kernel_init_free_pages+0x120/0x120 [ 252.206018][T11571] ? ___might_sleep+0x163/0x2c0 [ 252.210969][T11571] __should_failslab+0x121/0x190 [ 252.215901][T11571] should_failslab+0x9/0x14 [ 252.220382][T11571] __kmalloc+0x2e0/0x770 [ 252.224612][T11571] ? __kasan_check_read+0x11/0x20 [ 252.229622][T11571] ? refcount_dec_not_one+0x1f0/0x1f0 [ 252.234991][T11571] ? load_msg+0x3a/0x340 [ 252.239232][T11571] load_msg+0x3a/0x340 [ 252.243301][T11571] do_msgsnd+0x1a8/0x14f0 [ 252.247637][T11571] ? __kasan_check_write+0x14/0x20 [ 252.252766][T11571] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 252.258301][T11571] ? __might_fault+0x12b/0x1e0 [ 252.263056][T11571] ? ksys_msgctl.constprop.0+0x330/0x330 [ 252.268773][T11571] ? __might_fault+0xfb/0x1e0 [ 252.273429][T11571] ksys_msgsnd+0x6b/0x90 [ 252.277664][T11571] ? ksys_msgsnd+0x6b/0x90 [ 252.282057][T11571] __x64_sys_msgsnd+0x97/0xf0 [ 252.286724][T11571] do_syscall_64+0xfa/0x760 [ 252.291322][T11571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.297186][T11571] RIP: 0033:0x4598e9 [ 252.301081][T11571] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.320668][T11571] RSP: 002b:00007f612f661c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000045 [ 252.329503][T11571] RAX: ffffffffffffffda RBX: 00007f612f661c90 RCX: 00000000004598e9 [ 252.337522][T11571] RDX: 0000000000000008 RSI: 0000000020000000 RDI: 0000000000000000 [ 252.345472][T11571] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 252.353428][T11571] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f612f6626d4 05:24:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:24:56 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 252.361720][T11571] R13: 00000000004c5fcb R14: 00000000004dac68 R15: 0000000000000003 05:24:56 executing program 5 (fault-call:2 fault-nth:1): r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:24:56 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-)em0mime_type#'}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@subj_user={'subj_user', 0x3d, ':'}}]}) [ 252.413453][T11577] binder: BINDER_SET_CONTEXT_MGR already set [ 252.439615][T11577] binder: 11576:11577 ioctl 40046207 0 returned -16 05:24:56 executing program 3 (fault-call:1 fault-nth:0): r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:24:56 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 252.508226][T11586] FAT-fs (loop1): Unrecognized mount option "smackfsfloor=-)em0mime_type#" or missing value [ 252.545599][T11596] binder: BINDER_SET_CONTEXT_MGR already set 05:24:56 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 252.586250][T11596] binder: 11580:11596 ioctl 40046207 0 returned -16 [ 252.590712][T11600] FAULT_INJECTION: forcing a failure. [ 252.590712][T11600] name failslab, interval 1, probability 0, space 0, times 0 05:24:56 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-)em0mime_type#'}}, {@fscontext={'fscontext', 0x3d, 'root'}}]}) [ 252.685673][T11600] CPU: 0 PID: 11600 Comm: syz-executor.3 Not tainted 5.3.0-next-20190916 #0 [ 252.694386][T11600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.704444][T11600] Call Trace: [ 252.707745][T11600] dump_stack+0x172/0x1f0 [ 252.712092][T11600] should_fail.cold+0xa/0x15 [ 252.713138][T11612] binder: BINDER_SET_CONTEXT_MGR already set [ 252.716691][T11600] ? fault_create_debugfs_attr+0x180/0x180 [ 252.716709][T11600] ? ___might_sleep+0x163/0x2c0 [ 252.716730][T11600] __should_failslab+0x121/0x190 [ 252.724952][T11612] binder: 11607:11612 ioctl 40046207 0 returned -16 [ 252.728482][T11600] should_failslab+0x9/0x14 [ 252.728503][T11600] __kmalloc+0x2e0/0x770 [ 252.753572][T11600] ? mark_held_locks+0xf0/0xf0 [ 252.758331][T11600] ? _parse_integer+0x190/0x190 [ 252.763171][T11600] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 252.763186][T11600] tomoyo_realpath_from_path+0xcd/0x7b0 [ 252.763205][T11600] ? tomoyo_path_number_perm+0x193/0x520 [ 252.780065][T11600] tomoyo_path_number_perm+0x1dd/0x520 [ 252.785527][T11600] ? tomoyo_path_number_perm+0x193/0x520 [ 252.791163][T11600] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 252.796969][T11600] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.803210][T11600] ? __kasan_check_read+0x11/0x20 [ 252.803234][T11600] ? __fget+0x384/0x560 [ 252.812379][T11600] ? ksys_dup3+0x3e0/0x3e0 [ 252.816798][T11600] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 252.823031][T11600] ? fput_many+0x12c/0x1a0 [ 252.823048][T11600] tomoyo_file_ioctl+0x23/0x30 [ 252.823063][T11600] security_file_ioctl+0x77/0xc0 [ 252.823076][T11600] ksys_ioctl+0x57/0xd0 [ 252.823093][T11600] __x64_sys_ioctl+0x73/0xb0 [ 252.845875][T11600] do_syscall_64+0xfa/0x760 [ 252.850392][T11600] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.856283][T11600] RIP: 0033:0x4598e9 [ 252.860172][T11600] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.879771][T11600] RSP: 002b:00007f7bdaa8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 252.888184][T11600] RAX: ffffffffffffffda RBX: 00007f7bdaa8bc90 RCX: 00000000004598e9 [ 252.896148][T11600] RDX: 0000000020000000 RSI: 00000000c0305302 RDI: 0000000000000003 [ 252.904116][T11600] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 252.912084][T11600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7bdaa8c6d4 [ 252.920052][T11600] R13: 00000000004cdbc0 R14: 00000000004d7bd8 R15: 0000000000000004 05:24:57 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x2}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:24:57 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000140)=ANY=[@ANYBLOB="070000000000000002000000002596676cc28aaf3354d410482342caf189ede90bbc05e394517b734a6ab45464f71eb21b6a2e9c45b00667512000000000000000a2014ec1dd5260ffffeed5495e424bdf2aa02db521ba122e86bb6c6dc00f75c979d6c893d37646ea04c2557202cab49a7e9b9d3c4e55bda9fba8dd092588de2720d3cae7cb8bf37b84b98031082a990965905c9ca6b7a7b6b9a57e2577fd8637b7bcd1758af9c99e9fd3a39dbdbc733bf5f0d2580000009ed64b193b976f000000000c9f5e00000000000031e763e6c6"]) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r5) dup3(r2, r5, 0x0) dup2(r0, r1) 05:24:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(0xffffffffffffffff, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 252.932961][T11600] ERROR: Out of memory at tomoyo_realpath_from_path. [ 252.945953][T11617] FAT-fs (loop1): Unrecognized mount option "smackfsfloor=-)em0mime_type#" or missing value 05:24:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:24:57 executing program 3 (fault-call:1 fault-nth:1): r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 253.016342][T11625] binder: BINDER_SET_CONTEXT_MGR already set 05:24:57 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}], [{@smackfsfloor={'smackfsfloor', 0x3d, '-)em0mime_type#'}}]}) [ 253.066795][T11625] binder: 11622:11625 ioctl 40046207 0 returned -16 05:24:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, 0x0, &(0x7f0000000440)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:57 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0xffffff1f}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 253.200381][T11646] FAULT_INJECTION: forcing a failure. [ 253.200381][T11646] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 253.208924][T11644] FAT-fs (loop1): Unrecognized mount option "smackfsfloor=-)em0mime_type#" or missing value [ 253.213615][T11646] CPU: 0 PID: 11646 Comm: syz-executor.3 Not tainted 5.3.0-next-20190916 #0 [ 253.213623][T11646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 253.213628][T11646] Call Trace: [ 253.213649][T11646] dump_stack+0x172/0x1f0 [ 253.213675][T11646] should_fail.cold+0xa/0x15 [ 253.254634][T11646] ? fault_create_debugfs_attr+0x180/0x180 [ 253.260450][T11646] ? lock_downgrade+0x920/0x920 [ 253.265311][T11646] should_fail_alloc_page+0x50/0x60 [ 253.270509][T11646] __alloc_pages_nodemask+0x1a1/0x900 [ 253.275884][T11646] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 253.281752][T11646] ? kernel_text_address+0x73/0xf0 [ 253.286861][T11646] ? unwind_get_return_address+0x61/0xa0 [ 253.292494][T11646] ? profile_setup.cold+0xbb/0xbb [ 253.297520][T11646] ? fault_create_debugfs_attr+0x180/0x180 [ 253.303328][T11646] cache_grow_begin+0x90/0xd20 [ 253.308091][T11646] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 253.313808][T11646] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 253.320048][T11646] __kmalloc+0x6b2/0x770 [ 253.324292][T11646] ? mark_held_locks+0xf0/0xf0 [ 253.329064][T11646] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 253.334789][T11646] tomoyo_realpath_from_path+0xcd/0x7b0 [ 253.340336][T11646] ? tomoyo_path_number_perm+0x193/0x520 [ 253.345980][T11646] tomoyo_path_number_perm+0x1dd/0x520 [ 253.351531][T11646] ? tomoyo_path_number_perm+0x193/0x520 [ 253.357183][T11646] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 253.362993][T11646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 253.369238][T11646] ? __kasan_check_read+0x11/0x20 [ 253.374633][T11646] ? __fget+0x384/0x560 [ 253.378795][T11646] ? ksys_dup3+0x3e0/0x3e0 [ 253.383211][T11646] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 253.389453][T11646] ? fput_many+0x12c/0x1a0 [ 253.393875][T11646] tomoyo_file_ioctl+0x23/0x30 [ 253.398643][T11646] security_file_ioctl+0x77/0xc0 [ 253.403586][T11646] ksys_ioctl+0x57/0xd0 [ 253.407742][T11646] __x64_sys_ioctl+0x73/0xb0 [ 253.412335][T11646] do_syscall_64+0xfa/0x760 [ 253.416867][T11646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 253.422778][T11646] RIP: 0033:0x4598e9 [ 253.426683][T11646] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.446283][T11646] RSP: 002b:00007f7bdaa8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 253.454697][T11646] RAX: ffffffffffffffda RBX: 00007f7bdaa8bc90 RCX: 00000000004598e9 [ 253.462676][T11646] RDX: 0000000020000000 RSI: 00000000c0305302 RDI: 0000000000000003 [ 253.470648][T11646] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 253.478639][T11646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7bdaa8c6d4 [ 253.486616][T11646] R13: 00000000004cdbc0 R14: 00000000004d7bd8 R15: 0000000000000004 05:24:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, 0x0, &(0x7f0000000440)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:57 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 253.541508][T11653] binder: BINDER_SET_CONTEXT_MGR already set [ 253.570621][T11653] binder: 11650:11653 ioctl 40046207 0 returned -16 05:24:57 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, 0x0, &(0x7f0000000440)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 253.637492][T11659] binder: BINDER_SET_CONTEXT_MGR already set [ 253.672949][T11659] binder: 11658:11659 ioctl 40046207 0 returned -16 05:24:57 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x2000, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 253.716719][T11661] FAT-fs (loop1): bogus number of reserved sectors 05:24:57 executing program 4: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x26a00, 0x0) ioctl$PERF_EVENT_IOC_RESET(r1, 0x2403, 0x101) bind$bt_sco(r0, &(0x7f0000000040), 0x8) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt(r0, 0x0, 0x7, 0x0, &(0x7f0000000100)=0xfc) [ 253.783378][T11661] FAT-fs (loop1): Can't find a valid FAT filesystem 05:24:57 executing program 3 (fault-call:1 fault-nth:2): r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:24:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 253.890426][T11679] FAULT_INJECTION: forcing a failure. [ 253.890426][T11679] name failslab, interval 1, probability 0, space 0, times 0 05:24:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:58 executing program 1 (fault-call:0 fault-nth:0): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 253.982804][T11679] CPU: 1 PID: 11679 Comm: syz-executor.3 Not tainted 5.3.0-next-20190916 #0 [ 253.991502][T11679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.001550][T11679] Call Trace: [ 254.004845][T11679] dump_stack+0x172/0x1f0 [ 254.009179][T11679] should_fail.cold+0xa/0x15 [ 254.015335][T11679] ? fault_create_debugfs_attr+0x180/0x180 [ 254.021148][T11679] ? ___might_sleep+0x163/0x2c0 [ 254.026019][T11679] __should_failslab+0x121/0x190 [ 254.030955][T11679] should_failslab+0x9/0x14 [ 254.035462][T11679] __kmalloc+0x2e0/0x770 [ 254.039713][T11679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.045957][T11679] ? d_absolute_path+0x11b/0x170 [ 254.050891][T11679] ? __d_path+0x140/0x140 [ 254.055239][T11679] ? tomoyo_encode2.part.0+0xf5/0x400 [ 254.055257][T11679] tomoyo_encode2.part.0+0xf5/0x400 [ 254.065777][T11679] tomoyo_encode+0x2b/0x50 [ 254.065791][T11679] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 254.065808][T11679] tomoyo_path_number_perm+0x1dd/0x520 [ 254.065820][T11679] ? tomoyo_path_number_perm+0x193/0x520 [ 254.065834][T11679] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 254.065847][T11679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 254.065862][T11679] ? __kasan_check_read+0x11/0x20 [ 254.065888][T11679] ? __fget+0x384/0x560 [ 254.108358][T11679] ? ksys_dup3+0x3e0/0x3e0 [ 254.112774][T11679] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 254.119021][T11679] ? fput_many+0x12c/0x1a0 [ 254.123444][T11679] tomoyo_file_ioctl+0x23/0x30 [ 254.128214][T11679] security_file_ioctl+0x77/0xc0 05:24:58 executing program 4: r0 = semget$private(0x0, 0x2000000010a, 0x2) semop(r0, &(0x7f0000000080)=[{0x4, 0x6}, {0x4}], 0x2) semctl$IPC_SET(r0, 0x0, 0x1, &(0x7f0000000000)) [ 254.132488][T11695] binder: BINDER_SET_CONTEXT_MGR already set [ 254.133145][T11679] ksys_ioctl+0x57/0xd0 [ 254.133162][T11679] __x64_sys_ioctl+0x73/0xb0 [ 254.133178][T11679] do_syscall_64+0xfa/0x760 [ 254.133195][T11679] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.133203][T11679] RIP: 0033:0x4598e9 [ 254.133215][T11679] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.133221][T11679] RSP: 002b:00007f7bdaa8bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.133232][T11679] RAX: ffffffffffffffda RBX: 00007f7bdaa8bc90 RCX: 00000000004598e9 [ 254.133239][T11679] RDX: 0000000020000000 RSI: 00000000c0305302 RDI: 0000000000000003 [ 254.133246][T11679] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 254.133260][T11679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7bdaa8c6d4 [ 254.152420][T11679] R13: 00000000004cdbc0 R14: 00000000004d7bd8 R15: 0000000000000004 05:24:58 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x20000010, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 254.183467][T11696] FAULT_INJECTION: forcing a failure. [ 254.183467][T11696] name failslab, interval 1, probability 0, space 0, times 0 [ 254.202810][T11679] ERROR: Out of memory at tomoyo_realpath_from_path. [ 254.206928][T11695] binder: 11694:11695 ioctl 40046207 0 returned -16 05:24:58 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 254.305125][T11696] CPU: 1 PID: 11696 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 254.313836][T11696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.323888][T11696] Call Trace: [ 254.327184][T11696] dump_stack+0x172/0x1f0 [ 254.331520][T11696] should_fail.cold+0xa/0x15 [ 254.336115][T11696] ? fault_create_debugfs_attr+0x180/0x180 [ 254.341926][T11696] ? kernel_init_free_pages+0x120/0x120 [ 254.347477][T11696] ? ___might_sleep+0x163/0x2c0 [ 254.352332][T11696] __should_failslab+0x121/0x190 [ 254.357280][T11696] should_failslab+0x9/0x14 [ 254.361787][T11696] __kmalloc+0x2e0/0x770 [ 254.366028][T11696] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 254.372265][T11696] ? fput_many+0x12c/0x1a0 [ 254.376709][T11696] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 254.382941][T11696] ? strnlen_user+0x1ed/0x2e0 [ 254.387607][T11696] ? __x64_sys_memfd_create+0x13c/0x470 [ 254.393151][T11696] __x64_sys_memfd_create+0x13c/0x470 [ 254.398515][T11696] ? memfd_fcntl+0x18c0/0x18c0 05:24:58 executing program 3 (fault-call:1 fault-nth:3): r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:24:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 254.403275][T11696] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 254.409341][T11696] ? trace_hardirqs_off_caller+0x65/0x230 [ 254.415061][T11696] ? trace_hardirqs_on+0x67/0x240 [ 254.420108][T11696] do_syscall_64+0xfa/0x760 [ 254.424615][T11696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.430498][T11696] RIP: 0033:0x4598e9 [ 254.434387][T11696] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.453985][T11696] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 254.462398][T11696] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598e9 [ 254.470368][T11696] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004be808 [ 254.478328][T11696] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 254.486285][T11696] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f88264fe6d4 [ 254.486291][T11696] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:24:58 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:24:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:24:58 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x2) msgctl$IPC_RMID(r0, 0x0) [ 254.513510][T11717] binder: BINDER_SET_CONTEXT_MGR already set [ 254.526603][T11717] binder: 11715:11717 ioctl 40046207 0 returned -16 05:24:58 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:58 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x2, &(0x7f0000000000)) 05:24:58 executing program 1 (fault-call:0 fault-nth:1): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:24:58 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x8) msgctl$IPC_RMID(r0, 0x0) [ 254.694831][T11735] binder: BINDER_SET_CONTEXT_MGR already set [ 254.715746][T11735] binder: 11734:11735 ioctl 40046207 0 returned -16 [ 254.729585][T11740] FAULT_INJECTION: forcing a failure. [ 254.729585][T11740] name failslab, interval 1, probability 0, space 0, times 0 [ 254.757477][T11740] CPU: 0 PID: 11740 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 254.766180][T11740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 254.776413][T11740] Call Trace: [ 254.779705][T11740] dump_stack+0x172/0x1f0 [ 254.784047][T11740] should_fail.cold+0xa/0x15 [ 254.788644][T11740] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.794718][T11740] ? fault_create_debugfs_attr+0x180/0x180 [ 254.800535][T11740] ? kernel_init_free_pages+0x120/0x120 [ 254.806080][T11740] ? ___might_sleep+0x163/0x2c0 [ 254.810941][T11740] __should_failslab+0x121/0x190 [ 254.815887][T11740] ? shmem_destroy_inode+0x80/0x80 [ 254.821002][T11740] should_failslab+0x9/0x14 [ 254.825505][T11740] kmem_cache_alloc+0x2aa/0x710 [ 254.830355][T11740] ? __alloc_fd+0x487/0x620 [ 254.834852][T11740] ? __kasan_check_read+0x11/0x20 [ 254.839871][T11740] ? shmem_destroy_inode+0x80/0x80 [ 254.844971][T11740] shmem_alloc_inode+0x1c/0x50 [ 254.849727][T11740] alloc_inode+0x68/0x1e0 [ 254.854225][T11740] new_inode_pseudo+0x19/0xf0 [ 254.858896][T11740] new_inode+0x1f/0x40 [ 254.862958][T11740] shmem_get_inode+0x84/0x7e0 [ 254.867636][T11740] __shmem_file_setup.part.0+0x7e/0x2b0 [ 254.873180][T11740] shmem_file_setup+0x66/0x90 [ 254.877859][T11740] __x64_sys_memfd_create+0x2a2/0x470 [ 254.883233][T11740] ? memfd_fcntl+0x18c0/0x18c0 [ 254.887992][T11740] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 254.894046][T11740] ? trace_hardirqs_off_caller+0x65/0x230 [ 254.894057][T11740] ? trace_hardirqs_on+0x67/0x240 [ 254.894073][T11740] do_syscall_64+0xfa/0x760 [ 254.894086][T11740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 254.894100][T11740] RIP: 0033:0x4598e9 [ 254.919011][T11740] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 254.938596][T11740] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 254.946982][T11740] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598e9 [ 254.954928][T11740] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004be808 [ 254.962875][T11740] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 254.970823][T11740] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f88264fe6d4 [ 254.978780][T11740] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:24:59 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x4000) msgctl$IPC_RMID(r0, 0x0) 05:24:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x10, &(0x7f0000000000)) 05:24:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:24:59 executing program 1 (fault-call:0 fault-nth:2): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:24:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x4c00, &(0x7f0000000000)) [ 255.090949][T11756] binder: BINDER_SET_CONTEXT_MGR already set [ 255.113219][T11756] binder: 11755:11756 ioctl 40046207 0 returned -16 [ 255.121445][T11762] FAULT_INJECTION: forcing a failure. [ 255.121445][T11762] name failslab, interval 1, probability 0, space 0, times 0 [ 255.150956][T11765] binder: BINDER_SET_CONTEXT_MGR already set [ 255.173142][T11765] binder: 11763:11765 ioctl 40046207 0 returned -16 05:24:59 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:59 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x1000000) msgctl$IPC_RMID(r0, 0x0) [ 255.211950][T11762] CPU: 1 PID: 11762 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 255.220649][T11762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.230706][T11762] Call Trace: [ 255.234004][T11762] dump_stack+0x172/0x1f0 [ 255.238345][T11762] should_fail.cold+0xa/0x15 [ 255.242944][T11762] ? fault_create_debugfs_attr+0x180/0x180 [ 255.248761][T11762] ? kernel_init_free_pages+0x120/0x120 [ 255.254323][T11762] ? ___might_sleep+0x163/0x2c0 [ 255.259163][T11762] __should_failslab+0x121/0x190 [ 255.264102][T11762] should_failslab+0x9/0x14 [ 255.268604][T11762] kmem_cache_alloc+0x2aa/0x710 [ 255.268616][T11762] ? lock_acquire+0x190/0x410 [ 255.268635][T11762] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 255.284357][T11762] ? timestamp_truncate+0x20f/0x2f0 [ 255.289561][T11762] __d_alloc+0x2e/0x8c0 [ 255.293712][T11762] d_alloc_pseudo+0x1e/0x70 [ 255.293727][T11762] alloc_file_pseudo+0xe2/0x280 [ 255.293738][T11762] ? alloc_file+0x4d0/0x4d0 [ 255.293753][T11762] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 255.293779][T11762] __shmem_file_setup.part.0+0x108/0x2b0 [ 255.313803][T11762] shmem_file_setup+0x66/0x90 [ 255.324073][T11762] __x64_sys_memfd_create+0x2a2/0x470 [ 255.329449][T11762] ? memfd_fcntl+0x18c0/0x18c0 [ 255.334213][T11762] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 255.340336][T11762] ? trace_hardirqs_off_caller+0x65/0x230 [ 255.346049][T11762] ? trace_hardirqs_on+0x67/0x240 [ 255.346068][T11762] do_syscall_64+0xfa/0x760 [ 255.346087][T11762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.355997][T11780] binder: BINDER_SET_CONTEXT_MGR already set [ 255.361432][T11762] RIP: 0033:0x4598e9 [ 255.361447][T11762] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.361453][T11762] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 255.399292][T11762] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598e9 05:24:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x4c01, &(0x7f0000000000)) [ 255.407271][T11762] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004be808 [ 255.408423][T11780] binder: 11776:11780 ioctl 40046207 0 returned -16 [ 255.415243][T11762] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 255.415250][T11762] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f88264fe6d4 [ 255.415261][T11762] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 255.458422][T11783] binder: BINDER_SET_CONTEXT_MGR already set 05:24:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:24:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:24:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x541a, &(0x7f0000000000)) 05:24:59 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x2000000) msgctl$IPC_RMID(r0, 0x0) 05:24:59 executing program 1 (fault-call:0 fault-nth:3): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 255.508180][T11783] binder: 11775:11783 ioctl 40046207 0 returned -16 05:24:59 executing program 4: r0 = socket(0x9, 0x1, 0x2) r1 = fcntl$getown(r0, 0x9) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc) getpgid(r1) pipe2(&(0x7f0000000000), 0x0) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x408580) r3 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000380)=""/152, 0x98}, {&(0x7f0000000300)=""/46, 0x2e}, {&(0x7f0000000440)}], 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) r4 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x8000) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) fstat(r0, &(0x7f0000000080)) sendfile(r2, r2, 0x0, 0x40fdf) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r7) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, &(0x7f0000000680)="8ff33a76d8e0bf18177b5139dfd65ca6558be8f49bc25bea56a6035eb1ac90b40b806f5a3ccb45c45c15ab1bb42486c7d2eb174817e7a75c02f0a669a449247eecc16a04612ea32c4b341fa33411d9958c3b1b314fbbfc5b9cf866ec530bff67923a46d368774e5c56458449837767d2331ff705a6b3a725e69a0073e42ea6c576f80667da24f925c9eb227e0f8bb9184669cb005ce158586f30069aa1f8f83be13f9c6e167ea629a41260f9b2214b36ad8189f938bb9f397e546ea2ce1d3206f912a4bfc06df996d62b556f5a16d8d8986bb17a6fbdcacdf4d15f9584660fab4f0f0bb914a74a006083e758ab97981de692fef8ef0cce0e151b939e40a018df") clock_settime(0x1, &(0x7f0000000040)={0x77359400}) 05:24:59 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x541b, &(0x7f0000000000)) [ 255.640596][T11802] binder: BINDER_SET_CONTEXT_MGR already set [ 255.656159][T11802] binder: 11798:11802 ioctl 40046207 0 returned -16 05:24:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 255.684380][T11806] FAULT_INJECTION: forcing a failure. [ 255.684380][T11806] name failslab, interval 1, probability 0, space 0, times 0 [ 255.742191][T11806] CPU: 0 PID: 11806 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 255.750893][T11806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.760936][T11806] Call Trace: [ 255.760957][T11806] dump_stack+0x172/0x1f0 [ 255.760975][T11806] should_fail.cold+0xa/0x15 [ 255.760993][T11806] ? __kasan_check_read+0x11/0x20 [ 255.778164][T11806] ? fault_create_debugfs_attr+0x180/0x180 [ 255.783975][T11806] ? kernel_init_free_pages+0x120/0x120 [ 255.786060][T11819] binder: BINDER_SET_CONTEXT_MGR already set [ 255.789516][T11806] ? ___might_sleep+0x163/0x2c0 [ 255.789533][T11806] __should_failslab+0x121/0x190 [ 255.789551][T11806] should_failslab+0x9/0x14 [ 255.805203][T11819] binder: 11817:11819 ioctl 40046207 0 returned -16 [ 255.805291][T11806] kmem_cache_alloc+0x2aa/0x710 [ 255.821169][T11806] ? rwlock_bug.part.0+0x90/0x90 [ 255.826124][T11806] ? __d_instantiate+0x82/0x470 [ 255.826137][T11806] ? lock_downgrade+0x920/0x920 [ 255.826154][T11806] __alloc_file+0x27/0x340 [ 255.835812][T11806] alloc_empty_file+0x72/0x170 [ 255.835828][T11806] alloc_file+0x5e/0x4d0 [ 255.849193][T11806] alloc_file_pseudo+0x189/0x280 [ 255.854137][T11806] ? alloc_file+0x4d0/0x4d0 [ 255.858639][T11806] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 