211ce6dd35ef94ce911b66b52533eb8b5809b6abc20051cef957353b8782078f21e9a3004a518559aa796d0cc5ea683dd26c2031ec205905a61bc4bd814eecb9c778d3fec3ee531d50d1d6d6bf84817996bd604c0bfb96c6ea8de5baacdf90fad28ff224008b6d0b9ddecf0bb87a144f989ed4f9926794b16172bf84e3a0366a1cad6bc12e8deb927b30a76056e990f6433a75ea812a8d80c2d3ea4b53de01cf30a0160983fab2087274c223ed06", 0x1000}], 0x4, &(0x7f0000001340)=[@timestamping={{0x14, 0x1, 0x25, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @mark={{0x14}}, @timestamping={{0x14, 0x1, 0x25, 0x400}}, @mark={{0x14, 0x1, 0x24, 0x2}}, @mark={{0x14, 0x1, 0x24, 0x2f}}, @mark={{0x14, 0x1, 0x24, 0x1000}}, @timestamping={{0x14, 0x1, 0x25, 0x1f}}, @timestamping={{0x14, 0x1, 0x25, 0x81}}, @mark={{0x14, 0x1, 0x24, 0x81}}], 0xf0}, 0x8000) r5 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:32 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") r2 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r2, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r2, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$IMGETDEVINFO(r2, 0x80044944, &(0x7f00000000c0)={0x3}) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x54100, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="030000001d73dadb8b2df999b1ab46fc2354e10caffd8ae098fc2ee4e124068d9b06cdac009710b9a038de26563369a80daf4d9674eedf3b2b3274056f02d8e4c6940b58256cba683ef4fb4e2e8c49693e1a5aa2346c2a0fa7b4e975fe1d297bfc15811286a209210d3c0abbeb66e5d4072db8b66cc006578e1b64906632a46e19bbf468f41ade538f6d57ed663170ae176b9b8a5755d1a43d004cda892fe1c2b9373418b4e0e23e2f6ec303000000a4ffffff05000000080000000000808e000000000000000000"]}) 21:30:32 executing program 0 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 311.694890] FAULT_INJECTION: forcing a failure. [ 311.694890] name failslab, interval 1, probability 0, space 0, times 0 [ 311.724824] CPU: 0 PID: 16997 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 311.731889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.741675] Call Trace: [ 311.744426] dump_stack+0x138/0x197 [ 311.748111] should_fail.cold+0x10f/0x159 [ 311.752292] should_failslab+0xdb/0x130 [ 311.756299] kmem_cache_alloc_node+0x56/0x780 [ 311.760916] ? mount_fs+0x97/0x2a1 [ 311.764488] create_task_io_context+0x31/0x3d0 [ 311.769123] generic_make_request_checks+0x1505/0x1ac0 [ 311.774609] ? rcu_read_lock_sched_held+0x110/0x130 [ 311.779656] ? blk_cleanup_queue+0x610/0x610 [ 311.784579] ? trace_hardirqs_on+0x10/0x10 [ 311.788842] generic_make_request+0x7d/0xa40 [ 311.793460] ? save_trace+0x290/0x290 [ 311.797292] ? blk_queue_enter+0x520/0x520 [ 311.801556] ? find_held_lock+0x35/0x130 [ 311.805652] ? guard_bio_eod+0x161/0x530 [ 311.809751] submit_bio+0x1a5/0x3f0 [ 311.813400] ? submit_bio+0x1a5/0x3f0 [ 311.817219] ? generic_make_request+0xa40/0xa40 [ 311.821909] ? guard_bio_eod+0x1fd/0x530 [ 311.825995] submit_bh_wbc+0x550/0x720 [ 311.829907] block_read_full_page+0x7a2/0x960 [ 311.834427] ? set_init_blocksize+0x220/0x220 [ 311.838950] ? __bread_gfp+0x290/0x290 [ 311.842861] ? add_to_page_cache_lru+0x159/0x310 [ 311.847640] ? add_to_page_cache_locked+0x40/0x40 [ 311.852584] blkdev_readpage+0x1d/0x30 [ 311.856519] do_read_cache_page+0x671/0xfc0 [ 311.860900] ? blkdev_writepages+0xd0/0xd0 [ 311.865161] ? find_get_pages_contig+0xaa0/0xaa0 [ 311.869938] ? blkdev_get+0xb0/0x8e0 [ 311.873719] ? dput.part.0+0x170/0x750 [ 311.877727] ? bd_may_claim+0xd0/0xd0 [ 311.881552] ? path_put+0x50/0x70 [ 311.885022] ? lookup_bdev.part.0+0xe1/0x160 [ 311.889445] read_cache_page_gfp+0x6e/0x90 [ 311.893702] btrfs_read_disk_super+0xdd/0x440 [ 311.898215] btrfs_scan_one_device+0xc6/0x400 [ 311.902744] ? device_list_add+0x8d0/0x8d0 [ 311.907521] ? __free_pages+0x54/0x90 [ 311.911374] ? free_pages+0x46/0x50 [ 311.915030] btrfs_mount+0x2e3/0x2b28 [ 311.918850] ? lock_downgrade+0x740/0x740 [ 311.923016] ? find_held_lock+0x35/0x130 [ 311.927694] ? pcpu_alloc+0x3af/0x1050 [ 311.931583] ? btrfs_remount+0x11f0/0x11f0 [ 311.931599] ? rcu_read_lock_sched_held+0x110/0x130 [ 311.931619] ? __lockdep_init_map+0x10c/0x570 [ 311.931636] mount_fs+0x97/0x2a1 [ 311.931650] vfs_kern_mount.part.0+0x5e/0x3d0 [ 311.953230] ? find_held_lock+0x35/0x130 [ 311.957316] vfs_kern_mount+0x40/0x60 [ 311.961139] btrfs_mount+0x3ce/0x2b28 [ 311.964957] ? lock_downgrade+0x740/0x740 [ 311.969115] ? find_held_lock+0x35/0x130 [ 311.973197] ? pcpu_alloc+0x3af/0x1050 [ 311.977108] ? btrfs_remount+0x11f0/0x11f0 [ 311.981367] ? rcu_read_lock_sched_held+0x110/0x130 [ 311.986414] ? __lockdep_init_map+0x10c/0x570 [ 311.990940] ? __lockdep_init_map+0x10c/0x570 [ 311.995463] mount_fs+0x97/0x2a1 [ 311.998864] vfs_kern_mount.part.0+0x5e/0x3d0 [ 312.003422] do_mount+0x417/0x27d0 [ 312.007002] ? copy_mount_options+0x5c/0x2f0 [ 312.011424] ? rcu_read_lock_sched_held+0x110/0x130 [ 312.016506] ? copy_mount_string+0x40/0x40 [ 312.020760] ? copy_mount_options+0x1fe/0x2f0 [ 312.025272] SyS_mount+0xab/0x120 [ 312.028736] ? copy_mnt_ns+0x8c0/0x8c0 [ 312.032652] do_syscall_64+0x1e8/0x640 [ 312.036571] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 312.041439] entry_SYSCALL_64_after_hwframe+0x42/0xb7 21:30:32 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$LOOP_SET_DIRECT_IO(r2, 0x4c08, 0xf236) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f0000000000)=0x443167e455fcb5ae, 0x2) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:32 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x80}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(0xffffffffffffffff, 0xc0905664, &(0x7f0000000100)={0x0, 0x0, [], @bt={0xffffffff, 0x200, 0x2, 0x6, 0x6, 0x9, 0x10}}) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) [ 312.046646] RIP: 0033:0x45c94a [ 312.049839] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 312.057558] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 312.064855] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 312.072135] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 312.079443] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 312.086750] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:32 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x80002, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f00000000c0)={0x1, 0x9, 0x9, {}, 0x4, 0x4}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x90a00, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f00000001c0)={0x2, 0x7fffffff, 0x2, {r3, r4+10000000}, 0x87e, 0x1}) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r6 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/attr/current\x00', 0x2, 0x0) ioctl(r6, 0xc100410d, &(0x7f00000005c0)="cac963b598499c1ef89a0e5143fe0a2fb26adc55f64b78afff457e3de0c5df4d69a8c273fd6befc289b33a8e9b4e6ab47d4368c21041a7e8dd3f03a8bdbbab5b23bf7a79d43797bdb0bc781ff558a2966210f49c7cf22c90396e109856275a208d838d3fb089d6def94ef0a07fe5ffff557e47bf6dfc5ae3cf5523d4606b056473d6d7d1e01acc1157919d93578e46a6bfda63b99063e35fdd193fb9c0449108bd1649efdf470900000000000000a02ea63b148006b87b348a877715caaba357dbdde3a947a43e90fd32bd6bffeb7836a5ba2257d5adee843ce65e01dbe3cab128b66ac98e1300d266b83dbcc2f09fecf20326a32b964ec6e0997826dc92f7bb5a4d880707") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r7 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r7, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r7, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000380)={0x6, 0x3, 0x1, 'queue0\x00', 0x7f}) ioctl$SIOCX25GFACILITIES(r5, 0x89e2, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:32 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x400003, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:32 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10040}], 0x1040080, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:32 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000000)={0x1, r5}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") ioctl$VIDIOC_TRY_DECODER_CMD(0xffffffffffffffff, 0xc0485661, &(0x7f00000000c0)={0x5, 0x2, @stop_pts=0x1}) 21:30:33 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x10000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:33 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc100410f, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:33 executing program 1: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$HDIO_GETGEO(r1, 0x301, &(0x7f0000000140)) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f00000006c0)={0x0, @remote, @local}, &(0x7f0000000700)=0xc) r6 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000740)='/dev/cachefiles\x00', 0x800, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0xf, 0xa, &(0x7f00000005c0)=ANY=[@ANYBLOB="85100000ffffffffa54700010800000018180000", @ANYRES32=r0, @ANYBLOB="0000000000000000181400007b277c21d8c0b748f198c3256576e027a935426eeac6dbec8544a16d9dd33f84f71aaa7f8b546512d1bc5672281c096ed096506bbfef1bfd39a0dd87d1e59b6932b03d342dfd026f408238106ef7cece5617c806df8e3771b89ad4b5187141c3c7938aec08bf2d2669c346c24a8d3ab937d65371664c07ca929df2f3193b331eacafddf294f14927318b2dec8816244d78fa35a1", @ANYRES32=0x1, @ANYBLOB="0000000000000000f8236fbabd5f140e0ac58000fcffffff2545f0ff00000000c12080fff0ffffff"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x8a, &(0x7f0000000480)=""/138, 0x41100, 0x1, [], r5, 0x0, r6, 0x8, &(0x7f0000000780)={0x6, 0x4}, 0x8, 0x10, &(0x7f00000007c0)={0x1, 0x1, 0x8, 0x7}, 0x10}, 0x70) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) r8 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r8, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r8, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r9 = socket$key(0xf, 0x3, 0x2) dup2(r8, r9) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x111}}, 0xd) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r10}}, 0x2de) ftruncate(r7, 0x5) setsockopt$inet6_int(r3, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) recvfrom(r2, &(0x7f0000000000)=""/164, 0xffffffffffffffc1, 0x40010000, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x3, 0x1, 0x4, 0x2, {0xa, 0x4e21, 0x7, @empty, 0xfffffffd}}}, 0x80) r11 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r11, 0xc058534f, &(0x7f0000000300)={{0x6}}) 21:30:33 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:33 executing program 0 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:33 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) syz_mount_image$gfs2(&(0x7f0000000000)='gfs2\x00', &(0x7f0000000040)='./file0\x00', 0xaf9, 0x2, &(0x7f0000000240)=[{&(0x7f0000000140)="2706e06e91653da91947ac38998e0c1b45d612e5a2a74f15d88ef598fd5a0c302e3476e29d83dd82afd83d", 0x2b, 0x5}, {&(0x7f0000000180)="07fe8de060e9ebb29e0d5b3f7224922ba80e10b087b2d34c431ccdc92a3a86e7411fdb4f00c405e70608eee139d5be1429748d7b4b94d5aa29230da87cdccdb62730cb76d4ce4ab2a1932ffa8e1fefb8c09464832f34b65e7a32c637fc835a46fcd7ca246862a8235e668ae00cc8f2375b72887981279da1dc8c04e197764ab7fca50c176ca5e3de64790fb5ce8a2ed190", 0x91, 0x1e90}], 0x1000010, &(0x7f0000000280)={[{@statfs_quantum={'statfs_quantum', 0x3d, 0x7}}, {@data_ordered='data=ordered'}], [{@subj_user={'subj_user', 0x3d, 'btrfs\x00'}}, {@hash='hash'}]}) 21:30:33 executing program 2: init_module(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x12, &(0x7f0000000040)='/dev/snd/pcmC#D#c\x00') r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$selinux_load(r0, &(0x7f00000000c0)={0xf97cff8c, 0x8, 'SE Linux', "ed2fd53bb353f916cdd78b912edd419f50c3a6c12dc88d49768b4c7ea98002ae14eb702ab337925548939f744176a2c1aee3c8cc17f1967bd3fffaf7888da285038b84fe31e233ec02039502dc767179016dd9edf4c24ef684a80c102e6cbc3615e81176b75948d27db84c7800488809abe9b864457912b341131d00191e8f0678aa7c620ebe2abf33bd07c5f5904da0d20fc9c30f9af6cfbc8d1a7df566c3c433f04d592d"}, 0xb5) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_SET_SAREA_CTX(r1, 0x4010641c, &(0x7f0000000240)={r4, &(0x7f00000001c0)=""/75}) 21:30:33 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) getresuid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000580)=0x9) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x80110, &(0x7f00000002c0)={'trans=tcp,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@nodevmap='nodevmap'}], [{@permit_directio='permit_directio'}, {@fsname={'fsname', 0x3d, 'btrfs\x00'}}, {@hash='hash'}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@euid_eq={'euid', 0x3d, r0}}, {@measure='measure'}, {@smackfshat={'smackfshat'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '{(-'}}, {@obj_role={'obj_role', 0x3d, 'vboxnet1ppp1selinux#(selfeth0'}}, {@uid_gt={'uid>', r1}}]}}) pipe(&(0x7f0000000680)={0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r2, 0x84, 0x21, &(0x7f0000000400), &(0x7f0000000440)=0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r3 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r3) keyctl$invalidate(0x15, r3) 21:30:33 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r3, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=0x2723, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x9, 0x2}, 0x0, 0x0, &(0x7f0000000140)={0x4, 0x5, 0x7, 0x7}, &(0x7f0000000180)=0x4, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x9d5}}, 0x10) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x1, 0x20000) [ 312.510590] FAULT_INJECTION: forcing a failure. [ 312.510590] name failslab, interval 1, probability 0, space 0, times 0 [ 312.528749] CPU: 1 PID: 17048 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 312.535837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.545211] Call Trace: [ 312.547828] dump_stack+0x138/0x197 [ 312.551491] should_fail.cold+0x10f/0x159 [ 312.555662] should_failslab+0xdb/0x130 21:30:33 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/\x13#c\x00', 0x0, 0x3210c0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) fcntl$setsig(r2, 0xa, 0x0) r3 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:33 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) ioctl$sock_rose_SIOCRSCLRRT(r1, 0x89e4) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r3}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r3}}, 0x18) r4 = semget(0x1, 0x0, 0x2) semctl$SETALL(r4, 0x0, 0x11, &(0x7f0000000080)=[0x8001, 0x745e, 0x2]) semctl$SEM_STAT(r4, 0x4, 0x12, &(0x7f00000007c0)=""/4096) ioctl$DRM_IOCTL_GEM_FLINK(r0, 0xc008640a, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000040)={r5, 0x80000, r0}) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 312.559663] kmem_cache_alloc_node+0x56/0x780 [ 312.564194] ? mount_fs+0x97/0x2a1 [ 312.567768] create_task_io_context+0x31/0x3d0 [ 312.572407] generic_make_request_checks+0x1505/0x1ac0 [ 312.577713] ? rcu_read_lock_sched_held+0x110/0x130 [ 312.582772] ? blk_cleanup_queue+0x610/0x610 [ 312.587208] ? trace_hardirqs_on+0x10/0x10 [ 312.591523] generic_make_request+0x7d/0xa40 [ 312.595946] ? save_trace+0x290/0x290 [ 312.599765] ? blk_queue_enter+0x520/0x520 [ 312.604016] ? find_held_lock+0x35/0x130 [ 312.608101] ? guard_bio_eod+0x161/0x530 [ 312.612191] submit_bio+0x1a5/0x3f0 [ 312.615829] ? submit_bio+0x1a5/0x3f0 [ 312.619644] ? generic_make_request+0xa40/0xa40 [ 312.624333] ? guard_bio_eod+0x1fd/0x530 [ 312.624346] submit_bh_wbc+0x550/0x720 [ 312.624360] block_read_full_page+0x7a2/0x960 [ 312.624371] ? set_init_blocksize+0x220/0x220 [ 312.624384] ? __bread_gfp+0x290/0x290 [ 312.636830] ? add_to_page_cache_lru+0x159/0x310 [ 312.636844] ? add_to_page_cache_locked+0x40/0x40 [ 312.636858] blkdev_readpage+0x1d/0x30 [ 312.636869] do_read_cache_page+0x671/0xfc0 [ 312.636878] ? blkdev_writepages+0xd0/0xd0 [ 312.636895] ? find_get_pages_contig+0xaa0/0xaa0 [ 312.636903] ? blkdev_get+0xb0/0x8e0 [ 312.636914] ? dput.part.0+0x170/0x750 [ 312.645312] ? bd_may_claim+0xd0/0xd0 [ 312.645325] ? path_put+0x50/0x70 [ 312.645335] ? lookup_bdev.part.0+0xe1/0x160 [ 312.645348] read_cache_page_gfp+0x6e/0x90 [ 312.645364] btrfs_read_disk_super+0xdd/0x440 [ 312.645375] btrfs_scan_one_device+0xc6/0x400 [ 312.645387] ? device_list_add+0x8d0/0x8d0 [ 312.654981] ? __free_pages+0x54/0x90 [ 312.654993] ? free_pages+0x46/0x50 [ 312.655011] btrfs_mount+0x2e3/0x2b28 [ 312.655024] ? lock_downgrade+0x740/0x740 [ 312.655032] ? find_held_lock+0x35/0x130 [ 312.655042] ? pcpu_alloc+0x3af/0x1050 [ 312.655058] ? btrfs_remount+0x11f0/0x11f0 [ 312.663276] ? rcu_read_lock_sched_held+0x110/0x130 [ 312.663301] ? __lockdep_init_map+0x10c/0x570 [ 312.663321] mount_fs+0x97/0x2a1 [ 312.663337] vfs_kern_mount.part.0+0x5e/0x3d0 [ 312.663346] ? find_held_lock+0x35/0x130 21:30:33 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0xffff, 0x0) ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000200)=0x400) mount(&(0x7f0000000000)=ANY=[@ANYBLOB="2f6465762f6e629a428b"], &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='cgroup\x00', 0x800080, &(0x7f0000000180)='\x00') [ 312.676046] vfs_kern_mount+0x40/0x60 [ 312.676064] btrfs_mount+0x3ce/0x2b28 [ 312.676077] ? lock_downgrade+0x740/0x740 [ 312.676086] ? find_held_lock+0x35/0x130 [ 312.676100] ? pcpu_alloc+0x3af/0x1050 [ 312.676117] ? btrfs_remount+0x11f0/0x11f0 [ 312.676132] ? rcu_read_lock_sched_held+0x110/0x130 [ 312.691705] ? __lockdep_init_map+0x10c/0x570 [ 312.691718] ? __lockdep_init_map+0x10c/0x570 [ 312.691736] mount_fs+0x97/0x2a1 [ 312.691753] vfs_kern_mount.part.0+0x5e/0x3d0 [ 312.691766] do_mount+0x417/0x27d0 [ 312.691774] ? copy_mount_options+0x5c/0x2f0 [ 312.691785] ? rcu_read_lock_sched_held+0x110/0x130 [ 312.691798] ? copy_mount_string+0x40/0x40 [ 312.691811] ? copy_mount_options+0x1fe/0x2f0 [ 312.770004] SyS_mount+0xab/0x120 [ 312.770015] ? copy_mnt_ns+0x8c0/0x8c0 [ 312.777992] do_syscall_64+0x1e8/0x640 [ 312.778004] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 312.778022] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 312.778031] RIP: 0033:0x45c94a [ 312.851462] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 21:30:33 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x342, &(0x7f0000000080), 0x2000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) [ 312.859177] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 312.866560] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 312.873825] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 312.881109] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 312.888380] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:33 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) ioctl$PPPIOCGNPMODE(r0, 0xc008744c, &(0x7f00000001c0)={0xfd, 0x1}) r3 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r4 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r4, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) bind$inet6(r4, &(0x7f0000000180)={0xa, 0x4e23, 0xea02, @remote, 0x5}, 0x1c) sendto$inet6(r3, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) r5 = dup(r3) accept4$unix(r5, &(0x7f0000000000), &(0x7f0000000140)=0x6e, 0x800) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:33 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x20000, 0x44) ioctl$VIDIOC_S_EDID(r1, 0xc0285629, &(0x7f0000000080)={0x0, 0x5, 0xb6, [], &(0x7f0000000040)=0x9}) 21:30:34 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:34 executing program 0 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:34 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000000)="d5753864113ffa920782eec27ab9392350d55337ce2917727163bfdce353df2a1f9d40f486728c5a265519cef06550c52b09bb55d5cf9aff2c45178d1b75a18f3f4dd969f0d46b9b5b01c9c6e63414b312648a7eadf70a98b6219dc00a627e581620064a923cb66ba6aa69aeacccfbdeed52b681fef5f2399bba296ffde9d2768a8b0a229d725273d16adf29bd8c2ed1b4c9cea23d6bd0f4e69ce65d24f1db7f714c350ebe15dff2d932e55478a988b4c40c7da1462e") [ 313.313667] FAULT_INJECTION: forcing a failure. [ 313.313667] name failslab, interval 1, probability 0, space 0, times 0 [ 313.325934] CPU: 0 PID: 17099 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 313.333113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.342611] Call Trace: [ 313.345195] dump_stack+0x138/0x197 [ 313.349072] should_fail.cold+0x10f/0x159 [ 313.353252] should_failslab+0xdb/0x130 [ 313.357221] kmem_cache_alloc_trace+0x2e9/0x790 [ 313.361880] ? __kmalloc_node+0x51/0x80 [ 313.365846] btrfs_mount+0x1069/0x2b28 [ 313.369743] ? lock_downgrade+0x740/0x740 [ 313.373881] ? find_held_lock+0x35/0x130 [ 313.378079] ? pcpu_alloc+0x3af/0x1050 [ 313.382037] ? btrfs_remount+0x11f0/0x11f0 [ 313.386299] ? rcu_read_lock_sched_held+0x110/0x130 [ 313.391345] ? __lockdep_init_map+0x10c/0x570 [ 313.395852] mount_fs+0x97/0x2a1 [ 313.399318] vfs_kern_mount.part.0+0x5e/0x3d0 [ 313.403803] ? find_held_lock+0x35/0x130 [ 313.407869] vfs_kern_mount+0x40/0x60 [ 313.411671] btrfs_mount+0x3ce/0x2b28 [ 313.415508] ? lock_downgrade+0x740/0x740 [ 313.419649] ? find_held_lock+0x35/0x130 [ 313.423700] ? pcpu_alloc+0x3af/0x1050 [ 313.427584] ? btrfs_remount+0x11f0/0x11f0 [ 313.431963] ? rcu_read_lock_sched_held+0x110/0x130 [ 313.436979] ? __lockdep_init_map+0x10c/0x570 [ 313.441577] ? __lockdep_init_map+0x10c/0x570 [ 313.446085] mount_fs+0x97/0x2a1 [ 313.449447] vfs_kern_mount.part.0+0x5e/0x3d0 [ 313.453935] do_mount+0x417/0x27d0 [ 313.457575] ? retint_kernel+0x2d/0x2d [ 313.461507] ? copy_mount_string+0x40/0x40 [ 313.465750] ? copy_mount_options+0x195/0x2f0 [ 313.470249] ? copy_mount_options+0x1fe/0x2f0 [ 313.474757] SyS_mount+0xab/0x120 [ 313.478203] ? copy_mnt_ns+0x8c0/0x8c0 [ 313.482080] do_syscall_64+0x1e8/0x640 [ 313.485959] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 313.490791] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 313.495973] RIP: 0033:0x45c94a [ 313.499152] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 313.506848] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a 21:30:34 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = getegid() mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='9p\x00', 0x800000, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@uname={'uname', 0x3d, '/dev/snd/pcmC#D#c\x00'}}, {@dfltgid={'dfltgid', 0x3d, r2}}], [{@fsname={'fsname', 0x3d, ':^\'mime_type@$vboxnet0*'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '/dev/snd/pcmC#D#c\x00'}}, {@smackfsfloor={'smackfsfloor', 0x3d, '/dev/snd/pcmC#D#c\x00'}}, {@obj_role={'obj_role', 0x3d, '.!'}}, {@seclabel='seclabel'}, {@fsuuid={'fsuuid', 0x3d, {[0x37, 0x65, 0x35, 0x66, 0x63, 0x37, 0x66, 0x5c], 0x2d, [0x60, 0x63, 0xa, 0x66], 0x2d, [0x31, 0x63, 0x65, 0x32], 0x2d, [0x66, 0x34, 0x36, 0x39], 0x2d, [0x64, 0x31, 0x3d, 0x0, 0x61, 0x65, 0x54, 0x37]}}}]}}) r3 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 313.514122] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 313.521396] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 313.528814] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 313.536088] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:34 executing program 0 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:34 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r7}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r7}}, 0x18) r8 = socket$inet(0x2, 0x4000000805, 0x0) r9 = socket$inet_sctp(0x2, 0x5, 0x84) r10 = dup3(r8, r9, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r10, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r9, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r10, 0x84, 0x7a, &(0x7f000059aff8)={r11}, &(0x7f000034f000)=0x2059b000) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r5, 0x84, 0xa, &(0x7f0000000100)={0x682, 0x4, 0x2, 0x4, 0x20, 0x9, 0x6, 0xe4, r11}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) signalfd4(r2, &(0x7f0000000000)={0x400}, 0x8, 0x0) r12 = fcntl$dupfd(r1, 0x406, r1) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r13, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r14 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r14, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r14, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r15}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r13, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r15}}, 0x18) getsockopt$TIPC_DEST_DROPPABLE(r13, 0x10f, 0x81, &(0x7f0000000040), &(0x7f00000000c0)=0x4) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl(r0, 0x800, &(0x7f0000000580)='B\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00') 21:30:34 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x1080c0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = socket$inet_udplite(0x2, 0x2, 0x88) getpeername(r1, &(0x7f0000000000)=@nfc_llcp, &(0x7f00000000c0)=0x80) [ 313.636784] FAULT_INJECTION: forcing a failure. [ 313.636784] name failslab, interval 1, probability 0, space 0, times 0 [ 313.653589] CPU: 1 PID: 17112 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 313.660649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.670024] Call Trace: [ 313.672621] dump_stack+0x138/0x197 [ 313.676268] should_fail.cold+0x10f/0x159 [ 313.680444] should_failslab+0xdb/0x130 21:30:34 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x80, &(0x7f00000000c0)=""/209, &(0x7f0000000000)=0xd1) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 313.684434] kmem_cache_alloc_trace+0x2e9/0x790 [ 313.689100] ? __kmalloc_node+0x51/0x80 [ 313.693082] btrfs_mount+0x1001/0x2b28 [ 313.696980] ? lock_downgrade+0x740/0x740 [ 313.701136] ? find_held_lock+0x35/0x130 [ 313.705215] ? pcpu_alloc+0x3af/0x1050 [ 313.709121] ? btrfs_remount+0x11f0/0x11f0 [ 313.713806] ? rcu_read_lock_sched_held+0x110/0x130 [ 313.718847] ? __lockdep_init_map+0x10c/0x570 [ 313.723357] mount_fs+0x97/0x2a1 [ 313.723377] vfs_kern_mount.part.0+0x5e/0x3d0 [ 313.723388] ? find_held_lock+0x35/0x130 [ 313.723402] vfs_kern_mount+0x40/0x60 [ 313.723415] btrfs_mount+0x3ce/0x2b28 [ 313.723431] ? lock_downgrade+0x740/0x740 [ 313.731274] ? find_held_lock+0x35/0x130 [ 313.731287] ? pcpu_alloc+0x3af/0x1050 [ 313.731308] ? btrfs_remount+0x11f0/0x11f0 [ 313.731326] ? rcu_read_lock_sched_held+0x110/0x130 [ 313.731343] ? __lockdep_init_map+0x10c/0x570 [ 313.731352] ? __lockdep_init_map+0x10c/0x570 [ 313.731367] mount_fs+0x97/0x2a1 [ 313.731382] vfs_kern_mount.part.0+0x5e/0x3d0 [ 313.731394] do_mount+0x417/0x27d0 21:30:34 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={0xffffffffffffffff}, 0x111}}, 0xfffffffffffffe02) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r4}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r4}}, 0x18) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={0x0}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000280)={r5, 0xfffffbff, 0x9}, &(0x7f00000002c0)=0x10) write(r1, &(0x7f0000000340), 0x41395527) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r6, &(0x7f0000000640)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r9 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r8, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dcac13b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b98147ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff6b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b118fb3ac06879c84e322122784fe00c44b292dce26da8813d107826cc09291f8ec178d2b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a"], 0x24c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00', r8}) connect$packet(r1, &(0x7f0000000040)={0x11, 0xf7, r10, 0x1, 0x5, 0x6, @remote}, 0x14) [ 313.731402] ? copy_mount_options+0x5c/0x2f0 [ 313.731411] ? rcu_read_lock_sched_held+0x110/0x130 [ 313.731428] ? copy_mount_string+0x40/0x40 [ 313.731443] ? copy_mount_options+0x1fe/0x2f0 [ 313.731455] SyS_mount+0xab/0x120 [ 313.806906] ? copy_mnt_ns+0x8c0/0x8c0 [ 313.810817] do_syscall_64+0x1e8/0x640 [ 313.814743] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 313.819596] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 313.824805] RIP: 0033:0x45c94a [ 313.828003] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 21:30:34 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000000)={0x1, 0x38, 0x5, 0x4}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) [ 313.835728] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 313.843176] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 313.850445] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 313.857817] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 313.865085] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 313.872744] net_ratelimit: 16 callbacks suppressed [ 313.872749] protocol 88fb is buggy, dev hsr_slave_0 [ 313.882804] protocol 88fb is buggy, dev hsr_slave_1 21:30:34 executing program 0 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 313.964578] FAULT_INJECTION: forcing a failure. [ 313.964578] name failslab, interval 1, probability 0, space 0, times 0 [ 313.976469] CPU: 1 PID: 17141 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 313.983504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.992874] Call Trace: [ 