255.864884][T11806] __shmem_file_setup.part.0+0x108/0x2b0 [ 255.870515][T11806] shmem_file_setup+0x66/0x90 [ 255.875193][T11806] __x64_sys_memfd_create+0x2a2/0x470 [ 255.878383][T11823] binder: BINDER_SET_CONTEXT_MGR already set [ 255.880604][T11806] ? memfd_fcntl+0x18c0/0x18c0 [ 255.880619][T11806] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 255.880638][T11806] ? trace_hardirqs_off_caller+0x65/0x230 [ 255.886684][T11823] binder: 11822:11823 ioctl 40046207 0 returned -16 [ 255.891334][T11806] ? trace_hardirqs_on+0x67/0x240 [ 255.891352][T11806] do_syscall_64+0xfa/0x760 [ 255.891372][T11806] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 255.909668][T11806] RIP: 0033:0x4598e9 05:24:59 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 255.919143][T11806] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 255.919150][T11806] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 255.956973][T11806] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598e9 [ 255.964944][T11806] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004be808 [ 255.965609][T11827] binder: BINDER_SET_CONTEXT_MGR already set [ 255.972907][T11806] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 05:25:00 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x8000000) msgctl$IPC_RMID(r0, 0x0) 05:25:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x5421, &(0x7f0000000000)) [ 255.972915][T11806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f88264fe6d4 [ 255.972923][T11806] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x5423, &(0x7f0000000000)) [ 256.093734][T11827] binder: 11826:11827 ioctl 40046207 0 returned -16 05:25:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:00 executing program 4: r0 = socket(0x9, 0x1, 0x2) r1 = fcntl$getown(r0, 0x9) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc) getpgid(r1) pipe2(&(0x7f0000000000), 0x0) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x408580) r3 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000380)=""/152, 0x98}, {&(0x7f0000000300)=""/46, 0x2e}, {&(0x7f0000000440)}], 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) r4 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x8000) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) fstat(r0, &(0x7f0000000080)) sendfile(r2, r2, 0x0, 0x40fdf) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r7) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, &(0x7f0000000680)="8ff33a76d8e0bf18177b5139dfd65ca6558be8f49bc25bea56a6035eb1ac90b40b806f5a3ccb45c45c15ab1bb42486c7d2eb174817e7a75c02f0a669a449247eecc16a04612ea32c4b341fa33411d9958c3b1b314fbbfc5b9cf866ec530bff67923a46d368774e5c56458449837767d2331ff705a6b3a725e69a0073e42ea6c576f80667da24f925c9eb227e0f8bb9184669cb005ce158586f30069aa1f8f83be13f9c6e167ea629a41260f9b2214b36ad8189f938bb9f397e546ea2ce1d3206f912a4bfc06df996d62b556f5a16d8d8986bb17a6fbdcacdf4d15f9584660fab4f0f0bb914a74a006083e758ab97981de692fef8ef0cce0e151b939e40a018df") clock_settime(0x1, &(0x7f0000000040)={0x77359400}) 05:25:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x5450, &(0x7f0000000000)) 05:25:00 executing program 1 (fault-call:0 fault-nth:4): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:00 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x40000000) msgctl$IPC_RMID(r0, 0x0) 05:25:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x5451, &(0x7f0000000000)) 05:25:00 executing program 4: r0 = socket(0x9, 0x1, 0x2) r1 = fcntl$getown(r0, 0x9) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000200), &(0x7f0000000240)=0xc) getpgid(r1) pipe2(&(0x7f0000000000), 0x0) r2 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x408580) r3 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000380)=""/152, 0x98}, {&(0x7f0000000300)=""/46, 0x2e}, {&(0x7f0000000440)}], 0x3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pwritev(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r3) r4 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x8000) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) fstat(r0, &(0x7f0000000080)) sendfile(r2, r2, 0x0, 0x40fdf) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r7) ioctl$FS_IOC_SETFSLABEL(r5, 0x41009432, &(0x7f0000000680)="8ff33a76d8e0bf18177b5139dfd65ca6558be8f49bc25bea56a6035eb1ac90b40b806f5a3ccb45c45c15ab1bb42486c7d2eb174817e7a75c02f0a669a449247eecc16a04612ea32c4b341fa33411d9958c3b1b314fbbfc5b9cf866ec530bff67923a46d368774e5c56458449837767d2331ff705a6b3a725e69a0073e42ea6c576f80667da24f925c9eb227e0f8bb9184669cb005ce158586f30069aa1f8f83be13f9c6e167ea629a41260f9b2214b36ad8189f938bb9f397e546ea2ce1d3206f912a4bfc06df996d62b556f5a16d8d8986bb17a6fbdcacdf4d15f9584660fab4f0f0bb914a74a006083e758ab97981de692fef8ef0cce0e151b939e40a018df") clock_settime(0x1, &(0x7f0000000040)={0x77359400}) [ 256.319733][T11855] binder: BINDER_SET_CONTEXT_MGR already set [ 256.357628][T11855] binder: 11853:11855 ioctl 40046207 0 returned -16 05:25:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 256.411138][T11864] FAULT_INJECTION: forcing a failure. [ 256.411138][T11864] name failslab, interval 1, probability 0, space 0, times 0 05:25:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x5452, &(0x7f0000000000)) [ 256.475492][T11864] CPU: 0 PID: 11864 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 256.484196][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.494251][T11864] Call Trace: [ 256.497553][T11864] dump_stack+0x172/0x1f0 [ 256.501879][T11864] should_fail.cold+0xa/0x15 [ 256.506483][T11864] ? fault_create_debugfs_attr+0x180/0x180 [ 256.512291][T11864] ? kernel_init_free_pages+0x120/0x120 [ 256.517822][T11864] ? ___might_sleep+0x163/0x2c0 [ 256.522659][T11864] __should_failslab+0x121/0x190 [ 256.527596][T11864] should_failslab+0x9/0x14 [ 256.532087][T11864] kmem_cache_alloc+0x2aa/0x710 [ 256.536928][T11864] ? memcg_kmem_put_cache+0x3e/0x50 [ 256.542110][T11864] ? kmem_cache_alloc+0x314/0x710 [ 256.547121][T11864] security_file_alloc+0x39/0x170 [ 256.552131][T11864] __alloc_file+0xde/0x340 [ 256.556535][T11864] alloc_empty_file+0x72/0x170 [ 256.561285][T11864] alloc_file+0x5e/0x4d0 [ 256.565512][T11864] alloc_file_pseudo+0x189/0x280 [ 256.570439][T11864] ? alloc_file+0x4d0/0x4d0 [ 256.574931][T11864] ? lockdep_annotate_inode_mutex_key+0x5b/0x70 [ 256.581158][T11864] __shmem_file_setup.part.0+0x108/0x2b0 [ 256.586781][T11864] shmem_file_setup+0x66/0x90 [ 256.591443][T11864] __x64_sys_memfd_create+0x2a2/0x470 [ 256.596797][T11864] ? memfd_fcntl+0x18c0/0x18c0 [ 256.601546][T11864] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 256.607596][T11864] ? trace_hardirqs_off_caller+0x65/0x230 [ 256.613297][T11864] ? trace_hardirqs_on+0x67/0x240 [ 256.618311][T11864] do_syscall_64+0xfa/0x760 [ 256.622806][T11864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 256.628698][T11864] RIP: 0033:0x4598e9 [ 256.632590][T11864] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 256.652198][T11864] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 256.660595][T11864] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598e9 [ 256.668545][T11864] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 00000000004be808 05:25:00 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x100000000000000) msgctl$IPC_RMID(r0, 0x0) [ 256.676502][T11864] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 256.684457][T11864] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f88264fe6d4 [ 256.692412][T11864] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 256.718185][T11873] binder: BINDER_SET_CONTEXT_MGR already set [ 256.733885][T11873] binder: 11872:11873 ioctl 40046207 0 returned -16 05:25:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 05:25:00 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x5460, &(0x7f0000000000)) 05:25:00 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 256.827855][T11884] binder: BINDER_SET_CONTEXT_MGR already set [ 256.834411][T11884] binder: 11882:11884 ioctl 40046207 0 returned -16 [ 256.920085][T11894] binder: BINDER_SET_CONTEXT_MGR already set [ 256.938935][T11894] binder: 11892:11894 ioctl 40046207 0 returned -16 05:25:01 executing program 1 (fault-call:0 fault-nth:5): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:01 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x200000000000000) msgctl$IPC_RMID(r0, 0x0) 05:25:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x6364, &(0x7f0000000000)) [ 257.058440][T11909] binder: BINDER_SET_CONTEXT_MGR already set [ 257.071121][T11909] binder: 11906:11909 ioctl 40046207 0 returned -16 05:25:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x8912, &(0x7f0000000000)) 05:25:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:01 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00\x00\xf2\xff\xff\xff\x00'}}, 0x1e) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) 05:25:01 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x800000000000000) msgctl$IPC_RMID(r0, 0x0) 05:25:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 257.213120][T11920] binder: BINDER_SET_CONTEXT_MGR already set [ 257.236448][T11920] binder: 11917:11920 ioctl 40046207 0 returned -16 05:25:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x8933, &(0x7f0000000000)) [ 257.265028][T11922] FAULT_INJECTION: forcing a failure. [ 257.265028][T11922] name failslab, interval 1, probability 0, space 0, times 0 [ 257.288501][T11922] CPU: 1 PID: 11922 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 257.297197][T11922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.307249][T11922] Call Trace: [ 257.310536][T11922] dump_stack+0x172/0x1f0 [ 257.314871][T11922] should_fail.cold+0xa/0x15 [ 257.319463][T11922] ? fault_create_debugfs_attr+0x180/0x180 [ 257.325269][T11922] ? unwind_get_return_address+0x61/0xa0 [ 257.330904][T11922] ? profile_setup.cold+0xbb/0xbb [ 257.335928][T11922] ? ___might_sleep+0x163/0x2c0 [ 257.340781][T11922] __should_failslab+0x121/0x190 [ 257.345729][T11922] should_failslab+0x9/0x14 [ 257.350228][T11922] __kmalloc+0x2e0/0x770 [ 257.354466][T11922] ? mark_held_locks+0xf0/0xf0 [ 257.359220][T11922] ? stack_trace_save+0xac/0xe0 [ 257.359238][T11922] ? stack_trace_consume_entry+0x190/0x190 [ 257.369876][T11922] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 257.375684][T11922] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 257.381408][T11922] tomoyo_realpath_from_path+0xcd/0x7b0 [ 257.386951][T11922] ? tomoyo_path_perm+0x1cb/0x430 [ 257.391979][T11922] tomoyo_path_perm+0x230/0x430 [ 257.396825][T11922] ? tomoyo_path_perm+0x1cb/0x430 [ 257.401846][T11922] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 257.407910][T11922] ? __fget+0x35d/0x560 [ 257.412059][T11922] ? __kasan_check_read+0x11/0x20 [ 257.417082][T11922] ? __kasan_check_read+0x11/0x20 [ 257.422110][T11922] ? retint_kernel+0x2b/0x2b [ 257.426712][T11922] tomoyo_path_truncate+0x1d/0x30 [ 257.431736][T11922] security_path_truncate+0xf2/0x150 [ 257.437022][T11922] do_sys_ftruncate+0x3d9/0x550 [ 257.441870][T11922] __x64_sys_ftruncate+0x59/0x80 [ 257.446808][T11922] do_syscall_64+0xfa/0x760 [ 257.451306][T11922] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 257.457197][T11922] RIP: 0033:0x4598b7 [ 257.461090][T11922] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 257.480687][T11922] RSP: 002b:00007f88264fda88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 257.489097][T11922] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598b7 [ 257.497060][T11922] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000004 [ 257.505026][T11922] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 05:25:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 257.512992][T11922] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000004 [ 257.520957][T11922] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:01 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x4000000000000000) msgctl$IPC_RMID(r0, 0x0) [ 257.609368][T11939] binder: BINDER_SET_CONTEXT_MGR already set [ 257.663291][T11939] binder: 11938:11939 ioctl 40046207 0 returned -16 [ 257.702928][T11922] ERROR: Out of memory at tomoyo_realpath_from_path. [ 257.757914][T11922] FAT-fs (loop1): bogus number of reserved sectors [ 257.765763][T11922] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:01 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00\x00\xf2\xff\xff\xff\x00'}}, 0x1e) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) 05:25:01 executing program 1 (fault-call:0 fault-nth:6): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:01 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x89a0, &(0x7f0000000000)) 05:25:01 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) syz_init_net_socket$ax25(0x3, 0x3, 0xc4) 05:25:01 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:01 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 257.943258][T11965] binder: BINDER_SET_CONTEXT_MGR already set [ 257.958302][T11969] FAULT_INJECTION: forcing a failure. [ 257.958302][T11969] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 257.971526][T11969] CPU: 0 PID: 11969 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 257.980193][T11969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 257.990244][T11969] Call Trace: [ 257.993541][T11969] dump_stack+0x172/0x1f0 [ 257.997884][T11969] should_fail.cold+0xa/0x15 [ 258.002483][T11969] ? fault_create_debugfs_attr+0x180/0x180 [ 258.008298][T11969] ? is_bpf_text_address+0xac/0x170 [ 258.008312][T11969] ? __kasan_check_read+0x11/0x20 [ 258.008333][T11969] should_fail_alloc_page+0x50/0x60 [ 258.023716][T11969] __alloc_pages_nodemask+0x1a1/0x900 [ 258.029083][T11969] ? __bpf_address_lookup+0x310/0x310 [ 258.029099][T11969] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 258.029117][T11969] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 258.045872][T11969] ? kernel_text_address+0x73/0xf0 [ 258.050991][T11969] ? fault_create_debugfs_attr+0x180/0x180 [ 258.056802][T11969] cache_grow_begin+0x90/0xd20 [ 258.061571][T11969] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 258.067290][T11969] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 258.073530][T11969] __kmalloc+0x6b2/0x770 [ 258.077777][T11969] ? mark_held_locks+0xf0/0xf0 [ 258.082540][T11969] ? stack_trace_save+0xac/0xe0 [ 258.087399][T11969] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 258.093120][T11969] tomoyo_realpath_from_path+0xcd/0x7b0 [ 258.098667][T11969] ? tomoyo_path_perm+0x1cb/0x430 [ 258.103695][T11969] tomoyo_path_perm+0x230/0x430 [ 258.108542][T11969] ? tomoyo_path_perm+0x1cb/0x430 [ 258.113566][T11969] ? tomoyo_check_open_permission+0x3f0/0x3f0 [ 258.119630][T11969] ? __fget+0x35d/0x560 [ 258.123781][T11969] ? __kasan_check_read+0x11/0x20 [ 258.128800][T11969] ? __kasan_check_read+0x11/0x20 [ 258.133825][T11969] ? __fget+0xa3/0x560 [ 258.137900][T11969] ? lock_acquire+0x190/0x410 [ 258.142577][T11969] ? do_sys_ftruncate+0x282/0x550 [ 258.147601][T11969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 258.153839][T11969] tomoyo_path_truncate+0x1d/0x30 [ 258.153860][T11969] security_path_truncate+0xf2/0x150 [ 258.164128][T11969] do_sys_ftruncate+0x3d9/0x550 [ 258.164147][T11969] __x64_sys_ftruncate+0x59/0x80 [ 258.164161][T11969] do_syscall_64+0xfa/0x760 [ 258.164182][T11969] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 258.184276][T11969] RIP: 0033:0x4598b7 05:25:02 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x100000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000440)=@filter={'filter\x00', 0xe, 0x1, 0x130, [0x0, 0x20000100, 0x20000130, 0x20000160], 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0000000000002a7b0000000000000000000000000300000000000000000000000000000000000000feffffff0000000000000000000000000012c31a00b556307b0000160900000000000000000000000000000000000000ffffffff00000000000000000000000000000000000000000000000000ffffff7f000000000000000000000000000000feffffff010000001100000009000000000000000000106cf4aa4ac99e8d000000006c6f0000000000000000000000000001000000000000000000000000100000fa6215e1c90fed90ac00000000a85f001a4b0000000000000005000000aaaaaaaaaa0000020000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000d000000000000000000"]}, 0x1a8) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x5, @local, 'bridge0\x00\x00\xf2\xff\xff\xff\x00'}}, 0x1e) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) 05:25:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x242001) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x42140, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x1}, 0x10) write(r1, &(0x7f00000000c0)="240000001e00ff0214fffffffffffff8070000000000000000000000080009000d000000", 0x24) [ 258.188169][T11969] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 258.207768][T11969] RSP: 002b:00007f88264fda88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 258.216181][T11969] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000004598b7 [ 258.224151][T11969] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000004 [ 258.227746][T11965] binder: 11960:11965 ioctl 40046207 0 returned -16 05:25:02 executing program 5: r0 = msgget$private(0x0, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) getsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f00000001c0)=0x20, &(0x7f0000000200)=0x4) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) move_pages(r5, 0x5, &(0x7f0000000100)=[&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil], &(0x7f0000000140)=[0x1, 0x3, 0x5, 0x0], &(0x7f0000000180)=[0x0], 0x4) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, r1}, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x4}) epoll_pwait(r4, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}, {}], 0x7, 0xff, &(0x7f00000002c0)={0x8001}, 0x8) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x89a1, &(0x7f0000000000)) 05:25:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x242001) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x42140, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x1}, 0x10) write(r1, &(0x7f00000000c0)="240000001e00ff0214fffffffffffff8070000000000000000000000080009000d000000", 0x24) 05:25:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 258.232121][T11969] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 258.232128][T11969] R10: 0000000000000000 R11: 0000000000000217 R12: 0000000000000004 [ 258.232136][T11969] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 258.268519][T11969] FAT-fs (loop1): bogus number of reserved sectors [ 258.275709][T11969] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:02 executing program 1 (fault-call:0 fault-nth:7): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:02 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x242001) ioctl$UI_DEV_DESTROY(r0, 0x5502) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x42140, 0x0) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x1}, 0x10) write(r1, &(0x7f00000000c0)="240000001e00ff0214fffffffffffff8070000000000000000000000080009000d000000", 0x24) 05:25:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xae01, &(0x7f0000000000)) [ 258.445280][T11996] binder: BINDER_SET_CONTEXT_MGR already set [ 258.473945][T11996] binder: 11995:11996 ioctl 40046207 0 returned -16 [ 258.572442][T12007] FAULT_INJECTION: forcing a failure. [ 258.572442][T12007] name failslab, interval 1, probability 0, space 0, times 0 05:25:02 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = creat(0xfffffffffffffffd, 0x4) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r4, 0x40186f40, 0x7600f4) r5 = socket(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f0000000000)=r7, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000240)={r7, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000040)={r7, 0x4}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r8, 0x3}, 0x8) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 258.621073][T12007] CPU: 1 PID: 12007 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 258.629778][T12007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 258.639830][T12007] Call Trace: [ 258.643128][T12007] dump_stack+0x172/0x1f0 [ 258.647457][T12007] should_fail.cold+0xa/0x15 [ 258.652135][T12007] ? fault_create_debugfs_attr+0x180/0x180 [ 258.657946][T12007] ? kernel_init_free_pages+0x120/0x120 [ 258.663492][T12007] ? ___might_sleep+0x163/0x2c0 [ 258.668342][T12007] __should_failslab+0x121/0x190 [ 258.673277][T12007] should_failslab+0x9/0x14 [ 258.677773][T12007] kmem_cache_alloc+0x2aa/0x710 [ 258.682613][T12007] ? __kasan_check_write+0x14/0x20 [ 258.687715][T12007] ? up_write+0x155/0x490 [ 258.692041][T12007] getname_flags+0xd6/0x5b0 [ 258.696543][T12007] getname+0x1a/0x20 [ 258.700432][T12007] do_sys_open+0x2c9/0x5d0 [ 258.704845][T12007] ? filp_open+0x80/0x80 [ 258.709082][T12007] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 258.715317][T12007] ? fput+0x1b/0x20 05:25:02 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) r5 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r5, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") getsockopt$inet_int(r5, 0x0, 0xe, &(0x7f0000000100), &(0x7f0000000140)=0x4) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) r6 = fcntl$dupfd(r2, 0x406, r4) setsockopt$IP_VS_SO_SET_EDITDEST(r6, 0x0, 0x489, 0x0, 0x0) [ 258.719124][T12007] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 258.725189][T12007] __x64_sys_open+0x7e/0xc0 [ 258.729715][T12007] do_syscall_64+0xfa/0x760 [ 258.734230][T12007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 258.740300][T12007] RIP: 0033:0x4137d1 [ 258.744190][T12007] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 05:25:02 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xae41, &(0x7f0000000000)) 05:25:02 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 258.763793][T12007] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 258.763805][T12007] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 258.763812][T12007] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 [ 258.763819][T12007] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 258.763825][T12007] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 258.763832][T12007] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 258.783376][T12015] ubi0: attaching mtd0 [ 258.844655][T12015] ubi0: scanning is finished [ 258.847198][T12022] binder: BINDER_SET_CONTEXT_MGR already set [ 258.855735][T12022] binder: 12018:12022 ioctl 40046207 0 returned -16 [ 258.859231][T12015] ubi0: empty MTD device detected 05:25:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x40042408, &(0x7f0000000000)) 05:25:03 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xffffffffffffff44}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="020a000007000000000020000000854105001a0000000010206509a3ed1317d895c9ff060000000000000024427238297f5a9adc53ab0037"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a00000000000004000000489b46797ae217f12100000000000138020000000002000100010000000100000200fd000005000500000000000a004872bb01000000000000001309e339be593f770700000001001700410000"], 0x70}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0) prctl$PR_GET_FP_MODE(0x2e) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$TIOCSCTTY(r2, 0x540e, 0x20) r4 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) bind$pptp(r1, &(0x7f0000000100)={0x18, 0x2, {0x2, @multicast1}}, 0x1e) [ 259.021626][T12040] binder: BINDER_SET_CONTEXT_MGR already set [ 259.029949][T12015] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 259.052415][T12040] binder: 12035:12040 ioctl 40046207 0 returned -16 [ 259.057107][T12015] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes 05:25:03 executing program 1 (fault-call:0 fault-nth:8): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x40045431, &(0x7f0000000000)) 05:25:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 259.091014][T12015] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 259.106344][T12015] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 259.130798][T12015] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 259.158630][T12054] FAULT_INJECTION: forcing a failure. [ 259.158630][T12054] name failslab, interval 1, probability 0, space 0, times 0 [ 259.171412][T12015] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 259.171423][T12015] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2383495001 [ 259.171434][T12015] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 259.171455][T12042] ubi0: background thread "ubi_bgt0d" started, PID 12042 05:25:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 259.211591][T12057] binder: BINDER_SET_CONTEXT_MGR already set [ 259.223812][T12054] CPU: 0 PID: 12054 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 259.232517][T12054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.242572][T12054] Call Trace: [ 259.242595][T12054] dump_stack+0x172/0x1f0 [ 259.242618][T12054] should_fail.cold+0xa/0x15 [ 259.254780][T12054] ? fault_create_debugfs_attr+0x180/0x180 [ 259.256889][T12057] binder: 12056:12057 ioctl 40046207 0 returned -16 [ 259.260762][T12054] ? kernel_init_free_pages+0x120/0x120 [ 259.260776][T12054] ? ___might_sleep+0x163/0x2c0 [ 259.260795][T12054] __should_failslab+0x121/0x190 [ 259.277743][T12054] should_failslab+0x9/0x14 [ 259.287144][T12054] kmem_cache_alloc+0x2aa/0x710 [ 259.292005][T12054] ? __kasan_check_write+0x14/0x20 [ 259.297112][T12054] ? up_write+0x155/0x490 [ 259.301449][T12054] getname_flags+0xd6/0x5b0 [ 259.305957][T12054] getname+0x1a/0x20 [ 259.309855][T12054] do_sys_open+0x2c9/0x5d0 [ 259.314275][T12054] ? filp_open+0x80/0x80 [ 259.318522][T12054] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 259.324766][T12054] ? fput+0x1b/0x20 [ 259.328577][T12054] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 259.334643][T12054] __x64_sys_open+0x7e/0xc0 [ 259.339153][T12054] do_syscall_64+0xfa/0x760 [ 259.343660][T12054] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 259.349545][T12054] RIP: 0033:0x4137d1 [ 259.353429][T12054] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 259.353436][T12054] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 259.353453][T12054] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 259.392119][T12054] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 [ 259.400084][T12054] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 259.400092][T12054] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 259.400099][T12054] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 259.531955][T12033] ubi: mtd0 is already attached to ubi0 05:25:03 executing program 5: r0 = msgget$private(0x0, 0x0) io_setup(0x9, &(0x7f0000000380)=0x0) io_pgetevents(r1, 0x4, 0x4, &(0x7f00000003c0)=[{}, {}, {}, {}], &(0x7f0000000140), 0x0) io_getevents(r1, 0x4, 