313.995470] dump_stack+0x138/0x197 [ 313.999278] should_fail.cold+0x10f/0x159 [ 314.003423] should_failslab+0xdb/0x130 [ 314.007398] kmem_cache_alloc_trace+0x2e9/0x790 [ 314.012072] ? __kmalloc_node+0x51/0x80 [ 314.016045] btrfs_mount+0x1069/0x2b28 [ 314.019922] ? lock_downgrade+0x740/0x740 [ 314.024059] ? find_held_lock+0x35/0x130 [ 314.028113] ? pcpu_alloc+0x3af/0x1050 [ 314.032027] ? btrfs_remount+0x11f0/0x11f0 [ 314.036281] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.041476] ? __lockdep_init_map+0x10c/0x570 [ 314.046208] mount_fs+0x97/0x2a1 [ 314.049718] vfs_kern_mount.part.0+0x5e/0x3d0 [ 314.054394] ? find_held_lock+0x35/0x130 [ 314.058458] vfs_kern_mount+0x40/0x60 [ 314.062391] btrfs_mount+0x3ce/0x2b28 [ 314.066196] ? lock_downgrade+0x740/0x740 [ 314.070464] ? find_held_lock+0x35/0x130 [ 314.074533] ? pcpu_alloc+0x3af/0x1050 [ 314.078529] ? btrfs_remount+0x11f0/0x11f0 [ 314.082773] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.087895] ? __lockdep_init_map+0x10c/0x570 [ 314.092417] ? __lockdep_init_map+0x10c/0x570 [ 314.096913] mount_fs+0x97/0x2a1 [ 314.100275] vfs_kern_mount.part.0+0x5e/0x3d0 [ 314.104763] do_mount+0x417/0x27d0 [ 314.108296] ? copy_mount_options+0x5c/0x2f0 [ 314.112726] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.117751] ? copy_mount_string+0x40/0x40 [ 314.121993] ? copy_mount_options+0x1fe/0x2f0 [ 314.126497] SyS_mount+0xab/0x120 [ 314.130028] ? copy_mnt_ns+0x8c0/0x8c0 [ 314.133933] do_syscall_64+0x1e8/0x640 [ 314.137823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 314.142675] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 314.147870] RIP: 0033:0x45c94a [ 314.151051] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 21:30:34 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sendto(r1, &(0x7f0000000000)="32db77de6dbac4c13187190e213227cfc871e1d87411ecf1cb81834313c8be4a84fb4200f5affce8ac526dddfd4d5f455e2ce4425a9c6a2048c101d719a9bf3af7a4c9c06022b5a5919f9020b7d194a80acbd98d4a402856034178f3849ed5ebf704ee3f9d6a403f9c9369c467a7a40b6adce06d68be6e62", 0x78, 0xf250be53e46880b1, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x1, @random="bc4b824583a8", 'hwsim0\x00'}}, 0x80) [ 314.158781] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 314.160158] protocol 88fb is buggy, dev hsr_slave_0 [ 314.166078] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 314.166087] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 314.166091] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 314.166096] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 314.166337] protocol 88fb is buggy, dev hsr_slave_0 [ 314.171379] protocol 88fb is buggy, dev hsr_slave_1 [ 314.178673] protocol 88fb is buggy, dev hsr_slave_1 21:30:34 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r6}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r6}}, 0x18) ioctl$DRM_IOCTL_CONTROL(r4, 0x40086414, &(0x7f0000000040)={0x3, 0x7ff}) r7 = socket(0x40000000002, 0x3, 0x2) getsockopt$IPT_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x0, 0x42, &(0x7f00000000c0)={'icmp\x00'}, &(0x7f0000000280)=0x1e) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) r8 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r8, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r9}}, 0x2de) r10 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r10, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r11}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r8, &(0x7f0000000500)={0x13, 0x10, 0xfa00, {&(0x7f00000002c0), r11}}, 0x18) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:35 executing program 0 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 314.240144] protocol 88fb is buggy, dev hsr_slave_0 [ 314.245353] protocol 88fb is buggy, dev hsr_slave_1 [ 314.245437] protocol 88fb is buggy, dev hsr_slave_0 [ 314.255514] protocol 88fb is buggy, dev hsr_slave_1 [ 314.299728] FAULT_INJECTION: forcing a failure. [ 314.299728] name failslab, interval 1, probability 0, space 0, times 0 [ 314.311188] CPU: 1 PID: 17153 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 314.318401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.327773] Call Trace: [ 314.330380] dump_stack+0x138/0x197 [ 314.334209] should_fail.cold+0x10f/0x159 [ 314.338359] should_failslab+0xdb/0x130 [ 314.342343] kmem_cache_alloc+0x2d7/0x780 [ 314.346505] ? save_stack_trace+0x16/0x20 [ 314.350799] ? save_stack+0x45/0xd0 [ 314.354426] ? kasan_kmalloc+0xce/0xf0 [ 314.358411] ? kmem_cache_alloc_trace+0x152/0x790 [ 314.363368] ? btrfs_mount+0x1069/0x2b28 [ 314.367428] ? mount_fs+0x97/0x2a1 [ 314.370961] getname_kernel+0x53/0x350 [ 314.375019] kern_path+0x20/0x40 [ 314.378391] lookup_bdev.part.0+0x63/0x160 [ 314.382628] ? blkdev_open+0x260/0x260 [ 314.386513] ? btrfs_open_devices+0x27/0xb0 [ 314.390825] blkdev_get_by_path+0x76/0xf0 [ 314.394971] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 314.399576] __btrfs_open_devices+0x194/0xab0 [ 314.404077] ? check_preemption_disabled+0x3c/0x250 [ 314.409225] ? find_device+0x100/0x100 [ 314.413109] ? btrfs_mount+0x1069/0x2b28 [ 314.417172] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.422225] btrfs_open_devices+0xa4/0xb0 [ 314.426374] btrfs_mount+0x11b4/0x2b28 [ 314.430282] ? lock_downgrade+0x740/0x740 [ 314.434426] ? find_held_lock+0x35/0x130 [ 314.438543] ? pcpu_alloc+0x3af/0x1050 [ 314.442450] ? btrfs_remount+0x11f0/0x11f0 [ 314.446696] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.451723] ? __lockdep_init_map+0x10c/0x570 [ 314.456491] mount_fs+0x97/0x2a1 [ 314.459858] vfs_kern_mount.part.0+0x5e/0x3d0 [ 314.464362] ? find_held_lock+0x35/0x130 [ 314.468442] vfs_kern_mount+0x40/0x60 [ 314.472377] btrfs_mount+0x3ce/0x2b28 [ 314.476190] ? lock_downgrade+0x740/0x740 [ 314.480451] ? find_held_lock+0x35/0x130 [ 314.484531] ? pcpu_alloc+0x3af/0x1050 [ 314.488445] ? btrfs_remount+0x11f0/0x11f0 [ 314.492799] ? rcu_read_lock_sched_held+0x110/0x130 21:30:35 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffd, 0x80000) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) setsockopt$inet_dccp_int(r3, 0x21, 0x0, &(0x7f0000000040)=0xad, 0x4) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") [ 314.492822] ? __lockdep_init_map+0x10c/0x570 [ 314.492833] ? __lockdep_init_map+0x10c/0x570 [ 314.502356] mount_fs+0x97/0x2a1 [ 314.502374] vfs_kern_mount.part.0+0x5e/0x3d0 [ 314.502389] do_mount+0x417/0x27d0 [ 314.502400] ? copy_mount_options+0x5c/0x2f0 [ 314.502410] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.502421] ? copy_mount_string+0x40/0x40 [ 314.502434] ? copy_mount_options+0x1fe/0x2f0 [ 314.502447] SyS_mount+0xab/0x120 [ 314.502460] ? copy_mnt_ns+0x8c0/0x8c0 [ 314.502472] do_syscall_64+0x1e8/0x640 [ 314.502481] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 314.502497] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 314.502505] RIP: 0033:0x45c94a [ 314.502510] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 314.502520] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 314.502525] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 314.502530] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 314.502537] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 21:30:35 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SIOCX25SCALLUSERDATA(0xffffffffffffffff, 0x89e5, &(0x7f00000000c0)={0x69, "a0cf7f7cc4230f2a83cf5181cf70825eef1a6868da2b2e945e3ee310af9b6c7c8dde8284df4ef98dfec4faabaccdca514c332ef0ce3c229ad4e9fbc52152df3480e3e7f7ac4a20b46b609012d41e9fc4f2d97641b8544daf8fcb904a544ee33c006a5356858d8600ff4ff061ab60e45102bb72e3ebf450a30293e9676722fa3d"}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") 21:30:35 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f00000001c0)='./file0/bus\x00', 0x0) r3 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) linkat(r3, &(0x7f0000000200)='./bus\x00', r3, &(0x7f0000000240)='./file1\x00', 0x1400) 21:30:35 executing program 3: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000000)={0x9, 0x0, 0x3f, 0x20, 0x5, 0xffffffff, 0xa}) syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl(r1, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") [ 314.576191] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:35 executing program 0 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:35 executing program 2: perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0/file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0/file1/file0\x00', 0x0) rmdir(&(0x7f00000001c0)='./file0/file1\x00') [ 314.705601] FAULT_INJECTION: forcing a failure. [ 314.705601] name failslab, interval 1, probability 0, space 0, times 0 [ 314.718898] CPU: 1 PID: 17176 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 314.725949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.735304] Call Trace: [ 314.737888] dump_stack+0x138/0x197 [ 314.741512] should_fail.cold+0x10f/0x159 [ 314.745649] should_failslab+0xdb/0x130 [ 314.749612] kmem_cache_alloc+0x2d7/0x780 [ 314.753745] ? save_stack_trace+0x16/0x20 [ 314.758049] ? save_stack+0x45/0xd0 [ 314.761671] ? kasan_kmalloc+0xce/0xf0 [ 314.765542] ? kmem_cache_alloc_trace+0x152/0x790 [ 314.770366] ? btrfs_mount+0x1069/0x2b28 [ 314.774408] ? mount_fs+0x97/0x2a1 [ 314.777938] getname_kernel+0x53/0x350 [ 314.781809] kern_path+0x20/0x40 [ 314.785159] lookup_bdev.part.0+0x63/0x160 [ 314.789385] ? blkdev_open+0x260/0x260 [ 314.793258] ? btrfs_open_devices+0x27/0xb0 [ 314.797565] blkdev_get_by_path+0x76/0xf0 [ 314.801703] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 314.806281] __btrfs_open_devices+0x194/0xab0 [ 314.811548] ? check_preemption_disabled+0x3c/0x250 [ 314.816553] ? find_device+0x100/0x100 [ 314.820427] ? btrfs_mount+0x1069/0x2b28 [ 314.824492] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.829500] btrfs_open_devices+0xa4/0xb0 [ 314.833637] btrfs_mount+0x11b4/0x2b28 [ 314.837525] ? lock_downgrade+0x740/0x740 [ 314.841658] ? find_held_lock+0x35/0x130 [ 314.845708] ? pcpu_alloc+0x3af/0x1050 [ 314.849588] ? btrfs_remount+0x11f0/0x11f0 [ 314.853814] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.858827] ? __lockdep_init_map+0x10c/0x570 [ 314.863335] mount_fs+0x97/0x2a1 [ 314.866690] vfs_kern_mount.part.0+0x5e/0x3d0 [ 314.871169] ? find_held_lock+0x35/0x130 [ 314.875217] vfs_kern_mount+0x40/0x60 [ 314.879004] btrfs_mount+0x3ce/0x2b28 [ 314.882789] ? lock_downgrade+0x740/0x740 [ 314.886923] ? find_held_lock+0x35/0x130 [ 314.890970] ? pcpu_alloc+0x3af/0x1050 [ 314.894856] ? btrfs_remount+0x11f0/0x11f0 [ 314.899079] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.904090] ? __lockdep_init_map+0x10c/0x570 [ 314.908575] ? __lockdep_init_map+0x10c/0x570 [ 314.913087] mount_fs+0x97/0x2a1 [ 314.916443] vfs_kern_mount.part.0+0x5e/0x3d0 [ 314.921198] do_mount+0x417/0x27d0 [ 314.924724] ? copy_mount_options+0x5c/0x2f0 [ 314.929119] ? rcu_read_lock_sched_held+0x110/0x130 [ 314.934161] ? copy_mount_string+0x40/0x40 [ 314.938387] ? copy_mount_options+0x1fe/0x2f0 [ 314.942873] SyS_mount+0xab/0x120 [ 314.946316] ? copy_mnt_ns+0x8c0/0x8c0 [ 314.950192] do_syscall_64+0x1e8/0x640 [ 314.954064] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 314.958901] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 314.964076] RIP: 0033:0x45c94a [ 314.967274] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 314.974984] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 314.982261] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 314.989540] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 314.996796] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 315.004095] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:35 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000400)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000300)="4bffd966849fb8d1f451b4a1f6002831103b1baef59b7a9505f3accf1bb33ae05d0869707e9b65bf1a648ad5596757080736638ca3eca19b4a5ff365dfb945c37895efdc20694b0a134dec39ced4830d8b0f913b7cf62bbc44147efbbdbfdba5f3dada918b27c2d272878681d03533505cb9b0dfe1bf209f87d2cdca6c47a63983882de57c108ff2bc7260942aa93dcc92d1cb1f1cb6519a3aac5bd7ceeefca9b63a827f384d7b6eaa5191dd69f086f964c632272642cac6e06e5c49676091603a0939020f7a1509fc81eb4dca51b68a3a39bbc26ab2a2a2e250b9a2526bbb255b85531ba3f620c871b9ede1c77ee95de405", 0xf2, r2}, 0x68) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) r5 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r5, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r5, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r6 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r6, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r6, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) getsockname(r6, &(0x7f0000000280)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000040)=0x80) setsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f00000000c0)={r7, @dev={0xac, 0x14, 0x14, 0x11}, @broadcast}, 0xc) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) bind$packet(r8, &(0x7f0000000640)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @link_local}, 0x14) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) r11 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="4c0200002400070500"/20, @ANYRES32=r10, @ANYBLOB="00000000ffffffff00000000080001007265640020020200040102004617dd777b85302869a36f4dffd3fc511f4423c9cd19c6d860c1eb13483c0acbdb12f6edc843eb078aec3e0dc3c1e833650b32bc59aea6054da2e9397f95ad1e844b52d4f8b3ad75b2211f0c16d2a8781a9bf33227e8b41360d0e21b1326dc5dbefcf845bc2a2ec96a71beb4a863a1eb1300f36ae1fe8196e7885ebc28c8cc557d7249463b9ce1e5218c047890e05755b51ac7b394e4a6e9773270fa64c0e2765d3eb497bd2a7b42749b581559cd5865e8d6023d5540d0a499862cb687142d55c773f93d0da6dce8a661a8b2c33d931631b7e0a67feeeaaf2445bd69daf87c7ac8b8cb185460a450ee825dfb44912be9781faab9219c5b9acaeed4dc3c834ba2140001000200000007000000000000001220040604010200f8aa84e32d4fe68ce36dc1bc6b1b2fb489f97eb5dc99d63232d92855f5a0cf7e38c61e2d61660a48f62c1ea68ebd438bf47cada4d2f78b4d74b30b68f6142492b00bfc4ba1767d0a32926213e813a607f9a8bb219f03480194fea15441dae0e5dcac13b16a351295231c237a48d2a6428362c02d0ceacc2fe6ed2f75ea311783e229c3402919420ba5ac7aa67379c37ae19b92e85b1225b65fb9823118e2a9bc7a4548c58140fa4de8bbd3b6a2a7337817164f0814763d4aa723a54cb5be7028dcf6d4d5b8e8ba84473cd2d9e725374586d5ed8af712187b00992b943592be4ca14f16fc7ad37199a1a28e005544f7de24e7e028b195dea56d8589b98147ce3c9d6c063d5ec1569d84837d1b2e55c5c354665f9cd73f6525725f43b1053a3535cff6b97c005a87758a801be3614ca48dad3b2159c48c5414381b1c4597d3670165fe2561ec852eb7958c80b897bb543f56b11afb3ac06879c84e322122784fe00c44b292dce24da8813d107826cc09291f8ec178d2b65ae8416ac94ee95470f5eec133e1f37b09c047f2288a86cd73d51622567993369264842709521f93547badef7d2d00f04e0b57dda8607c9c537f223be8f073ddb7d27f30c3d1da0dd619f8a2dc7c87a26e41176ea4f87ed089a45b661ebe7aa72dc4465a33045b0f385b3071ff21e420af8577c4da2d627d120ab78757d76f0091bef645cca7861a70aa673b82862ea586aa00306ddc868392b4913e97c0e011082d47152654115bc1dd3c4e235554b2c7038d058934bba3766a"], 