0x1, &(0x7f0000000000)=[{}], &(0x7f0000000040)) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000100000000625065fd0ab7022fd8c05ed75be2c07d1c7169c771db2f5907a67674bb1ea2040c510c4e33bd95543a3cb8abf00ab0f7cd5da5cc90c40823134c1ddeed94a171a0859b8e48f6bea500f88c92a39568ae707855932c919ddba2f9a7ee8fe290550c5bf406a1c29a5ad5cb32b8f3044b8148082f5ad3aeee813d2d041faa0f6eb416aa395c3e5db91d1b1af3e2954ab8166ef8"], 0x8, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x101040, 0x0) ioctl$VIDIOC_G_OUTPUT(r2, 0x8004562e, &(0x7f00000001c0)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x7f) msgctl$IPC_RMID(r0, 0x0) 05:25:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x400454ca, &(0x7f0000000000)) 05:25:03 executing program 4: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r0, 0xc0a85322, &(0x7f0000000400)) r2 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r2, &(0x7f0000002700)=[{{&(0x7f00000009c0)=@caif, 0x0, &(0x7f0000000b80)=[{&(0x7f0000002dc0)=""/4096}, {&(0x7f0000000a40)=""/235}, {&(0x7f0000000b40)=""/41}], 0x0, &(0x7f0000000bc0)=""/142}, 0x80}, {{&(0x7f0000000c80)=@l2, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000d00)=""/181}, {&(0x7f0000000dc0)=""/13, 0xffffffffffffff71}], 0x0, &(0x7f0000000e40)=""/60}, 0x4}, {{0x0, 0x0, &(0x7f0000002480)=[{&(0x7f0000000e80)=""/122}, {&(0x7f0000000f00)=""/133}, {&(0x7f0000000fc0)=""/37}, {&(0x7f0000001000)=""/177}, {&(0x7f00000010c0)=""/250}, {&(0x7f00000011c0)=""/254}, {&(0x7f0000003dc0)=""/4096}, {&(0x7f00000012c0)=""/26}, {&(0x7f0000001300)=""/65}, {&(0x7f0000001380)=""/165}], 0x0, &(0x7f0000001440)}, 0x100}, {{&(0x7f0000002540)=@pptp={0x18, 0x2, {0x0, @multicast1}}, 0x0, &(0x7f0000002640)=[{&(0x7f00000025c0)=""/71}], 0x0, &(0x7f0000002680)=""/90}, 0x7fffffff}], 0x3ffffffffffff9b, 0x2, &(0x7f00000008c0)={0x77359400}) ioctl$TIOCSPTLCK(r0, 0x40045431, &(0x7f0000000080)=0x1) sendmsg$nl_generic(r2, &(0x7f0000000340)={0x0, 0xffffffffffffff0e, &(0x7f0000000300)={&(0x7f0000001440)=ANY=[@ANYBLOB="140000004200053127d8010080000000000400000072e6c04000016ed7b2063c2e5df444b1d69598368135e22adfff66954ea956b680114351fac525cfd9024b000000000000001e3b35e6b8407c13389947b2ea420101dfee3122981b471b674ba2b8e6e58022891fb9b85a2216fccfff61a3d1bc29cff0bca99a238de2deaf699e19b03b42bba6dd6509737d65b5e909451f20f3c68aaa68fe2553ef76a40a03abb15ca57d2c3f0f04b3bb7738d93ec2ddff909116f889cba8bb3835ca4ab6cfbcad4a44fbb22821f5a2d706ffea6c7aa57b0000000000000000eb409411195e1e4787775926ce432fe23b9ac29e5d87d253d34eca3f58048e26af2178788efe9c89c7c9e509b66243e6218907c478cbc073c64d606ee9c6d197feacd571a3908bcaf3bdde23d10fc60a83903242de26a2ae2a0b55361e67221f000000000000004d473cf341fe44f6947420d839e50e77043310f2d6ddc318f407028ac95b28bfc47dcc68c55518f1067e79ae4ad1d077ab137b62c7e5fc27fac7282566055964bff527e756df553f135660d6c9acf462b3da3f0644f9a631a35c34dd30f35b204d32aa389b46f29183ddcbbd87d9df16ff3979ab7ea870f7743c2931e70bd96823b6e360b2eacd47b907e4c693a42204a98f1296c162e31b23f3b75bfc15e5dfb814fbe0b474d804f67b3e5219188aeebdea4d546589559cb89d8df25cbd86ac939229c2f1cbdce8df0fcb0000cdd6d83c981b0c31e761e45144c41d6a334d827c7feb88319bf7e269958501645a7e720b0f2fc465211f86fe0166d03cd6f3de58c5c808ea8ec3f79f716031f2cbb56418aab49fbfb3da2839191315785537c7e6678db85d82079ab129766b87634afdc4ce167bde9df4ade95e5d734263eb202b8072f28359af273235baff7dbe17110e83c631f3006554c6fa33f54900000000ffffffff2a429e0bddc432929bb299e578a64d91b33a1bb1f0f34c2cc010e51660b49692fad44ebd57e95da6a1121a3e5d3d7467b4a458dc67324669655477d32b9de71a662f2058038f09268346f928dd2cd02a0f49ad146a790aa8134856ac0c1f3f2eb6b70cbcf9d6d3f6b9da683d3d95510000000000003b0733f7be7cdd0d1d6e3546c185f865e021e0e81a2659a694579badcc3083221ab8dc3efdbe6d5057b621ae0925db8a5a2865f7a5986a232aa1b786cd8ca4da28502f4a6837d43ffe878bd18bbc5fc7981263a2a08cf77f7891f5cbdc01a593a37126dfcc49047756a27ee37baa596a0f237a07071c8d88c7e561df93869a4c4fec01a50eba6209c195000000000000000000000000000014c69d32dd53b68974c55eb4aed61f51a8f5e0dd43425e03d3a285c55cb2c5b6090590d0e32f087bbbe54415eb663e12bc6bf8725bcfb51945f4cad381e98c341b31af42056a5bb18dcb208d441f2035250ac8751f35405713b4835e5c6a27f830babfd90faccdab8d23f348cac1bfc4674ff76d8ebd0389047a9e36411ebb133648065e544e73f59a0b68443361fb3bdf03214a2055fa51d03b2f8c7e3e1af60269f8ea52e3dba93669eb4e600eadf56c16d250c105ec48df886f54f853adb6b37b47304df9a6e5ff420893bae61659c5f48282aaefae97589191b091c143648fad7ac80e4af87d50d47ebe8b205e821fca7c995465ef9830e8ed5d0028ba4f9d7417"], 0x14}}, 0x0) r3 = socket$pppoe(0x18, 0x1, 0x0) getsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) setsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f00000000c0)={0x7, 0x7}, 0x2) ioctl(r4, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") 05:25:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:03 executing program 1 (fault-call:0 fault-nth:9): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 259.636844][T12077] binder: BINDER_SET_CONTEXT_MGR already set [ 259.649571][T12082] FAULT_INJECTION: forcing a failure. [ 259.649571][T12082] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 259.654124][T12077] binder: 12076:12077 ioctl 40046207 0 returned -16 [ 259.662791][T12082] CPU: 0 PID: 12082 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 259.662800][T12082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 259.662804][T12082] Call Trace: [ 259.662824][T12082] dump_stack+0x172/0x1f0 [ 259.662845][T12082] should_fail.cold+0xa/0x15 [ 259.688122][T12082] ? fault_create_debugfs_attr+0x180/0x180 [ 259.688136][T12082] ? rwlock_bug.part.0+0x90/0x90 [ 259.688156][T12082] ? current_time+0x6b/0x110 [ 259.706093][T12082] should_fail_alloc_page+0x50/0x60 [ 259.706105][T12082] __alloc_pages_nodemask+0x1a1/0x900 [ 259.706122][T12082] ? __kasan_check_read+0x11/0x20 [ 259.731144][T12082] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 259.731163][T12082] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 259.742467][T12082] ? __kasan_check_read+0x11/0x20 [ 259.747582][T12082] ? fault_create_debugfs_attr+0x180/0x180 [ 259.753399][T12082] cache_grow_begin+0x90/0xd20 [ 259.758171][T12082] ? getname_flags+0xd6/0x5b0 [ 259.758192][T12082] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 259.770024][T12082] kmem_cache_alloc+0x64e/0x710 [ 259.774881][T12082] ? __kasan_check_write+0x14/0x20 [ 259.780017][T12082] getname_flags+0xd6/0x5b0 [ 259.784523][T12082] getname+0x1a/0x20 [ 259.788416][T12082] do_sys_open+0x2c9/0x5d0 [ 259.792836][T12082] ? filp_open+0x80/0x80 [ 259.797078][T12082] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 259.803327][T12082] ? fput+0x1b/0x20 [ 259.807157][T12082] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 259.813219][T12082] __x64_sys_open+0x7e/0xc0 [ 259.817722][T12082] do_syscall_64+0xfa/0x760 [ 259.820481][T12091] binder: BINDER_SET_CONTEXT_MGR already set [ 259.822225][T12082] entry_SYSCALL_64_after_hwframe+0x49/0xbe 05:25:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x400454d4, &(0x7f0000000000)) 05:25:03 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:03 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x400455c8, &(0x7f0000000000)) [ 259.822235][T12082] RIP: 0033:0x4137d1 [ 259.822252][T12082] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 259.834072][T12082] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 259.857519][T12082] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 259.857525][T12082] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 05:25:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 259.857532][T12082] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 259.857538][T12082] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 259.857551][T12082] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 259.872628][T12091] binder: 12089:12091 ioctl 40046207 0 returned -16 [ 259.915709][T12082] FAT-fs (loop1): bogus number of reserved sectors [ 259.922272][T12082] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:04 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = creat(0xfffffffffffffffd, 0x4) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r4, 0x40186f40, 0x7600f4) r5 = socket(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f0000000000)=r7, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000240)={r7, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000040)={r7, 0x4}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r8, 0x3}, 0x8) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x40046207, &(0x7f0000000000)) 05:25:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:04 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x80000000008001}) creat(&(0x7f0000000140)='./file0\x00', 0x100) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000003"], 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000100)) msgctl$IPC_RMID(r0, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x9b29bf5cfc7dc3c1) sendto$isdn(r3, &(0x7f0000000080)={0x56db, 0x80, "1372be58c8b8d365a7b88a386bf413a330709ee1a1"}, 0x1d, 0x4000, &(0x7f00000000c0)={0x22, 0x3, 0x82, 0x5, 0x3}, 0x6) 05:25:04 executing program 1 (fault-call:0 fault-nth:10): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 260.112312][T12124] binder: BINDER_SET_CONTEXT_MGR already set [ 260.155008][T12124] binder: 12118:12124 ioctl 40046207 0 returned -16 [ 260.162510][ T26] audit: type=1804 audit(1568697904.247:34): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir811010224/syzkaller.ZWcNm1/70/file0" dev="sda1" ino=16834 res=1 [ 260.174704][T12129] FAULT_INJECTION: forcing a failure. [ 260.174704][T12129] name failslab, interval 1, probability 0, space 0, times 0 [ 260.194802][T12117] ubi: mtd0 is already attached to ubi0 05:25:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x40049409, &(0x7f0000000000)) 05:25:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:04 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = perf_event_open(&(0x7f0000000440)={0x3cf933bd21237168, 0x70, 0x9e, 0x0, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xd2da}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xffffffffffffffff, 0x0, r1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000b40)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44a762287c4b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb688ad06ee915d2a778c2181d3b48e8e885296888a185c8969204b8dbc96823177b6d108452725130ee6a239beea046b7a63a8915a48d4cb98510471dfbfce7d986999699ab52ae1c7de59a4aff87cdef066593c2bc163d5"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x2400, 0x3) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 260.313620][ T26] audit: type=1804 audit(1568697904.297:35): pid=12127 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir811010224/syzkaller.ZWcNm1/70/file0" dev="sda1" ino=16834 res=1 [ 260.325554][T12144] binder: BINDER_SET_CONTEXT_MGR already set [ 260.350806][T12129] CPU: 1 PID: 12129 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 260.359501][T12129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.359507][T12129] Call Trace: [ 260.359525][T12129] dump_stack+0x172/0x1f0 [ 260.359541][T12129] should_fail.cold+0xa/0x15 [ 260.359556][T12129] ? is_bpf_text_address+0xd3/0x170 [ 260.359569][T12129] ? fault_create_debugfs_attr+0x180/0x180 [ 260.359585][T12129] ? kernel_init_free_pages+0x120/0x120 [ 260.359599][T12129] ? ___might_sleep+0x163/0x2c0 [ 260.359614][T12129] __should_failslab+0x121/0x190 [ 260.359628][T12129] should_failslab+0x9/0x14 [ 260.359647][T12129] kmem_cache_alloc+0x2aa/0x710 [ 260.392845][T12129] ? stack_trace_save+0xac/0xe0 [ 260.392859][T12129] ? stack_trace_consume_entry+0x190/0x190 [ 260.392874][T12129] __alloc_file+0x27/0x340 [ 260.392889][T12129] alloc_empty_file+0x72/0x170 [ 260.392903][T12129] path_openat+0xef/0x46d0 [ 260.392920][T12129] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 260.418035][T12144] binder: 12143:12144 ioctl 40046207 0 returned -16 [ 260.422425][T12129] ? kasan_slab_alloc+0xf/0x20 [ 260.422440][T12129] ? kmem_cache_alloc+0x121/0x710 [ 260.422458][T12129] ? getname_flags+0xd6/0x5b0 [ 260.469126][T12129] ? getname+0x1a/0x20 [ 260.473180][T12129] ? do_sys_open+0x2c9/0x5d0 [ 260.477747][T12129] ? __x64_sys_open+0x7e/0xc0 [ 260.482405][T12129] ? do_syscall_64+0xfa/0x760 [ 260.487060][T12129] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 260.493125][T12129] ? __isolate_free_page+0x4c0/0x4c0 [ 260.498388][T12129] ? __kasan_check_read+0x11/0x20 [ 260.503393][T12129] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 260.508742][T12129] ? __kasan_check_read+0x11/0x20 [ 260.513742][T12129] ? __alloc_pages_nodemask+0x579/0x900 [ 260.519262][T12129] ? cache_grow_end+0xa4/0x190 [ 260.524001][T12129] ? __kasan_check_read+0x11/0x20 [ 260.529003][T12129] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 260.534702][T12129] do_filp_open+0x1a1/0x280 [ 260.539186][T12129] ? may_open_dev+0x100/0x100 [ 260.543844][T12129] ? lock_downgrade+0x920/0x920 [ 260.548677][T12129] ? rwlock_bug.part.0+0x90/0x90 [ 260.553602][T12129] ? __alloc_fd+0x35/0x620 [ 260.557996][T12129] ? __kasan_check_read+0x11/0x20 [ 260.562998][T12129] ? do_raw_spin_unlock+0x57/0x270 [ 260.568088][T12129] ? _raw_spin_unlock+0x2d/0x50 [ 260.572914][T12129] ? __alloc_fd+0x487/0x620 [ 260.577401][T12129] do_sys_open+0x3fe/0x5d0 [ 260.581798][T12129] ? filp_open+0x80/0x80 [ 260.586020][T12129] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 260.592238][T12129] ? fput+0x1b/0x20 [ 260.596026][T12129] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 260.602072][T12129] __x64_sys_open+0x7e/0xc0 [ 260.606641][T12129] do_syscall_64+0xfa/0x760 [ 260.611124][T12129] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 260.616994][T12129] RIP: 0033:0x4137d1 [ 260.620871][T12129] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 260.640452][T12129] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 260.648849][T12129] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 260.656801][T12129] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 05:25:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 260.664753][T12129] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 260.672702][T12129] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 260.680651][T12129] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:04 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x20000000001, 0x1) bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "75b782e4ad88b89d1fc3191637b20000000000007f660510420aaa96759ecbc36eb9bb12b6124793608dd0e7316d1d4f4dbac39877e4ac714b7ecefa8a934a", 0x1}, 0x60) socket$kcm(0x29, 0x5, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) close(r3) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f0000000100)=0x8) 05:25:04 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x80042, 0x0) ioctl$sock_rose_SIOCDELRT(r1, 0x890c, &(0x7f0000000080)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={'rose', 0x0}, 0x0, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}) msgctl$IPC_RMID(r0, 0x0) 05:25:04 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:04 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:04 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x4020940d, &(0x7f0000000000)) 05:25:04 executing program 1 (fault-call:0 fault-nth:11): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 260.903661][T12172] FAULT_INJECTION: forcing a failure. [ 260.903661][T12172] name failslab, interval 1, probability 0, space 0, times 0 [ 260.923964][T12175] binder: BINDER_SET_CONTEXT_MGR already set [ 260.942848][T12175] binder: 12169:12175 ioctl 40046207 0 returned -16 [ 260.959839][T12172] CPU: 0 PID: 12172 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 260.968532][T12172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 260.978590][T12172] Call Trace: [ 260.981889][T12172] dump_stack+0x172/0x1f0 [ 260.986227][T12172] should_fail.cold+0xa/0x15 [ 260.990828][T12172] ? fault_create_debugfs_attr+0x180/0x180 [ 260.996642][T12172] ? kernel_init_free_pages+0x120/0x120 [ 261.002187][T12172] ? ___might_sleep+0x163/0x2c0 [ 261.007028][T12172] __should_failslab+0x121/0x190 [ 261.007043][T12172] should_failslab+0x9/0x14 [ 261.007056][T12172] kmem_cache_alloc+0x2aa/0x710 [ 261.007075][T12172] ? memcg_kmem_put_cache+0x3e/0x50 [ 261.026503][T12172] ? kmem_cache_alloc+0x314/0x710 [ 261.031532][T12172] security_file_alloc+0x39/0x170 [ 261.036568][T12172] __alloc_file+0xde/0x340 [ 261.040990][T12172] alloc_empty_file+0x72/0x170 [ 261.045762][T12172] path_openat+0xef/0x46d0 [ 261.050181][T12172] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 261.055978][T12172] ? kasan_slab_alloc+0xf/0x20 [ 261.055993][T12172] ? kmem_cache_alloc+0x121/0x710 [ 261.056005][T12172] ? getname_flags+0xd6/0x5b0 [ 261.056020][T12172] ? getname+0x1a/0x20 [ 261.074513][T12172] ? do_sys_open+0x2c9/0x5d0 [ 261.079111][T12172] ? __x64_sys_open+0x7e/0xc0 [ 261.083812][T12172] ? do_syscall_64+0xfa/0x760 [ 261.088490][T12172] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 261.094559][T12172] ? __isolate_free_page+0x4c0/0x4c0 [ 261.099845][T12172] ? __kasan_check_read+0x11/0x20 [ 261.104874][T12172] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 261.110246][T12172] ? __kasan_check_read+0x11/0x20 [ 261.115271][T12172] ? __alloc_pages_nodemask+0x579/0x900 [ 261.120822][T12172] ? cache_grow_end+0xa4/0x190 [ 261.125584][T12172] ? __kasan_check_read+0x11/0x20 [ 261.130614][T12172] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 261.136336][T12172] do_filp_open+0x1a1/0x280 [ 261.140840][T12172] ? may_open_dev+0x100/0x100 [ 261.145523][T12172] ? lock_downgrade+0x920/0x920 [ 261.150377][T12172] ? rwlock_bug.part.0+0x90/0x90 [ 261.152052][T12195] binder: BINDER_SET_CONTEXT_MGR already set [ 261.155314][T12172] ? __alloc_fd+0x35/0x620 [ 261.155330][T12172] ? __kasan_check_read+0x11/0x20 [ 261.155344][T12172] ? do_raw_spin_unlock+0x57/0x270 [ 261.155365][T12172] ? _raw_spin_unlock+0x2d/0x50 [ 261.170111][T12195] binder: 12192:12195 ioctl 40046207 0 returned -16 [ 261.170833][T12172] ? __alloc_fd+0x487/0x620 [ 261.191813][T12172] do_sys_open+0x3fe/0x5d0 [ 261.196242][T12172] ? filp_open+0x80/0x80 [ 261.200483][T12172] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 261.206721][T12172] ? fput+0x1b/0x20 [ 261.210532][T12172] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 261.216626][T12172] __x64_sys_open+0x7e/0xc0 [ 261.221119][T12172] do_syscall_64+0xfa/0x760 [ 261.225621][T12172] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 261.231516][T12172] RIP: 0033:0x4137d1 [ 261.235403][T12172] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x4020ae46, &(0x7f0000000000)) 05:25:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x10010000000035) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 05:25:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x10010000000035) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x404c534a, &(0x7f0000000000)) [ 261.255002][T12172] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 261.263417][T12172] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 261.271398][T12172] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 [ 261.279369][T12172] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 261.287338][T12172] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 261.295292][T12172] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x10010000000035) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 05:25:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:05 executing program 1 (fault-call:0 fault-nth:12): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x4058534c, &(0x7f0000000000)) 05:25:05 executing program 5: r0 = msgget$private(0x0, 0x9c1fefcbf52493e6) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) r2 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r4 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r4, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)='vmnet1\x8feth1-{*\x00'}, 0x30) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001140)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000001240)=0xe8) r6 = getegid() r7 = dup(0xffffffffffffffff) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r9 = gettid() r10 = getegid() r11 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) syz_open_dev$adsp(&(0x7f0000000940)='/dev/adsp#\x00', 0x9, 0x20480) fchmod(r11, 0x138) fsetxattr$system_posix_acl(r11, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [], {0x4, 0x1}, [{0x8, 0x1}, {}, {0x8, 0x6, r10}, {0x8, 0x4}], {0x10, 0x1}, {0x20, 0x4}}, 0x44, 0x1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001100)=[{&(0x7f00000000c0)={0x810, 0x42, 0x2, 0x70bd27, 0x0, "", [@generic="ba3fa6f66f62c9bbfdd98520b6a607fe619d41ea32ebe34c27a87b72a8c8a73310f5340bf8607bc907bd8c58808409b861b84eaae363e27eddd334144d63e4f0b518f9619114b8e3ba25b67b86fd4c12d60bb55831c0c79c60d43de088620c6dd7ab23b94a4b5f4d755b2ef36952add583bcc35d9ef2e8dc0f29a9b8eef7972bc1ca854301bedf50694a41f320b7ac5517f41d5072ecee6375d71b14cbc64eb416272e9d4cb549cc69dd297640821210a1d187de203a067e56750cf56bf64b33b346141c42394d6bc41d05dc8490d3225712ea367667328b37acd19fa4ff10b4bb526ffa805afc42381b3da56e6dd9f440c163f6917dc002ef987c0e0a0bb51b1acc33155b178a77d75d8cc483613b2f8a47f619e6de7b86852f574780619ddb130ebbd24a897fb202567bfa944d561fdb19461b3481aa4c3f048089f983a547959ca6799433d581472fe5a75ef637f2cc0956faee63c2a8230fe3203924e629570ed6c6b25841f987a5af01e11cf8cb6710b1c567daee534b95bc2146d09a7b323823cd65d64426d7ee83ec7be0ca83dfac16c3f53e81a1a936964495078a56a818e7865aa1ff8a14fb712d221cebf53217461f7a8599a105e8e904144e68ea51cd71946e76921ec598aad55a963a1aa0c4b2271aee16b49f7cd3a7f1f8a1cfcdccbe418501c34b3781bdd11233967b0d8a359a85ac04e1b35fac7e30eb14fdbd68c73f6c6e0d6be6aeed646c73648064532c5fcec145647202b8f3bf1776ed6953c2a5e068f78dae2b91cff410cd2a1a316b75adf70246194fb395dc16cdbb68b61d9619c2be037a56cfbacb0ffa407e19632922f78100a546a035e4d012f1317300c65db81fbf82a83099c7412247c799f909b296a568a1021857ca894f08c19c1baa26e2a3f610d7ee3da54f89fb3481e20630475522fa0c02d04f60d17f9cd90ea8d7ae223bc75fb21c42e21961615d711846223d605f52dcf9902e89c2a055d1906bd9d20ffc33db5356c124eca7142b0f875752a2476f5098ccf1c1fce52507b3e6fa3f80ffe16ff45f9d4eb9c3eb1d302d736539225396889761e7ada23c28824fce786ebfddd6ed0042fcb6ce4447e77a72ec63e1f3a4595bb7a717c7796f6f981c2c098177df3d83923acdff548a380c12f42f397fcb36cf05c5887c8a2cebcfa93a3b6256f42202b60b0d7dcbacaf14d9c5ad9cf765dac5802b140cb22fbe41ac6e585d320a24971f009c39288ce6a4d83ea4eed9f0b0fb641d3556826b43923148a8bf1dfdaca421a82b2207b84f2cd02fe2fa9161e8c04b961f97dafa773905c99c51e0b360c786539e89f2d3fc0c9a56454baa7fec40280c716f38232471881bc4060e54be1588f9f0d2521b386b592c1ea4b9552123f13c5724cae290e6cb7d2a90ca5bcc799774a1a8fce9fdf2679be8b6952505fbeaf3f6d2aa7178d22dfe79349381b8a482561ac4e95ca207e86f7d56a9e2ea3b682c4d833fd9b65d0d91b2fb8bc8feef96d247dc79a08a5dafd0cc86551fd0352562079abe950f39d05d2bb1f651de696680d313b224b197d48bed9a0ed4240d17b3c876440b181d2145ab5c895cd24d29018f673811fd808610e15b1625ca3b0e0d69f0fbcd6d4f9c66edd080a9e4c1c88f3767c2f7183a957861f772b2dac372dc11e1409ed112ead3a939ca4b2df8bb8b1539fb031c6fba066ee3f2159731d97885118ab830b42b59d9ed7b43462d6370d30a6942d6ba16f0bdc71f661e476491bb8deefd411b0e4f3df692f6fb71adec70d807d013d73bee7837929baa2c4a17107ab6a4c0ab14a3624768b167e8144b555443c3b89a108e5dcc118d12e62e45f770967ac77bdaf86cb131fc39ac6055d362ae4f600db0afd8214b2395efb192b76ce42c87849d2fcfadf64a7e6e83de25f3b8efc3839e09807f477fe83f5113230f3b34747f10424acb71fbd46709cd820cbe2c868b0a85269f00e2b889f541c809d7a8aa19ac9092593a53a95d75db0dbd7b33da7f43cc9f6d9bb679ea86510cc293adc7c174d1dab8eb94b591ce805add8eefb3abd79870a19fa411ae23cf97c868b944c8dd1364a1ed16adb73176b1ad9d715d09f3d048b2dd2c3fab4a99c75675acd50703bfafdac5cc0b3fef90b4c3463d2a114af149ce577ab74608cc844bd27f0918a0d83f58eaf3623180e9a0034db3b05a0259ef0dc754f290f586ba8e78673440b5d5956c20cfa29ae01e184a8bcee520a7f99c260653202ae8b7799e453e352c8bdb3fa37c189d2d64523bb355e21fef2085e564d3fc4568617ab0d06430c1f082183e140100236b966bd80c6bdd3c5def8d98f4ad5b373d935750c1e6748a931cbc80b267ffd24e5b3c1d41aa620559ea7916e8780b89cebf7d76cc528a6daadd6f7d96be7a20df6b5964bee644459b4c626ce98c10a2cc4497f69fe9a70dd5f083f4f9fd71f23aafb337d0da653acad9bf6f7ac7b852bbc59b67ac7a0ac0fa6fe1a0c95cc2ee073b8200894e8ee76b7f64b6228d9f8f7d1c0172f461175014e5f42a141a857272d21e057f4fefeec41f0fbb316e82243ca905fb2bbc7e68dcb4db476b500e815501c99023d04e214b31729cb4d33e17072c9bac0647cceaf36fe4ef2f1c02c5cd17598f806e5816701a0312d23f2745e84475ccf257168d349383cd4e163be45ab3b7cef4931dcad17fdfe550a113e751b18edc6e86325817555c3ecaf0e707989267baff1046813b43f5ddccd6fdee83e113a9026e31e7a289b9260d32f6790cade4702ebb150e0cb45eefc515a7b972f28e689ff35bc455dd972ddde56077ac9ac7a3b4cb6f32185a1722f5dcb5fbe87c77bc0e78857fe65a6b18aacd7115c797d359e2e0548a03c60f4e3c7fd6ad74584744"]}, 0x810}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r4, r5, r6}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r7]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r8, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r9, 0x0, r10}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0xb8, 0x40000}, 0x8000) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000080)={{{@in=@remote, @in=@multicast2, 0x4e21, 0x0, 0x4e23, 0x10001, 0x2, 0x40, 0x20, 0x0, r3, r5}, {0x1000, 0x8, 0x3f, 0x80, 0x8, 0x101, 0x1, 0xfffffffffffffff9}, {0x551, 0x100000001, 0x6, 0x2}, 0x8, 0x6e6bbc, 0x1, 0x1, 0x2, 0x1}, {{@in=@empty, 0x4d3, 0x32}, 0x2, @in=@rand_addr=0x6, 0x3507, 0x2, 0x1, 0x3, 0x0, 0x7f, 0x43}}, 0xe8) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 261.483796][T12212] FAULT_INJECTION: forcing a failure. [ 261.483796][T12212] name failslab, interval 1, probability 0, space 0, times 0 [ 261.504702][T12216] binder: BINDER_SET_CONTEXT_MGR already set [ 261.514955][T12216] binder: 12210:12216 ioctl 40046207 0 returned -16 [ 261.520994][T12212] CPU: 0 PID: 12212 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 261.530218][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 261.540261][T12212] Call Trace: [ 261.540282][T12212] dump_stack+0x172/0x1f0 [ 261.540300][T12212] should_fail.cold+0xa/0x15 [ 261.540319][T12212] ? fault_create_debugfs_attr+0x180/0x180 [ 261.558273][T12212] ? ___might_sleep+0x163/0x2c0 [ 261.563139][T12212] __should_failslab+0x121/0x190 [ 261.568085][T12212] should_failslab+0x9/0x14 [ 261.568104][T12212] __kmalloc+0x2e0/0x770 [ 261.576816][T12212] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 261.583047][T12212] ? d_absolute_path+0x11b/0x170 [ 261.587979][T12212] ? __d_path+0x140/0x140 [ 261.592311][T12212] ? tomoyo_encode2.part.0+0xf5/0x400 [ 261.597777][T12212] tomoyo_encode2.part.0+0xf5/0x400 [ 261.602975][T12212] tomoyo_encode+0x2b/0x50 [ 261.607395][T12212] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 261.613019][T12212] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 261.614996][T12219] binder: BINDER_SET_CONTEXT_MGR already set [ 261.619258][T12212] tomoyo_check_open_permission+0x2a8/0x3f0 [ 261.631170][T12212] ? tomoyo_path_number_perm+0x520/0x520 [ 261.636823][T12212] ? lock_downgrade+0x920/0x920 [ 261.641678][T12212] ? rwlock_bug.part.0+0x90/0x90 [ 261.645856][T12219] binder: 12214:12219 ioctl 40046207 0 