0x24c}}, 0x0) setsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000140)={{{@in=@rand_addr=0x3, @in=@empty, 0x4e23, 0x0, 0x4e20, 0x5, 0xa, 0x0, 0x20, 0x11, r10}, {0xffffffffffffffe1, 0x2, 0x10000, 0xcef1, 0xfff, 0x4, 0x401, 0x10000}, {0x3c35, 0x2, 0x3, 0x9b12}, 0x7ff, 0x0, 0x1, 0x0, 0x1, 0x2}, {{@in6=@local, 0x4d2, 0xff}, 0x58c217fdbf3eaa0e, @in6=@mcast2, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x1}}, 0xe8) r12 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r12, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r3) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r13 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r13, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r3, 0x0, 0x10007, 0x6) 21:30:35 executing program 5: r0 = socket$inet(0x2, 0x4000000805, 0x0) r1 = socket$inet_sctp(0x2, 0x5, 0x84) r2 = dup3(r0, r1, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r2, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r1, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x7a, &(0x7f000059aff8)={r3}, &(0x7f000034f000)=0x2059b000) getsockopt$inet_sctp6_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000140)=@assoc_value={r3, 0x200}, &(0x7f0000000180)=0x8) mq_timedsend(0xffffffffffffffff, &(0x7f0000000000)="d0904b7def299a44a6f418b8ec766e464c586f76db33e58c5e9465b21ad569c39cdda937874856698686f861cf", 0x2d, 0x1, &(0x7f0000000040)) getgid() syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:35 executing program 1: mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='overlay\x00', 0x2, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}], [{@seclabel='seclabel'}, {@smackfsroot={'smackfsroot', 0x3d, '@selinux'}}, {@permit_directio='permit_directio'}]}) r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {0x0, 0x40}}) 21:30:35 executing program 0 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:35 executing program 2: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x17) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x9, 0x0, 0x78cc75c3, 0x0, 0x1c}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x1f, r1, 0x0, 0x0) 21:30:35 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:35 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0xfe}, 0x0, 0x0, 0x0, {0x0, 0x1}}) [ 315.178577] FAULT_INJECTION: forcing a failure. [ 315.178577] name failslab, interval 1, probability 0, space 0, times 0 [ 315.214717] CPU: 0 PID: 17195 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 315.221779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.231161] Call Trace: [ 315.233769] dump_stack+0x138/0x197 [ 315.237417] should_fail.cold+0x10f/0x159 [ 315.241582] should_failslab+0xdb/0x130 [ 315.245577] kmem_cache_alloc+0x2d7/0x780 [ 315.249747] getname_kernel+0x53/0x350 [ 315.253645] kern_path+0x20/0x40 [ 315.257015] lookup_bdev.part.0+0x63/0x160 [ 315.257026] ? blkdev_open+0x260/0x260 [ 315.257038] ? btrfs_read_dev_super+0x77/0xb0 [ 315.257051] blkdev_get_by_path+0x76/0xf0 [ 315.257064] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 315.265194] __btrfs_open_devices+0x194/0xab0 [ 315.265213] ? find_device+0x100/0x100 [ 315.265224] ? btrfs_mount+0x1069/0x2b28 [ 315.265236] ? rcu_read_lock_sched_held+0x110/0x130 [ 315.265250] btrfs_open_devices+0xa4/0xb0 [ 315.299956] btrfs_mount+0x11b4/0x2b28 [ 315.303855] ? lock_downgrade+0x740/0x740 [ 315.304493] ptrace attach of "/root/syz-executor.2"[17213] was attempted by "/root/syz-executor.2"[17214] [ 315.308003] ? find_held_lock+0x35/0x130 [ 315.308017] ? pcpu_alloc+0x3af/0x1050 21:30:36 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000140)="8da4363ac0ed0200004000000001004d01000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a1ff0f000000000080967d9cae7e020075abfc9c978539cf5384fec60f079b62ee94bf65d58caa03a25e7474ba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38892e0c0000472ab68b77c36673779f115a63a26e1ec988699f000000000000000000000000000000000000000000000000000000554eaec8238624bc71c90dedc118a10b35bcf63abe7fe95e82fbacbb5930ae26228e78e27018490591deae0e507fbd4464ef15399a34402f764011873f19c30773dd7f3b6d2d9b97389a570da0821df2ca0e4842076e74b68a1d579511e1d78441c25472721d3b5f99383e18edd001743b406b58441e6f", 0x148, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:36 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000080)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f0000000000)={0x7fffffff, 0x0, 0x8, {0x0, 0x989680}, 0xfffffffc, 0x7160}) [ 315.308035] ? btrfs_remount+0x11f0/0x11f0 [ 315.308051] ? rcu_read_lock_sched_held+0x110/0x130 [ 315.335079] ? __lockdep_init_map+0x10c/0x570 [ 315.339603] mount_fs+0x97/0x2a1 [ 315.342989] vfs_kern_mount.part.0+0x5e/0x3d0 [ 315.347499] ? find_held_lock+0x35/0x130 [ 315.351578] vfs_kern_mount+0x40/0x60 [ 315.355399] btrfs_mount+0x3ce/0x2b28 [ 315.359214] ? lock_downgrade+0x740/0x740 [ 315.363371] ? find_held_lock+0x35/0x130 [ 315.367444] ? pcpu_alloc+0x3af/0x1050 [ 315.371352] ? btrfs_remount+0x11f0/0x11f0 [ 315.375601] ? rcu_read_lock_sched_held+0x110/0x130 [ 315.380655] ? __lockdep_init_map+0x10c/0x570 [ 315.385168] ? __lockdep_init_map+0x10c/0x570 [ 315.389680] mount_fs+0x97/0x2a1 [ 315.393061] vfs_kern_mount.part.0+0x5e/0x3d0 [ 315.397570] do_mount+0x417/0x27d0 [ 315.401120] ? copy_mount_options+0x5c/0x2f0 [ 315.405542] ? rcu_read_lock_sched_held+0x110/0x130 [ 315.410580] ? copy_mount_string+0x40/0x40 [ 315.414830] ? copy_mount_options+0x1fe/0x2f0 [ 315.419348] SyS_mount+0xab/0x120 [ 315.422819] ? copy_mnt_ns+0x8c0/0x8c0 [ 315.426840] do_syscall_64+0x1e8/0x640 [ 315.430736] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 315.435570] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 315.440744] RIP: 0033:0x45c94a [ 315.443919] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 315.451827] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 315.459236] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 315.466654] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 21:30:36 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x20000, 0x0) write$UHID_DESTROY(r1, &(0x7f0000000040), 0x4) 21:30:36 executing program 5: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x2, 0x40000) ioctl$VIDIOC_S_PRIORITY(r0, 0x40045644, 0x2) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SIOCX25SCALLUSERDATA(r1, 0x89e5, &(0x7f0000000140)={0x3a, "b1387eaeaa6d5c4e91647a1431de9f4a16766bc7f4db06a47c1c61ef5d2870cd0b3b5c486bb7a24934f3f458f52d734a95ad33b73b001c04c443a5f51d609d8e267d62791f0e09397e5e58799eedffbff7a1d4fbfa09211e3fe06644183c8e9cf28b78f9d5d53f9bfd9e34cef872195d820a34d1498377a231ecbc10c443d81e"}) 21:30:36 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) creat(&(0x7f0000000000)='./file0\x00', 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x14, r2, 0x1}, 0x14}}, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r3, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="84000000", @ANYRES16=r4, @ANYBLOB="100025bd7000fbdbdf250400000008000400040000004000030008000800020000000800050000000000080007004e240000080007004e22000014000600ff010000000000000000000000000001080000060000800000180001000c0006006c626c6300000000080001000a00"/126], 0x84}, 0x1, 0x0, 0x0, 0x4000}, 0x41) [ 315.474014] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 315.481274] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:36 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket(0x1c, 0x80003, 0x2) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x85}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r5, 0x4}, &(0x7f0000000180)=0x8) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:36 executing program 2: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xd) futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) 21:30:36 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x7) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000080)={0x101, 0x1, {0x0, 0x1, 0x10001, 0x3, 0xbd}}) 21:30:36 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = getpid() r2 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r2, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf2", 0x52a, 0x400c047, 0x0, 0x0) write$binfmt_script(r2, &(0x7f00000005c0)={'#! ', './file0', [{0x20, 'lovboxnet1!,@'}], 0xa, "b7c0407166314d8eea63e23e8b110885171508fd2d2e9c573a3d8afe83ded798bdacef2da77f6c89bcbf524c6c59c59db70854c8a1897aabaada1ae3b3574c9c18735cd52089dcd681ae44d65a86bc302b037672c8c9a5fbb41104cae08a3322c0460eb9d21ec407ad9d48b200e5bcb099bae1dc120745d7cf6c20d7f9a37023863c5a0aaee5e1deafb727527dd45acc47944ad6a8ea910a3fad99402825f73a821ea3e53c0697c859023b75fc0a18b131b6d92dd035087b32a08d55dc71478750e266fedf1283c96ec60d44e6116d79e2131bbd4a6ead461039476bcc37c47653ddb8b6be58aa5febb140208f572df1ee026207295c46f1125e8ec7db5117379e385de818c7910b06e1592d06c48b9d470abf6e2c029027f7180caaa301728e4b4a4f303809d83aff0d14d72bfb39c0127b23fb5383618c737ac8f52dbcb0787d7a5b7252b2927ee607058e1f288f2af2328e09736d7ca933ba21515382e72c0b6b1c5e8008bbf96457899116fbb55df088f5681781d7a27e6a8bc445337ef56bb06c801380ad53bcd1c7350a6fe08da587db629ae9b7422faca55f2653ce7d41c60d7dbf650e0993fc433c03608d874b596044b79cff53610916fea92da8bf68af09d166d5977a82d378ba6fa99dae4352a2e10ca25eea3cb299b2649e0500a3c1ae07aa3ffd3c5faffd0958c81d78513624394e29069a345cf8321dcce78ce50900a18becdc88a9abae465bcaa57587d135ed87d3a14272b017f3778f7ff801550dfe6873183de68e4b82091561b0ef597601a8918a22b9c6e6ccec22c4e627c2dc6a9dd0a63ae3c4c51ae2b5387baa5837e535becff01213442911dc2847ea33a3f43ac0fb660c16f8ad635b08ff411469498d1c60f637ef560c70ed94720adfb59ce8830b9462d0b7f81d0ad035fdbf780d0a8e2b572ed7b57b8c560cf901025dfceb77bf39f07483ffe5e283f981b739d6476460c21b97c723c636834dce5a1333637ca3acf0aabb16e466dd41794a8c1cd9abac67e7a3ab715edfcd23eb9e5d51c6ed800da264041686be6a4d94ed9757f13c493de9f8f0252e50029f97f51b6040e5f1609d6fd1f53d367e1842be36d1d694680f2836008ab7a251f658eed015000a9c0f097ff5fe05e408610b1c12576c16ba29762dfa18b9ce8cb58ea80f355a52f176d3fae675241914b3e889c905c7e4c2b898728ca16bfaedd7b3084150adc7c9d6d16c414aee9d796f52aaa1cff7cbe8f37f18c09cafd6e953499045a15265575f034bc68108a9aea7ee2ddb0820490f7e0e2ac6e4b4ce834eb05832cbbf9d0c125f3365d4a41c81ff2b900bd06a6820f3f312c5d682cd0f8f659d16bade025ec419a429dd1f7c9473d5c3c32ab43a1f21177b6e014a625b49f1e5ca9f9c86ff6939afd8b5e13f6c73abc600f73a7e2fb0ba47c32b69543cab14a26b57bc0046dd392c34f486bbd84ef9f839d3fd40395369b46e7b22e5f5e7c84c909ca76d0feae3a1f06f3454509549fbcfdcb75ef5d9c2a232599c0be4ab23ba24bd976a5219d9733652e1d746ddebb2e25d5f60ed25d2cc2d03420ba5f9bce92a55f2a36c6b6447b8e76c116f75a8e9f5c8244e093b87e95fb8da6d957bc560a80a420f08ce81cb9bc9b11187d9acc092ed33dd881125e918b2a3cd8fd669cb9779d9c784f243d445a99aed492ea7e73e67898f8d1f25a35d77b0cd646c32ce85469165ce2d09ebc029318acd50a4cfe7a4d73ff895b46fb199cbb4ee9f528b60abadbfce82f2ce738c0c1b9858096af3d52ec8de2d40ee2b650ced386e7608c3ec6ffab71f243d47a80ded4ebd634e78b2bb1cc261750050fb2a0909a6a90c2b9c50a0ed29fd25ca53e100276f315468694854d5f68e8e124f4f02783b34a64c96ca376b973ec6b9b81806597999bb1116fae0a73b12ca9965a3e376ded20713224350c08b95a4c26b39c123e8b7f3bb00e95ab294a265d26f8abd08c86379fef5d3c15e13bb7ce8659de3cfa198d7b81520fd397ffb7be355983ec71581bbf6ed3f24545b0b0c5f3cccb780775f33d05f5d9b801d64cf75b0a387c4fd37e838eb2e53655f8b67ee4b142a3db616d49d7c1179584d46c9886fff1bde16e1e970390a2e9ffce17af0b9437a5cddcc2e9380f5bc3eddadb8b2285a906948b13b35b3723bdb3e61a6c3cf818eed63fe82d92d5590eeaa32ea13ca751c7db45a790857b41ae1db069ede7077bf7cde6a6c37e0d770c204a56c2715b63c491854fcf405f047bd0ea56744f48ebc752302359e8715f9e826df01f2230d55b26d1c0512ce1640bee16846be1f217b3270d70bdb10627ca42a3f0420e4512fa8eb35478f626ef945963592d407c4da5351c33256b554c89b20b5eed68470828ff35bbc954f7f721712f231cec42cde1bb3c76419554d2d4a27273910a24872b03d618a88c202c906e4641cb7e2c213fc6de62db15c3a388fec49eb20c8b8aaa60217bfdee08b1947d918e1933a8186f58ad774d6a417923fc5e6fa2d9486d250c6a864a76c4879af82b1f2614c16a4be1030f0a3bf42005a00e1be1e749de5fa1f3283c86a9323bdf796f2134554426d2183411ddf96adaf964ab738aa24665ecf6aca18e5a0a5f2b5d319f833304f95538347d122cecf75fefdd0cd51e2c62aec2cc6220e82cc190c6326a9ff105c1215bc94b7ceebd8a133e2b841e8282a22db7d02a82cb150a6a1500a5702e5789ed9409eb1d8b644efd42448e224093c1688f710c920edc060d9e76ea6ef8bc9fb28ae6dd38f3027ae29dc8c9671a8a3bdeebbdb865da60eb8dfcbe9a44a636b5a68301c8b721cb55ea849378c41a0cadb5fe7e522841e984b4a693150bdac884b3edacfd4fedec5984254fc372b78489c7746ce6116c86bed4bd14637fa4c074ab0f978c30508c896135127a304d4dba2f6f969dbd112a860e668d009329fdb9c11f4d0ffd9e3eb7104c11e62136132594e0af47b280e35a991113b717b2481432bfefd4b0da1de839f6d864253c49997478eb9fb445da90dd6a4c0a04edfcf2a296e05f4779e70774cf777f01f1b8e116d8ec4ec6ce8cdb4a8d2c029b9a8a5098c48b4e37f9c74544b0d771f0e3e2f91f3d534a4a2207452953b693c70e07f6018bd9697de1ad5e63fdad992b4443e37172dc13bead0ee08166f9aabb8eddb1394fa96ece9d94a39f7e3eccef6790b5790b0c07efa6c624b943b1e3e501cf31c9f923d9a774db9b9013840b6c13f3b7ba7fb701e5471f5d88b7422c1630a94fb63db6023af4312921585e1e87f6cfd44ab3a823bc6ce0facfb3009096517d1488823aac61509a195a9d28899c2dd45ddb3d0d2b18bf32ac58ae65559e39a57bd31c3e19892ba4dfb908b3fd0f84e7547ec90a56a938751613491cfd358f783aac83732783d45b8aaef94c2353e34d9ef5dad366f879b5c680e3e0abd456289af95aeaca483199863ff600a6b4e1f07757357609983258e29286506ab4f5dd482143ba75672719572506508ba1e370a6c8cdfdfa41aab34e24a6684d8a2115653f3ace58f27c37122ebcfb183d4e20fb69097a2c39d3a80ec89013beeb46e17e5972e6198353e5b3670dd1e42488d327b13af5c5d8737ad92a070df30428b3b642a15ce004f7b201fb4170b946a06c882b63f62bdc9befbf25eff2a2b4beac76574c7c5f4587b2db8f632bc4aa930f3302f6e462ee4ae55ecffdb2346454a2983b883a4d18f518c6d1a861d81d12b36ce04ff24f761fea799ccd6c2391c009825406453ab735c1e64b25c34d4a7339979a33113038be6a59f12bf9df5d419d0eae32dad1052730c60292da01e1f78bbd8ba892ad4b2b9c329743ad1868fcf63327371a36e3b62a82e97aea7596fe9f51b11ce36ecb41c7f6c1711065799ee6234da91d357428a2