returned -16 [ 261.646613][T12212] ? lockref_get+0x16/0x60 [ 261.657860][T12212] tomoyo_file_open+0xa9/0xd0 [ 261.662525][T12212] security_file_open+0x71/0x300 [ 261.662541][T12212] do_dentry_open+0x373/0x1250 [ 261.662560][T12212] ? match_exception_partial+0x242/0x2d0 [ 261.677829][T12212] ? chown_common+0x5c0/0x5c0 [ 261.682505][T12212] ? inode_permission+0xb4/0x560 [ 261.687447][T12212] vfs_open+0xa0/0xd0 [ 261.691428][T12212] path_openat+0x10e9/0x46d0 [ 261.696016][T12212] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 261.701823][T12212] ? kasan_slab_alloc+0xf/0x20 [ 261.706585][T12212] ? kmem_cache_alloc+0x121/0x710 [ 261.711605][T12212] ? getname_flags+0xd6/0x5b0 [ 261.716281][T12212] ? getname+0x1a/0x20 [ 261.720350][T12212] ? do_sys_open+0x2c9/0x5d0 [ 261.724947][T12212] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 261.730323][T12212] ? shmem_setattr+0x4c7/0xc80 [ 261.735095][T12212] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 261.740725][T12212] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 261.746447][T12212] do_filp_open+0x1a1/0x280 [ 261.750953][T12212] ? may_open_dev+0x100/0x100 [ 261.755624][T12212] ? __kasan_check_read+0x11/0x20 [ 261.755644][T12212] ? do_raw_spin_unlock+0x57/0x270 [ 261.765738][T12212] ? _raw_spin_unlock+0x2d/0x50 [ 261.770587][T12212] ? __alloc_fd+0x487/0x620 [ 261.770614][T12212] do_sys_open+0x3fe/0x5d0 [ 261.779492][T12212] ? filp_open+0x80/0x80 [ 261.783749][T12212] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 261.789989][T12212] ? fput+0x1b/0x20 [ 261.793801][T12212] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 261.799882][T12212] __x64_sys_open+0x7e/0xc0 [ 261.804386][T12212] do_syscall_64+0xfa/0x760 [ 261.808898][T12212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 261.814788][T12212] RIP: 0033:0x4137d1 05:25:05 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x4090ae82, &(0x7f0000000000)) 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x80045300, &(0x7f0000000000)) 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x80045301, &(0x7f0000000000)) 05:25:05 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 261.818681][T12212] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 261.838276][T12212] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 261.838287][T12212] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 261.838293][T12212] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 [ 261.838300][T12212] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 261.838306][T12212] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 05:25:05 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x800454d2, &(0x7f0000000000)) [ 261.838313][T12212] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 261.857073][T12234] binder: BINDER_SET_CONTEXT_MGR already set [ 261.919492][T12240] binder: BINDER_SET_CONTEXT_MGR already set [ 261.928339][T12240] binder: 12239:12240 ioctl 40046207 0 returned -16 05:25:06 executing program 4: bind$nfc_llcp(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x1, 0xc, 0x8, 0x2461a8b, "10187d48cdf8ecd0e65fa27379c4b281d4c840b032fa009b9110d796c5e2b684716470ba01143d070a4a3b0c6476c1153106b5366e48387b5fd87a1ca45a28", 0x23}, 0x60) mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x40) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dsp\x00', 0x0, 0x0) fcntl$getflags(r0, 0x1) mount(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x2) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0300"], &(0x7f00000003c0)=0xc) setsockopt$inet_sctp_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000400)={r6, 0x80000000, 0x6d, "72d722e620217dff2bdf2d667a4b4d30051edf303b0cd133b63229831867e33509862af0506650b2df3ab42ac3c7081af079a43c069bf7a25ccae2d80c13c31b062dfc9677a698adf972c97a5ad3e75a3a6451d63e08f5620f615402ca42d7ad9489ff3a5dbd7af379a121d491"}, 0x75) r7 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r8 = getpgrp(0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000040)={0x2, r8}) fcntl$setsig(r7, 0xa, 0x11) fcntl$setlease(r7, 0x400, 0x0) fcntl$setlease(r7, 0x400, 0x2) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000480)={{{@in=@multicast1, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000580)=0xe8) r10 = geteuid() lchown(&(0x7f0000000000)='./file0\x00', r10, 0xffffffffffffffff) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f00000005c0)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4e22, 0xbfb, 0x4e22, 0x20, 0xa, 0x30, 0x100, 0x2c, r9, r10}, {0x1, 0x2b, 0x5, 0x2, 0x7, 0x7, 0x8, 0x4aa}, {0x635, 0x0, 0x8499, 0xbad0}, 0x3, 0x6e6bbe, 0x3, 0x3, 0x2}, {{@in=@multicast2, 0x4d6, 0x32}, 0xe, @in=@empty, 0x3505, 0x4, 0x0, 0x3, 0xbdad, 0x8, 0x2}}, 0xe8) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000100)={@x25={0x9, @remote={[], 0x3}}, {&(0x7f0000000200)=""/195, 0xc3}, &(0x7f0000000080), 0x2}, 0xa0) 05:25:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 261.953736][T12245] ptrace attach of "/root/syz-executor.0"[12244] was attempted by "/root/syz-executor.0"[12245] [ 261.976393][T12212] ERROR: Out of memory at tomoyo_realpath_from_path. [ 261.982441][T12234] binder: 12224:12234 ioctl 40046207 0 returned -16 [ 262.007209][T12212] FAT-fs (loop1): bogus number of reserved sectors [ 262.014053][T12212] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:06 executing program 1 (fault-call:0 fault-nth:13): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x8004745a, &(0x7f0000000000)) [ 262.105462][T12257] binder: BINDER_SET_CONTEXT_MGR already set [ 262.127450][T12257] binder: 12255:12257 ioctl 40046207 0 returned -16 [ 262.211194][T12266] FAULT_INJECTION: forcing a failure. [ 262.211194][T12266] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 262.224430][T12266] CPU: 0 PID: 12266 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 262.233122][T12266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 262.243172][T12266] Call Trace: [ 262.243195][T12266] dump_stack+0x172/0x1f0 [ 262.243245][T12266] should_fail.cold+0xa/0x15 [ 262.243269][T12266] ? fault_create_debugfs_attr+0x180/0x180 [ 262.243291][T12266] should_fail_alloc_page+0x50/0x60 [ 262.243315][T12266] __alloc_pages_nodemask+0x1a1/0x900 [ 262.250948][T12266] ? lock_downgrade+0x920/0x920 [ 262.250967][T12266] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 262.283103][T12266] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 262.288815][T12266] ? fault_create_debugfs_attr+0x180/0x180 [ 262.294623][T12266] cache_grow_begin+0x90/0xd20 [ 262.299384][T12266] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 262.305113][T12266] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 262.311357][T12266] __kmalloc+0x6b2/0x770 [ 262.315613][T12266] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 262.321343][T12266] tomoyo_realpath_from_path+0xcd/0x7b0 [ 262.326898][T12266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 262.333150][T12266] tomoyo_check_open_permission+0x2a8/0x3f0 [ 262.339860][T12266] ? tomoyo_path_number_perm+0x520/0x520 [ 262.346276][T12266] ? lock_downgrade+0x920/0x920 [ 262.351136][T12266] ? rwlock_bug.part.0+0x90/0x90 [ 262.356052][T12266] ? lockref_get+0x16/0x60 [ 262.360445][T12266] tomoyo_file_open+0xa9/0xd0 [ 262.365100][T12266] security_file_open+0x71/0x300 [ 262.370021][T12266] do_dentry_open+0x373/0x1250 [ 262.374763][T12266] ? match_exception_partial+0x242/0x2d0 [ 262.380370][T12266] ? chown_common+0x5c0/0x5c0 [ 262.385028][T12266] ? inode_permission+0xb4/0x560 [ 262.389939][T12266] vfs_open+0xa0/0xd0 [ 262.393897][T12266] path_openat+0x10e9/0x46d0 [ 262.398459][T12266] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 262.404236][T12266] ? kasan_slab_alloc+0xf/0x20 [ 262.408988][T12266] ? kmem_cache_alloc+0x121/0x710 [ 262.413991][T12266] ? getname_flags+0xd6/0x5b0 [ 262.418676][T12266] ? getname+0x1a/0x20 [ 262.422774][T12266] ? do_sys_open+0x2c9/0x5d0 [ 262.427374][T12266] ? path_lookupat.isra.0+0x8d0/0x8d0 [ 262.432724][T12266] ? __alloc_pages_nodemask+0x579/0x900 [ 262.438251][T12266] ? cache_grow_end+0xa4/0x190 [ 262.442986][T12266] ? __kasan_check_read+0x11/0x20 [ 262.447988][T12266] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 262.453688][T12266] do_filp_open+0x1a1/0x280 [ 262.458165][T12266] ? may_open_dev+0x100/0x100 [ 262.462815][T12266] ? __kasan_check_read+0x11/0x20 [ 262.467815][T12266] ? do_raw_spin_unlock+0x57/0x270 [ 262.472900][T12266] ? _raw_spin_unlock+0x2d/0x50 [ 262.477774][T12266] ? __alloc_fd+0x487/0x620 [ 262.482269][T12266] do_sys_open+0x3fe/0x5d0 [ 262.486689][T12266] ? filp_open+0x80/0x80 [ 262.490922][T12266] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 262.497163][T12266] ? fput+0x1b/0x20 [ 262.500950][T12266] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 262.506992][T12266] __x64_sys_open+0x7e/0xc0 [ 262.511475][T12266] do_syscall_64+0xfa/0x760 [ 262.515967][T12266] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 262.521860][T12266] RIP: 0033:0x4137d1 [ 262.525780][T12266] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 262.545369][T12266] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 262.553753][T12266] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 05:25:06 executing program 5: r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4) r2 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r2, 0x1, &(0x7f0000258f88)) msgsnd(r2, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r2, 0x0) 05:25:06 executing program 4: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000040)=0x0) r3 = syz_open_procfs(r2, &(0x7f00000000c0)='setgroups\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000021c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {0x0}, {0x0}], 0x3, &(0x7f0000000600)=""/118, 0x76}, 0x9db}], 0x1, 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x1000) ioctl$int_in(r4, 0x5421, &(0x7f0000000100)=0x100000001) preadv(r3, &(0x7f00000017c0), 0x1a1, 0x0) 05:25:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0x80086301, &(0x7f0000000000)) 05:25:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:06 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 262.561720][T12266] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 [ 262.569666][T12266] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 262.577611][T12266] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 262.585562][T12266] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 262.599636][T12266] FAT-fs (loop1): bogus number of reserved sectors [ 262.606519][T12266] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0045878, &(0x7f0000000000)) [ 262.639751][T12279] binder: BINDER_SET_CONTEXT_MGR already set [ 262.674122][T12279] binder: 12277:12279 ioctl 40046207 0 returned -16 05:25:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 262.681123][T12282] ptrace attach of "/root/syz-executor.0"[12281] was attempted by "/root/syz-executor.0"[12282] 05:25:06 executing program 1 (fault-call:0 fault-nth:14): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:06 executing program 4: r0 = syz_open_dev$dri(&(0x7f00000001c0)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f00000000c0)={0x0, @local}) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x7600f4) r3 = socket(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000000)=r5, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r5, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000200)={r5, 0xf5, "03e95fbfd833335d1806a01e0037316a9043464317541f7e006842a1a8cc17b6fefba29dfb245eb5566efe64cc8270fdca738b403dc1fb56814847bd54ce9015f8b5bfe8530622a73223c33c900bc20725a95b2d724c5841c016c4d095fac6e05a18bb183a0ebb205b0c5b052d5a0be15bb4db1596adcbc2c97d18795559bfd63a294031bc225e93c0de02a21a08495d8a1a77c2f0533e998ebb073b449c0c65198641958e86e9a87cfa74bfcab0e11de48e1e8d6dd93043411e344ca1cd3c9a998f10de6d8751e589f5ee4f31e643642ea7e1ba011cafab853eb4db353b816ca2920d817ba6c360f8073087c5657eaf1db6c1af57"}, &(0x7f0000000000)=0xfd) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r6, 0x7, 0x7}, &(0x7f0000000080)=0xc) 05:25:06 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r3 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x7fffffff, 0x441) linkat(r1, &(0x7f0000000040)='./file0\x00', r3, &(0x7f00000000c0)='./file0\x00', 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:06 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0045878, &(0x7f0000000000)) 05:25:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 262.848557][T12299] binder: BINDER_SET_CONTEXT_MGR already set [ 262.855506][T12297] FAULT_INJECTION: forcing a failure. [ 262.855506][T12297] name failslab, interval 1, probability 0, space 0, times 0 [ 262.873297][T12299] binder: 12293:12299 ioctl 40046207 0 returned -16 05:25:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc008561c, &(0x7f0000000000)) [ 262.905048][T12297] CPU: 0 PID: 12297 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 262.913748][T12297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 262.923805][T12297] Call Trace: [ 262.927104][T12297] dump_stack+0x172/0x1f0 [ 262.931444][T12297] should_fail.cold+0xa/0x15 [ 262.936036][T12297] ? fault_create_debugfs_attr+0x180/0x180 [ 262.941843][T12297] ? ___might_sleep+0x163/0x2c0 [ 262.946708][T12297] __should_failslab+0x121/0x190 05:25:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0106407, &(0x7f0000000000)) [ 262.951658][T12297] should_failslab+0x9/0x14 [ 262.956166][T12297] __kmalloc+0x2e0/0x770 [ 262.960420][T12297] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 262.966665][T12297] ? d_absolute_path+0x11b/0x170 [ 262.971601][T12297] ? __d_path+0x140/0x140 [ 262.975933][T12297] ? tomoyo_encode2.part.0+0xf5/0x400 [ 262.981306][T12297] tomoyo_encode2.part.0+0xf5/0x400 [ 262.986509][T12297] tomoyo_encode+0x2b/0x50 [ 262.990938][T12297] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 262.996575][T12297] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 263.002818][T12297] tomoyo_check_open_permission+0x2a8/0x3f0 [ 263.002836][T12297] ? tomoyo_path_number_perm+0x520/0x520 [ 263.014339][T12297] ? lock_downgrade+0x920/0x920 [ 263.014351][T12297] ? rwlock_bug.part.0+0x90/0x90 [ 263.014369][T12297] ? lockref_get+0x16/0x60 [ 263.028505][T12297] tomoyo_file_open+0xa9/0xd0 [ 263.033192][T12297] security_file_open+0x71/0x300 [ 263.038136][T12297] do_dentry_open+0x373/0x1250 [ 263.042915][T12297] ? match_exception_partial+0x242/0x2d0 [ 263.048636][T12297] ? chown_common+0x5c0/0x5c0 05:25:07 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000180)={{{@in6=@ipv4={[], [], @multicast2}, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@initdev}}, &(0x7f0000000080)=0xe8) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, r3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) r6 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r7 = getpgrp(0x0) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r7}) fcntl$setsig(r6, 0xa, 0x11) fcntl$setlease(r6, 0x400, 0x0) fcntl$setlease(r6, 0x400, 0x2) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x101}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000140)={r8, 0x8000000}, 0x8) msgctl$IPC_RMID(r0, 0x0) [ 263.053319][T12297] ? inode_permission+0xb4/0x560 [ 263.058262][T12297] vfs_open+0xa0/0xd0 [ 263.062245][T12297] path_openat+0x10e9/0x46d0 [ 263.066837][T12297] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 263.072792][T12297] ? kasan_slab_alloc+0xf/0x20 [ 263.077562][T12297] ? kmem_cache_alloc+0x121/0x710 [ 263.082585][T12297] ? getname_flags+0xd6/0x5b0 [ 263.087263][T12297] ? getname+0x1a/0x20 [ 263.091426][T12297] ? do_sys_open+0x2c9/0x5d0 [ 263.096024][T12297] ? path_lookupat.isra.0+0x8d0/0x8d0 05:25:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0184900, &(0x7f0000000000)) [ 263.101401][T12297] ? __alloc_pages_nodemask+0x579/0x900 [ 263.106948][T12297] ? cache_grow_end+0xa4/0x190 [ 263.111720][T12297] ? __kasan_check_read+0x11/0x20 [ 263.116756][T12297] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 263.122484][T12297] do_filp_open+0x1a1/0x280 [ 263.126991][T12297] ? may_open_dev+0x100/0x100 [ 263.131672][T12297] ? __kasan_check_read+0x11/0x20 [ 263.136685][T12297] ? do_raw_spin_unlock+0x57/0x270 [ 263.136700][T12297] ? _raw_spin_unlock+0x2d/0x50 [ 263.136713][T12297] ? __alloc_fd+0x487/0x620 [ 263.136734][T12297] do_sys_open+0x3fe/0x5d0 [ 263.155538][T12297] ? filp_open+0x80/0x80 [ 263.159787][T12297] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 263.166057][T12297] ? fput+0x1b/0x20 [ 263.169870][T12297] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 263.175939][T12297] __x64_sys_open+0x7e/0xc0 [ 263.180446][T12297] do_syscall_64+0xfa/0x760 [ 263.184950][T12297] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 263.190842][T12297] RIP: 0033:0x4137d1 [ 263.194736][T12297] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 263.214343][T12297] RSP: 002b:00007f88264fda80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 263.222753][T12297] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 00000000004137d1 [ 263.230722][T12297] RDX: 00007f88264fdb0a RSI: 0000000000000002 RDI: 00007f88264fdb00 [ 263.230738][T12297] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 263.246648][T12297] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 05:25:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:07 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="080000001289000003000000003def61c055200600a3"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x47ce58008c75a174, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="1279811210ad137b2c2d4c4a59e32f8b8862990d03143c28019419db742c380ab14f0cc81286429f5a393929c95d748b89873e1d0fa60886ab93484bc295c2f5c15fd72470e591cffb7c0cd88c92eda8f89f5f85fa34a4f26e15511ba0dc31ab644852e8eb26eb", 0x67, 0xfffffffffffffffc) r3 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000180)="b3208e7055eba39f91e7bdb8d845a2857140543c2c3b7bebdf8bab17fbb0e2ea40c36d81d8", 0x25, 0xfffffffffffffff9) r4 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r4) keyctl$link(0x8, r3, r4) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r1, 0xa, 0x10000100000016) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r7 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'s\xf9z', 0x3}, 0x0, 0x0, r4) r8 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000180)="b3208e7055eba39f91e7bdb8d845a2857140543c2c3b7bebdf8bab17fbb0e2ea40c36d81d8", 0x25, 0xfffffffffffffff9) r9 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r9) keyctl$link(0x8, r8, r9) keyctl$KEYCTL_MOVE(0x1e, r2, r7, r9, 0x1) r10 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r11 = getpgrp(0x0) fcntl$setownex(r10, 0xf, &(0x7f0000000080)={0x0, r11}) fcntl$setown(r1, 0x8, r11) openat$ion(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ion\x00', 0x800, 0x0) setsockopt$SO_TIMESTAMP(r10, 0x1, 0x23, &(0x7f0000000300)=0xfe, 0x4) 05:25:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0189436, &(0x7f0000000000)) [ 263.253669][T12323] binder: BINDER_SET_CONTEXT_MGR already set [ 263.254612][T12297] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 263.344953][T12333] ptrace attach of "/root/syz-executor.0"[12332] was attempted by "/root/syz-executor.0"[12333] [ 263.352511][T12323] binder: 12322:12323 ioctl 40046207 0 returned -16 [ 263.373089][T12297] ERROR: Out of memory at tomoyo_realpath_from_path. [ 263.447527][T12297] FAT-fs (loop1): bogus number of reserved sectors [ 263.484379][T12297] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:07 executing program 1 (fault-call:0 fault-nth:15): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 263.549688][T12347] FAULT_INJECTION: forcing a failure. [ 263.549688][T12347] name failslab, interval 1, probability 0, space 0, times 0 [ 263.562614][T12347] CPU: 1 PID: 12347 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 263.571344][T12347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.581518][T12347] Call Trace: [ 263.584806][T12347] dump_stack+0x172/0x1f0 [ 263.589130][T12347] should_fail.cold+0xa/0x15 [ 263.593703][T12347] ? fault_create_debugfs_attr+0x180/0x180 [ 263.599517][T12347] ? ___might_sleep+0x163/0x2c0 [ 263.604363][T12347] __should_failslab+0x121/0x190 [ 263.609287][T12347] should_failslab+0x9/0x14 [ 263.613765][T12347] __kmalloc+0x2e0/0x770 [ 263.617985][T12347] ? mark_held_locks+0xf0/0xf0 [ 263.622728][T12347] ? kasan_slab_alloc+0xf/0x20 [ 263.627478][T12347] ? kmem_cache_alloc+0x121/0x710 [ 263.632498][T12347] ? getname_flags+0xd6/0x5b0 [ 263.637257][T12347] ? getname+0x1a/0x20 [ 263.641308][T12347] ? do_sys_open+0x2c9/0x5d0 [ 263.645880][T12347] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 263.651590][T12347] tomoyo_realpath_from_path+0xcd/0x7b0 [ 263.657118][T12347] ? tomoyo_path_number_perm+0x193/0x520 [ 263.662733][T12347] tomoyo_path_number_perm+0x1dd/0x520 [ 263.668176][T12347] ? tomoyo_path_number_perm+0x193/0x520 [ 263.673784][T12347] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 263.679569][T12347] ? __kasan_check_read+0x11/0x20 [ 263.684599][T12347] ? __kasan_check_read+0x11/0x20 [ 263.689631][T12347] ? __fget+0x384/0x560 [ 263.693790][T12347] ? ksys_dup3+0x3e0/0x3e0 [ 263.698209][T12347] ? do_sys_open+0x31d/0x5d0 [ 263.702797][T12347] tomoyo_file_ioctl+0x23/0x30 [ 263.707563][T12347] security_file_ioctl+0x77/0xc0 [ 263.712505][T12347] ksys_ioctl+0x57/0xd0 [ 263.716688][T12347] __x64_sys_ioctl+0x73/0xb0 [ 263.721267][T12347] do_syscall_64+0xfa/0x760 [ 263.725772][T12347] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 263.731658][T12347] RIP: 0033:0x459757 05:25:07 executing program 4: r0 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r0, 0x28, 0x0, &(0x7f00000004c0)=0x200, 0x8) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x20000, 0x0) ioctl$SG_SET_TIMEOUT(r1, 0x2201, &(0x7f0000000040)=0x7b) mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x800008) 05:25:07 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:07 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc020660b, &(0x7f0000000000)) 05:25:07 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="10347f862a0000fff594c0a30e940332f15614a310e93c68fd7679dd504bc61c9a423d90bb6913ec86d79fe76a5f13958399603f117f675e7a"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 263.735542][T12347] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 263.755139][T12347] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 263.763554][T12347] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 263.771522][T12347] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 263.779491][T12347] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 263.787461][T12347] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 05:25:07 executing program 4: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001580)='/dev/snapshot\x00', 0x10000, 0x0) setsockopt$inet_tcp_TLS_TX(r0, 0x6, 0x1, &(0x7f00000015c0)=@ccm_128={{0x303}, "326f779f02874a15", "c153d4d73a56ddfc97cb35c7b2b8591d", "4a8c69af", "4f93ccb5c6a05246"}, 0x28) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$TIOCSBRK(r1, 0x5427) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r4 = socket$inet6(0xa, 0x1000002000000802, 0x0) setsockopt$inet6_opts(r4, 0x29, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="09000000ffb98100"], 0x8) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f00000000c0)={0x3, 0xc, 0x2, "da1f195b6e05d7be821f381efb41c077e768bfe2ce9575f71a28aab7bad5b59a", 0xa64d8e0}) close(r4) r7 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x8001, 0x101001) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000080)="9811df794d1084c91898592c1ceb", 0xe) r8 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r9 = getpgrp(0x0) fcntl$setownex(r8, 0xf, &(0x7f0000000040)={0x2, r9}) sched_setaffinity(r9, 0x8, &(0x7f0000000100)=0x1000) 05:25:07 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 263.795430][T12347] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:07 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="018000000000002b8500"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) r3 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) fcntl$setsig(r5, 0xa, 0x32) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r7 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x2, 0x2000) r8 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r9 = getpgrp(0x0) fcntl$setownex(r8, 0xf, &(0x7f0000000040)={0x2, r9}) fcntl$setsig(r8, 0xa, 0x11) fcntl$setlease(r8, 0x400, 0x0) fcntl$setlease(r8, 0x400, 0x2) ioctl$VIDIOC_EXPBUF(r8, 0xc0405610, &(0x7f0000000080)={0x9, 0x400, 0xffffffff, 0x80000, r7}) r10 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r11 = getpgrp(0x0) fcntl$setownex(r10, 0xf, &(0x7f0000000040)={0x2, r11}) fcntl$setsig(r10, 0xa, 0x11) fcntl$setlease(r10, 0x400, 0x0) fcntl$setlease(r10, 0x400, 0x2) write$UHID_DESTROY(r10, &(0x7f0000000100), 0x4) [ 263.839197][T12364] binder: BINDER_SET_CONTEXT_MGR already set 05:25:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305304, &(0x7f0000000000)) [ 263.899435][T12364] binder: 12358:12364 ioctl 40046207 0 returned -16 [ 263.916310][T12347] ERROR: Out of memory at tomoyo_realpath_from_path. 05:25:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 263.943976][T12347] FAT-fs (loop1): bogus number of reserved sectors [ 263.950614][T12347] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:08 executing program 1 (fault-call:0 fault-nth:16): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:08 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc030530c, &(0x7f0000000000)) 05:25:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:08 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="1700e9000000000035f18f6e8967827ddd42fcd33b78fe04a98bedd8205875f8cbecd81edff02021d623ca31d2493a304de302f53f59cf228f3ec4caf960f5fc097801eb5bec0435895801f621a2cd43a71e13cec37ce00e4ee5b5426b48b1b0a39f979a75d1c805425c28325727211516b944528f57b4811d53a5e4983077afd8c7dcaf005644c3ab54b8a673d997eda87f33b4069f53536ea69e20220b9efe33369a4de70b1238a5b803730afb549e29e5995b8473369628e2576402dcce72b6b265b725302071762a4232be7ac935c317896c282bc3447fcb8b6d3623d1c7943e043eb3178c3274e8df0f616af8377fe1fa1754796b988dd36a2d86"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 264.085730][T12388] binder: BINDER_SET_CONTEXT_MGR already set [ 264.118151][T12388] binder: 12387:12388 ioctl 40046207 0 returned -16 05:25:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc1205531, &(0x7f0000000000)) [ 264.172545][T12396] FAULT_INJECTION: forcing a failure. [ 264.172545][T12396] name failslab, interval 1, probability 0, space 0, times 0 [ 264.177400][T12401] binder: BINDER_SET_CONTEXT_MGR already set [ 264.210058][T12396] CPU: 0 PID: 12396 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 264.213064][T12401] binder: 12399:12401 ioctl 40046207 0 returned -16 [ 264.218754][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.218762][T12396] Call Trace: [ 264.218782][T12396] dump_stack+0x172/0x1f0 [ 264.218801][T12396] should_fail.cold+0xa/0x15 [ 264.248556][T12396] ? fault_create_debugfs_attr+0x180/0x180 [ 264.254382][T12396] ? kernel_init_free_pages+0x120/0x120 [ 264.259912][T12396] ? ___might_sleep+0x163/0x2c0 [ 264.264816][T12396] __should_failslab+0x121/0x190 [ 264.269806][T12396] should_failslab+0x9/0x14 [ 264.274298][T12396] kmem_cache_alloc+0x2aa/0x710 [ 264.279127][T12396] ? kernfs_activate+0x192/0x1f0 [ 264.284040][T12396] ? __kasan_check_read+0x11/0x20 [ 264.289047][T12396] ? __mutex_lock+0x45d/0x13c0 [ 264.293788][T12396] __kernfs_new_node+0xf0/0x6c0 [ 264.298667][T12396] ? __mutex_lock+0x45d/0x13c0 [ 264.303415][T12396] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 264.308848][T12396] ? __kasan_check_write+0x14/0x20 [ 264.313946][T12396] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 264.319477][T12396] ? wait_for_completion+0x440/0x440 [ 264.324752][T12396] kernfs_new_node+0x96/0x120 [ 264.329416][T12396] __kernfs_create_file+0x51/0x340 [ 264.334507][T12396] sysfs_add_file_mode_ns+0x222/0x560 [ 264.339852][T12396] internal_create_group+0x359/0xc40 [ 264.345126][T12396] ? bd_set_size+0x3f/0xb0 [ 264.349521][T12396] ? remove_files.isra.0+0x190/0x190 [ 264.354789][T12396] ? __kasan_check_write+0x14/0x20 [ 264.359875][T12396] ? up_write+0x155/0x490 [ 264.364182][T12396] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 264.370396][T12396] sysfs_create_group+0x20/0x30 [ 264.375291][T12396] loop_set_fd+0xac1/0x1020 [ 264.379786][T12396] lo_ioctl+0x1a3/0x1460 [ 264.384003][T12396] ? trace_hardirqs_on+0x67/0x240 [ 264.389003][T12396] ? loop_set_fd+0x1020/0x1020 [ 264.393745][T12396] blkdev_ioctl+0xedb/0x1c20 [ 264.398310][T12396] ? blkpg_ioctl+0xa90/0xa90 [ 264.402885][T12396] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 264.408672][T12396] ? __kasan_check_read+0x11/0x20 [ 264.413673][T12396] ? __kasan_check_read+0x11/0x20 [ 264.418680][T12396] block_ioctl+0xee/0x130 [ 264.423043][T12396] ? blkdev_fallocate+0x410/0x410 [ 264.428065][T12396] do_vfs_ioctl+0xdb6/0x13e0 [ 264.432651][T12396] ? compat_ioctl_preallocate+0x210/0x210 [ 264.438350][T12396] ? __fget+0x384/0x560 [ 264.442483][T12396] ? ksys_dup3+0x3e0/0x3e0 [ 264.446886][T12396] ? do_sys_open+0x31d/0x5d0 [ 264.451454][T12396] ? tomoyo_file_ioctl+0x23/0x30 [ 264.456368][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 264.462585][T12396] ? security_file_ioctl+0x8d/0xc0 [ 264.467673][T12396] ksys_ioctl+0xab/0xd0 [ 264.471807][T12396] __x64_sys_ioctl+0x73/0xb0 [ 264.476373][T12396] do_syscall_64+0xfa/0x760 [ 264.480854][T12396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.486718][T12396] RIP: 0033:0x459757 [ 264.490586][T12396] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.510162][T12396] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 05:25:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @dev}}, 0x1c) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000040)=0x20, &(0x7f0000000080)=0x2) setsockopt$netlink_NETLINK_RX_RING(r1, 0x29, 0x1b, &(0x7f0000000000), 0xf7) [ 264.518557][T12396] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 264.526505][T12396] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 264.534451][T12396] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 264.542406][T12396] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 264.550349][T12396] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 264.602584][T12411] binder: BINDER_SET_CONTEXT_MGR already set [ 264.619757][T12396] FAT-fs (loop1): bogus number of reserved sectors 05:25:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 264.648524][T12396] FAT-fs (loop1): Can't find a valid FAT filesystem [ 264.655895][T12411] binder: 12410:12411 ioctl 40046207 0 returned -16 05:25:08 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:08 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") r2 = accept4(r1, &(0x7f0000000040)=@pppoe={0x18, 0x0, {0x0, @random}}, &(0x7f00000000c0)=0x80, 0x80800) ioctl$SIOCX25SCUDMATCHLEN(r2, 0x89e7, &(0x7f0000000100)={0x48}) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1f4b6d8adaf25d19"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:08 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:08 executing program 1 (fault-call:0 fault-nth:17): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x0, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:08 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x11) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x11) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x440a01, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x9672) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) fsetxattr$security_evm(r5, &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000200)=@v1={0x2, "0c77fa4fb9e1c2199c"}, 0xa, 0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000140), &(0x7f0000000180)=0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000080), &(0x7f0000000100)=0x4) [ 264.836491][T12437] binder: BINDER_SET_CONTEXT_MGR already set [ 264.874805][T12437] binder: 12433:12437 ioctl 40046207 0 returned -16 05:25:09 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 264.971399][T12455] FAULT_INJECTION: forcing a failure. [ 264.971399][T12455] name failslab, interval 1, probability 0, space 0, times 0 [ 264.998638][T12455] CPU: 1 PID: 12455 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 265.007333][T12455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.017385][T12455] Call Trace: [ 265.020692][T12455] dump_stack+0x172/0x1f0 [ 265.025054][T12455] should_fail.cold+0xa/0x15 [ 265.029653][T12455] ? fault_create_debugfs_attr+0x180/0x180 [ 265.035474][T12455] ? kernel_init_free_pages+0x120/0x120 [ 265.041025][T12455] ? ___might_sleep+0x163/0x2c0 [ 265.045887][T12455] __should_failslab+0x121/0x190 [ 265.050833][T12455] should_failslab+0x9/0x14 [ 265.055345][T12455] kmem_cache_alloc+0x2aa/0x710 [ 265.060207][T12455] ? lock_acquire+0x190/0x410 [ 265.064895][T12455] __kernfs_new_node+0xf0/0x6c0 [ 265.069753][T12455] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 265.075218][T12455] ? finish_task_switch+0x1f1/0x720 [ 265.080426][T12455] ? __schedule+0x830/0x1c20 [ 265.085021][T12455] ? __sched_text_start+0x8/0x8 [ 265.089873][T12455] kernfs_new_node+0x96/0x120 [ 265.094561][T12455] kernfs_create_dir_ns+0x52/0x160 [ 265.099674][T12455] internal_create_group+0x7f4/0xc40 [ 265.104957][T12455] ? bd_set_size+0x3f/0xb0 [ 265.109375][T12455] ? lock_downgrade+0x920/0x920 [ 265.114245][T12455] ? remove_files.isra.0+0x190/0x190 [ 265.119536][T12455] ? __kasan_check_write+0x14/0x20 [ 265.124661][T12455] ? up_write+0x155/0x490 [ 265.128991][T12455] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 265.135234][T12455] sysfs_create_group+0x20/0x30 [ 265.140086][T12455] loop_set_fd+0xac1/0x1020 [ 265.144596][T12455] lo_ioctl+0x1a3/0x1460 [ 265.148839][T12455] ? trace_hardirqs_on+0x67/0x240 [ 265.153865][T12455] ? loop_set_fd+0x1020/0x1020 [ 265.158629][T12455] blkdev_ioctl+0xedb/0x1c20 [ 265.163220][T12455] ? blkpg_ioctl+0xa90/0xa90 [ 265.167812][T12455] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 265.173623][T12455] ? __kasan_check_read+0x11/0x20 [ 265.178653][T12455] ? __kasan_check_read+0x11/0x20 [ 265.183680][T12455] block_ioctl+0xee/0x130 [ 265.188009][T12455] ? blkdev_fallocate+0x410/0x410 [ 265.193037][T12455] do_vfs_ioctl+0xdb6/0x13e0 [ 265.197632][T12455] ? compat_ioctl_preallocate+0x210/0x210 [ 265.203359][T12455] ? __fget+0x384/0x560 [ 265.207519][T12455] ? ksys_dup3+0x3e0/0x3e0 [ 265.211950][T12455] ? do_sys_open+0x31d/0x5d0 [ 265.216550][T12455] ? tomoyo_file_ioctl+0x23/0x30 [ 265.221592][T12455] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 265.227842][T12455] ? security_file_ioctl+0x8d/0xc0 [ 265.233063][T12455] ksys_ioctl+0xab/0xd0 [ 265.237235][T12455] __x64_sys_ioctl+0x73/0xb0 [ 265.241831][T12455] do_syscall_64+0xfa/0x760 [ 265.246346][T12455] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.252351][T12455] RIP: 0033:0x459757 [ 265.256255][T12455] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.275861][T12455] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 265.284285][T12455] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 265.292258][T12455] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 265.300231][T12455] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 265.308206][T12455] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 265.316181][T12455] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 265.400578][T12455] FAT-fs (loop1): bogus number of reserved sectors [ 265.419341][T12474] binder: BINDER_SET_CONTEXT_MGR already set [ 265.442068][T12455] FAT-fs (loop1): Can't find a valid FAT filesystem [ 265.476252][T12474] binder: 12472:12474 ioctl 40046207 0 returned -16 05:25:10 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:10 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="5af50d83f2d1ed4c1f8216d66a5990ac0713d3c6e80d4d21866d9d91768fd23647597c4e9b0bd622cb2ba31fff39e98aa1771c19a96708bea023dd60941bc239dca59b5fe49947b68602b029f071f30b43a8bd3c949ec894ebe26cae3dbd32971a047ea07611df61c631c12869a5c65d765d787190ce95d6026d661ebbba0999e84817411ca7089175b40a80ef6e910de81fbbe8f42c4f411646b0d2a0b3"], 0x8, 0x0) write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x5, 0x7f, 0x1}}, 0x28) msgctl$IPC_RMID(r0, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) 05:25:10 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:10 executing program 1 (fault-call:0 fault-nth:18): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 266.184841][T12512] binder: BINDER_SET_CONTEXT_MGR already set [ 266.215862][T12510] FAULT_INJECTION: forcing a failure. [ 266.215862][T12510] name failslab, interval 1, probability 0, space 0, times 0 [ 266.249322][T12512] binder: 12506:12512 ioctl 40046207 0 returned -16 [ 266.312864][T12510] CPU: 1 PID: 12510 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 266.321571][T12510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.331626][T12510] Call Trace: [ 266.334922][T12510] dump_stack+0x172/0x1f0 [ 266.339261][T12510] should_fail.cold+0xa/0x15 [ 266.343862][T12510] ? fault_create_debugfs_attr+0x180/0x180 [ 266.349672][T12510] ? kernel_init_free_pages+0x120/0x120 [ 266.355218][T12510] ? ___might_sleep+0x163/0x2c0 [ 266.360072][T12510] __should_failslab+0x121/0x190 [ 266.365012][T12510] should_failslab+0x9/0x14 [ 266.369514][T12510] kmem_cache_alloc+0x2aa/0x710 [ 266.374367][T12510] ? __mutex_lock+0x45d/0x13c0 [ 266.379137][T12510] __kernfs_new_node+0xf0/0x6c0 [ 266.383989][T12510] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 266.389450][T12510] ? wait_for_completion+0x440/0x440 [ 266.394732][T12510] ? __kasan_check_write+0x14/0x20 [ 266.399845][T12510] ? mutex_unlock+0xd/0x10 [ 266.404258][T12510] ? kernfs_activate+0x192/0x1f0 [ 266.409193][T12510] kernfs_new_node+0x96/0x120 [ 266.413871][T12510] __kernfs_create_file+0x51/0x340 [ 266.419073][T12510] sysfs_add_file_mode_ns+0x222/0x560 [ 266.424448][T12510] internal_create_group+0x359/0xc40 [ 266.429726][T12510] ? bd_set_size+0x3f/0xb0 [ 266.434148][T12510] ? remove_files.isra.0+0x190/0x190 [ 266.439437][T12510] ? __kasan_check_write+0x14/0x20 [ 266.444542][T12510] ? up_write+0x155/0x490 [ 266.448871][T12510] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 266.455131][T12510] sysfs_create_group+0x20/0x30 [ 266.459979][T12510] loop_set_fd+0xac1/0x1020 [ 266.464505][T12510] lo_ioctl+0x1a3/0x1460 [ 266.468745][T12510] ? trace_hardirqs_on+0x67/0x240 [ 266.473765][T12510] ? loop_set_fd+0x1020/0x1020 [ 266.478525][T12510] blkdev_ioctl+0xedb/0x1c20 [ 266.483107][T12510] ? blkpg_ioctl+0xa90/0xa90 [ 266.487698][T12510] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 266.493503][T12510] ? __kasan_check_read+0x11/0x20 [ 266.499486][T12510] ? __kasan_check_read+0x11/0x20 [ 266.504521][T12510] block_ioctl+0xee/0x130 [ 266.508844][T12510] ? blkdev_fallocate+0x410/0x410 [ 266.513866][T12510] do_vfs_ioctl+0xdb6/0x13e0 [ 266.518454][T12510] ? compat_ioctl_preallocate+0x210/0x210 [ 266.524173][T12510] ? __fget+0x384/0x560 [ 266.528330][T12510] ? ksys_dup3+0x3e0/0x3e0 [ 266.532744][T12510] ? do_sys_open+0x31d/0x5d0 [ 266.537336][T12510] ? tomoyo_file_ioctl+0x23/0x30 [ 266.542280][T12510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 266.548518][T12510] ? security_file_ioctl+0x8d/0xc0 [ 266.553635][T12510] ksys_ioctl+0xab/0xd0 [ 266.557794][T12510] __x64_sys_ioctl+0x73/0xb0 [ 266.562385][T12510] do_syscall_64+0xfa/0x760 [ 266.566892][T12510] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 266.572776][T12510] RIP: 0033:0x459757 [ 266.576665][T12510] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.596443][T12510] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.604863][T12510] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 266.612835][T12510] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 266.620802][T12510] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 266.628770][T12510] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 266.636741][T12510] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 266.871209][T12510] FAT-fs (loop1): bogus number of reserved sectors [ 266.902337][T12510] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:11 executing program 1 (fault-call:0 fault-nth:19): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:11 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x1ff}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:11 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 267.235269][T12531] binder: BINDER_SET_CONTEXT_MGR already set [ 267.241348][T12531] binder: 12530:12531 ioctl 40046207 0 returned -16 05:25:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 267.341155][T12539] FAULT_INJECTION: forcing a failure. [ 267.341155][T12539] name failslab, interval 1, probability 0, space 0, times 0 [ 267.359426][T12539] CPU: 1 PID: 12539 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 267.368134][T12539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 267.378188][T12539] Call Trace: [ 267.381485][T12539] dump_stack+0x172/0x1f0 [ 267.385825][T12539] should_fail.cold+0xa/0x15 [ 267.390425][T12539] ? cpuacct_charge+0x1db/0x360 [ 267.395280][T12539] ? fault_create_debugfs_attr+0x180/0x180 [ 267.401096][T12539] ? kernel_init_free_pages+0x120/0x120 [ 267.406647][T12539] ? ___might_sleep+0x163/0x2c0 [ 267.411499][T12539] __should_failslab+0x121/0x190 [ 267.416443][T12539] should_failslab+0x9/0x14 [ 267.420944][T12539] kmem_cache_alloc+0x2aa/0x710 [ 267.425792][T12539] ? __kasan_check_read+0x11/0x20 [ 267.430822][T12539] __kernfs_new_node+0xf0/0x6c0 [ 267.435674][T12539] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 267.441127][T12539] ? __kasan_check_read+0x11/0x20 [ 267.446153][T12539] ? _raw_spin_unlock_irq+0x5e/0x90 [ 267.451347][T12539] ? __schedule+0x1286/0x1c20 [ 267.456029][T12539] ? __sched_text_start+0x8/0x8 [ 267.460885][T12539] kernfs_new_node+0x96/0x120 [ 267.465566][T12539] kernfs_create_dir_ns+0x52/0x160 [ 267.470676][T12539] internal_create_group+0x7f4/0xc40 [ 267.475954][T12539] ? bd_set_size+0x3f/0xb0 [ 267.480374][T12539] ? lock_downgrade+0x920/0x920 [ 267.485228][T12539] ? remove_files.isra.0+0x190/0x190 [ 267.490511][T12539] ? __kasan_check_write+0x14/0x20 [ 267.495624][T12539] ? up_write+0x155/0x490 [ 267.499954][T12539] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 267.506200][T12539] sysfs_create_group+0x20/0x30 [ 267.511049][T12539] loop_set_fd+0xac1/0x1020 [ 267.515554][T12539] lo_ioctl+0x1a3/0x1460 [ 267.519792][T12539] ? trace_hardirqs_on+0x67/0x240 [ 267.524814][T12539] ? loop_set_fd+0x1020/0x1020 [ 267.529573][T12539] blkdev_ioctl+0xedb/0x1c20 [ 267.534160][T12539] ? blkpg_ioctl+0xa90/0xa90 [ 267.538758][T12539] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 267.544566][T12539] ? __kasan_check_read+0x11/0x20 [ 267.549600][T12539] ? __kasan_check_read+0x11/0x20 [ 267.554627][T12539] block_ioctl+0xee/0x130 [ 267.558953][T12539] ? blkdev_fallocate+0x410/0x410 [ 267.563989][T12539] do_vfs_ioctl+0xdb6/0x13e0 [ 267.568579][T12539] ? compat_ioctl_preallocate+0x210/0x210 [ 267.574298][T12539] ? __fget+0x384/0x560 [ 267.578455][T12539] ? ksys_dup3+0x3e0/0x3e0 [ 267.582868][T12539] ? do_sys_open+0x31d/0x5d0 [ 267.587455][T12539] ? tomoyo_file_ioctl+0x23/0x30 [ 267.592399][T12539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 267.598636][T12539] ? security_file_ioctl+0x8d/0xc0 [ 267.603754][T12539] ksys_ioctl+0xab/0xd0 [ 267.607909][T12539] __x64_sys_ioctl+0x73/0xb0 [ 267.612497][T12539] do_syscall_64+0xfa/0x760 [ 267.617003][T12539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 267.622891][T12539] RIP: 0033:0x459757 [ 267.626784][T12539] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 267.646409][T12539] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 267.654820][T12539] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 267.662791][T12539] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 267.670760][T12539] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 267.678727][T12539] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 267.686697][T12539] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 267.751954][T12539] FAT-fs (loop1): bogus number of reserved sectors [ 267.765487][T12546] binder: BINDER_SET_CONTEXT_MGR already set [ 267.766253][T12539] FAT-fs (loop1): Can't find a valid FAT filesystem [ 267.782482][T12546] binder: 12544:12546 ioctl 40046207 0 returned -16 05:25:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:11 executing program 5: msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) msgsnd(0x0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r0 = dup(0xffffffffffffffff) ioctl$GIO_CMAP(r0, 0x4b70, &(0x7f00000001c0)) shmget(0x1, 0x1000, 0x54000000, &(0x7f0000ffd000/0x1000)=nil) msgctl$IPC_RMID(0x0, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f00000000c0)={0x0, 0xfb, 0xeb, 0x4, 0x1ff, "9bbd6f318d9d9761fb19d8d3162056d5", "ac5edafab35a1c7b7bf3f6e7992d74c6dfeb1548dc9d9f21639a2b86e218e6837356ecbf21c51707ed1ca39721fc2ffb84daff793955ea23baad4a708d8dc015b4cf5937c168cbaf158bfa82b8d55b06027c1043efb73d23f8e36e5f84d82cb47c08b5d281f1b0df2759772d763e209e4f8c0756769a9ea27160cb29dde31b7b37d87afb69200460d88302a8c0310c07769ecbac9c21106678f046e871f86c3331451f77794bb346351323385eb1f7804d3e94f8845fd7d7bb12cc92a37ed9bcf20d821f67e311eb347bb3d80aab1ff5f765967d829c"}, 0xeb, 0x0) 05:25:11 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:11 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x8, &(0x7f0000000280)) close(r0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x642, 0x0) r2 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) io_setup(0x9, &(0x7f0000000380)=0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000340)='/dev/dsp\x00', 0x141400, 0x0) setsockopt$netrom_NETROM_T4(r6, 0x103, 0x6, &(0x7f0000000540)=0x8, 0x4) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r6, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000128bd7000fedbdf25060000c01800e90f08000200e400"/38], 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x90) sendmsg$TIPC_NL_MEDIA_GET(r5, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0x198, r7, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0xc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_BEARER={0x54, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @loopback}}, {0x14, 0x2, @in={0x2, 0x4e20, @multicast2}}}}]}, @TIPC_NLA_BEARER={0x88, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'ib', 0x3a, 'veth1_to_bridge\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x400, @multicast1}}, {0x14, 0x2, @in={0x2, 0x4e22, @local}}}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3632}]}, @TIPC_NLA_BEARER_NAME={0x14, 0x1, @l2={'eth', 0x3a, 'syzkaller1\x00'}}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4d5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xa7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000000}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0x60, 0x5, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x4}, 0x80) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SETHMAC(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r9, 0x1}, 0x14}}, 0x0) sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000006c0)={&(0x7f0000000240), 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x1c, r9, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0x8, 0x4, [0x9]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000004) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f00000004c0)={0x180, r7, 0x0, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_BEARER={0x88, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x5ab, @ipv4={[], [], @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10001}}, {0x14, 0x2, @in={0x2, 0x4e24, @rand_addr=0x4}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xffffffffffff8001}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @empty}}, {0x14, 0x2, @in={0x2, 0x4e24, @loopback}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'ipddp0\x00'}}]}, @TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x3ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xc3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA={0xb0, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd3fa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x80}, 0x80) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000ac0)={0x7, 0x3, 0x3, 0x1, 0x5, [{0x400, 0xfffffffffffffff7, 0x3, 0x0, 0x0, 0x880}, {0x9, 0x8, 0x0, 0x0, 0x0, 0x100}, {0x5, 0x200000000000, 0xabc}, {0x727, 0x7, 0xe7}, {0x7980ba73, 0x2, 0xe7, 0x0, 0x0, 0x19a}]}) io_pgetevents(r4, 0x4, 0x4, &(0x7f00000003c0)=[{}, {}, {}, {}], &(0x7f0000000140), 0x0) io_submit(r4, 0x1, &(0x7f0000000600)) 05:25:11 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:12 executing program 1 (fault-call:0 fault-nth:20): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 267.907090][T12556] binder: BINDER_SET_CONTEXT_MGR already set [ 267.946794][T12556] binder: 12554:12556 ioctl 40046207 0 returned -16 05:25:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:12 executing program 5: r0 = msgget$private(0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = msgget$private(0x0, 0x98) socketpair(0x2, 0xe, 0x2d3, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$ax25_SO_BINDTODEVICE(r4, 0x101, 0x19, &(0x7f0000000200)=@rose={'rose', 0x0}, 0x10) r5 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$RTC_PLL_SET(r5, 0x40207012, &(0x7f00000000c0)={0xffffffffffffffff, 0xff, 0x4, 0x200, 0x800, 0x5, 0x80}) r6 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r7) r9 = getpid() r10 = getpgid(0xffffffffffffffff) msgctl$IPC_SET(r3, 0x1, &(0x7f0000000380)={{0x9, r7, 0x0, r1, r2, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r9, r10}) msgctl$IPC_SET(r3, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, r8, 0x40}, 0x0, 0x200000000000}) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="949b000062ea31c4"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x4000, 0x0) 05:25:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 268.055303][T12567] FAULT_INJECTION: forcing a failure. [ 268.055303][T12567] name failslab, interval 1, probability 0, space 0, times 0 05:25:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 268.102111][T12567] CPU: 0 PID: 12567 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 268.110816][T12567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 268.120869][T12567] Call Trace: [ 268.124169][T12567] dump_stack+0x172/0x1f0 [ 268.128496][T12567] should_fail.cold+0xa/0x15 [ 268.133142][T12567] ? fault_create_debugfs_attr+0x180/0x180 [ 268.138943][T12567] ? kernel_init_free_pages+0x120/0x120 [ 268.144470][T12567] ? ___might_sleep+0x163/0x2c0 [ 268.149308][T12567] __should_failslab+0x121/0x190 [ 268.154223][T12567] should_failslab+0x9/0x14 [ 268.158706][T12567] kmem_cache_alloc+0x2aa/0x710 [ 268.163571][T12567] ? __mutex_lock+0x45d/0x13c0 [ 268.168323][T12567] __kernfs_new_node+0xf0/0x6c0 [ 268.173175][T12567] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 268.178621][T12567] ? wait_for_completion+0x440/0x440 [ 268.183886][T12567] ? __kasan_check_write+0x14/0x20 [ 268.188985][T12567] ? mutex_unlock+0xd/0x10 [ 268.193385][T12567] ? kernfs_activate+0x192/0x1f0 [ 268.198301][T12567] kernfs_new_node+0x96/0x120 [ 268.202960][T12567] __kernfs_create_file+0x51/0x340 [ 268.208048][T12567] sysfs_add_file_mode_ns+0x222/0x560 [ 268.213395][T12567] internal_create_group+0x359/0xc40 [ 268.218654][T12567] ? bd_set_size+0x3f/0xb0 [ 268.223051][T12567] ? remove_files.isra.0+0x190/0x190 [ 268.228314][T12567] ? __kasan_check_write+0x14/0x20 [ 268.233399][T12567] ? up_write+0x155/0x490 [ 268.237720][T12567] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 268.243947][T12567] sysfs_create_group+0x20/0x30 [ 268.248885][T12567] loop_set_fd+0xac1/0x1020 [ 268.253499][T12567] lo_ioctl+0x1a3/0x1460 [ 268.257731][T12567] ? trace_hardirqs_on+0x67/0x240 [ 268.262753][T12567] ? loop_set_fd+0x1020/0x1020 [ 268.267499][T12567] blkdev_ioctl+0xedb/0x1c20 [ 268.272590][T12567] ? blkpg_ioctl+0xa90/0xa90 [ 268.277173][T12567] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 268.282957][T12567] ? __kasan_check_read+0x11/0x20 [ 268.288023][T12567] ? __kasan_check_read+0x11/0x20 [ 268.293044][T12567] block_ioctl+0xee/0x130 [ 268.297351][T12567] ? blkdev_fallocate+0x410/0x410 [ 268.302364][T12567] do_vfs_ioctl+0xdb6/0x13e0 [ 268.306938][T12567] ? compat_ioctl_preallocate+0x210/0x210 [ 268.312632][T12567] ? __fget+0x384/0x560 [ 268.316764][T12567] ? ksys_dup3+0x3e0/0x3e0 [ 268.321159][T12567] ? do_sys_open+0x31d/0x5d0 [ 268.325725][T12567] ? tomoyo_file_ioctl+0x23/0x30 [ 268.330638][T12567] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 268.336865][T12567] ? security_file_ioctl+0x8d/0xc0 [ 268.341968][T12567] ksys_ioctl+0xab/0xd0 [ 268.346112][T12567] __x64_sys_ioctl+0x73/0xb0 [ 268.350680][T12567] do_syscall_64+0xfa/0x760 [ 268.355171][T12567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 268.361045][T12567] RIP: 0033:0x459757 [ 268.364916][T12567] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 268.384668][T12567] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 268.393061][T12567] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 268.401007][T12567] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 268.409047][T12567] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 268.417012][T12567] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 268.424960][T12567] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:12 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) socket$unix(0x1, 0x1, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000080)={0x0, 0x6, 0x2, &(0x7f0000000040)=0xff}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 268.494792][T12593] binder: BINDER_SET_CONTEXT_MGR already set [ 