380d9c257a3f43022c3e2b8995178f4771af4abf96b2c79ec9cff457a225f128ecbf90020492de3ff0bbacbd304b9a991f072d91a8e22c8ed4b39aa463b785d1dec6d7902947580c25392eb51b9d03e84378f4fc3c381451a5d7d4d2b4c9714f7f3d54ace20a5564257153545c061bac7c1f414710d669d4c92c36d08bd7b9d6756254091e48680c6d17e28a2f843852918e13d48808b65279aaa6523d43b7490bd1eaebe41a619454360c2a0197a82091995bc659aeb787c229c4df7290d2d7b4f719b5960d319f684bbb5de38037d3897467f8684b87636ed9b9c22bd8f00b453b4b30acad404164fc219dc36f58cc3dcbf6682ff51f294bd53434673316dc66e00da46448b73ddbfe111015af29ef332bfe47f9c067de0b7728f5c1c6a1057767afe16478a33ee5ff35fdefe47ee3bb73000ab70a702651446622245764e1ce1567a9438c62d347a2a194f60e7ac3f6752f152a5a5ccd3b600777b787c42606f0740d397a691fcabf42010c886170081f51139828ebd3bd98677cd7afebcf1379f1257b99a981960411fca90f4283008c60570d46fc1e4f1e64d29f17463a4de2fecd1b28754e8ddd90d23ed923766eebc49d9092c6d7eba0a26b7f995a73aff4c51060fcbdfa9ac90e27cdcd762197a2a94e19eaafc9daf075f876e8a90eb521e630057b0ef453aecc09384bb3799802977ed27ca6c2a57b416c44f9314f17638f43a2933ea6b37ef6647d159d60cd92d9ed01b5d5c5ec1ec8e2154cdffff1c5f60029e15c2569b419d640ed52d3accb14c85a616ee6661d097ce1a60ef1cd265d8591b5a9c1e76e27c4ed661f5bb33f25dd22e2728610e0cfd7091eb0a2d1929aa9547d6c790b66e99c8f46cf35c541b00ac0011922dfbf06f4270db15e3fa81165a66658ec8f6a55a7b86248fad6311b9a17a8188e4520a885a43ee11159d81c899e554321576dc3706f92ff89a332df2b052f8a2b1662b0559ba018a2a3c398a697f606ec594ef50e618b45c692e14bd5e6dac17716d19999ff7793fb93fbabc79671f71ce1cd8aa58caf3b3a8cc8f66e48cbdd789ef9f0f94cff84bf4b82ee8b993400fb08a1954303ed19c2d86329e8f26a2af0d0785e78f54ffd5267d7486fea33454e11977cbc725d20697459be5e4bb154baff137645af30e8981ef80bc1759ab2d3d297aadcec4a624ccdc39e7d8aa0dee5a71b929f07f432863bb0e39a15ea105e742200d586330de3cecfda9469bc5b67f0245cab53304c46ad65332483734fff1215bcf6e895e16cc14fa2d860269caa20e58c79ff1d5407104dea5f267a7b6020e6c59e841f02e79688ed46e3fb228e815ee58af823b8f67a274018a56e3f54da6863ccee0d2010b1f4d720df73c9b484c0bbccbe4d5a59308416b76f906c677b28ce3299320a9477f452b91e9290462b469019bcc2d9891d7b960196ce0a6b563fcc2fc26065e3ab10108f2e500bfc9bbb1d14ec6e50c9b7ad839ad5a054c5b9de901c367b7194f51125525a9a0d203e979fe3a51b5bd58b5a99c3d94ab5a859bb1cbe8152aa80aab666de3e1c6d584f13f3ffc61d8989a05d174110b9578264ad800fb4a565001915ade54ffba00c6d4d1416126632ffb9c4c00485c5d1b52c19fa9d98b613e901c23d8d85f259a61c2b82ae9cf787be932ec5449e19e8741858ba79e01e791746361b0d3198f09c40f0cdcebd44c1d47a312231c440742de56aeb64c1c7697e482a220019be811f13e16c8aca9f6b6fc8d35a8d972850492eda68743f0748308a4c1e2e6f881ea19823be72718a53647c948df11e51b3e7b3fec70facbc5c8cbbfca69b3110e920de069567dfdb0309a743c6b875254c653b90c"}, 0x1019) sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r3 = getpgid(r1) fcntl$setown(r0, 0x8, r3) r4 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r4, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x4, @loopback}, 0xfda4) sendmsg$nl_generic(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x802}, 0xc, &(0x7f00000000c0)={&(0x7f0000000240)={0x304, 0x31, 0x400, 0x70bd28, 0x25dfdbff, {0x1b}, [@generic="3696cab9ec53498a3a9d2c4f2dd6102dc7c156bbbd0fb1a2bfebfcc9b564c77f5a37f9ab01dea819e6c41605b237d9869928d6dd9e2522b91fcfe6ae0235dfef46822752a5c90298feb19a83cba424bd447acb30cb70a441821e42f9feb3661c5cb7e98a74e21aeba899decf2668716652f0820c0c442b7c8acc5b2129f8283da0b816f756031a8e5ad3e77285dda6228693591c9a74ea9e6c68914333afaa111e508265bb2e46fdf0bc269d1a1bd91369a4ba61409836", @nested={0x238, 0x1a, [@typed={0x104, 0x20, @binary="3f5cb667f6870bd6a43688e21d703f5cd5683b349cd0b4fef6cd3b00462100822082aa43ea7b46eb90cf22b7b50d1b26e167a99a30faf172e0a1d76dbb20de74d7581ee63c06769350e136673f02d7f5ab261e51fd61eacbde6ad96673d6ddd9d12652a4c749e7bb57938dffc0e54cf6e7c3208bb705dd813c6c16174ac7c956234db3830b465fabc649ee5afefbfda6b05f6e3f24d206b1578752e83d95dfbadd7df1d40ab232d424ebb540f6b5caca7434a124911135f6385176ca98381d01e4ef9a0ac87200ac517a7bd47121f18897c437634c7f91d310f65919c0ab9c21b138d93963902bb1a29077191c9721e794f243bb389a52e4329f4a411d"}, @generic="4966e73d2d15a7dd6dddbd138df22e1093d8c9891c48662ff2199a7c60883a53770dcde9ae44", @generic="85abe19f9279edde1d5049cc14701f84f5821579da52d50c9380c07f91d11a8d1982350ed2f724dba2802c3f54ad08210a420ec8dfd672cd6b04c3e156ae7552877423bfe3d90dde20d24b1a2bdee2763742585ad8dd2db14f930110605b640f1163671a91e8d7fadb834a4ec533b3f550848c864e28d4b7dd262f96e08f1562fa463ee4064a43815dd829cdb6b4107c", @generic="56fc6801a4fbcdc9fb6eaf5a18f17046b0463a53e0d4361d321a17caaee9792c6ff5ec95ac5508b12e7c4a01775178775cb9aa5087ce949023ee040dcb8d3910f7ecbd8a58fa44343e44a6960fae29179d3e705a4f87079f54256babf8fb3891fb00770bb7b55e5de339e3da1a9186030da4bbeafe882c1d6c13"]}]}, 0x304}, 0x1, 0x0, 0x0, 0x1}, 0x20000990) 21:30:36 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x3, 0x200281) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000040)=0x8, 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:36 executing program 0 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 316.042416] FAULT_INJECTION: forcing a failure. [ 316.042416] name failslab, interval 1, probability 0, space 0, times 0 [ 316.074993] CPU: 1 PID: 17249 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 316.082068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.091432] Call Trace: [ 316.094032] dump_stack+0x138/0x197 [ 316.097788] should_fail.cold+0x10f/0x159 [ 316.101969] should_failslab+0xdb/0x130 [ 316.105962] kmem_cache_alloc+0x2d7/0x780 [ 316.110149] getname_kernel+0x53/0x350 [ 316.114053] kern_path+0x20/0x40 [ 316.117433] lookup_bdev.part.0+0x63/0x160 [ 316.121680] ? blkdev_open+0x260/0x260 [ 316.125575] ? btrfs_read_dev_super+0x77/0xb0 [ 316.130089] blkdev_get_by_path+0x76/0xf0 [ 316.130105] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 316.130119] __btrfs_open_devices+0x194/0xab0 [ 316.130134] ? find_device+0x100/0x100 [ 316.130144] ? btrfs_mount+0x1069/0x2b28 [ 316.130155] ? rcu_read_lock_sched_held+0x110/0x130 [ 316.130172] btrfs_open_devices+0xa4/0xb0 [ 316.160426] btrfs_mount+0x11b4/0x2b28 [ 316.164338] ? lock_downgrade+0x740/0x740 [ 316.168507] ? find_held_lock+0x35/0x130 [ 316.172583] ? pcpu_alloc+0x3af/0x1050 [ 316.176500] ? btrfs_remount+0x11f0/0x11f0 [ 316.180763] ? rcu_read_lock_sched_held+0x110/0x130 [ 316.185814] ? __lockdep_init_map+0x10c/0x570 [ 316.190334] mount_fs+0x97/0x2a1 [ 316.193724] vfs_kern_mount.part.0+0x5e/0x3d0 [ 316.198229] ? find_held_lock+0x35/0x130 [ 316.202307] vfs_kern_mount+0x40/0x60 [ 316.206133] btrfs_mount+0x3ce/0x2b28 [ 316.209951] ? lock_downgrade+0x740/0x740 [ 316.214109] ? find_held_lock+0x35/0x130 [ 316.218180] ? pcpu_alloc+0x3af/0x1050 [ 316.222085] ? btrfs_remount+0x11f0/0x11f0 [ 316.226336] ? rcu_read_lock_sched_held+0x110/0x130 [ 316.231386] ? __lockdep_init_map+0x10c/0x570 [ 316.235896] ? __lockdep_init_map+0x10c/0x570 21:30:36 executing program 2: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xd) futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) 21:30:36 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xaaaab6a, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:36 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) lsetxattr$security_smack_entry(&(0x7f0000000000)='./file0\x00', &(0x7f0000002780)='SM\xe2UT\x00\x8d\xe9\x922\x03+\xeb\xc5\xb6\xf6\"\xe5\x82\x03\xd2\xcf\xee\xec\xc3V\xa65Bj\x1ck\xe1\x94\xe3\xf4\x0f\x14S\x9a\x87\xed\xe4y\xff\x93\xc7U9\xcdx', &(0x7f0000000100)='l\x02secu\xe1a\x1fa9\x93', 0xfffffffffffffd37, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") syz_mount_image$bfs(&(0x7f0000000040)='bfs\x00', &(0x7f00000000c0)='./file0\x00', 0x8000, 0x9, &(0x7f0000002680)=[{&(0x7f0000000140)="e22e11d83a32848c62c3dc6f86ee90f34557231a", 0x14, 0x2}, {&(0x7f0000000240)="ae7b26e2294a4c839d020e751e774ce41c65401cb28909454d59bfe2fb8645242164e951e1e16e37b5ea57359bda324c0d84510bbfc3caf6bbbcaa423c2813ebb546791931e587e64ab3498eae84f985dc242917461f9fd59db61ec30e035469989cf2355b2c6a40c155bf97065c39931d373750ffbc50e8e74962c4ee9d125f75d77cc0a7b6577c1cae30ad20e9294658601c1ae7edf09d359e74e7487d2357dd2e9ef6c69635434934f908a2229846e8a76ca0409bd06342850601e3bb321270943662da9980f70651bba00116406aacf5cf0c136fcee0cb3d03235b5785933cdae91cf185af1e33bfc567b82da8be540e0fc7901f8e947ebc1c", 0xfb, 0x1}, {&(0x7f0000000340)="e7c6288e4a28972cd094cff544d0fca9c67d322bdba762f101c975e54c1d267e8ca34cae25564595b51cfe4d48e5cdfaef4a9072fd920f8d497cd0fc9deb76f753ca86a9f5b74b049d49ca7ead9f92544861aaa549e8961dcdd99773930661c8f876348dc2b1f9bafb2505ec5a031fe5b969cd3faf0d60c3f0a8a8f79a4f5bc9e02d06fc498690c1bbe8c9808bb9e7b9c8f043af5b195f02a6b298396c652e7f79c2502eb6387c47848f25c3bd10c8d7fa63bf925600adfd46079baf03029d66a51dd1db100ccec9d85ac737743ea95b9659b21549b82fadac2d17bb8b77f3a633757d6c7adc6b89821e92493318650508ee7a7b6dcbab5bba329c02525303eff070e6f25821b57ee00e6fbab09a73983ae5cd475bee8831e18b3650a0763951a3e5fa00a1f300e47a55658f23ecb68db2b89ec145a78602f35d290bd66edf6ae2042dbe83d6cc4112d6df94d90d726587470fddcc107c495a6d42c2795c1ab93672abf729e6eba592ec51e458b06ba2e4abff3ed20f0bb89cf6ac4a107b6709369a4b3c7665f8b8f98b82db44a8d4add4a0f0d1f205433a03f811dc6b40ff61d2f9d6ca95a5cda890553691be49895897bfe1ef0454ef9b0a92937a2c55acbb0d55902ad217556c944d64d4422039d4b6a5d922c3f756318dc6f8da96ea16261b3d0f09926566605bcc174101e4d810c01a636d09b07be070ca9cb6a1104703fcce85afbeb700a5645d5435493bfb7090300cb7569aa7bb7fc4c9a2cc212eaafb147e4e3f623f44d2e2a176ba4d6b085eb755c8e06d300408d6adeb225fc69fa9a33e4edf78664c69ab8ad1c92b7dee327324bb530193e83a6ce73397f579592cb0d55a05643d4cde2a6286937505e136689d879e8bd8ed6f08d19e027f2ef8463059259418a5c1d59b43f42fde765753c70c48ce86f34135c9881fc7bb9f28775a4ae6883d09e083cd76bf7bfe9447c27d9f1fb32cc39a8228c8ca98201181cecb4ca3a1fd0feac00f7fee7d4c3a6524db94403733da45153d45fe249ee91901bda123a853b8111a564783937ea4de175eec6b23f1670d12f30683a6306351d2104819a586f7ff70968e59c669e84167bb60dbb06cb446ad000c5737e6a2a08d610c1cc42564801546fb3ee0767cc403ad2ac7066f10ec71e99d2dedaef39e7edb23cfa44cf6b3229a20e0038865ce8e231eac198bd4217e06addd24cd1b6d5f19657ddd087f74f6aa2698cd0b8db33ff9f830488e961ed7147a03fcccc7a9c631693e7a9f705243d597f48ab80ce1b1e4f29ecc1b1a981efea61a630e49585b8185901f9bc80518145e612c3921276f863817f60587644ec690ef1b96b7caba6d74c8059fd25687d40d217a04c3f52cce091fb3adb6ace06d599069e45571006f180ba52febd4d1971989a6f94bbebaf18e9428eb8ebc0a2b33b3c393df76d7ed288210f09af8624985c5cd2f88fb10b3ff4c6e952201920410bbaf7224f696f8e632f305d9499311d44f7771ba58466683cf141a56f2460d209229f79d970212b7bd2c6ccf6bb8892a9f11c6bfb3b8e1482d7f1f2c667dbe51c1f14a8c619c13d3dd631930397ed33bf6181f3dab9e6bd0bb1884c3ff38c04cf3b9fbb689c7bd47389388d26800798b355068d525601cf949ababa37829f0c0ba545158b685ef32d11733678443a8cf6f45e0fd7bcb7f3cd991b2830271ff47f656a5934dd745e13e7b3351658eb04d24652077ee3357f51353dd8d415e58720fa0a9fc092686f49e38586e8b472362896fe03ba9380cb8e6919871219e59b7e0454621c21904d717d231cc128a80eaafb158daa2f4770cdcaed48b1d212b131de6deb057c65d57a14a7d80e21012f28d08ead849d12b391e65ce4bee86d80ff9ed618abc16e78a2c22cc2b71498d91b410cdd5b4f5ef7ddaae9479e15ebf0dd0cf751791c301fbeeb3761f9cfc0c18172bda8bf31dfdef834a185fdd398b2a73ddbac0ca0daa8894e07c04d94634ff2d6a35c0b937f2844ea7a37444519da679e34407530083eb9e95a25ec61349d1c442b91fe6daa49c4c5dec55e68af185f43d614e5c9431fc19e211267aad98981401e459d247cf7529cc1152297a09b44af12cca3e1f9c966fb3c330d017f64dfcc7ac8badee1824c1b953f08d8aed3dc598b838972abe9cd8825a9e8935fcbbe319666d9149511bce1c59961ad81b70064669239410683f127b802a12f12e4c8e21a9d4dd26d07d0b4e012960506aa25c725d5bd8b9ea36de4e51a21c85a062b6f2381f45ada57bb217b189359c7d415447f044ada11e718ecb498ddc2ae485da0057702845c34e6984d577b1a00dc8c88a50d022ec0330e2892361f3ee0edaa2e498130631917a9dae376f4be766c6292407ccc3cceeafb1ba760e2dcd7c3cb73fa2f7c03449b06bbec208dc85640bc30ece1bbcfaad82ff658d25d4b9c6e89e147a0cedc865ed149ea6105f3bfa8b5110b86e218f8e0709b19f7952a2053e04b3c6512b5b19e6421b573c59c1d7b0a24e1f63109c20ea3cf520d73435595d83a69533041767972e8a065c0f897df21289acb344d72a8f97026ebf24cb263fd527be5756ec057c93f008c2896b643eec381db3fb631a6fb563bd8d7084b2f4113cae0794e572d1c877bf7240763c80a7fd14fb394985bc4de4e4c314b6872cf2ac22923824aefa20625766ae073e016bb8b0af37859d6599e704b888c4939ad0b2639aa24d252295b1d411e8cbfe07c7036f542aeebbbd9d69daa8b8d9781bd7f6fabbc2b24ac95e4634586decdb4c0c2c5634bbc22f3864e1dd5e05e99d7c379d9ac238baea31cc18c56b5f5fe439c559d5451a9851f9ce91a38056933a27f686d171a51314ddafac26e4cbf0487e2249ba1952ae47b87be47a1d4fa3929bf25c6e063db4386c47294a076125bb4e9ae4f5f2c83513807a3fb1800aa72192f4f7e27efa144d545ca854973a2e7f713001f1fd77f382752f5721d9d97fb9600599c3cba11388db2809544a175ec2778cca74453252824a53221549a83c32209a0e6aa6458a6554d9a77aff9c2f268d735bcfb6a3a164c176a18d6957dd54cc23158c8ed50803a8b39a106508f366ef0d2e0e3b538c840470e753f097882eb5fa0023b402cf696ed54ef31045351acd62c83ba85de024d995a7d411835172b54c649d7e7a7f1099bc3a598fff12b16607876dbcae3ceacdbaef79b85a6e3a861e5d6ddb76ab12eea80501ee68bd59644cfd53943e94c2c69825ba53b2472d00bec5417a4d9c5fb2763ded56a3b4ae55aac0772b01eb3638d2d54f1ec0270d5a6215f1e3bb2e22281e205010bc043373a2ac65030e891c5605fc22a73a406d8424f7531c5891dac59087937b9ab12f5baf25fcd368c2fec5d049e0888071bc461e22fe795c99eab0d4597f25d3252e44aa47c2af7d6f19fc5748679fcac36ffcb431b326a3a81ef7b27e6416d5bb1b400441c987f2f077b90c702881e9bbe7782cbb36a220c55d4c7c305a9467d309d6b30ffc5cfe888bb752ba1107c6cc620d7a845b73cc0bdb453cec0d8319c153dd6dfd13d40417e5aa80c0f3e25393ad82186a220f0ad35e807e8e0062845975018a8db197c93269af5883aeb9c8e1d8315a47b91646885e210dcd7e27408d94392d15f9fc3c7dd4c494549cf2404130e5f24482afe5eb1c02519740ae7ea461d3b3385a0c7b0d28f1bac1a0a7a3f72c29fa731d0b172367cb022ce0ee9882bf8fcddf10a6cb9f4a55a90aa5e31e2c4c22b71d2c3988a12f46ee1b5041ad3cbf562b1315c6ae701964f086da89cdf4b7223c8cc6bdc4cac476a5acdfa1cd4934a0fea62e2a1a261d4e4ed3573d958e1c21d9c80c6a9b7acb9fc260bb3fe0ac327442a00168f5a210b06e917a02d099f4a4e41eb541e764dc655fcdb9ae36ed5ad568493bfe1530cd51e7c95565606d8e76f3fa8ce9dc07c098459025fcd6ba83bbb127a5759c8ed8ce67d27f97ebb20e7002ae42b46633a13ffd4c93f3efe2ae3bf995ef16f66b62f3c8e1de0179b242e19dca94747c4d1690feeee39c05f2a7376d600131ebcfb9d7f1ca509b1cb82b7f302013d1b88efcd0f6bbb00865fd5b78274d075c9fdae9fff1bc7f9236c5837d540e5a5e422a52c09396614897cd82f7e22e482d24bed9011b3d3a1169bb96226c1df6d0f5d19938854096968e006859cea190d447e020ca72c85319e13ace599752c287bcf4ebadd5e24ff1eec5eacc47d69b742d9a409ce9a2e93bb09cf35197401a5e02e053e509eeb74d27ffde9eeba7cd32b1016034adc76c8371a6ea0e071b70dea633287fd04be02b217cad93b7bc827ed953c0cd096d120fb7be32af77e7cac63bf9db54ffc266e76bf489c17ffe0a403cf2ebf4fa0f535ac052f028bf5409bb21d2b09edfd564f7c3cc8fb0dfb19e988c61f79651f1d03630b375bfa28f700c054a503766f22cd4f492bab50ce2b7dd04223d5454a57579e93e2fb5bfe0634ee5fefbf6cc6fe4bf20cafeb0924e0b96dc16eee6143089a289c8b3753c65de2d1941c12b995cecb8b6ca8f495ac62972de1dc253fa25e83a8dba2a62cdecada7f7aeab22f652b6eb9ca0ca9c38a7f88e27064a94b87ac56e1e3be7a1e9730f24165ce02eb839e396776ff31e64ac07c8cf1b45436be3778442de221a2bb16492fd757706e08d693acda546e8b535468a04c3817753288976b93e9d875bc4271ef9a4f3822dc5acf2bce93275507850bf694ca949e679c4368060986edf343ff2a419574bc1b3bd8a481a285872fa521fecef239768353bc565514283ab6b9a7ba04cfa3d2777eea7f0b36f26e747050c9add19b809e58a18870302bc634e971e11a5623ba0e899655c9879284baff65ab947f1c3d7aa705d7163ac9c7b26c388e4f2a7edd4f8cd8f94300021d53e96cafdd219b3f5e9f70970e249bf6a6e98e100daeeb90fab2e4d38e83352b0d5494d81e1ad9ddf75e5edb1201e1fab92063bb879c7de2b1ac35c3ba033cad031a134e2f05efb6cf24b4d520e925f3b5b7dfc9a6854ca8302790685aa38f1bcbc86ab721d3fe9ce34a74b759bfedd3a78bd037ff0715659a21a783ba30ae55df73954b83941dc2516005c8faf3bcab66ad752a0bc31b3389dc6eb365ffe8415ad67f0f3054d05122e372f3032292f74e3d8f952156ef4e348605d4112e5fa402ee973cf601904aa3a87a5652362e60db10e41057531187a6fccf50c10c582bb6e8fd310fd995c4bf44259b74cc0387d556a182c6ae5d1993ca2332901138b4d1abf4feadc89f9dfa52efd4309f0a2b0454a9b144d097fa522beeb9b2a9755a2224c9c033e2f425f8424188b679ef33213232e4b7cd77a0cc33506b7afd1b06eb629e251a75fdb0fb5bc4c25ef156f30af5fba76a41bf75858aa0217e158ec2565ce5b1a5dbc4ff06b3d07c0b00c05de69637d5a1e40353c852044ec3f3737853306e409c9852ad11f1138b42245f4586d1b4fb19968f91609ad78cc82cd9f76bd33a66ee5ff9c96af2209ca587a2a357a4065656a0b2e937b6804d4761bde65bb6eddbdd48cc11c6cbe1a9bdf9a41bf674ce218c2e347c9562d438f9898b25e5e71778dafbf17923ea64d55a57fa5b7fa6133ec68485b0f097e8b74e0a43332d074570750024e07d40107856b85bff6e7955f9be519b170cd4c1fb0b230d7eab652e5792d0513642f3a45ef9ee7fba439405e426579cf2af8e980b00590eaa2296edd753d40af257c20a669644c4cd7313f0dd5f99434d3dc44517d2510ebadc7795c8c", 