268.501388][T12567] FAT-fs (loop1): bogus number of reserved sectors [ 268.506879][T12593] binder: 12586:12593 ioctl 40046207 0 returned -16 05:25:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 268.563430][T12567] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:12 executing program 1 (fault-call:0 fault-nth:21): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 268.672194][T12611] binder: BINDER_SET_CONTEXT_MGR already set 05:25:12 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = dup(0xffffffffffffffff) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x541b, &(0x7f00000000c0)) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000040)={{0xa, 0x4e22, 0x9, @remote, 0x7}, {0xa, 0x4e20, 0x0, @loopback, 0x3}, 0xfffffffffffffffc, [0x9, 0xfffe0, 0xf39, 0x5, 0x800, 0x4ff, 0x400, 0x254]}, 0x5c) [ 268.712659][T12614] binder: BINDER_SET_CONTEXT_MGR already set [ 268.721823][T12611] binder: 12603:12611 ioctl 40046207 0 returned -16 05:25:12 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:12 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 268.773176][T12614] binder: 12602:12614 ioctl 40046207 0 returned -16 05:25:12 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280), 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 268.824657][T12626] FAULT_INJECTION: forcing a failure. [ 268.824657][T12626] name failslab, interval 1, probability 0, space 0, times 0 [ 268.838386][T12626] CPU: 0 PID: 12626 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 268.847076][T12626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 268.857138][T12626] Call Trace: [ 268.860437][T12626] dump_stack+0x172/0x1f0 [ 268.864780][T12626] should_fail.cold+0xa/0x15 [ 268.869370][T12626] ? fault_create_debugfs_attr+0x180/0x180 [ 268.875173][T12626] ? kernel_init_free_pages+0x120/0x120 [ 268.880703][T12626] ? ___might_sleep+0x163/0x2c0 [ 268.885535][T12626] __should_failslab+0x121/0x190 [ 268.890446][T12626] should_failslab+0x9/0x14 [ 268.894924][T12626] kmem_cache_alloc+0x2aa/0x710 [ 268.899757][T12626] ? kernfs_activate+0x192/0x1f0 [ 268.904673][T12626] ? __kasan_check_read+0x11/0x20 [ 268.909672][T12626] ? __mutex_lock+0x45d/0x13c0 [ 268.914410][T12626] __kernfs_new_node+0xf0/0x6c0 [ 268.919246][T12626] ? __mutex_lock+0x45d/0x13c0 [ 268.923986][T12626] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 268.929426][T12626] ? __kasan_check_write+0x14/0x20 [ 268.934517][T12626] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 268.940125][T12626] ? wait_for_completion+0x440/0x440 [ 268.945395][T12626] kernfs_new_node+0x96/0x120 [ 268.950057][T12626] __kernfs_create_file+0x51/0x340 [ 268.955229][T12626] sysfs_add_file_mode_ns+0x222/0x560 [ 268.960575][T12626] internal_create_group+0x359/0xc40 [ 268.965834][T12626] ? bd_set_size+0x3f/0xb0 [ 268.970235][T12626] ? remove_files.isra.0+0x190/0x190 [ 268.975491][T12626] ? __kasan_check_write+0x14/0x20 [ 268.980589][T12626] ? up_write+0x155/0x490 [ 268.984952][T12626] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 268.991172][T12626] sysfs_create_group+0x20/0x30 [ 268.996004][T12626] loop_set_fd+0xac1/0x1020 [ 269.000491][T12626] lo_ioctl+0x1a3/0x1460 [ 269.004715][T12626] ? trace_hardirqs_on+0x67/0x240 [ 269.009724][T12626] ? loop_set_fd+0x1020/0x1020 [ 269.014467][T12626] blkdev_ioctl+0xedb/0x1c20 [ 269.019034][T12626] ? blkpg_ioctl+0xa90/0xa90 [ 269.023601][T12626] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 269.029388][T12626] ? __kasan_check_read+0x11/0x20 [ 269.034388][T12626] ? __kasan_check_read+0x11/0x20 [ 269.039388][T12626] block_ioctl+0xee/0x130 [ 269.043702][T12626] ? blkdev_fallocate+0x410/0x410 [ 269.048702][T12626] do_vfs_ioctl+0xdb6/0x13e0 [ 269.053278][T12626] ? compat_ioctl_preallocate+0x210/0x210 [ 269.058972][T12626] ? __fget+0x384/0x560 [ 269.063109][T12626] ? ksys_dup3+0x3e0/0x3e0 [ 269.067511][T12626] ? do_sys_open+0x31d/0x5d0 [ 269.072076][T12626] ? tomoyo_file_ioctl+0x23/0x30 [ 269.076992][T12626] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 269.083222][T12626] ? security_file_ioctl+0x8d/0xc0 [ 269.088315][T12626] ksys_ioctl+0xab/0xd0 [ 269.092448][T12626] __x64_sys_ioctl+0x73/0xb0 [ 269.097024][T12626] do_syscall_64+0xfa/0x760 [ 269.101628][T12626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.107505][T12626] RIP: 0033:0x459757 [ 269.111381][T12626] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 269.130964][T12626] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 269.139349][T12626] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 269.147295][T12626] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 269.155240][T12626] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 269.163188][T12626] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 269.171158][T12626] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 269.214728][T12633] binder: BINDER_SET_CONTEXT_MGR already set [ 269.225729][T12636] binder: BINDER_SET_CONTEXT_MGR already set [ 269.245045][T12626] FAT-fs (loop1): bogus number of reserved sectors [ 269.253350][T12633] binder: 12632:12633 ioctl 40046207 0 returned -16 05:25:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:13 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") r2 = accept4$inet(r1, &(0x7f0000000040)={0x2, 0x0, @loopback}, &(0x7f0000000080)=0x10, 0x800) getsockopt$inet_mreqsrc(r2, 0x0, 0x0, &(0x7f00000000c0)={@rand_addr, @local, @dev}, &(0x7f0000000100)=0xc) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:13 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) bind$netlink(r0, &(0x7f0000000180)={0x10, 0x0, 0x0, 0xef5c9ee566d6d67d}, 0xc) [ 269.288682][T12626] FAT-fs (loop1): Can't find a valid FAT filesystem [ 269.305669][T12636] binder: 12634:12636 ioctl 40046207 0 returned -16 05:25:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, 0x0, 0x0, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:13 executing program 1 (fault-call:0 fault-nth:22): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 269.439898][T12655] cgroup: fork rejected by pids controller in /syz0 [ 269.461847][T12665] binder: BINDER_SET_CONTEXT_MGR already set 05:25:13 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:13 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setstatus(r0, 0x4, 0x46c00) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x10000, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f0000000040)={0x2, 0x0, 0x1016, 0x7, 0xfff, {0x1ff, 0x4}}) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) gettid() tkill(0x0, 0x0) 05:25:13 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, 0x0, 0x0, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 269.513810][T12665] binder: 12664:12665 ioctl 40046207 0 returned -16 05:25:13 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:13 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x6}}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) getresuid(&(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0)) [ 269.583612][T12767] FAULT_INJECTION: forcing a failure. [ 269.583612][T12767] name failslab, interval 1, probability 0, space 0, times 0 [ 269.607603][T12767] CPU: 0 PID: 12767 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 269.616307][T12767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.626361][T12767] Call Trace: [ 269.629653][T12767] dump_stack+0x172/0x1f0 [ 269.633977][T12767] should_fail.cold+0xa/0x15 [ 269.638546][T12767] ? fault_create_debugfs_attr+0x180/0x180 [ 269.644336][T12767] ? kernel_init_free_pages+0x120/0x120 [ 269.649856][T12767] ? ___might_sleep+0x163/0x2c0 [ 269.654684][T12767] __should_failslab+0x121/0x190 [ 269.659661][T12767] should_failslab+0x9/0x14 [ 269.664162][T12767] kmem_cache_alloc+0x2aa/0x710 [ 269.668986][T12767] ? __mutex_lock+0x45d/0x13c0 [ 269.673729][T12767] __kernfs_new_node+0xf0/0x6c0 [ 269.678554][T12767] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 269.683988][T12767] ? wait_for_completion+0x440/0x440 [ 269.689244][T12767] ? __kasan_check_write+0x14/0x20 [ 269.694331][T12767] ? mutex_unlock+0xd/0x10 [ 269.698721][T12767] ? kernfs_activate+0x192/0x1f0 [ 269.703633][T12767] kernfs_new_node+0x96/0x120 [ 269.708290][T12767] __kernfs_create_file+0x51/0x340 [ 269.713394][T12767] sysfs_add_file_mode_ns+0x222/0x560 [ 269.718744][T12767] internal_create_group+0x359/0xc40 [ 269.724002][T12767] ? bd_set_size+0x3f/0xb0 [ 269.728394][T12767] ? remove_files.isra.0+0x190/0x190 [ 269.733652][T12767] ? __kasan_check_write+0x14/0x20 [ 269.738739][T12767] ? up_write+0x155/0x490 [ 269.743045][T12767] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 269.749259][T12767] sysfs_create_group+0x20/0x30 [ 269.754096][T12767] loop_set_fd+0xac1/0x1020 [ 269.758585][T12767] lo_ioctl+0x1a3/0x1460 [ 269.762835][T12767] ? trace_hardirqs_on+0x67/0x240 [ 269.767837][T12767] ? loop_set_fd+0x1020/0x1020 [ 269.772581][T12767] blkdev_ioctl+0xedb/0x1c20 [ 269.777150][T12767] ? blkpg_ioctl+0xa90/0xa90 [ 269.781716][T12767] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 269.787501][T12767] ? __kasan_check_read+0x11/0x20 [ 269.792504][T12767] ? __kasan_check_read+0x11/0x20 [ 269.797556][T12767] block_ioctl+0xee/0x130 [ 269.801859][T12767] ? blkdev_fallocate+0x410/0x410 [ 269.806864][T12767] do_vfs_ioctl+0xdb6/0x13e0 [ 269.811430][T12767] ? compat_ioctl_preallocate+0x210/0x210 [ 269.817122][T12767] ? __fget+0x384/0x560 [ 269.821254][T12767] ? ksys_dup3+0x3e0/0x3e0 [ 269.825648][T12767] ? do_sys_open+0x31d/0x5d0 [ 269.830301][T12767] ? tomoyo_file_ioctl+0x23/0x30 [ 269.835214][T12767] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 269.841428][T12767] ? security_file_ioctl+0x8d/0xc0 [ 269.846514][T12767] ksys_ioctl+0xab/0xd0 [ 269.850648][T12767] __x64_sys_ioctl+0x73/0xb0 [ 269.855291][T12767] do_syscall_64+0xfa/0x760 [ 269.859782][T12767] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.865699][T12767] RIP: 0033:0x459757 [ 269.869583][T12767] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 269.889182][T12767] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 269.897607][T12767] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 269.905558][T12767] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 269.913514][T12767] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 269.921476][T12767] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 05:25:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 269.929421][T12767] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 269.953536][T12784] binder: BINDER_SET_CONTEXT_MGR already set [ 269.959552][T12784] binder: 12783:12784 ioctl 40046207 0 returned -16 05:25:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x200000000003, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00 \x00', 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @initdev}, 0x10) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) ioctl$KVM_SET_FPU(r4, 0x41a0ae8d, &(0x7f0000000240)={[], 0x90dc, 0x2, 0xae1f, 0x0, 0x7fffffff, 0x4, 0x88e83f708596bff8, [], 0xcb}) sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x15, 0x1, 0x5, 0x5, 0x0, 0x70bd27, 0x25dfdbfb, [@sadb_key={0x3, 0x8, 0x78, 0x0, "ff4e3b9f988b6de18128593cdb70e1"}]}, 0x28}}, 0x4000) bind$inet(r1, 0x0, 0x0) 05:25:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, 0x0, 0x0, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 270.019223][T12767] FAT-fs (loop1): bogus number of reserved sectors [ 270.046350][T12767] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:14 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x80200, 0x0) getsockopt$inet_opts(r1, 0x0, 0x9, &(0x7f0000000040)=""/5, &(0x7f0000000080)=0x5) msgsnd(r0, &(0x7f0000000a40)={0x0, "6aa293c4c578ed2882e93ee7516edfdd07cbc536df8f4fc00e78cae55f997a6c59ddf5e3b83a4a666eae78a7190833b67ca366feeaee8607000097b75c9b2a48b06c2b07744abd6e82bbf2b6bf95a29abad11e2b24db2e79574dabf4b713169fc8541e8a417c6e4d3e326ec9c61e81e1cd3839aa4f8d273568feaeaa144d0670f0758e8ab0efadf3a05b4fc91cd19b0d450669b40525a9bec2ac0765d9804c09583408efc65e756b5d367979785863098cea834f4e3a931ef7d07a6763d5377c8554ad59d333ee9d7b36431736cb20bc5dabb8ee8c7dd8287b3d732e9eb80e3b54fb1c2d0e1bd60d35b4e9440a3aea80ff698d83c9287d915e0a32eec3d3f9a2a75594e09d08e31e5cde3e86774799fdec8c122e2e84a35fbb074bb636901b8c0f6ea17d5abbba7c1a4b7420ac17fb9c51e7466e8a7f4fa19add6c9a252c31b91a9a79a6b3547caec79bbdfb25ba14e44271441cdcf0552158979c22cc4adba2b8074fde9f75c25d81bc64577bdb3a3dd92dca21183a5fec37a012e1c71df2b3511f7588c1ec24ae04dcde6397ee66f6b0e255d160b6c73af7903fdf3d87e3101b0e7b9d9788e88bd42388500d7af00dd8bc036692781ad87a702c1bf748851b5427de4ad9f33a4335ee2cfe0af58e04e5b16f5257921897628425d95c6d4d7a2582c32d9b96ae7f48e58d65cb6210831c932812e146f56c65ccf96e00f1d868ed8804095ed44be4eb34d4c8eee38bcee9868b1f12a004d193390dca25bb435cbb66812b14da3f79a4aea5a13d19663fe4ab0ce677a8d1a0d8c5be09040a3885e0d1583503148b26000000009f266ec23854fc572757bd478fc4cfd03eb62bff0058461e063acc3cf566d51874c1f2a62923b5cb70b3e0628233f093e8c24ef22566fe0e8ef844b3a2e444a7779835b61a8ad2df5cad1e0cab7e4d0d1c3b335c11248d895cbacf0551aea9550556894724409a00f2b90000009085d3360a011b7ea525d73b264c36c4542934de64237a41ee65d81f0016894a831b2ffa828b5b447a3d3850778c95744b48ab6b07f3e4f8c15ee6c9d5eefb066be263a6ff3ec601cd30cfa57cc49e554aab9bdc267f40a2ec81af0bf13274a7d1184bc2af075c85cea38aa17462c541e951789174b7d268655e99ead68ec3efd030a471696519f8652f9c13fad4678380fa8712cc1b877446468c104d089911fd7f0ebd73328a01c01dc7e89b61f587b810b1493821d8ee437b0bfc39fa3330031d115d2d0eee80ac3f0177b4414cc0616a8002a39c534a9a5dfb16fb389e742d0315ea30e9850ffec92cdd67fc2f9262d26a0dad8131c485fd6d64210af3c42d5ace3863a839833b2455808adc6acad4db1804afcdb3ba0f08cf7f063f1beab4387ea5b85d87fa9a659197cd910a73e6189ec589"}, 0x9fe3379e7a124fde, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 270.196464][T12815] binder: BINDER_SET_CONTEXT_MGR already set [ 270.219147][T12815] binder: 12814:12815 ioctl 40046207 0 returned -16 05:25:14 executing program 1 (fault-call:0 fault-nth:23): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:14 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x200000000003, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00 \x00', 0x10) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @initdev}, 0x10) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) ioctl$KVM_SET_FPU(r4, 0x41a0ae8d, &(0x7f0000000240)={[], 0x90dc, 0x2, 0xae1f, 0x0, 0x7fffffff, 0x4, 0x88e83f708596bff8, [], 0xcb}) sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x15, 0x1, 0x5, 0x5, 0x0, 0x70bd27, 0x25dfdbfb, [@sadb_key={0x3, 0x8, 0x78, 0x0, "ff4e3b9f988b6de18128593cdb70e1"}]}, 0x28}}, 0x4000) bind$inet(r1, 0x0, 0x0) 05:25:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:14 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 270.332502][T12829] binder: BINDER_SET_CONTEXT_MGR already set [ 270.357407][T12829] binder: 12828:12829 ioctl 40046207 0 returned -16 05:25:14 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$VIDIOC_OVERLAY(r2, 0x4004560e, &(0x7f0000000140)=0x9) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000040)={{{@in6=@loopback, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000180)=0xe8) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, r4, 0x0, 0x0, 0x0, 0x20, 0x8000}}) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000800ff071b"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:14 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 270.423666][T12837] FAULT_INJECTION: forcing a failure. [ 270.423666][T12837] name failslab, interval 1, probability 0, space 0, times 0 [ 270.456047][T12837] CPU: 1 PID: 12837 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 270.464841][T12837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.475026][T12837] Call Trace: [ 270.478299][T12837] dump_stack+0x172/0x1f0 [ 270.482608][T12837] should_fail.cold+0xa/0x15 [ 270.487528][T12837] ? fault_create_debugfs_attr+0x180/0x180 [ 270.493327][T12837] ? kernel_init_free_pages+0x120/0x120 [ 270.498881][T12837] ? ___might_sleep+0x163/0x2c0 [ 270.503720][T12837] __should_failslab+0x121/0x190 [ 270.508654][T12837] should_failslab+0x9/0x14 [ 270.513143][T12837] kmem_cache_alloc+0x2aa/0x710 [ 270.517981][T12837] ? __mutex_lock+0x45d/0x13c0 [ 270.522831][T12837] __kernfs_new_node+0xf0/0x6c0 [ 270.527669][T12837] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 270.533120][T12837] ? wait_for_completion+0x440/0x440 [ 270.538390][T12837] ? __kasan_check_write+0x14/0x20 [ 270.543490][T12837] ? mutex_unlock+0xd/0x10 [ 270.547900][T12837] ? kernfs_activate+0x192/0x1f0 [ 270.552830][T12837] kernfs_new_node+0x96/0x120 [ 270.557494][T12837] __kernfs_create_file+0x51/0x340 [ 270.562583][T12837] sysfs_add_file_mode_ns+0x222/0x560 [ 270.567943][T12837] internal_create_group+0x359/0xc40 [ 270.573215][T12837] ? bd_set_size+0x3f/0xb0 [ 270.577619][T12837] ? remove_files.isra.0+0x190/0x190 [ 270.582892][T12837] ? __kasan_check_write+0x14/0x20 [ 270.588429][T12837] ? up_write+0x155/0x490 [ 270.592755][T12837] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 270.598992][T12837] sysfs_create_group+0x20/0x30 [ 270.603830][T12837] loop_set_fd+0xac1/0x1020 [ 270.608318][T12837] lo_ioctl+0x1a3/0x1460 [ 270.612535][T12837] ? trace_hardirqs_on+0x67/0x240 [ 270.617546][T12837] ? loop_set_fd+0x1020/0x1020 [ 270.622308][T12837] blkdev_ioctl+0xedb/0x1c20 [ 270.626879][T12837] ? blkpg_ioctl+0xa90/0xa90 [ 270.631459][T12837] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 270.637239][T12837] ? __kasan_check_read+0x11/0x20 [ 270.642241][T12837] ? __kasan_check_read+0x11/0x20 [ 270.647241][T12837] block_ioctl+0xee/0x130 [ 270.651556][T12837] ? blkdev_fallocate+0x410/0x410 [ 270.656561][T12837] do_vfs_ioctl+0xdb6/0x13e0 [ 270.661137][T12837] ? compat_ioctl_preallocate+0x210/0x210 [ 270.666843][T12837] ? __fget+0x384/0x560 [ 270.670977][T12837] ? ksys_dup3+0x3e0/0x3e0 [ 270.675419][T12837] ? do_sys_open+0x31d/0x5d0 [ 270.679988][T12837] ? tomoyo_file_ioctl+0x23/0x30 [ 270.685431][T12837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 270.691656][T12837] ? security_file_ioctl+0x8d/0xc0 [ 270.696750][T12837] ksys_ioctl+0xab/0xd0 [ 270.700886][T12837] __x64_sys_ioctl+0x73/0xb0 [ 270.705487][T12837] do_syscall_64+0xfa/0x760 [ 270.709969][T12837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 270.715839][T12837] RIP: 0033:0x459757 [ 270.719714][T12837] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 270.739297][T12837] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 270.747685][T12837] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 270.755634][T12837] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 270.763592][T12837] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 05:25:14 executing program 4: r0 = gettid() r1 = getpgrp(0x0) kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$TUNDETACHFILTER(r2, 0x401054d6, 0x0) [ 270.771561][T12837] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 270.779512][T12837] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 270.818547][T12837] FAT-fs (loop1): bogus number of reserved sectors [ 270.853031][T12837] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 270.887969][T12846] binder: BINDER_SET_CONTEXT_MGR already set [ 270.894245][T12846] binder: 12845:12846 ioctl 40046207 0 returned -16 [ 271.026668][T12866] binder: BINDER_SET_CONTEXT_MGR already set [ 271.033759][T12866] binder: 12862:12866 ioctl 40046207 0 returned -16 05:25:15 executing program 1 (fault-call:0 fault-nth:24): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:15 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000040)) msgctl$IPC_RMID(r0, 0x0) 05:25:15 executing program 4: request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)={'idz', 0x2}, 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f00000000c0)={0x2, 0x5, [{0x7, 0x0, 0x183b}, {0x2, 0x0, 0x5044c905}]}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000100)=0x9, 0x4) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000000)=0xfffffffffffffffb, 0x4) [ 271.071776][T12869] binder: BINDER_SET_CONTEXT_MGR already set [ 271.085154][T12869] binder: 12867:12869 ioctl 40046207 0 returned -16 05:25:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, 0x0) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 271.179631][T12884] FAULT_INJECTION: forcing a failure. [ 271.179631][T12884] name failslab, interval 1, probability 0, space 0, times 0 [ 271.200297][T12884] CPU: 0 PID: 12884 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 271.208997][T12884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.219059][T12884] Call Trace: [ 271.222482][T12884] dump_stack+0x172/0x1f0 [ 271.226826][T12884] should_fail.cold+0xa/0x15 [ 271.231404][T12884] ? fault_create_debugfs_attr+0x180/0x180 [ 271.237201][T12884] ? kernel_init_free_pages+0x120/0x120 [ 271.242733][T12884] ? ___might_sleep+0x163/0x2c0 [ 271.247593][T12884] __should_failslab+0x121/0x190 [ 271.252506][T12884] should_failslab+0x9/0x14 [ 271.257002][T12884] kmem_cache_alloc+0x2aa/0x710 [ 271.261916][T12884] ? __mutex_lock+0x45d/0x13c0 [ 271.266677][T12884] __kernfs_new_node+0xf0/0x6c0 [ 271.271504][T12884] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 271.276938][T12884] ? wait_for_completion+0x440/0x440 [ 271.282201][T12884] ? __kasan_check_write+0x14/0x20 [ 271.287295][T12884] ? mutex_unlock+0xd/0x10 [ 271.291686][T12884] ? kernfs_activate+0x192/0x1f0 [ 271.296601][T12884] kernfs_new_node+0x96/0x120 [ 271.301255][T12884] __kernfs_create_file+0x51/0x340 [ 271.306360][T12884] sysfs_add_file_mode_ns+0x222/0x560 [ 271.311717][T12884] internal_create_group+0x359/0xc40 [ 271.316975][T12884] ? bd_set_size+0x3f/0xb0 [ 271.321369][T12884] ? remove_files.isra.0+0x190/0x190 [ 271.326631][T12884] ? __kasan_check_write+0x14/0x20 [ 271.331716][T12884] ? up_write+0x155/0x490 [ 271.336030][T12884] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 271.342346][T12884] sysfs_create_group+0x20/0x30 [ 271.347183][T12884] loop_set_fd+0xac1/0x1020 [ 271.351672][T12884] lo_ioctl+0x1a3/0x1460 [ 271.355904][T12884] ? trace_hardirqs_on+0x67/0x240 [ 271.360904][T12884] ? loop_set_fd+0x1020/0x1020 [ 271.365652][T12884] blkdev_ioctl+0xedb/0x1c20 [ 271.370215][T12884] ? blkpg_ioctl+0xa90/0xa90 [ 271.374791][T12884] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 271.380584][T12884] ? __kasan_check_read+0x11/0x20 [ 271.385594][T12884] ? __kasan_check_read+0x11/0x20 [ 271.390597][T12884] block_ioctl+0xee/0x130 [ 271.394919][T12884] ? blkdev_fallocate+0x410/0x410 [ 271.399934][T12884] do_vfs_ioctl+0xdb6/0x13e0 [ 271.404940][T12884] ? compat_ioctl_preallocate+0x210/0x210 [ 271.410645][T12884] ? __fget+0x384/0x560 [ 271.414792][T12884] ? ksys_dup3+0x3e0/0x3e0 [ 271.419183][T12884] ? do_sys_open+0x31d/0x5d0 [ 271.423763][T12884] ? tomoyo_file_ioctl+0x23/0x30 [ 271.428688][T12884] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 271.434915][T12884] ? security_file_ioctl+0x8d/0xc0 [ 271.440015][T12884] ksys_ioctl+0xab/0xd0 [ 271.444148][T12884] __x64_sys_ioctl+0x73/0xb0 [ 271.448714][T12884] do_syscall_64+0xfa/0x760 [ 271.453212][T12884] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.459096][T12884] RIP: 0033:0x459757 [ 271.462969][T12884] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 271.482551][T12884] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 271.491733][T12884] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 271.499680][T12884] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 271.507626][T12884] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 271.515572][T12884] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 05:25:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 271.523529][T12884] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 271.552862][T12884] FAT-fs (loop1): bogus number of reserved sectors [ 271.566551][T12891] binder: BINDER_SET_CONTEXT_MGR already set [ 271.577356][T12884] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:15 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) accept$ax25(r1, &(0x7f0000000080)={{0x3, @null}, [@null, @bcast, @remote, @remote, @null, @rose, @default, @null]}, &(0x7f0000000100)=0x48) msgctl$IPC_RMID(r0, 0x0) [ 271.617455][T12891] binder: 12889:12891 ioctl 40046207 0 returned -16 05:25:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 271.661987][T12904] binder: BINDER_SET_CONTEXT_MGR already set [ 271.673661][T12904] binder: 12901:12904 ioctl 40046207 0 returned -16 05:25:15 executing program 1 (fault-call:0 fault-nth:25): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:15 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, 0x0) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:15 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x0, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:15 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 271.799972][T12920] binder: BINDER_SET_CONTEXT_MGR already set 05:25:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 271.869407][T12920] binder: 12919:12920 ioctl 40046207 0 returned -16 [ 271.884479][T12923] binder: BINDER_SET_CONTEXT_MGR already set [ 271.901000][T12928] FAULT_INJECTION: forcing a failure. [ 271.901000][T12928] name failslab, interval 1, probability 0, space 0, times 0 05:25:16 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') readv(r1, &(0x7f0000000140)=[{&(0x7f0000000180)=""/91, 0x2ee}], 0x1) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x0, @pix_mp}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf070") timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) r5 = accept(r1, &(0x7f0000000400)=@ipx, &(0x7f0000000480)=0x80) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r5, 0x6, 0x21, &(0x7f00000004c0)="cc98d56b5cb656f2df773cbd611402a3", 0x10) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) utimensat(r3, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000003c0)={{0x77359400}}, 0x100) tkill(r0, 0x1000000000014) r6 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r7 = getpgrp(0x0) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r7}) fcntl$setsig(r6, 0xa, 0x11) fcntl$setlease(r6, 0x400, 0x0) fcntl$setlease(r6, 0x400, 0x2) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) sendmsg$can_bcm(r6, &(0x7f0000000340)={&(0x7f0000000200), 0x10, &(0x7f0000000300)={&(0x7f0000000280)={0x5, 0x0, 0x0, {r8, r9/1000+10000}, {0x77359400}, {0x3, 0x0, 0x2, 0x3}, 0x1, @can={{0x2, 0xe476, 0x1, 0x3}, 0x5, 0x3, 0x0, 0x0, "f9a64c15c6e17e45"}}, 0x48}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) [ 271.905563][T12923] binder: 12922:12923 ioctl 40046207 0 returned -16 [ 271.913765][T12928] CPU: 0 PID: 12928 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 271.928924][T12928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.938968][T12928] Call Trace: [ 271.942257][T12928] dump_stack+0x172/0x1f0 [ 271.946618][T12928] should_fail.cold+0xa/0x15 [ 271.951204][T12928] ? fault_create_debugfs_attr+0x180/0x180 [ 271.957021][T12928] ? stack_trace_save+0xac/0xe0 [ 271.961873][T12928] __should_failslab+0x121/0x190 05:25:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, 0x0) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:16 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) r4 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) r6 = dup3(r2, r4, 0x80000) ioctl$TUNSETVNETBE(r6, 0x400454de, &(0x7f00000004c0)) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") r7 = accept(r1, &(0x7f0000000280)=@in={0x2, 0x0, @dev}, &(0x7f0000000300)=0x80) fstat(r7, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = msgget$private(0x0, 0x98) r11 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r12) r13 = getpid() r14 = getpgid(0xffffffffffffffff) sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@delrng={0x10, 0x14, 0x400, 0x70bd2b, 0x25dfdbfe, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x842) msgctl$IPC_SET(r10, 0x1, &(0x7f0000000380)={{0x9, r12, 0x0, r8, r9, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r13, r14}) msgrcv(r10, &(0x7f0000000040)={0x0, ""/205}, 0xd5, 0xf982a82371b179bb, 0x800) r15 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r16 = getpgrp(0x0) fcntl$setownex(r15, 0xf, &(0x7f0000000040)={0x2, r16}) fcntl$setsig(r15, 0xa, 0x11) fcntl$setlease(r15, 0x400, 0x0) fcntl$setlease(r15, 0x400, 0x2) r17 = accept4$inet6(r15, 0x0, &(0x7f00000001c0), 0x800) getsockopt$inet6_udp_int(r17, 0x11, 0xe5b800456953d2ad, &(0x7f0000000200), &(0x7f0000000240)=0x4) 05:25:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 271.966806][T12928] should_failslab+0x9/0x14 [ 271.971311][T12928] kmem_cache_alloc+0x47/0x710 [ 271.976073][T12928] ? save_stack+0x5c/0x90 [ 271.980404][T12928] ? save_stack+0x23/0x90 [ 271.984735][T12928] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 271.990552][T12928] ? kasan_slab_alloc+0xf/0x20 [ 271.995386][T12928] radix_tree_node_alloc.constprop.0+0x1eb/0x340 [ 272.001721][T12928] idr_get_free+0x48e/0x8c0 [ 272.006245][T12928] idr_alloc_u32+0x19e/0x330 [ 272.010842][T12928] ? __fprop_inc_percpu_max+0x230/0x230 [ 272.016392][T12928] ? fault_create_debugfs_attr+0x180/0x180 [ 272.022204][T12928] ? mark_held_locks+0xf0/0xf0 [ 272.026965][T12928] ? kernel_init_free_pages+0x120/0x120 [ 272.032489][T12928] idr_alloc_cyclic+0x132/0x270 [ 272.037316][T12928] ? idr_alloc+0x150/0x150 [ 272.041764][T12928] __kernfs_new_node+0x172/0x6c0 [ 272.046692][T12928] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 272.052402][T12928] ? wait_for_completion+0x440/0x440 [ 272.057695][T12928] ? __kasan_check_write+0x14/0x20 [ 272.062806][T12928] ? mutex_unlock+0xd/0x10 [ 272.067210][T12928] ? kernfs_activate+0x192/0x1f0 [ 272.072139][T12928] kernfs_new_node+0x96/0x120 [ 272.076801][T12928] __kernfs_create_file+0x51/0x340 [ 272.081891][T12928] sysfs_add_file_mode_ns+0x222/0x560 [ 272.087249][T12928] internal_create_group+0x359/0xc40 [ 272.092512][T12928] ? bd_set_size+0x3f/0xb0 [ 272.096909][T12928] ? remove_files.isra.0+0x190/0x190 [ 272.102172][T12928] ? __kasan_check_write+0x14/0x20 [ 272.107257][T12928] ? up_write+0x155/0x490 [ 272.111567][T12928] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 272.117782][T12928] sysfs_create_group+0x20/0x30 [ 272.122609][T12928] loop_set_fd+0xac1/0x1020 [ 272.127093][T12928] lo_ioctl+0x1a3/0x1460 [ 272.131323][T12928] ? trace_hardirqs_on+0x67/0x240 [ 272.136326][T12928] ? loop_set_fd+0x1020/0x1020 [ 272.141069][T12928] blkdev_ioctl+0xedb/0x1c20 [ 272.145656][T12928] ? blkpg_ioctl+0xa90/0xa90 [ 272.150226][T12928] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 272.156028][T12928] ? __kasan_check_read+0x11/0x20 [ 272.161033][T12928] ? __kasan_check_read+0x11/0x20 [ 272.166036][T12928] block_ioctl+0xee/0x130 [ 272.170353][T12928] ? blkdev_fallocate+0x410/0x410 [ 272.175363][T12928] do_vfs_ioctl+0xdb6/0x13e0 [ 272.179944][T12928] ? compat_ioctl_preallocate+0x210/0x210 [ 272.185641][T12928] ? __fget+0x384/0x560 [ 272.189801][T12928] ? ksys_dup3+0x3e0/0x3e0 [ 272.194195][T12928] ? do_sys_open+0x31d/0x5d0 [ 272.198807][T12928] ? tomoyo_file_ioctl+0x23/0x30 [ 272.203773][T12928] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 272.209990][T12928] ? security_file_ioctl+0x8d/0xc0 [ 272.215078][T12928] ksys_ioctl+0xab/0xd0 [ 272.219297][T12928] __x64_sys_ioctl+0x73/0xb0 [ 272.223879][T12928] do_syscall_64+0xfa/0x760 [ 272.228361][T12928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 272.234226][T12928] RIP: 0033:0x459757 [ 272.238096][T12928] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 272.257682][T12928] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.266175][T12928] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 272.274130][T12928] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 272.282117][T12928] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 272.290067][T12928] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 272.298035][T12928] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 272.315444][T12928] FAT-fs (loop1): bogus number of reserved sectors [ 272.329184][T12928] FAT-fs (loop1): Can't find a valid FAT filesystem [ 272.373467][T12946] binder: BINDER_SET_CONTEXT_MGR already set [ 272.379487][T12946] binder: 12944:12946 ioctl 40046207 0 returned -16 05:25:16 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:16 executing program 1 (fault-call:0 fault-nth:26): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:16 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(0x0, 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 272.561686][T12964] FAULT_INJECTION: forcing a failure. [ 272.561686][T12964] name failslab, interval 1, probability 0, space 0, times 0 [ 272.577538][T12964] CPU: 0 PID: 12964 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 272.586225][T12964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 272.596268][T12964] Call Trace: [ 272.599549][T12964] dump_stack+0x172/0x1f0 [ 272.603864][T12964] should_fail.cold+0xa/0x15 [ 272.608435][T12964] ? fault_create_debugfs_attr+0x180/0x180 [ 272.614225][T12964] ? kernel_init_free_pages+0x120/0x120 [ 272.619766][T12964] ? ___might_sleep+0x163/0x2c0 [ 272.624601][T12964] __should_failslab+0x121/0x190 [ 272.629516][T12964] should_failslab+0x9/0x14 [ 272.633996][T12964] kmem_cache_alloc+0x2aa/0x710 [ 272.638825][T12964] ? __mutex_lock+0x45d/0x13c0 [ 272.643571][T12964] __kernfs_new_node+0xf0/0x6c0 [ 272.648398][T12964] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 272.653834][T12964] ? wait_for_completion+0x440/0x440 [ 272.659093][T12964] ? __kasan_check_write+0x14/0x20 [ 272.664180][T12964] ? mutex_unlock+0xd/0x10 [ 272.668576][T12964] ? kernfs_activate+0x192/0x1f0 [ 272.673494][T12964] kernfs_new_node+0x96/0x120 [ 272.678158][T12964] __kernfs_create_file+0x51/0x340 [ 272.683251][T12964] sysfs_add_file_mode_ns+0x222/0x560 [ 272.688602][T12964] internal_create_group+0x359/0xc40 [ 272.693866][T12964] ? bd_set_size+0x3f/0xb0 [ 272.698262][T12964] ? remove_files.isra.0+0x190/0x190 [ 272.703525][T12964] ? __kasan_check_write+0x14/0x20 [ 272.708616][T12964] ? up_write+0x155/0x490 [ 272.712923][T12964] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 272.719140][T12964] sysfs_create_group+0x20/0x30 [ 272.723967][T12964] loop_set_fd+0xac1/0x1020 [ 272.728463][T12964] lo_ioctl+0x1a3/0x1460 [ 272.732693][T12964] ? trace_hardirqs_on+0x5e/0x240 [ 272.737707][T12964] ? kfree+0x239/0x2c0 [ 272.741750][T12964] ? loop_set_fd+0x1020/0x1020 [ 272.746501][T12964] blkdev_ioctl+0xedb/0x1c20 [ 272.751071][T12964] ? blkpg_ioctl+0xa90/0xa90 [ 272.755639][T12964] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 272.761417][T12964] ? __kasan_check_read+0x11/0x20 [ 272.766428][T12964] ? __kasan_check_read+0x11/0x20 [ 272.771437][T12964] block_ioctl+0xee/0x130 [ 272.775754][T12964] ? blkdev_fallocate+0x410/0x410 [ 272.780772][T12964] do_vfs_ioctl+0xdb6/0x13e0 [ 272.785862][T12964] ? compat_ioctl_preallocate+0x210/0x210 [ 272.791560][T12964] ? __fget+0x384/0x560 [ 272.795698][T12964] ? ksys_dup3+0x3e0/0x3e0 [ 272.800098][T12964] ? do_sys_open+0x31d/0x5d0 [ 272.804667][T12964] ? tomoyo_file_ioctl+0x23/0x30 [ 272.809585][T12964] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 272.815800][T12964] ? security_file_ioctl+0x8d/0xc0 [ 272.820902][T12964] ksys_ioctl+0xab/0xd0 [ 272.825039][T12964] __x64_sys_ioctl+0x73/0xb0 [ 272.829611][T12964] do_syscall_64+0xfa/0x760 [ 272.834100][T12964] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 272.839965][T12964] RIP: 0033:0x459757 05:25:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 272.843849][T12964] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 272.863438][T12964] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 272.871824][T12964] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 272.879771][T12964] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 272.887719][T12964] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 272.895668][T12964] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 272.903625][T12964] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 272.923945][T12964] FAT-fs (loop1): bogus number of reserved sectors [ 272.948897][T12971] binder: BINDER_SET_CONTEXT_MGR already set [ 272.955697][T12971] binder: 12967:12971 ioctl 40046207 0 returned -16 [ 272.962582][T12964] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(0x0, 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 272.970702][T12971] debugfs: File '12967' in directory 'proc' already present! 05:25:17 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:17 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = socket$inet(0x2, 0x80001, 0x84) setsockopt$sock_int(r1, 0x1, 0x100000000002, &(0x7f0000000000)=0x4, 0xfffffffffffffdcb) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10) r2 = socket$inet6(0xa, 0x5, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x1a, &(0x7f0000000300)=ANY=[@ANYBLOB="72617700000000000000000000000000000000000000000000000000000000000900000003000000e802000000000000780100000000000000000000780100006002000060020000600200006002000060020000030000000000000000000000fe8000000000000000000000000000aafe88000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000007465716c3000000000000000000000006966623000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c80030010000000000000000000000000000000000000000000000006800435400000000000000000000000000000000000000000000000000000002000000000000000000000000736e6d7000000000000000000000000073797a300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000000000000000000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000006c6f0000000000000000000000000000766c616e30000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c800e80000000000000000000000000000000000000000000000000020005452414345000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff000000006646b309cc360dac9adc1c99270e2d429f67511aff571d0b50aa2a3ff0d236b0c9e994df33de60c1ec5c25ea7c40214df88b7277cdc5f22657d73f3e2e269b13669d1c515cdda95b2fb43ab4dd93ba31a6844f58ccf287b1915b4ebd14ec93b18e4fe2c77baf0b9c8ca1967421c9a96e41617c5e611d60b581382f4501329065c6076b4990d5b402f594f7f170f2994a0a88d466919572f16a365cb621a591420197c6c5aed279258767c1ab485830de7cc2e815d74d93112e2c880287e37d9a44e14c62364adcd2e544b03f646ce2a59b101e41f7591ce759e890"], 0x348) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) 05:25:17 executing program 1 (fault-call:0 fault-nth:27): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 273.052283][T12978] binder: BINDER_SET_CONTEXT_MGR already set 05:25:17 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000040)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 273.132077][T12978] binder: 12977:12978 ioctl 40046207 0 returned -16 05:25:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:17 executing program 4: socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000300)={{{@in=@multicast2, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@initdev}}, &(0x7f0000000400)=0xe8) r5 = open(&(0x7f0000000000)='./file0\x00', 0x61163bb0312b57f6, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) bind$xdp(r0, &(0x7f0000000440)={0x2c, 0x0, r4, 0xf, r5}, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) rt_sigtimedwait(&(0x7f00000005c0), 0x0, &(0x7f0000000200)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x1, 0xc32}) keyctl$set_reqkey_keyring(0xe, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x10000, 0x0) sendmsg$IPVS_CMD_NEW_DEST(0xffffffffffffffff, 0x0, 0x0) openat$selinux_attr(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) syz_open_dev$loop(0x0, 0x0, 0x0) 05:25:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(0x0, 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:17 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 273.224224][T12996] FAULT_INJECTION: forcing a failure. [ 273.224224][T12996] name failslab, interval 1, probability 0, space 0, times 0 [ 273.237329][T12996] CPU: 0 PID: 12996 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 273.246012][T12996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.256156][T12996] Call Trace: [ 273.259430][T12996] dump_stack+0x172/0x1f0 [ 273.263742][T12996] should_fail.cold+0xa/0x15 [ 273.268311][T12996] ? fault_create_debugfs_attr+0x180/0x180 [ 273.274100][T12996] ? kernel_init_free_pages+0x120/0x120 [ 273.279629][T12996] ? ___might_sleep+0x163/0x2c0 [ 273.284496][T12996] __should_failslab+0x121/0x190 [ 273.289675][T12996] should_failslab+0x9/0x14 [ 273.294153][T12996] kmem_cache_alloc_trace+0x2d3/0x790 [ 273.299506][T12996] kobject_uevent_env+0x387/0x101d [ 273.304595][T12996] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 273.310842][T12996] kobject_uevent+0x20/0x26 [ 273.315321][T12996] loop_set_fd+0xb52/0x1020 [ 273.319808][T12996] lo_ioctl+0x1a3/0x1460 [ 273.324030][T12996] ? trace_hardirqs_on+0x67/0x240 [ 273.329028][T12996] ? loop_set_fd+0x1020/0x1020 [ 273.333769][T12996] blkdev_ioctl+0xedb/0x1c20 [ 273.338334][T12996] ? blkpg_ioctl+0xa90/0xa90 [ 273.342903][T12996] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 273.348682][T12996] ? __kasan_check_read+0x11/0x20 [ 273.353685][T12996] ? __kasan_check_read+0x11/0x20 [ 273.358684][T12996] block_ioctl+0xee/0x130 [ 273.362995][T12996] ? blkdev_fallocate+0x410/0x410 [ 273.367998][T12996] do_vfs_ioctl+0xdb6/0x13e0 [ 273.372563][T12996] ? compat_ioctl_preallocate+0x210/0x210 [ 273.378257][T12996] ? __fget+0x384/0x560 [ 273.382391][T12996] ? ksys_dup3+0x3e0/0x3e0 [ 273.386781][T12996] ? do_sys_open+0x31d/0x5d0 [ 273.391349][T12996] ? tomoyo_file_ioctl+0x23/0x30 [ 273.396261][T12996] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 273.402474][T12996] ? security_file_ioctl+0x8d/0xc0 [ 273.407572][T12996] ksys_ioctl+0xab/0xd0 [ 273.411704][T12996] __x64_sys_ioctl+0x73/0xb0 [ 273.416270][T12996] do_syscall_64+0xfa/0x760 [ 273.420749][T12996] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 273.426612][T12996] RIP: 0033:0x459757 [ 273.430484][T12996] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 273.450061][T12996] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 273.458446][T12996] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 273.466398][T12996] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 273.474348][T12996] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 273.482297][T12996] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 273.490245][T12996] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 273.543512][T12996] FAT-fs (loop1): bogus number of reserved sectors 05:25:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:17 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000040), &(0x7f0000000080)=0x8) [ 273.589953][T12996] FAT-fs (loop1): Can't find a valid FAT filesystem [ 273.602096][T13014] binder: BINDER_SET_CONTEXT_MGR already set [ 273.624963][T13014] binder: 13009:13014 ioctl 40046207 0 returned -16 05:25:17 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="11000000420005b50000003525e88c93000000000000ed623c087d41eeba6c940550ac495fbd1b2dc440ed5a19846b1d9ada14fd9a087c4b9d5f8e1656e376a8cbd0cd3712000000005c0f36eaaa4e86f0d60170cb43b2d884420753bab52f14a235abcfa211606d01d896da739eb7cdacd108fa0d1ce1bc6a2022c61bbdd45a8aa027ab3a27f2bccab21eaa8b074ed2c7822ea677266ef5c6a3ad950fdd2e1693"], 0x14}}, 0x0) 05:25:17 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 273.634520][T13014] debugfs: File '13009' in directory 'proc' already present! 05:25:17 executing program 1 (fault-call:0 fault-nth:28): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:17 executing program 4: bpf$PROG_LOAD(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x100000001) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in6, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80}, {0x5a26}, {}, 0x0, 0x0, 0x1}, {{@in=@loopback, 0x0, 0x33}, 0x0, @in6=@local, 0x0, 0x0, 0x0, 0x6}}, 0xe8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) 05:25:17 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 273.839216][T13133] binder: BINDER_SET_CONTEXT_MGR already set [ 273.857769][T13132] FAULT_INJECTION: forcing a failure. [ 273.857769][T13132] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 273.857881][T13133] binder: 13128:13133 ioctl 40046207 0 returned -16 [ 273.870982][T13132] CPU: 1 PID: 13132 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 05:25:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 273.870991][T13132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.870995][T13132] Call Trace: [ 273.871018][T13132] dump_stack+0x172/0x1f0 [ 273.871035][T13132] should_fail.cold+0xa/0x15 [ 273.871051][T13132] ? rwlock_bug.part.0+0x90/0x90 [ 273.871063][T13132] ? fault_create_debugfs_attr+0x180/0x180 [ 273.871079][T13132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 273.871091][T13132] ? debug_smp_processor_id+0x3c/0x214 [ 273.871108][T13132] should_fail_alloc_page+0x50/0x60 05:25:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 273.871120][T13132] __alloc_pages_nodemask+0x1a1/0x900 [ 273.871134][T13132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 273.871146][T13132] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 273.871159][T13132] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 273.871170][T13132] ? __kasan_check_read+0x11/0x20 [ 273.871184][T13132] ? fault_create_debugfs_attr+0x180/0x180 [ 273.871203][T13132] cache_grow_begin+0x90/0xd20 [ 273.974590][T13132] ? kobject_uevent_env+0x387/0x101d [ 273.979894][T13132] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 273.986110][T13132] kmem_cache_alloc_trace+0x6b3/0x790 [ 273.991455][T13132] kobject_uevent_env+0x387/0x101d [ 273.996582][T13132] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 274.002797][T13132] kobject_uevent+0x20/0x26 [ 274.007277][T13132] loop_set_fd+0xb52/0x1020 [ 274.011767][T13132] lo_ioctl+0x1a3/0x1460 [ 274.015983][T13132] ? trace_hardirqs_on+0x67/0x240 [ 274.020991][T13132] ? loop_set_fd+0x1020/0x1020 [ 274.025729][T13132] blkdev_ioctl+0xedb/0x1c20 [ 274.030294][T13132] ? blkpg_ioctl+0xa90/0xa90 [ 274.034861][T13132] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 274.040639][T13132] ? __kasan_check_read+0x11/0x20 [ 274.045641][T13132] ? __kasan_check_read+0x11/0x20 [ 274.050640][T13132] block_ioctl+0xee/0x130 [ 274.054941][T13132] ? blkdev_fallocate+0x410/0x410 [ 274.059949][T13132] do_vfs_ioctl+0xdb6/0x13e0 [ 274.064534][T13132] ? compat_ioctl_preallocate+0x210/0x210 [ 274.070231][T13132] ? __fget+0x384/0x560 [ 274.074377][T13132] ? ksys_dup3+0x3e0/0x3e0 [ 274.078786][T13132] ? do_sys_open+0x31d/0x5d0 [ 274.083397][T13132] ? tomoyo_file_ioctl+0x23/0x30 [ 274.088315][T13132] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 274.094534][T13132] ? security_file_ioctl+0x8d/0xc0 [ 274.099624][T13132] ksys_ioctl+0xab/0xd0 [ 274.103768][T13132] __x64_sys_ioctl+0x73/0xb0 [ 274.108333][T13132] do_syscall_64+0xfa/0x760 [ 274.112824][T13132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 274.118691][T13132] RIP: 0033:0x459757 05:25:18 executing program 5: syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5e, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x9}, 0x10}, 0x70) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) pwrite64(r3, &(0x7f0000000080)="bc90671829b4d9c3ab84e3dd80afe8f4e8688d54a2f07a52df59926d89171de4120fa85d40333248a602be92b44a340245fb1afa34f5dfad34da0a080a64cc807d92f352d8eb097dd20eda6129a1338fdaf41567458d90746e87f617f35390c8dc1472ce4949e5b50d3c8f41db76501319e19f8fa41ff879531090473c773563a1bcee8f3100634d8e2d3ff356ace3dada22f1c24532f2e21c73096811b7e5184c93670d1eab05c60234062c72a611494697a071963417183147cb70dd7838d500f3857b74dcfa20ab97a31f6c34b8b27c252d0fed73978198cbed6487dccc8cbded827ed347b01f0019da8276575373c126b0805c32eeb924814149e1e73f6ce1571b691fbdeae82f7695919e4c7ad4b38e6bdda10b76de2edc685b0a3f45981277bc5aad4f9fa6f35d169487c35e6095bceec2936f72cde685a1d04fb762e2bba0e96289fd8b213065fb4728784ad697c48bbed33123c43ccead6cd1c4df75d0070219399fdda0a3ccdc46b20bcff19ce2c0b96cbf3645bd029cf2d67aa72cec0b7a1f7ea60baac441ab96688b48c0583cf81fc485d1bf5e457537d2b45d5d3e3405f90391cffe88bdfb237402e5a1cf9bd41c127724145d30ff0ab7168c75751a8c0ba85c1d70c14eadb21140dbc9570b5b816a4d25291bfdedfb571fafa71c3d31826657aeb61681973cf219a49513c527787819f9d3d881dfae684689313e23ea0dc24d930dc053271cd9bcad4362790b101aeea08e6e6a6ce8b033621d340c7df4af2bebf56cd58119bdf93b9ee0d02fce6991f50641653c7f8752782f875fa0a7f21b76937c61a9800353145c30556e3af794e4c0a927a490c8e3120667feddb473acf4cf491fab2e1cb9b8c8dd5d5ca509b3f1bdfa3639655dd0f0e101454000ed9e08dc477c95503d0b7dec280605ae155e544084cf49b5fa350bc5524c8fd00bcd03a4cd38a69ed805433851539b4b8694053d867fd5ef7605cac2b6416a1d66f82c3250ed71da81082aa65714a9302ba0d570805295ea2947a47d86469a8c81cd9ab3565af044a73af989c90e0077b5583aca2a20e9a9f3d832f1297ad346247edffb07dfad52557a90cfc8de948141da66c5558cc305941191ae37e8f480ed150f4c261289d91d68e6df43611c6b6846ac83c1593909f68a85f98b624e021619b1f61f1be8b2d7dac6395637dffcd9e1d49b14beab8a6843c0f6b34cbf8ef7e27d13363fb942dd43b7c594d3db7ec0e98b23abb17bb56d6151ca409ab709f5a95ae41a11cbc129bc30869def08d4705f6bef62e94de507a0ee388d12698eaca07f84a57f16712e440ba289dd0b62022e923f727aa47862b87a1440536dd5ea6434a90a62c588fb45f767a576fad7dd9c3dea35ede04855283516b1d13428d7374b9ab22ce8fe757207fcb97e655f12538cf9f8cc91c2f8059738becf0704088457c38826445eacd97a018dfd97e6be49933d2c07ea6568e2ef05ea54ea3cdd5e4a2713023fd44570dae8b992695fce123e2a49140de0f8cc0f021c74e482c216fdc30458952c229a2099bfb3dac71b10ed8a77ffca50f8600b045d4144a24a6dee95ee3cda84461586236fbf5cd97c9870ec7da32769753f60ebd212c88baaabdff7f82dcb39afa8ff329a6f69219beaaf9b4a56905213a2ecb8e53d96faf0e6f3e8510b6950381cfd1e8efb4c6123916028ac4a10df54404b73a166927e0ef7fddc5f1ea9c1311a8058719cf97688dc222edf43c82358ec27f8ace677e776e5798566cb3d1e54d3155d1db78049862b77d069fce1e33381375a49484f702c15f859329f6a6ac73c3ee98b5a1a8e980ec2dd425d15ba64769b3042f71bfedeeb7ce42a9ee16b6d9389471a938516ddb3cfcb79a8ed691ce9ee612e541eea2c69c595853a58b51bf256d9111ceb99dbfce028e4ee028904558c491492faff46fb0bf56925521fca882fd4e3f1c2867cb0324322b1416f95d7c3be0b644049ee8be596fe077c45d15b1fa34def7d30d2572ea0503236c1c335a28b94e9727f3b4ce0cfb63209672cd9dc42f0c53a70dbc58207a6fc96d193f812b16a4d8a4343a1a49767658ced220c05e0467de552689a1ba98edbd3162283e5c1f229a5ee20e3c13c40aa04f2df8972c4e7b5bae847e2d5db6eb4b045be420ba26f86462ce906b01c50806d10283f24c13754aa529ebf556bd4d717cd2241517e3cf92f05f3cdb7cc4008e611005cde41a73dcef89a1bd5b2d10ae63794a2a93a184ebc5c4d284d81f762a762db23e6a7df94b3313eb862be6117fc51bab22a14a81921f31e32c0694e284dae627e561947ac78b849d93838fc548bbb01ba8e1a29ce2ea0e5c6d84546628686e070c07d5074c30e5c2cb62faa0ce87412e05e3b1831714047d01b32f9e65e595ce3ce613e6fb08e8f28d658cf818301c738de3984346785ddca5a70438180dce71a1b8271c72607dbb38d223a8fcf022d83f8d8f20e0890fd489113d6591582bf22b580305b4b40d9d07e0b93d0fd1894cb4158027eafaace3aca26e7d704e962bb619a9ebce76abe4a2f5d67605fc25074b2c528cad2b94a9b9bb4897d9849e7a39ac21a366fb8e115fc960f082b3efd28548b271e2545de14a03c7d0f283b0aa900c6f299974287c4f8b67dd945dae4137d2ff02f04e0463712955dcb81c48ef89cb66ec3a7b901e01002c664e3b125feae991162aa57a3c5bd63d6debff94e8a01a8aeaee50b53b49252ee33cba270ced1efd16f5ff07721c23b6903c2036768ba6f5803ca4d3d28f8ff21fc7062afe82de3f3386ff6899b1d407e22a04d8af70cc22a46bbe436100e7d2285f016b4abd827e6b1111492c04a8c29b6d5a05e4c2645c7703fdae72be8e2450d1bd9b761ad4a69a3db868db99f353e9c3729f2700e311d3dee8b6f514271227da998e2746ccce728ff2a0b62e197c3f44d81cf5654f9420d1c3a53654529905c94bacccd648cecc025909ba2523c4114fa0ac76fec3c40e2066d27b3ef0ff02e55e77e164b704d39c6814938e14937ebe96d1a08d4b5839b82a3a09ba2e76c7598a405df77d9af9dc99b87b9ac500aac76e30d044055d6e05b457279788f6dbd15549cf8c51af66a0a3234a03689b49696a7c55675b18385a09da9dadf235365557db6917d628879f7e980fd9147276eaad3e00502748f6cf1b8d0c2d31a9409dda2081811359158e7a0ab0e5654e0a80bd1867528299baac06d4149eff598122be781bd883e7639b086ab025ee2c9a46777bc86c3ecb919316aaf64126fb6c19eff62d1a9926685c2cc55cac186f3a35a91b3fef7de930d2fdbde98851b2792f77b04c72e47074b9d1982e5791b83a5df53dc824d95e83701fe601aaee60c3e2c8fd609c8efbaf08cd5a7f1dad7e7f517b7a3dfb0ea2c34a384cb789549a996ae39e2cdcefc7f5655cc3f3b502b6404be8048a0a2910f1f56aab08450bc5936eb730b628f6774fc25395913b6f59e96f920fd9cbeb8b38ead92f72d57b462fa707aba438666e18866e7d5bb6f3defd429e3755247eb263033f8c990ff58ac0a20d0d28e9f14d639c3957e8d25aaf854032c2c09c0bfe476643a553d614488ab4b7c9f5864fa98fa9a378f038559f85b1592503b2de0424186edaea3017fde39061660ea69b725280fbb06cca49091570f29f76f93d3d92169f9dc6348e30be4ba0f3c8b25de8fa522c29c2825afd2fc3355c72b0cf5b7462585456bc7be299e7e97b58accb639c4bd8eb7ff50ec8244681effe43be52da97bfc27ea63fc55908efa2c10ac98122c5faee7ad10583df7187d8f36c6100a9b90a8318465e088f8bf8a4ead2d8e5234aff24d03c091d15440b3e3f89ed0497b694ced4922a724f37e7736490d0cf17910f6cad9768ea04b688b828ff80901632b068277a3dbb288792fc3ec2bf789efccbbb276e10a0522ee2dd412e476f4317f360ef61d93670da89f24f224b72aeea998db8bc616da1e5311d31509e87f399843126e26d8be4ed8cb23cd9eb65a392b06ea3feb29ee890de61c635ef92316e1df7ddae7399a6ef9174109a5252cc0c2140832b8288c17b5418465b5c0884f12640b8b1ebdc1fde4b5134f6a832e68cdd188a34e906390163b1d787686cf6a2e6cf2c96f07ad2144cbf0a877a26bef76d1c7e87057a0b02241f823ee40a642083d476cc937eb34721c44bd7ece5ba8b5138eaaa0e886684c9c0d9b4315c653330f0dfbe9cdd0fde317bdabe859c1d651103ec7200a9d3cab2157e7333a4094fddc6f602220254e844a59508c775f562f6b41d3a308e07109c1cf657e3b16e09a7d3f02333b40f096f990647a5972196bd84ac4ebbc2a612da63ce3aad745d780a0c6334028104b990e54597bea70e5216dff81ac16ade8314e1e6bb9c4e78d32f496ea9798330e59df75bb773533e7ab5f6da384df8d9d9b262102c9899c90fb1752697741d4d8935499e95f4eba2387a26791e41719d78f34f14030acc5b4557b7589232cca69a77725872f9caedf263539975a005ebc4a3b3a847c50c3d5e9533510cc7c3b5bc05ecd1d017de5c804a4666c1c9b331e893a4851b33615812dfb7f5569c98704ff0127d9517cd984e1ea0f5de86c12391ce3fcf89115033cd378fba2c4769a2b36d731037f4666a043e4897fb85f173dcc14811f619613f0ff61f0a7b32c009ffb576efdf4d06fc5d2e7800094048f81a47af22f35c3d4db6658216d6c10afa8d864ef49ef9c5156ce4b793cc1e07479d71c9d4c627c4d9ceba4e5a35d5f9e2618f43b496242b4b348e46b78f59dbb213b2ef15a326c67b21eba558a36eced363dbf1945b9f3784529d6a3187f526027e96669a3d1df8753679a118e69a365f1a2b3018ff68ae5f0bb40bb60b211b6d750c4da848053b290bfa30f20d0f46f58d48c45dfa9a91186eaf186ee385993f09c45c382de8acdf82d1030842add9817d49d8ab2d4e19ee252b59fcee6cc5a9e401d7a9d5f21e708f0d4b47e65968d57040c8c739afd05790e9a616bf96527bd6c2ffb1f4325886edd8b5152b6a3948a5a11d2ffeebd3fc9048d0c909039954d3c09f2b212ba24a2d5dfe369ce640173986126da88f69a25eca4204277094c5bc9304b238430314f323dab9c5de62ef9c3306d2ac4c2d37d072d7789ab3dd0a8e8e85ab98478224e3088e69eb3358d521bcc926bb3a485d38a687f4146604d1bdc79a2c31dffcaf8e5ef09e3418f9ef9363dbfe58e42c4a9c0671bbda5178c963fc11ebb54de1818e5522a53f9e6200fb6c68052b9b43b5eef2c4694005d920a7ff58e0e69453a0c9d3c5afe2f0d312745362e23d099ad559a95a1159b43b4284bc5ddba5f9a96f35ec73fc2fab136021565a5aa390e000d3e2a6b0f7fc453d8923e9008c35ed2eecd43aa2ee834c0e71b3a4dfd9d29ee8c1344f86deee9c21ec5a2628535043f6dc484e3765a183e944f63e2442eec3e068de43dcbd5e09d1e569559b8f08c336d9ee746e4b912348333fa34ca6aead07533bbbc63fc7424fa0d4450cec1d8b3d2dff7d52bb5acddccff57e54e8af43ef535b0887aa243b631cc0efbc72f877fec2bacd5eb51f608267fccc392606e5599445f2ccbc3b5097615d48a2262dcdeb04da50a791c443ea48b7a0a81fd089161fc50ca1ff0b4085c3da820b2be2166591944b77c80ed94cfc9983b4801e18a63e24155d9508f351a8daed9000258ec15efab240ab8003557dc4d54d445458a52341928f2d4b08986c6f0ea26fdec9ebfb04e4b3b04ee1c2764d81e3ab2d5", 