0x1000, 0x8}, {&(0x7f00000001c0)="e460a1c25bbe46ce360817cbfa1eb975f0f402bcdb27b7e55e08", 0x1a, 0x9}, {&(0x7f0000001340)="0a5ee2c98b6ebe5dd0a8b045947c4dd9e7ed1625f9a2fe3f0f95d4ec625600875fe109fbf3bacd0fc2b0839f10b6a7b3034937e6bb25b382a554da633bc6dea0d353555622beedce2f2ae66437e4fabda6c4f839f8bc051b599f085ecab3bcf2ca624f1c", 0x64, 0x2db2e52c}, {&(0x7f00000013c0)="ad542994531eeb54393a6e5a894738afbd9d0f19160bc9c76d7644e5966831421a6b66c5ede05a65c0b5e9c3ebf772b24313983e89f8f8575baa467f8331254756b420a26a330d505bdbc2c4c46d51a1cc713d0e3f0d419b475b0ed9ebc7b04aa87def9967968029e95ef273d902da885b6ec7c131f7638daa960efd339e3cfd457cb644e5a75a4a0d654b76501e3745dd8ee835d0fe5502623682c8e3e0282a8136bbcc99f26ec066bdacb76601e1a13cef571dc585b418a35a06ed2d96646de2df4b076eca4fd52bcb11a0efdc187657c00927a14a3980d1c3da9160", 0xdd, 0x4b9b}, {&(0x7f00000014c0)="b75359fc057570991d039a1d6555486d9e8453b6110b43803ec06ad90d4fdc1ef7345cf9a7d762f435277f5f0e938451bf446801d6f24c0c26d87c74d585e8879bfa3861525582cd22b5ac252c39c27228a3fcb31a183b014adcc5f79cfa7085071ac2d8bd297f7becd659d89dcc67fab9a336d2cd43f8c58171a570dfb46549eb4aa916aeedcf35b62d3ce680fdf51c0f030f634126228b3a8b46b27783dddcbbafaa732c6ee42b9b2d785b7e25059cb08635756f3a9fe74a6e798b5e3fdbcb3fa3e6a744048792", 0xc8, 0x80000001}, {&(0x7f00000015c0)="fbf18094ab535fc74cda04e43ee140a8fa6be63d8fb148ce83a2a7c5b59985dd42970cbfa951086b5a7de44f583098888de386b3d256e4bd7bbbd464f71b649960049e9182c34a800a19bf160854877c33593f18670ccadf20ca65cdc71debe1a7b8fb0a5d7f16f77f5f651b344606f7141fcc3d9dd0ede07a2ed3979372b6b6c6e09c99374f3f73e6ade61de93edeccc7ac5a7eced42dcbad2be22c4c0ba44469127731e7072dcf166aacf68920a03427fec01906f2b66390", 0xb9, 0x3}, {&(0x7f0000001680)="3030407ee030eaa11cf329c6db62b5d2f8c6fa5bb3d9659ed2c9cfaa6fdb3886012e2da552b53bdfbcd0e28e8b766178724bf9e3c0db6c59877cb898a0da23274e7cd16ff44e2f0f7e67ea287e03e9a1ac6fcb826f33aecd8f0e0bfc47cc8cd7b6f79e85798df7c585c8874e1f00a6ea28b9e82bf6ee2f96538f4ee2a45a93ce0a56c666dcfdd71b784855c6d3b7822145176aa07323ff39d727de45ca20f7e2822087d67dd5eea92b27382f1c9c48b7f347a7d722d4d7d600a700b054b418cad1a57f50bd4fedc5eb53b8309e5c2a0a10c2e61209d06c420d03133b6556dd62207dbe66c14e13ee35863832086b03d9a063ba4f93dc3c554f75793f7adbe0e49d29d4b26512188fdf056041643016ccf792829500ad529f4d411f62884d8a59ceace11296b4244264c965c91bf5e25249d9ec5725cda21139946eaff6853005af44193cdc865dddfef85c6dfee9c66dd0642bbf3e2a045d4b64e7e71e9a12edb110b0f2a5fa6d391341858fd923883b812a240d6aa429243de046ad54bcb12d1f9e2822cade389d10deed8dbe709a36b5b19acbed6e8ba59e0b462ec616717d13c5ac15f3d2ea4c13dc0c1d270bc8f24d695e1687c5a4714bd2eceec9a27a8b4eff0750292a403153e5f658e1ed3da6ad575951a6a10d6981bfb8af4c02f58a0eaf5468d55351765ccd1a1b8fedd210bc5f9625728c2e33b89b53004ff44caa919c6d18cfa9d3bcb4b591ad8681d2f5046966718252f393bdb39cf4b41be7dcad942bbae44021394d345f09a1671a5205292aafe7c480d16d46f6b2d5c03a4c65c10bd45e529db97ce68bf7cf96ba57036f5e1f2f92e9ee69ba7305e8d1a9f79e10e30bef29cb2150742ac249d46c0ab3ab6b63cb0b984002e3ecf56a11aa896aaecf76c3a684e6f41f6fd223b53424781982e9fe3637c01ac8778e68e297e8b386218f191d7d090c8834c531b0b71eecde481b48a1a0795a1fd954e9b3e37feaecefd8a47f8a293ad3210cef6f8da344372afe3f58c193c1a2c79bb374bc47fc74be354e7ebd86b2d6868b67ce243aa2794fc78cd58d289e3a12e43c87cf5531433613fb6035595af1cb709d98ab3ff238738feda680d463b465e6629e4ca49a83ba23c17018dee675e33b50de25f79f94a7358b50832e3c606fc55f7fca3ad0c390ecfefab2b558a578ff1dd899dbaf20119eb09ba7ec2ff52606d3b07b5781d821c4324821c9f3c9fbd735ff9ea18921a6e3b941c8196370d7b310d32d3bb794be0118ef4dfd0a68ad07ea4c64f4635606f44365b7bd7a62cf655754bbe46992565e6f5b1436b9763675782e4f684dde4660b91e7bc96ef46f525f439d682e9cd0ee15b6dbb4bae0aeb37871ee64a90ef9597ccda3c809808075c8a19cac416d59f5dc78f6d172af30860b4daa71f9963faba3da245b91f9054ca1d94b37004e8e43997621a105ab5739f004791cbe905abdd99fd2812c47e094121723fa3ef9899cba2dd8d4b95a0c46d39f44fafcf4d460c5cfda999d9e252f3d466933a6f3fd7c89dcc7dffc577cffb2328f869966e903782d2e6b51aca6c8f36a832a771c38e04884575ba1c0a2ac88a5a57fc1e74aa41725dbdf7d90beaff21cdc4b36b5db8a23da7b164dc279791b2a263265e144a6c698c1ba43011b82c72599cab56e2b6447e11f34a4065a9efb12abbe53c7b286f159497df02c7b1f472125ed7830ea3589853fcb3e99b7b926cc4e511499ff9cf9aef7de97a7d619c423fb58137985bdff01b398e87952a42bfdc515c6c456572c1439109aea3d9868a3365ef81b2659c921e430e3c6be36fd59f73816496ad7e53af07cc0deff41edd3846409ad68fe3c64c90c544d53cf039fba683169f8c9f57cc1997681f5bfbb90e7406eba2923de82558c7023298dfe62810cacf6ba8952160565190e3cb8878287c1c9cf7ae564ae87885c1c1c43609ea97563ebac2686c959bb1007a6054ad54940027b0b0c153004c25560cb0e8e18147be0ddeb67daa609b877bd88d9f8e564f6f6f6cd42a1794e1960bc00395b610048ebc60ddbffeecd4e29ca0d2d4f76692c97758ce5ce12233d47ec04b11ee5c3af0e1f14a377529ea23c164cc78d540805e6d39b188b46ab024644aec06629175faf196ec922b7bf2efbb7deaaf8e6e12ea81c22c6b3404af287d160b5c7b80b843c3e7be07844ea522553181d7a9bc226d4e7377f8ec0eeab5d6f9177b3db382d720307e5cbe02cd38dd4c31c70a04cfcd68b5ed441eb4e3448a607010d6601e1d7ae66cdfd02dee7857570cb66499a815b3b3a540074b70a1071482cbd019f4651248d5385362fb3cf3cb02f5a8498e86fed8867535f9d13151d4e7aa48fcf4534d7dcd0dbf0caa1607b900954f84bbb6fde5a7443a186050ff3bd3b0b886cfe5ce0f94570cfe49fc50685f4a3df8c776424a6565f574a6e0ecc7696d3f5f62a14e11aa30baaf2a0ce059bf6cdfa31f965eaa9387ef268ec65b68f68f2b3876ee72b7962b04d01ef0362c776e5fff4ccceda7eb5aa41eb63345656d9bca4a535f55aa21320fdbe3b1e02f0a7d6eda584b527740465b71029ebdc0d3feac9edd6c0d483312e859e86523389569aaf344ba7f8c006e67f79144ce078ee1936b513c02de38be97bfce91e853f70a443c4f9fcfd0830efe233c2ad43ac6e245e81b0cbc5131f8ff1f078e810b336004165a8f4b922cab84e438400230cb4cf15edc95267b67de314f914940bdd090a8cd03e005efaba53307c3ac58a088e6cd604f8b22a67ac8b48079f144bac44bd924935ced6c55df3f75840bce24ae5924d54ef62114a2d1fb9125b76b5d1c16b1c36f8a61fed2fd30f6c48019a142a0ee27611d7505184de87aadfaaed8f884d56a97d64b56e1adbff6661ac049b23d8e647e093dbb67ea47890142d4283a55026d03caa81407126443a052723b40e8c9a9db4a3c9caeb56045a4d3f38a49a94f3cfd4a95cec0f77da87e5cb01f4ef80b20ee46515c1e3bea6ad74cb2b8b71d5fb645d2fe3f496cb336d83ba7e3b0628afc8013877de8074da345915c661270ae68556980345a1e07d9c4ee879886611386fd8acfb9eeeabe422d159c43f7d541c12c355b13cf869324841ba9c0cea700c6da8ec672cf8bd311702b035556fd806585f34ec7f6820425218115d786a465cd99b5a5c2a4b9423aa287d6d11a56a2b35c4ddea789e8dbccc2878c42f76503a626bcf82f0c91f9db0cdc392a469235a9de6ef31c59526658db9d367289a11ba55065e5efadeeabf9e2b6831f83e02645dac043a3216d5efe69fe1a4d8579b4751e51ec4254b1b19e5090ac31a8109bd94029f4c0149debff1c003cfa1974d1b62b7ff23be9d5c79ca8b489278daef747fdcbfe4cb6c25a909e2cb210448157a305ab8d1f71493896e8c86aa2612f4cd347d28ac7c43388503203622054cf1f7bd452a1b3473267f04ef8171cf2316468417d06c02856d24f96fb1d1b259b30a2fd2f0383c2573661b67c7fa0cb02e34066aa6f5971bdaf1f3c5465da47ace5ab72325470c0e5911bb3b28c49378acab05cd547c26e29ad8a7ab4b8a21e1ba57f5882b94685cb286d0603355ce3a02207963c9ca3d43fa9cd87657cc21103f28534f1057de50dd2d04a10580ace62d5bef23dc23bceed542005b0db3178b8c5754c0bd4e6751cfe84a5d54b2654373d13ff7050cf4f85a8861e7a31fed286480cf6b53f0d0e0d0889f9bae9257eeedf699c76c6d3d999cc3db768fe3b550c0375512b8766270e4b5be37244fc7556ee6b7dbdcf8431e59ce8f95af3ab9b2ac9182d746f298d24893d24259dabd9a40c1cc66a1172bac4eae65cff1756150d5242bea2c924fc02b1a99c59a3c43885518685eb6e4ce0759e1e9d5e602003460f6353ee184750bf50f4b098ba884ae6053b04f276ae9ed8bf660a3b4b12ba5b11b83b1c9f36ad2c7bca9006f8b0876fdcd1b4a39678cd18efbc88bfc3f403e4670c865caf5c2fb74129f88abad3bf9179787883c8fc0ff93304516fe7deaf24206f64980076f51127f6a7dc81f5881b7c11b32ab36ecf50e9b10c2218429b57ed63c0f7af5d514960b552479488811830166bf9d1886f6455e427203d62d69a843fcf725674b27583bef43a78822b8b51ee3594ceb8c385fcb549fdbfda6629cc0cbd5a001445f373ed89a59c9bcc27040932123473c76923953d511fa710ab5a278cb895fb488251839ad61695050c45401eacef8fe756a35fd64e69f85580285722130adf96291c86e70800c14f50294735deb5ec7ad91f830812b91f576a61d99da6b5cde106c8fe6e11484d441eb3533541ecc79d8f6c12b5ad222e4bb812c9f0b82758d0037aa638f8509f06e724cdb6e5b61119ded67d7e6e54f270a53cfbaadd0489d1a114e6c6eda92f6969e48d44bc6a7ea0929ba2bb608e90012d9ac4a47c613939f7bdffc4318efbe2cd6f73906d9b738cfb16e81adf09a59c739d75077177b6964244aff48f2afbc5bc49867d91be25621695896fcf6bf14ae0f0adea1a8b43c5c20a928a95241411933dcb8d0e194fa9ee798257cb946f220433fabe712f4280dfe31d4016869e95f014e69e439c7f9514b008ec99017ba10881a66ba603068e32a286d22b4aef4f43eb9614e1974cb5331215d1eab39bec186856cba5083300f40633b8a5ce92b353772843bf297082cbed15ed75775d4a966171f5fe76e8da5f39086c59716aa39d3e98b56f0517de6e221804992863d5165a88bbdf2d06d07ad3870628f6afe885e031ee217b936291171f2211f0637a7b222fa9e3f3179b2c5d2bb9a411060fddff4f783af53e5229b436bf983582d059c9f5d03fc9cb2ace251f72d5b2c93705ec15f8c06d77afd946a60fec6dda2ff62bae2e7e18a3368a0d4d65e1c4f40cb702a3c8ad895a94bf7306c4a2d7bf7c0f070eb32c5b7a990aa3dbd9fc441587622aaff49ff98eb6d6b41a3d8d896d292a3fe458e4b85ee528d3a443652b2d0702e6b73b3a5ed69c7ae7fc8491f5a1091b4098f01505ed3029109bbb7e768fb2f011aa68f018df9c34994394c84cef4e0d8af3e0e9ba61f2e44f87fc041a8c699fe6701ee58e5e3f7daf0f56c651c6eadbf460abc03eab30fae50920055a77b3fe5d806761bba7efeffdeb99cf385e1a4a6f7de8a3ef5c9a2b9f75306a5f44722dde576186ab8097073f12d8ebd26cbe12a7f007af83c541dccfed3f10273c6a052780eb8650d3aa014b938dd7d8236e740196e30d5a4f18b4c01d93b90bc7341483706a98ecb935c23cc8bde481c621a78ba71029d6b35242bf4738439eca7cdb82a76c5eafe875bff2bebae391d09914e722116c469fc0fb76a89968795f2962b0ad86071a1a658ab23373bf56661df7a0d0d1b67e2498971d7281b8a6174446e6cda71964afcbb9bb78575feda893f6ead01b984299af8f41e95a1b66e2ef52e419377d594f86a2fd2c20fd8fcb84eb36521621fc0c90e204812a91b5a10ac6721952430cf3de5300c6e3e39136802c4519256fa4ccabf613a6816851fba18172b32d1214721887418cfab7c7a9dae39fd455d86f75dfc00f9b7c4a467609fcab6d6f1cb7623363e4c47657740c52b48de350189d214e7d8851cc7487b0b94eb5efb85e90bce02fc3e22f941c764256342d545da077e582ede66cceea81a420f6f3d2055838dd06896edf7dc67f2446d152e73619daa69acf75946dacd8e6752aeff28ed3f66917a18684f732a9554510ef1b9eba40a462d8182538a3631d10ab697e6", 0x1000, 0x6}], 0x28240ee, 0x0) 21:30:36 executing program 2: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xd) futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) 21:30:36 executing program 5: pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r2}}, 0x2de) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r2}}, 0x18) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0}, &(0x7f0000000300)=0xc) write$P9_RGETATTR(r0, &(0x7f0000000340)={0xa0, 0x19, 0x2, {0x0, {0x0, 0x3, 0x2}, 0x14, r3, 0xee00, 0xfffffffffffffeff, 0x10001, 0x8, 0xcba, 0xab1, 0x6, 0x3146f7be, 0x0, 0x7, 0x1, 0x80000000, 0x5, 0x8, 0x4025858d, 0x2}}, 0xa0) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20\x00', 0x2000, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r6, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r6, 0x84, 0xd, &(0x7f00000001c0)=@assoc_value={0x0, 0xffffffff}, &(0x7f0000000200)=0x8) r7 = socket$inet(0x2, 0x4000000805, 0x0) r8 = socket$inet_sctp(0x2, 0x5, 0x84) r9 = dup3(r7, r8, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r9, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r8, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r9, 0x84, 0x7a, &(0x7f000059aff8)={r10}, &(0x7f000034f000)=0x2059b000) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000440)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000580)={r10, 0xc}, &(0x7f0000000280)=0xfffffffffffffe7e) write(r5, &(0x7f0000000340), 0x41395527) getsockopt$inet_tcp_int(r5, 0x6, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x4) 21:30:37 executing program 2: mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xd) futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) [ 316.240417] mount_fs+0x97/0x2a1 [ 316.243800] vfs_kern_mount.part.0+0x5e/0x3d0 [ 316.248316] do_mount+0x417/0x27d0 [ 316.251874] ? retint_kernel+0x2d/0x2d [ 316.255777] ? copy_mount_string+0x40/0x40 [ 316.260055] ? copy_mount_options+0x1a0/0x2f0 [ 316.264562] ? copy_mount_options+0x1fe/0x2f0 [ 316.269078] SyS_mount+0xab/0x120 [ 316.272540] ? copy_mnt_ns+0x8c0/0x8c0 [ 316.276721] do_syscall_64+0x1e8/0x640 [ 316.276732] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 316.276751] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 316.276758] RIP: 0033:0x45c94a [ 316.276763] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 316.276774] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 316.276780] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 316.276787] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 316.285513] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 316.285520] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:37 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) fsetxattr$security_ima(r0, &(0x7f0000000000)='security.ima\x00', &(0x7f0000000040)=@md5={0x1, "20e6d572dadc7f85d187d14c9d0df380"}, 0x11, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:37 executing program 2: futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) 21:30:37 executing program 0 (fault-call:0 fault-nth:80): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:37 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(0xffffffffffffffff, 0xc058534f, &(0x7f0000000300)={{0x9}, 0x1, 0x0, 0xfffffffd, {0x2}, 0x0, 0x6}) 21:30:37 executing program 4: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") r5 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r5, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x48, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4, 0x0, 0xffffffff, 0xfffffffd}}, 0x2e) getsockname(r5, &(0x7f0000000000)=@pptp={0x18, 0x2, {0x0, @initdev}}, &(0x7f0000000080)=0x80) pipe(&(0x7f0000000180)={0xffffffffffffffff}) vmsplice(r6, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rDma_cm\x00', 0x2, 0x0) syz_open_dev$adsp(&(0x7f00000002c0)='/dev/adsp#\x00', 0x9, 0x204000) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0xfffffca4, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x2, 0x0, @local}, r8}}, 0x48) write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000140)={0x13, 0x10, 0xfa00, {&(0x7f00000005c0), r8}}, 0x18) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r9, 0x407, 0x0) write(r9, &(0x7f0000000340), 0x41395527) r10 = getpid() sched_setattr(r10, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) write$binfmt_misc(r1, &(0x7f0000000280)=ANY=[@ANYRES64=0x0, @ANYRES32=r6, @ANYPTR64=&(0x7f0000000040)=ANY=[], @ANYRESOCT, @ANYRES64=r10, @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES64=r9], @ANYRES32=r7], 0x4240a4f7) r11 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r11, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r12, 0x407, 0x0) write(r12, &(0x7f0000000340), 0x41395527) ioctl$KVM_X86_SETUP_MCE(r12, 0x4008ae9c, &(0x7f0000000300)={0x7, 0x1, 0xfb}) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:37 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) fcntl$notify(r0, 0x402, 0x506229ac04e80a18) [ 316.891395] FAULT_INJECTION: forcing a failure. [ 316.891395] name failslab, interval 1, probability 0, space 0, times 0 [ 316.909348] CPU: 1 PID: 17300 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 316.916411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.925769] Call Trace: [ 316.925789] dump_stack+0x138/0x197 [ 316.925810] should_fail.cold+0x10f/0x159 [ 316.932056] should_failslab+0xdb/0x130 21:30:37 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x422081) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x100, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000100)={'filter\x00', 0x0, 0x0, 0x0, [], 0x9, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x108) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x40008, 0x8, {0x0, 0x2}}) [ 316.932071] kmem_cache_alloc+0x2d7/0x780 [ 316.932083] ? add_to_page_cache_lru+0x159/0x310 [ 316.932093] ? add_to_page_cache_locked+0x40/0x40 [ 316.932107] alloc_buffer_head+0x24/0xe0 [ 316.932118] alloc_page_buffers+0xb7/0x200 [ 316.932131] __getblk_gfp+0x342/0x710 [ 316.966106] ? lru_add_drain_all+0x18/0x20 [ 316.970381] __bread_gfp+0x2e/0x290 [ 316.974023] btrfs_read_dev_one_super+0x9f/0x270 [ 316.978797] btrfs_read_dev_super+0x5d/0xb0 [ 316.983139] ? btrfs_read_dev_one_super+0x270/0x270 21:30:37 executing program 1: setrlimit(0xe, &(0x7f0000000040)={0x8c, 0x10001}) r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) socket$isdn(0x22, 0x3, 0x26) [ 316.988183] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 316.992695] __btrfs_open_devices+0x194/0xab0 [ 316.997209] ? check_preemption_disabled+0x3c/0x250 [ 317.002228] ? find_device+0x100/0x100 [ 317.002238] ? btrfs_mount+0x1069/0x2b28 [ 317.002249] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.002264] btrfs_open_devices+0xa4/0xb0 [ 317.002274] btrfs_mount+0x11b4/0x2b28 [ 317.002284] ? lock_downgrade+0x740/0x740 [ 317.002292] ? find_held_lock+0x35/0x130 [ 317.002301] ? pcpu_alloc+0x3af/0x1050 [ 317.002320] ? btrfs_remount+0x11f0/0x11f0 [ 317.015294] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.015318] ? __lockdep_init_map+0x10c/0x570 [ 317.015335] mount_fs+0x97/0x2a1 [ 317.053017] vfs_kern_mount.part.0+0x5e/0x3d0 [ 317.058165] ? find_held_lock+0x35/0x130 [ 317.062236] vfs_kern_mount+0x40/0x60 [ 317.066029] btrfs_mount+0x3ce/0x2b28 [ 317.069817] ? lock_downgrade+0x740/0x740 [ 317.074043] ? find_held_lock+0x35/0x130 [ 317.078108] ? pcpu_alloc+0x3af/0x1050 [ 317.082114] ? btrfs_remount+0x11f0/0x11f0 [ 317.086393] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.091403] ? __lockdep_init_map+0x10c/0x570 [ 317.096047] ? __lockdep_init_map+0x10c/0x570 [ 317.100542] mount_fs+0x97/0x2a1 [ 317.103913] vfs_kern_mount.part.0+0x5e/0x3d0 [ 317.108399] do_mount+0x417/0x27d0 [ 317.112202] ? copy_mount_options+0x5c/0x2f0 [ 317.116906] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.121930] ? copy_mount_string+0x40/0x40 [ 317.126161] ? copy_mount_options+0x1fe/0x2f0 [ 317.132023] SyS_mount+0xab/0x120 [ 317.135471] ? copy_mnt_ns+0x8c0/0x8c0 [ 317.139349] do_syscall_64+0x1e8/0x640 [ 317.143224] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 317.148070] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 317.153417] RIP: 0033:0x45c94a [ 317.156968] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 317.164661] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 317.171916] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 317.179695] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 21:30:37 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x5) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000000)={'filter\x00'}, &(0x7f00000000c0)=0x78) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:37 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200) ioctl$VIDIOC_G_EDID(r1, 0xc0285628, &(0x7f0000000080)={0x0, 0x5, 0xed4, [], &(0x7f0000000040)=0x6}) [ 317.187398] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 317.194761] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 21:30:38 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xffffffffffffff6f, 0x44000) 21:30:38 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000180)="cae1b4b11010fc70e37350da06b70e5b23") r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000240)="6edb029beee63d39b39a8452251b67933ab5faeb03c187036d041a234a69ac8613bb9675cc75c6cbfa423ed7a6f23254600fb642bae1096c8e2dc02db44dfca51f8e40763a4f887a25d1e3bc7c76bae52715b97a19180920299579244676581888fa51df67588cd5bc7c1296714898b7cdca2f98539b073405ee76a480c9eb41c935c5bad77a35125406d9adb3b37e7aa00d8d9cde5c8724acff2ba7d96b8c55c673a831978d9418a5e1dbc81900d3107a91cb835064ab0150459e1301f9a900b99af7aad818fff82c9195a02cbc7e4366666530d0a79c50dcbfc9cbbfac762cf5613b892e03f34253292ce55a5fd71bd00d3ba36f0bf3a430f3849e30407589843969629732af4c3e0f0e27837edfc930317d06a51903320d07767e86fd9a63da9082aca4df69af3b600c04edc0f6f41fed966a2d59ff4deaa1d0855dfc70ec7fd8fa7fa1554d23a5e4427b5ef31cc1c87a48176a76b370d92ee1bd90453a5bbec29b830b79a58f83fa8d4495931975771b17d9fcb295c16e1bc46076bfbd7afd30e4df6bfc3761d59b0fd26a42d6021d84ac2990bb91c2fef7abbabd7c5ac145303b5dbcddba963c694c1f836ca71e992cf9ea3d540f9c9e0921a58628963f91cd82ffa0e7608166e3b45ce6241ed59002eba1ed339daacc00de1c2aa660f3f1a4cc039070a866973404b75fb8a2fdfa6ed1ce0d983f20f5df3dadad7af7170f5ef3ee62c7a728a104fe43a02c26e6b2458153f8790c98304688de929f8579c3520d3b4994e128cd86f665436fd58268dbb1b311269b662e491a262ec6242dccc02ee50256d95877cb35174ef54949240f699e18d0254d434dfd87c029748a9ccb1536fda7af660a5d8006d9f7d87410b8ae9f44927c12949d1dd7ad41192c300d91e34ec37e8f03adf36b52a9141e89b3729fc17568c68f96c9c42067e7f5915efbe7781835b793e2b32731786281d6feaa5475c5fde42bb58d9396db843019ea0c6042ca2acb18b09f93ee1fdf630ac065d59aa71c6570dd883526d265e80a55bcc31c2245f1b1a6ad92d0a82001017f41aa5f17945465c3dcdd22eb0d6871a39f695ba2b0e501d0a856ae818a72a9dae243520dc8f86d3f18ff3c492ddf81aaf05a6bf772382ac5e7b59b11e3ece02982dee2e5e4bee79751b511ba9bcae3a465dfb70468ee905a2f758506e2f43b07639ef0f6fa094bfc6a6657c37ecd838e7201d0c81d635c517581059ff3a5bc19d2bb5000d9bd6e81dc0703735bb2059265537eae42b872a0a20a98a436391ac778bf3c4e106931d4335068c29693f7833314f40e990daad11227b73c28b06fd975655d2c880fe574a0446d6bd321447181b5cd1a5581dfb9f92326af50fb4c30c40813d88c98e7dd101652ab99dc94efa0d1d2d209f20180aff378fcd4836cb67f4d7eaee544e95c606b0f2b6965313cdcfd881aaed0beb2e25f4aca09a6946a8dddbd6a3e4fee23762f7e44c01c3f2bda832bb28e2edc229cfe245b1ebde26c4cdd8d08a23f3908e2115bfb04d590ac2c134e8b4c7cf2ec4fb06db3b79639b4727277f6245dcece08dcef7d1ef1532ef6c565981e9c0e4a3f0a937ea9311205e16a7bdd604eaae52f07218b19b6f7ca541b503229a74364e61f76d8f6c38eb74676791a1570018dc7d1d1bdd202f949ad7a1515a6883467eb8146b10cbaa360214be51a5cdc5ba758d2512bc7c57b8510730c0d92936c667b793c45e0e4daf211c648492ce91ffc90a76540dc8108dd1413cb91688f46db4863c066ca2390068e61473a989988ca45d05a5ff266e1679df865b46579279d8491e471ac4064dc9052c385ffda854c45793bcefa2391a0cbd0a8e73657008eb6644e5ea8cbdda501752b4718ff0b6458c3d0894329139f2f69ffd3f953e5e79ab3ba7cfc0654d1578c2be2e0b13fcec9719b7a1c283ad91ece1428dc262e7724b65e7aefc7cc357148d32d908bdb26497c53c05e2bdc025f4d61ed168a14919bcb180477f9e07aa8370135f0113f941af8da12a3d967f396fd7ae208a5ca31024cd8b3b10d095de79e70101ff1849ecd4244c57e90491562f213037eb82dd1295e7244d184de4d416074e6ca0115496e7eed97f8e5773f468f748a029f8ac107284c9b7af649819c5161dcfa9a64792bb02556fac1a6c31b8370e048436a9af2fc0c830f623f56cdfb24eec34bedc7e1f1fcb793f0b2e5915d6c1807de937f6f6c288bca465356a9dea934801e3411a50910e83b3cba7d77d347343a1980bb57d0c0a50cb0e093ecad17e417e3b04553a9de24e22e4230cfdfa6d9b29e64222d143ca521b093c7b7db385378ca4aa5a6a3fa1f962ff3a6b89dfb625c6cae78256dd7727e409728e0ed55032c4f93f6a3f6c61dd907a60c8ef7c24db1e2fd8e4588ab91a9dd8eda660ef49f40d773d30ef1c9f6a5053b00234c368fac2e3bc3a860c1eef691952b80ddcf7451289e5dd84ae98bfbc94e336991929d8e0d66fb69e457e45b869cbeb5bfaa89fa042c5193d9e51e9d743ff7fbb26707642e014ffa716131109e21c80f009dccbca4ebc36d4328d4488be74fcad908b78230b269411d36dc9c6de3c3acdaa7990226da2326d5ad040dd3246869757012c4c7f97c74656fda0ccc4348dfbe0ee0cec2e4c58bb22fb20bee187e8b52617c5d3e8034d7371b8b64460ad3839265a5b337eaaa9b68e237c8b2515e9860c36faa7859010af502a3ea73d5f41be4e4136168d0063bf5f71b9b91e0c791dfc04f5712372eaa5d73c3242ed9fd98b9d9a2fff1b1c700e103c8bae3b7aca87b37d0c66e4e98896c6cb9be713aad48f67ac61b88558540fc201f19d394f578e1cae5ff65ba3928f14e6084db43f66a6bc783afcda280f343f6fbbdc37a33bb30a1b22fc5352f9e6b8c972ba7d227956cc386f9e8cdce923e36e0c15ab384ba22031c85ea751421df87fa5827d929b03ec0d3b8977920e82fb52ec213ac29532064a9388ce8e24c727027fb5754c0b9cb516bac2840242d99bb6a9bb38f5ecc509f5723385dd7c298353f144b45e579b04025c84b066125d4efaf7b162c9c30efab6c8347b75a16c4f4ad7e1c09fb3c4294448dde89fe0a1ade3ee0a4f14cc763181f2de12428d6fb9a04cc7c25cd75a9c4d83207578ad8898255f1665fa9dd3f938c416414dfdb3c8724784eab6e88e1ceaf9b1014f53c848b02e9b117f34a4459d732c9017af2186e9f60b1fc74e2cee5f735935c5d30ee0f28682ae7d1ed2db97966ad5be8099fd59fd94c9de142b0d0e18aa39843216761319c67a7f573cbfb6fb535ac752e532d2d72578533618a97554423474e5e0a6a82c3a65a42bb43db4ee11f92e204401311b55fd162e8fdaa5eae65de7bbb32900e9b3b4e507320d2b69aae773b968fcbcc08bd7b9f5f6a1c5cfb0efcca1aeb6c7ecafc9a0fbf8267c2557ab4487f5cb18b1c5fd9d876d888ae935e6bdd2fc3c80280a2857270ac54590b865bfe6379f5ea0a23edd10bd543e7e112a6b0da06aea6f2e4fab01fd7252117b23b2ec2f314e69bfc39e23b43e447c42c0eaf47be7350d7caac43ce4c507928f4111eea3e287676bea633d72f57ba4003d03d6fea330a3041788e54a31e3c096dc107bba3b233564228808bc7d0b96a17755bca0c67908390f8455c79809650d83c21b08d2120a3d714f0ecee9217f80abaec714f734601074cfe152c7096bafe5d6f40ad6bee5e069cc4ae82c68b1b84a08626fb3bd1d430938d938ab0da24e3947ce648cabcb56d62e4bc36a7cc9e677c0a79cd708d26bc4236c16386a14671221ea9a2e5c4a5a3254b4d7f552059cf9a9d77358b739fc9882cf9da82c13a7b41b7509feac45ad4633e3dc21801814bab89981ee4919d9a82ba21aa2c67203ee969491046c2f137c974615ffcee6d1e146103b1a390fdc8986ad1e7b0688e7b8624733c6bf16ce0c6e9866390dd58b1f31c38c97d081b680a6d96f04e859c642ba7390aeeff87560eed37187b514361f799903df9a39ab5eb05bf1e53111d7ef651985130e0de2efe81262b291ca764ce78a63c900ad2bbcb5f3545c5c5e0fa84ad04e0eed3f7fd7b2fcdfa24a629165c8e5e4fd5d31945d88af267fb2d38776ca926fb9b141d7211d53d636c3a7dbc27b5e4487a67235d63d6b0b8a65c024bdcab5da7fbe2e5acefa3c159b8cbc58ec081291325a86bffe6e08f28ce373fecb19fdd8b4640d3712c712aa439302619f6fdeae1ae8600a924d65f1078b2aff986421863ebec4f1939e2243d0728761c090354b58e11be8c4688f7c8225268226694bdb43cbfefd7a10f435a9543c7f958b6e83c3eec94f2533796dabc9b64b4b056952eb3872c08391543dad73097431506aee7b0e0e481062dc45d3a93047f90b98da42495a0d4982748a366173e2b2e3e100ba108ab8a72cdcd77a45110b982b9b7ceb207c878eea38f8c0005c8b137f49738eb1f15708cd0d2eb372e13eb1d183110832c1541c66451c2206644aed336b58e8b1ea516b86d4fbefabc13b9ded74305681d3f384e50c442cf9e67bd384efbd0edfce931ab05d031ef72ca22fd002e940283af08c4946356b4eabbe072d89b195c1b7167febffcda7e5e13bb95dc45b49d63f4628de10c07dd17192c03001089f111a8914ffa45aadf4d9a983ab2a6397a33b4e3d793084de97c2102bfddc94827dc8978049ae9c51bd0be08b1a956d20199c0f73091f9aedb3ee7103d48757abf5121afc25bc07041f76e80ac5e17f4a9a118adf6688dc14ba8b118e0936b3035215d383f690ef90cf492c450a17a7bfd0ee97273f8315d55fd0303d5bb8234d6cd70d3e58593dd129c6af45870ff86387275235ec3e94e3c7b8f0a84ae562bb41ee200478583a5d43de43bff6b88e66e694da397df9978daa121e1328413d30f3ad80a9883968a07b098eb6a3d2feaa4e5fa65617800f4d7198926b15b5004681bc98892b6fb5e83ec61278999d3362d7a8d823c3c226814fc1a3b717924bf1cc1c157393d9ab264df63f6d761a80b6bd6be98341053fd75a4db5a1963c6cbe1e5339bc466bcd6842968d3a29c691089fb4db5e92e3f23f542eab5059c8a04590142e5cd90a171608b386e5256ac60660e6a5a91e798c799b81478840014a505682e5e36ed31b013b3ca17ac9e47a8f024f8fe4782c4a43cd3eeeb7b38deb96791003ca909d2eef9b9b1b35a6be935bb03d6a9e8295f6b0da9df7ffb0657b0661cf47c51232124e240fa20c412537ac054f27a289029e9bc1268137a0f7629ee1af4bf7164563dc9eb5aa49ae953c6dbd8b2c6ae2710968fd062d0e002761a09b956863634643722ea04a73fe36cd3307d5c8fece4781cc5c89a345e3e275f55d39045f08cfa1c2427b5f912b47f8ddd5bfa10a8fe806a51cb9c9b44d33295085508699d0542437040c7d95a48f8c84f90edf72f27bc70c03f09dbab3db5c52bfb624c74e608bd8109fd80924b5127684d64cfc6d9977f8979b73c6f62df9d720e9fb955d692781533504f2a2a398ed9ba4b05f13f3b1a2c34b68af576e76f84799dfd993148e075fbdca094d10bdf52288931cda2b7ae2ce1caeefbcfe5a986ddb29905a99aa1637c298bdd12fb00527ecaeae4dfe46ccc9359dbb32f43889c1d8d31e4368935dd4fd7b8b5f48b7438d88c68b7a2c2ab3acdee305f1c1e29944bab984c41052233f9c4ba40df88ae8c7fddb44a1f82a0b3b2f58955950e20f1137ea3146f894d59a9039a9fe72496c8a37628258905d5be4609e87e26888fc7b66692", 0x1000}, {&(0x7f00000000c0)="881aeab707d974bdd77b02bb69e29efa1a5df9667835aa4c60e3181880ae2b86405d226792747e74e33fb97d9f88974e1db99c446ef9b70b6de929a59d0d608bfc5eec6f8f9e176e4b7430a6d4caa9d4081df18d6ab3f0f61b740d55106cae15bf44940859275e86716ad12f872bd8553e2260b0e23c1ed564e0940d56c26f141839654f1c45a730", 0x88}], 0x2, 0x8) 21:30:38 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0xfffc}], 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:38 executing program 2: futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) 21:30:38 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") r1 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r1, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet(0x2, 0x4000000805, 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = dup3(r2, r3, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r4, &(0x7f0000fa3fff)='\t', 0x1, 0x0, &(0x7f00006f7000)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) sendto$inet(r3, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000025e000)={0x2, [0x0, 0x0]}, &(0x7f0000a8a000)=0xc) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x7a, &(0x7f000059aff8)={r6}, &(0x7f000034f000)=0x2059b000) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000000)={r6, 0xeee, 0x1, [0x3]}, 0xa) r7 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0xfffffffffffffff9, 0x28202) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r7, 0x84, 0x71, &(0x7f00000000c0)={r5, 0x101}, 0x8) 21:30:38 executing program 5: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x100, 0xf9108fe5c789d7fd) ioctl$USBDEVFS_RESETEP(r0, 0x80045503, &(0x7f0000000040)={0x5}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) 21:30:38 executing program 0 (fault-call:0 fault-nth:81): syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 21:30:38 executing program 1: syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) 21:30:38 executing program 4: pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x800, 0x0) mknod$loop(&(0x7f00000000c0)='./file0\x00', 0x2000, 0x1) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r3, 0xc0096616, &(0x7f0000000080)={0x4, [0x0, 0x0, 0x0, 0x0]}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") close(r2) r5 = getpid() sched_setattr(r5, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r6 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r6, 0xc1004110, &(0x7f0000000580)="cae1b4b142491c1ef89a0e5b23") connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0xa, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000200)={0x3, 0x2e, 0xfa00, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @dev}, r8}}, 0x2de) r9 = getpid() sched_setattr(r9, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r10, 0x407, 0x0) write(r10, &(0x7f0000000340), 0x41395527) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r10, 0x84, 0x22, &(0x7f0000000280)={0x6, 0x9, 0x7fff, 0x0, 0x0}, &(0x7f0000000340)=0x10) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f00000005c0)=ANY=[@ANYRES32=r11, @ANYBLOB="c50000002a3c850ffe16fcc32bc88462bc86c101866bbf3361dd7eb174f4095bf2b5b8d3693c2aad5d7bebfdfec3e7b0423721741a66bef8cf53526525efe7f6831644a682a9edd0e08d47857caf3d8721163de57a2936eb94b1b6de3a15972e5e462a2ee20b5c2c1e2bc5638ffbefe0d44d71e262478fb556e941a78e039e50f93f9f83e6ff34f77db97dd46c282bc3b6c3f2d2eaa2b04c617d5543ebd8d5748553edeb0d88c5fed1180cc9d22220063ee4529754eafeaf555ac8a89cad96ec6dd5d0f32943030690e02bcd01188f4271b4e2030f60943c8ee8d7bd6bc83dc574cbfbcce168fd9950ec08de43ffc2ba87dc95e13899"], &(0x7f0000000480)=0xcd) r12 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r12, 0x29, 0x11, &(0x7f00000000c0)=0xaef, 0x4) write$binfmt_misc(r1, &(0x7f00000002c0)=ANY=[@ANYPTR=&(0x7f0000000200)=ANY=[@ANYRES64=r3, @ANYRES32, @ANYRES16, @ANYRESDEC=r5, @ANYRES32, @ANYRESHEX=r6, @ANYBLOB="9d89c9a794a56ec720e1d6d9809b7379c4a0082bfd9d3f46b2e8fefeebb3fd88f4e8c6e37d98c098b28bd3dc4711", @ANYRES16=0x0, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES64, @ANYBLOB="16c6af5ff34ce3eb71d4a27d2b3dbbf673e0dc65c56113fce7c31658bd1f1ec8bd58c63b1e8e25dabc024b73df4205daf1f127091a1d28afdc2a6094c6e6fce55b0d2fa3d143ba435200326c1d813f", @ANYRESOCT=r6]], @ANYRESHEX, @ANYRESHEX=0x0, @ANYRESOCT=r8, @ANYRES64=r9, @ANYRES64, @ANYRES32, @ANYPTR=&(0x7f0000000280)=ANY=[], @ANYRESOCT=r12], 0x4240a60d) r13 = socket(0x40000000002, 0x3, 0x2) pipe2(&(0x7f0000000140), 0x4000) setsockopt$SO_BINDTODEVICE(r13, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10007, 0x6) 21:30:38 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6, 0xff}, 0x0, 0x0, 0x81, {0x0, 0x1}, 0x40}) 21:30:38 executing program 5: prctl$PR_SET_FPEXC(0xc, 0x100004) syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f0000000480)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d1f1d029d62a19fecbc9dbca1d918967d9cae7e0200059b5635bd007b5f2741a1f6f57f829e75abe59c978539cf5384fec60f079b62ee94bfba6a16f7e31982db737877e89e7b5222d07d773e8586f1b2cd783834118f845c2451f6e41e38896248f447472ab68b77c366736e04050532b090942d7174779f115a63a26e1ec988699f", 0xca, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(0xffffffffffffffff, 0xc0605345, 0x0) r0 = accept4$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000140)=0x60, 0x1000) sendmsg$nfc_llcp(r0, &(0x7f0000000580)={&(0x7f0000000180)={0x27, 0x1, 0x0, 0x7, 0x11, 0x5, "cfd0b70922f18d5d9ef1c472d3e8c4836da3bf42bd51ff817196434d28779fdd9fb88251e1ecc0b1865c13122478c0cbcbd6ff8dad64d6a84eeeb21cda9092", 0x33}, 0x60, &(0x7f0000000380)=[{&(0x7f0000000200)="6cc4889bfa1da6f208593a72f7725a00470547d81d90ff913cbdaf2b3c03c06760f8a9a9250b138da7e3cdb51e39e1126b0cf8aa9d2fa89611bbdfd160746b88034f3b576ae706ed4a2ca61736f818652a7ca3f797c2a4bf3f6438d453c0486b2304a6ae70bce7cf574fe1f60216f8da0e347b5d2027f8b9c61dbeaafcbb772b2a61c5434783316ae707212d5b5c04b2969d54943065cc3fa912f2b972bd34c0bd4b4bde5d41de0344c800e51f554b031bbd15296a", 0xb5}, {&(0x7f00000002c0)="c863b362a0d68cf3afae8c0efba32790ee8d2adb169f6ca4cbc38b05ae2bdf452230443a43b627bc40515e6593745ead6417a91fd2bb136b28c9906f79e5e1f021cb33050fdf6a655c41574c0bea17ca1e81aae9d7783cb97d0af2193a3d23e157dbba856ce2417b49b072b19e02b3c08f5d3ba535cec207555c387adf23310c60f96fa98f5fd8542c1a8e5e10060fd394f6", 0x92}], 0x2, &(0x7f00000003c0)={0x88, 0x801b292ad39d08ba, 0x4, "e559d2637155355519daf075e133d14c48384e007fa614364e535ca9f117568bb80e2987ab9cb1ca6c2052ee81f1e601a7fd76a276f179a0ef8f928d3ef6de8d475d5ed1eefa7a8a11105f0f3c1ae628e504c919e5d423f183457caad1bd75fbe9b84957344d1abb2b4dfd473f2fa46e6ff46427e382"}, 0x88, 0x8000}, 0x10) [ 317.765918] FAULT_INJECTION: forcing a failure. [ 317.765918] name failslab, interval 1, probability 0, space 0, times 0 [ 317.808597] CPU: 0 PID: 17355 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 317.815653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.826668] Call Trace: [ 317.829275] dump_stack+0x138/0x197 [ 317.832923] should_fail.cold+0x10f/0x159 [ 317.837113] should_failslab+0xdb/0x130 [ 317.841117] kmem_cache_alloc_trace+0x2e9/0x790 [ 317.841151] btrfs_alloc_device+0xa4/0x6a0 [ 317.841159] ? __kmalloc+0x376/0x7a0 [ 317.841168] ? btrfs_find_device_by_devspec+0xf0/0xf0 21:30:38 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x210800) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}, 0x0, 0x0, 0x0, {}, 0x1}) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) 21:30:38 executing program 3: syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) [ 317.841178] ? __btrfs_close_devices+0x323/0xa90 [ 317.841189] __btrfs_close_devices+0x2c6/0xa90 [ 317.841204] ? btrfs_alloc_device+0x6a0/0x6a0 [ 317.850086] btrfs_close_devices+0x29/0x140 [ 317.850100] btrfs_mount+0x1fd9/0x2b28 [ 317.850113] ? lock_downgrade+0x740/0x740 [ 317.850122] ? find_held_lock+0x35/0x130 [ 317.850135] ? pcpu_alloc+0x3af/0x1050 [ 317.850152] ? btrfs_remount+0x11f0/0x11f0 [ 317.850168] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.903321] ? __lockdep_init_map+0x10c/0x570 21:30:38 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x1000, 0x0) ioctl(r0, 0xc1004110, &(0x7f0000000200)="cae1b4b11010fc70e37350da06b70e5b23") 21:30:38 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f00000002c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000000300)={{0x6}}) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r1, 0x4008af23, &(0x7f0000000000)={0x3, 0x1}) [ 317.907920] mount_fs+0x97/0x2a1 [ 317.911294] vfs_kern_mount.part.0+0x5e/0x3d0 [ 317.915792] ? find_held_lock+0x35/0x130 [ 317.919868] vfs_kern_mount+0x40/0x60 [ 317.923674] btrfs_mount+0x3ce/0x2b28 [ 317.927486] ? lock_downgrade+0x740/0x740 [ 317.931637] ? find_held_lock+0x35/0x130 [ 317.935704] ? pcpu_alloc+0x3af/0x1050 [ 317.939614] ? btrfs_remount+0x11f0/0x11f0 [ 317.943869] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.948903] ? __lockdep_init_map+0x10c/0x570 [ 317.953411] ? __lockdep_init_map+0x10c/0x570 [ 317.957931] mount_fs+0x97/0x2a1 [ 317.961313] vfs_kern_mount.part.0+0x5e/0x3d0 [ 317.965820] do_mount+0x417/0x27d0 [ 317.969366] ? copy_mount_options+0x5c/0x2f0 [ 317.973782] ? rcu_read_lock_sched_held+0x110/0x130 [ 317.978811] ? copy_mount_string+0x40/0x40 [ 317.983057] ? copy_mount_options+0x1fe/0x2f0 [ 317.987558] SyS_mount+0xab/0x120 [ 317.991132] ? copy_mnt_ns+0x8c0/0x8c0 [ 317.995018] do_syscall_64+0x1e8/0x640 [ 317.998897] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 318.003735] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 318.008914] RIP: 0033:0x45c94a [ 318.012105] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 318.024371] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 318.031661] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 318.038945] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 318.046208] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 318.054053] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 318.069457] ------------[ cut here ]------------ [ 318.074254] kernel BUG at fs/btrfs/volumes.c:890! [ 318.090409] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 318.095803] Modules linked in: [ 318.099011] CPU: 0 PID: 17355 Comm: syz-executor.0 Not tainted 4.14.150 #0 [ 318.106019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 318.115482] task: ffff88809820c200 task.stack: ffff8880a8ab8000 [ 318.121526] RIP: 0010:__btrfs_close_devices+0x7d8/0xa90 [ 318.126866] RSP: 0018:ffff8880a8abf700 EFLAGS: 00010246 [ 318.132235] RAX: 0000000000040000 RBX: ffff88809bcd5680 RCX: ffffc90007046000 [ 318.139496] RDX: 0000000000040000 RSI: ffffffff82659738 RDI: 0000000000000286 [ 318.146755] RBP: ffff8880a8abf7c8 R08: ffff88809820c200 R09: ffff88809820cac8 [ 318.154532] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a99f0c80 [ 318.161784] R13: ffff88809bcd5748 R14: fffffffffffffff4 R15: dffffc0000000000 [ 318.169655] FS: 00007f4523548700(0000) GS:ffff8880aee00000(0000) knlGS:0000000000000000 [ 318.177880] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 318.183745] CR2: 00007f71fc484000 CR3: 000000009c090000 CR4: 00000000001406f0 [ 318.191002] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 318.198258] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 318.205528] Call Trace: [ 318.208291] ? btrfs_alloc_device+0x6a0/0x6a0 [ 318.212788] btrfs_close_devices+0x29/0x140 [ 318.217122] btrfs_mount+0x1fd9/0x2b28 [ 318.221002] ? lock_downgrade+0x740/0x740 [ 318.225147] ? find_held_lock+0x35/0x130 [ 318.229286] ? pcpu_alloc+0x3af/0x1050 [ 318.233172] ? btrfs_remount+0x11f0/0x11f0 [ 318.237403] ? rcu_read_lock_sched_held+0x110/0x130 [ 318.242414] ? __lockdep_init_map+0x10c/0x570 [ 318.246903] mount_fs+0x97/0x2a1 [ 318.250258] vfs_kern_mount.part.0+0x5e/0x3d0 [ 318.254733] ? find_held_lock+0x35/0x130 [ 318.258778] vfs_kern_mount+0x40/0x60 [ 318.262998] btrfs_mount+0x3ce/0x2b28 [ 318.266778] ? lock_downgrade+0x740/0x740 [ 318.270910] ? find_held_lock+0x35/0x130 [ 318.274965] ? pcpu_alloc+0x3af/0x1050 [ 318.278834] ? btrfs_remount+0x11f0/0x11f0 [ 318.283059] ? rcu_read_lock_sched_held+0x110/0x130 [ 318.288077] ? __lockdep_init_map+0x10c/0x570 [ 318.292555] ? __lockdep_init_map+0x10c/0x570 [ 318.297031] mount_fs+0x97/0x2a1 [ 318.300377] vfs_kern_mount.part.0+0x5e/0x3d0 [ 318.304869] do_mount+0x417/0x27d0 [ 318.308404] ? copy_mount_options+0x5c/0x2f0 [ 318.312799] ? rcu_read_lock_sched_held+0x110/0x130 [ 318.317803] ? copy_mount_string+0x40/0x40 [ 318.322036] ? copy_mount_options+0x1fe/0x2f0 [ 318.326517] SyS_mount+0xab/0x120 [ 318.329968] ? copy_mnt_ns+0x8c0/0x8c0 [ 318.333867] do_syscall_64+0x1e8/0x640 [ 318.337763] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 318.342966] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 318.348277] RIP: 0033:0x45c94a [ 318.351470] RSP: 002b:00007f4523547a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 318.359188] RAX: ffffffffffffffda RBX: 00007f4523547b40 RCX: 000000000045c94a [ 318.367401] RDX: 00007f4523547ae0 RSI: 00000000200000c0 RDI: 00007f4523547b00 [ 318.374664] RBP: 0000000000000001 R08: 00007f4523547b40 R09: 00007f4523547ae0 [ 318.382026] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 318.389388] R13: 00000000004c93cb R14: 00000000004e0ab8 R15: 0000000000000003 [ 318.396679] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 59 02 00 00 48 8b 45 80 c7 80 10 01 00 00 00 00 00 00 e9 e2 f8 ff ff e8 c8 5c f7 fe <0f> 0b e8 c1 5c f7 fe 0f 0b 48 89 f7 e8 d7 10 21 ff e9 ad f8 ff [ 318.416040] RIP: __btrfs_close_devices+0x7d8/0xa90 RSP: ffff8880a8abf700 [ 318.423585] ---[ end trace f77da2cd1a485945 ]--- [ 318.428361] Kernel panic - not syncing: Fatal exception [ 318.435121] Kernel Offset: disabled [ 318.438825] Rebooting in 86400 seconds..