0x1000, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 274.122562][T13132] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 274.142148][T13132] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.150533][T13132] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 274.158485][T13132] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 274.166675][T13132] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 274.174658][T13132] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 274.182662][T13132] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 274.241017][T13132] FAT-fs (loop1): bogus number of reserved sectors [ 274.295234][T13132] FAT-fs (loop1): Can't find a valid FAT filesystem [ 274.317779][T13154] binder: BINDER_SET_CONTEXT_MGR already set 05:25:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000020000157005"]) 05:25:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 274.340898][T13154] binder: 13147:13154 ioctl 40046207 0 returned -16 05:25:18 executing program 1 (fault-call:0 fault-nth:29): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:18 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) [ 274.512401][T13268] binder: BINDER_SET_CONTEXT_MGR already set 05:25:18 executing program 5: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6740cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e12853890593543e51c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000000)='syz0\x00') r4 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r4, 0x1, &(0x7f0000258f88)) msgsnd(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="ff01000000f52fda4263a2000000"], 0x8, 0x0) msgctl$IPC_RMID(r4, 0x0) 05:25:18 executing program 4: r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) ftruncate(r0, 0x2081fd) lseek(r0, 0x0, 0x4) [ 274.560982][T13268] binder: 13264:13268 ioctl 40046207 0 returned -16 [ 274.567965][T13270] FAULT_INJECTION: forcing a failure. [ 274.567965][T13270] name failslab, interval 1, probability 0, space 0, times 0 [ 274.599713][T13270] CPU: 1 PID: 13270 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 05:25:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 274.608429][T13270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 274.618475][T13270] Call Trace: [ 274.621766][T13270] dump_stack+0x172/0x1f0 [ 274.626099][T13270] should_fail.cold+0xa/0x15 [ 274.630691][T13270] ? fault_create_debugfs_attr+0x180/0x180 [ 274.636490][T13270] ? kernel_init_free_pages+0x120/0x120 [ 274.642012][T13270] ? ___might_sleep+0x163/0x2c0 [ 274.646841][T13270] __should_failslab+0x121/0x190 [ 274.651753][T13270] should_failslab+0x9/0x14 [ 274.656232][T13270] __kmalloc+0x2e0/0x770 [ 274.660451][T13270] ? kasan_kmalloc+0x9/0x10 [ 274.664943][T13270] ? kobject_get_path+0xc4/0x1b0 [ 274.669867][T13270] kobject_get_path+0xc4/0x1b0 [ 274.674606][T13270] kobject_uevent_env+0x3ab/0x101d [ 274.680137][T13270] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 274.686367][T13270] kobject_uevent+0x20/0x26 [ 274.690895][T13270] loop_set_fd+0xb52/0x1020 [ 274.695373][T13270] lo_ioctl+0x1a3/0x1460 [ 274.699591][T13270] ? trace_hardirqs_on+0x67/0x240 [ 274.704609][T13270] ? loop_set_fd+0x1020/0x1020 [ 274.709378][T13270] blkdev_ioctl+0xedb/0x1c20 [ 274.713957][T13270] ? blkpg_ioctl+0xa90/0xa90 [ 274.718526][T13270] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 274.724315][T13270] ? __kasan_check_read+0x11/0x20 [ 274.729329][T13270] ? __kasan_check_read+0x11/0x20 [ 274.734342][T13270] block_ioctl+0xee/0x130 [ 274.738675][T13270] ? blkdev_fallocate+0x410/0x410 [ 274.743817][T13270] do_vfs_ioctl+0xdb6/0x13e0 [ 274.748413][T13270] ? compat_ioctl_preallocate+0x210/0x210 [ 274.754112][T13270] ? __fget+0x384/0x560 [ 274.758287][T13270] ? ksys_dup3+0x3e0/0x3e0 [ 274.762695][T13270] ? do_sys_open+0x31d/0x5d0 [ 274.767323][T13270] ? tomoyo_file_ioctl+0x23/0x30 [ 274.772239][T13270] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 274.778464][T13270] ? security_file_ioctl+0x8d/0xc0 [ 274.783566][T13270] ksys_ioctl+0xab/0xd0 [ 274.787719][T13270] __x64_sys_ioctl+0x73/0xb0 [ 274.792291][T13270] do_syscall_64+0xfa/0x760 [ 274.796772][T13270] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 274.802637][T13270] RIP: 0033:0x459757 [ 274.806514][T13270] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 274.826096][T13270] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 274.834482][T13270] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 274.842959][T13270] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 274.850940][T13270] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 274.858900][T13270] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 274.866851][T13270] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 274.889384][T13270] FAT-fs (loop1): bogus number of reserved sectors [ 274.896080][T13270] FAT-fs (loop1): Can't find a valid FAT filesystem [ 274.924369][T13276] binder: BINDER_SET_CONTEXT_MGR already set 05:25:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:19 executing program 1 (fault-call:0 fault-nth:30): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 274.976791][T13276] binder: 13275:13276 ioctl 40046207 0 returned -16 05:25:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$security_selinux(r1, &(0x7f0000000200)='security.selinux\x00', &(0x7f00000001c0)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x39f, 0x0) r2 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fsetxattr$security_selinux(r2, &(0x7f0000000200)='security.selinux\x00', &(0x7f00000001c0)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2af, 0x0) 05:25:19 executing program 5: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x80000, 0x0) setsockopt$X25_QBITINCL(r0, 0x106, 0x1, &(0x7f0000000080), 0x4) r1 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r1, 0x1, &(0x7f0000258f88)) msgsnd(r1, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r1, 0x0) [ 275.125519][T13397] FAULT_INJECTION: forcing a failure. [ 275.125519][T13397] name failslab, interval 1, probability 0, space 0, times 0 [ 275.187500][T13397] CPU: 0 PID: 13397 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 275.196203][T13397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.206257][T13397] Call Trace: [ 275.209570][T13397] dump_stack+0x172/0x1f0 [ 275.213909][T13397] should_fail.cold+0xa/0x15 [ 275.218499][T13397] ? __kasan_check_read+0x11/0x20 [ 275.223515][T13397] ? fault_create_debugfs_attr+0x180/0x180 [ 275.223529][T13397] ? kernel_init_free_pages+0x120/0x120 [ 275.223543][T13397] ? ___might_sleep+0x163/0x2c0 [ 275.223561][T13397] __should_failslab+0x121/0x190 [ 275.244636][T13397] should_failslab+0x9/0x14 [ 275.249147][T13397] kmem_cache_alloc+0x2aa/0x710 [ 275.254002][T13397] ? __d_lookup+0x42f/0x760 [ 275.258507][T13397] ? lock_acquire+0x190/0x410 [ 275.263182][T13397] ? lookup_dcache+0x23/0x140 [ 275.267856][T13397] __d_alloc+0x2e/0x8c0 [ 275.272012][T13397] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 275.277734][T13397] d_alloc+0x4d/0x280 [ 275.281721][T13397] __lookup_hash+0xcd/0x190 [ 275.286236][T13397] filename_create+0x1a7/0x4f0 [ 275.291004][T13397] ? kern_path_mountpoint+0x40/0x40 [ 275.296207][T13397] ? strncpy_from_user+0x2b4/0x400 [ 275.301326][T13397] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 275.307571][T13397] ? getname_flags+0x277/0x5b0 [ 275.312338][T13397] do_mkdirat+0xb5/0x2a0 [ 275.316585][T13397] ? __ia32_sys_mknod+0xb0/0xb0 [ 275.321441][T13397] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 275.327508][T13397] ? trace_hardirqs_off_caller+0x65/0x230 [ 275.333221][T13397] __x64_sys_mkdir+0x5c/0x80 [ 275.333234][T13397] do_syscall_64+0xfa/0x760 [ 275.333253][T13397] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 275.342294][T13397] RIP: 0033:0x458d07 [ 275.342309][T13397] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 275.342315][T13397] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 275.380045][T13397] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 05:25:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)={0x0, 0x0, 0x0}) 05:25:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 275.388017][T13397] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 275.395985][T13397] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 275.403947][T13397] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 275.403954][T13397] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 275.421076][T13414] binder: BINDER_SET_CONTEXT_MGR already set 05:25:19 executing program 4: openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) clone(0x1040900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") tkill(r0, 0x37) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x3, 0x10}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 275.439517][T13414] binder: 13405:13414 ioctl 40046207 0 returned -16 05:25:19 executing program 1 (fault-call:0 fault-nth:31): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:19 executing program 5: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x200000, 0x0) ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000000080)={[], 0xa70, 0x4, 0xc000000000, 0x0, 0x0, 0x3000, 0x10000, [], 0x5f1}) r1 = msgget$private(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000240)={0x2, 0x0, 0x4, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) msgctl$IPC_SET(r1, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}) msgsnd(r1, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r1, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) recvmsg$kcm(r4, &(0x7f0000000580)={&(0x7f0000000300)=@ipx, 0x80, &(0x7f0000000540)=[{&(0x7f0000000380)=""/183, 0xb7}, {&(0x7f0000000440)=""/197, 0xc5}], 0x2}, 0x10000) r6 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r7 = getpgrp(0x0) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r7}) fcntl$setsig(r6, 0xa, 0x11) fcntl$setlease(r6, 0x400, 0x0) fcntl$setlease(r6, 0x400, 0x2) setsockopt$bt_hci_HCI_DATA_DIR(r6, 0x0, 0x1, &(0x7f00000002c0)=0x100, 0x4) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000280)) 05:25:19 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x101000, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x40000, 0x0) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000280)) 05:25:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) getpid() sched_setscheduler(0x0, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 275.667217][T13540] binder: BINDER_SET_CONTEXT_MGR already set [ 275.679097][T13540] binder: 13517:13540 ioctl 40046207 0 returned -16 [ 275.686167][T13535] FAULT_INJECTION: forcing a failure. [ 275.686167][T13535] name failslab, interval 1, probability 0, space 0, times 0 [ 275.732908][T13535] CPU: 0 PID: 13535 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 275.741602][T13535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 275.751670][T13535] Call Trace: [ 275.754966][T13535] dump_stack+0x172/0x1f0 [ 275.759305][T13535] should_fail.cold+0xa/0x15 [ 275.763906][T13535] ? fault_create_debugfs_attr+0x180/0x180 [ 275.769716][T13535] ? kernel_init_free_pages+0x120/0x120 [ 275.775262][T13535] ? ___might_sleep+0x163/0x2c0 05:25:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x257, &(0x7f00000006c0)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, @bridge_slave={{0x14, 0x1, 'bridge_slave\x00'}, {0xc, 0x5, [@IFLA_BRPORT_STATE={0x8}]}}}]}, 0x44}}, 0x0) 05:25:19 executing program 3: r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x293fabb, 0x2200) ioctl$TIOCMBIS(r0, 0x5416, &(0x7f0000000080)) r2 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0305302, &(0x7f0000000000)) [ 275.780117][T13535] __should_failslab+0x121/0x190 [ 275.785059][T13535] should_failslab+0x9/0x14 [ 275.789547][T13535] kmem_cache_alloc+0x2aa/0x710 [ 275.794394][T13535] ? refcount_dec_and_mutex_lock+0x90/0x90 [ 275.800266][T13535] ? netlink_broadcast_filtered+0x78/0xb80 [ 275.806066][T13535] ? __kmalloc_node_track_caller+0x4e/0x70 [ 275.811894][T13535] skb_clone+0x154/0x3d0 [ 275.816115][T13535] netlink_broadcast_filtered+0x8d7/0xb80 [ 275.821808][T13535] netlink_broadcast+0x3a/0x50 [ 275.826548][T13535] kobject_uevent_env+0xad4/0x101d [ 275.831680][T13535] kobject_uevent+0x20/0x26 [ 275.836157][T13535] loop_set_fd+0xb52/0x1020 [ 275.840666][T13535] lo_ioctl+0x1a3/0x1460 [ 275.844918][T13535] ? trace_hardirqs_on+0x67/0x240 [ 275.849914][T13535] ? loop_set_fd+0x1020/0x1020 [ 275.854655][T13535] blkdev_ioctl+0xedb/0x1c20 [ 275.859220][T13535] ? blkpg_ioctl+0xa90/0xa90 [ 275.863804][T13535] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 275.869581][T13535] ? __kasan_check_read+0x11/0x20 [ 275.874605][T13535] ? __kasan_check_read+0x11/0x20 [ 275.879603][T13535] block_ioctl+0xee/0x130 [ 275.883902][T13535] ? blkdev_fallocate+0x410/0x410 [ 275.888907][T13535] do_vfs_ioctl+0xdb6/0x13e0 [ 275.893474][T13535] ? compat_ioctl_preallocate+0x210/0x210 [ 275.899165][T13535] ? __fget+0x384/0x560 [ 275.903295][T13535] ? ksys_dup3+0x3e0/0x3e0 [ 275.907684][T13535] ? do_sys_open+0x31d/0x5d0 [ 275.912262][T13535] ? tomoyo_file_ioctl+0x23/0x30 [ 275.917173][T13535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 275.923473][T13535] ? security_file_ioctl+0x8d/0xc0 [ 275.928563][T13535] ksys_ioctl+0xab/0xd0 [ 275.933129][T13535] __x64_sys_ioctl+0x73/0xb0 [ 275.937690][T13535] do_syscall_64+0xfa/0x760 [ 275.942165][T13535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 275.948027][T13535] RIP: 0033:0x459757 [ 275.951896][T13535] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 275.971471][T13535] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 275.979853][T13535] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 275.987803][T13535] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 275.995750][T13535] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 276.003781][T13535] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 276.011735][T13535] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 276.062915][T13551] binder: BINDER_SET_CONTEXT_MGR already set [ 276.077420][T13535] FAT-fs (loop1): bogus number of reserved sectors [ 276.084145][T13556] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 276.092952][T13551] binder: 13550:13551 ioctl 40046207 0 returned -16 [ 276.103763][T13556] bridge0: port 1(bridge_slave_0) entered disabled state 05:25:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) getpid() sched_setscheduler(0x0, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:20 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000040)={0x1}, 0x247, 0x0) msgctl$IPC_RMID(r0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = msgget$private(0x0, 0x98) r4 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r5) r6 = getpid() r7 = getpgid(0xffffffffffffffff) msgctl$IPC_SET(r3, 0x1, &(0x7f0000000380)={{0x9, r5, 0x0, r1, r2, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r6, r7}) msgrcv(r3, &(0x7f0000000080)={0x0, ""/59}, 0x43, 0x1, 0x800) [ 276.116152][T13535] FAT-fs (loop1): Can't find a valid FAT filesystem [ 276.143190][T13556] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.150303][T13556] bridge0: port 1(bridge_slave_0) entered forwarding state 05:25:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x94c00) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:20 executing program 1 (fault-call:0 fault-nth:32): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) getpid() sched_setscheduler(0x0, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 276.189916][T13556] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 276.216690][T13666] binder: BINDER_SET_CONTEXT_MGR already set [ 276.216794][T13556] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.222691][T13666] binder: 13664:13666 ioctl 40046207 0 returned -16 05:25:20 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000000068e402ca07680a17f1380e85cd730005549494e08fed2fb4da5cf41a7c9e4ea7058c7cbc100656f64c603c1464177718b1815600523ae9a3e53510f1a384d53bee8d47576fec4b83e35f5604ca66bf93e2c629d44e0f5dc73980f10c4888845c276b55df7c14b5c951efe5033d2e9d513ea9b0689f08f0c715be85ad"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:20 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e24, 0x1, @rand_addr="d8b98314c0f0f510079e01812a592569", 0x46}}, 0x3, 0xf22, 0x6c90, 0x4, 0xc00000000000}, &(0x7f0000000200)=0x98) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000240)={r5, 0xfa, "b733d63d882360500894cb774b19a7fc53806232ca586f1f16091cd87ce17f8f5f88d8eeb2fb804c81cc6c3b14a0b589785bb221ec39a00dd6dd27f3a1f797c8db4dbbe2757daa541151ce60f8beaab7c33ef6b105c57c1cf93f03d427b13777aa9205fed59ccd48cd6cd0d70fb89ab496e67a5a48e053dba59564d2f3fb390767544f233ac33f92ec45a05b79b780b665f142eb53b051e87934fde9c26eb12dc646651e86ffdf09814b10e7e881bf69ec9941d55472fce27315250ee3b76dbc1c55225f2aaa21057f7c631e3bda2c80cc4eae14eb53d287cf6775b6fe6fa872f123082d9fb51d809e3ec6b08013f4e63480464ef8aba77964bd"}, &(0x7f0000000380)=0x102) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000080)={0x3, 0x4, [@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @broadcast]}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f00000000c0)) [ 276.283423][T13556] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.290553][T13556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.308914][T13673] FAULT_INJECTION: forcing a failure. [ 276.308914][T13673] name failslab, interval 1, probability 0, space 0, times 0 [ 276.360787][T13673] CPU: 1 PID: 13673 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 276.369494][T13673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.379549][T13673] Call Trace: [ 276.382851][T13673] dump_stack+0x172/0x1f0 [ 276.387183][T13673] should_fail.cold+0xa/0x15 [ 276.391774][T13673] ? fault_create_debugfs_attr+0x180/0x180 [ 276.397671][T13673] ? kernel_init_free_pages+0x120/0x120 [ 276.403226][T13673] ? ___might_sleep+0x163/0x2c0 [ 276.408080][T13673] __should_failslab+0x121/0x190 [ 276.413017][T13673] should_failslab+0x9/0x14 [ 276.417521][T13673] kmem_cache_alloc_node_trace+0x274/0x750 [ 276.423320][T13673] ? kasan_unpoison_shadow+0x35/0x50 [ 276.428601][T13673] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 276.434418][T13673] __kmalloc_node_track_caller+0x3d/0x70 [ 276.440124][T13673] __kmalloc_reserve.isra.0+0x40/0xf0 [ 276.445495][T13673] __alloc_skb+0x10b/0x5e0 [ 276.449913][T13673] ? __kmalloc_reserve.isra.0+0xf0/0xf0 [ 276.455459][T13673] ? netlink_has_listeners+0x6e/0x3f0 [ 276.460834][T13673] alloc_uevent_skb+0x83/0x1e2 [ 276.465597][T13673] kobject_uevent_env+0xaa3/0x101d [ 276.470973][T13673] kobject_uevent+0x20/0x26 [ 276.475471][T13673] loop_set_fd+0xb52/0x1020 [ 276.479972][T13673] lo_ioctl+0x1a3/0x1460 [ 276.484211][T13673] ? trace_hardirqs_on+0x67/0x240 [ 276.489233][T13673] ? loop_set_fd+0x1020/0x1020 [ 276.493992][T13673] blkdev_ioctl+0xedb/0x1c20 [ 276.498585][T13673] ? blkpg_ioctl+0xa90/0xa90 [ 276.504665][T13673] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 276.510464][T13673] ? __kasan_check_read+0x11/0x20 [ 276.515492][T13673] ? __kasan_check_read+0x11/0x20 [ 276.520514][T13673] block_ioctl+0xee/0x130 [ 276.524840][T13673] ? blkdev_fallocate+0x410/0x410 [ 276.529864][T13673] do_vfs_ioctl+0xdb6/0x13e0 [ 276.534451][T13673] ? compat_ioctl_preallocate+0x210/0x210 [ 276.540164][T13673] ? __fget+0x384/0x560 [ 276.544325][T13673] ? ksys_dup3+0x3e0/0x3e0 [ 276.548744][T13673] ? do_sys_open+0x31d/0x5d0 [ 276.553331][T13673] ? tomoyo_file_ioctl+0x23/0x30 [ 276.558263][T13673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 276.564500][T13673] ? security_file_ioctl+0x8d/0xc0 [ 276.569615][T13673] ksys_ioctl+0xab/0xd0 [ 276.573770][T13673] __x64_sys_ioctl+0x73/0xb0 [ 276.578356][T13673] do_syscall_64+0xfa/0x760 [ 276.582859][T13673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.588843][T13673] RIP: 0033:0x459757 05:25:20 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f0000000200)="580000001400add427323b470c45b4560a067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac71082300000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) [ 276.592728][T13673] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.612324][T13673] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 276.621167][T13673] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000459757 [ 276.629131][T13673] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 276.637097][T13673] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 276.645063][T13673] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 276.653027][T13673] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:20 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 276.692630][T13676] binder: BINDER_SET_CONTEXT_MGR already set [ 276.703975][T13673] FAT-fs (loop1): bogus number of reserved sectors [ 276.723948][T13676] binder: 13675:13676 ioctl 40046207 0 returned -16 [ 276.735776][T13673] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:20 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:20 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) epoll_pwait(r1, &(0x7f0000000080)=[{}, {}, {}, {}], 0x4, 0x0, &(0x7f00000000c0)={0x5}, 0x8) 05:25:20 executing program 1 (fault-call:0 fault-nth:33): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:21 executing program 3: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x200, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) epoll_pwait(r3, &(0x7f0000000080)=[{}, {}, {}], 0x3, 0x6, &(0x7f00000000c0)={0x33f}, 0x8) fcntl$setlease(r1, 0x400, 0x2) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000240)) [ 276.878537][T13798] binder: BINDER_SET_CONTEXT_MGR already set [ 276.891247][T13798] binder: 13795:13798 ioctl 40046207 0 returned -16 05:25:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 276.921855][T13801] FAULT_INJECTION: forcing a failure. [ 276.921855][T13801] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 276.935068][T13801] CPU: 1 PID: 13801 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 276.943738][T13801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.953790][T13801] Call Trace: [ 276.957092][T13801] dump_stack+0x172/0x1f0 [ 276.962492][T13801] should_fail.cold+0xa/0x15 [ 276.967103][T13801] ? fault_create_debugfs_attr+0x180/0x180 [ 276.967124][T13801] ? is_bpf_text_address+0xac/0x170 [ 276.978083][T13801] ? __kasan_check_read+0x11/0x20 [ 276.983110][T13801] should_fail_alloc_page+0x50/0x60 [ 276.988308][T13801] __alloc_pages_nodemask+0x1a1/0x900 [ 276.993681][T13801] ? __bpf_address_lookup+0x310/0x310 [ 276.999051][T13801] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 277.004774][T13801] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 277.010491][T13801] ? fault_create_debugfs_attr+0x180/0x180 [ 277.010509][T13801] ? __kernel_text_address+0xd/0x40 [ 277.021480][T13801] cache_grow_begin+0x90/0xd20 [ 277.026340][T13801] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 277.032060][T13801] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 277.038313][T13801] __kmalloc+0x6b2/0x770 [ 277.042581][T13801] ? mark_held_locks+0xf0/0xf0 [ 277.047353][T13801] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 277.053092][T13801] tomoyo_realpath_from_path+0xcd/0x7b0 [ 277.053105][T13801] ? tomoyo_path_number_perm+0x193/0x520 [ 277.053120][T13801] tomoyo_path_number_perm+0x1dd/0x520 [ 277.053132][T13801] ? tomoyo_path_number_perm+0x193/0x520 [ 277.053146][T13801] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 277.053162][T13801] ? __kasan_check_write+0x14/0x20 [ 277.053183][T13801] ? quarantine_put+0x11c/0x1c0 [ 277.086461][T13801] ? trace_hardirqs_on+0x67/0x240 [ 277.086478][T13801] ? putname+0xef/0x130 [ 277.100462][T13801] ? kmem_cache_free+0x1a7/0x320 [ 277.105410][T13801] tomoyo_path_mkdir+0xaa/0xf0 [ 277.105423][T13801] ? tomoyo_file_ioctl+0x30/0x30 [ 277.105436][T13801] ? kern_path_mountpoint+0x40/0x40 05:25:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x880100) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 277.105448][T13801] ? strncpy_from_user+0x2b4/0x400 [ 277.105466][T13801] security_path_mkdir+0x113/0x170 [ 277.119415][T13820] binder: BINDER_SET_CONTEXT_MGR already set [ 277.120320][T13801] do_mkdirat+0x160/0x2a0 [ 277.120339][T13801] ? __ia32_sys_mknod+0xb0/0xb0 [ 277.146167][T13801] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 277.146186][T13801] ? trace_hardirqs_off_caller+0x65/0x230 [ 277.157948][T13801] __x64_sys_mkdir+0x5c/0x80 [ 277.162553][T13801] do_syscall_64+0xfa/0x760 [ 277.167072][T13801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 277.168462][T13820] binder: 13808:13820 ioctl 40046207 0 returned -16 [ 277.172972][T13801] RIP: 0033:0x458d07 [ 277.172986][T13801] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 277.172993][T13801] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 277.173003][T13801] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 05:25:21 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000700c3efb2d63dafe133ca1b01b8e6cd80492c38838739bd4d1927e9f617842d74b242025e08a07554c"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(0xffffffffffffffff, 0x40106410, &(0x7f00000005c0)={0xa8, &(0x7f0000000500)="e0d0f95b31ad8198d28e769b6fcc27a3c30179bb2e931981dc27ca62720f52ae66eedc2baad5e7eaf94b2b89bb0b0583d4a335189301f6e7a202e14e620a18037f6a6a7777e2565e57df9d82074beaaae6fbb9881e29cb13b29133b15a90387159788fa64539f1a3e4c297e9c2298222151d2e9b0576dc70c36d5071ffb698877ce54d2316aeab81c2a5b1f62c1644f8f970d8f3fdbfb3e809e6701ea751582a8e89c70fac21729e"}) fcntl$setlease(r1, 0x400, 0x2) sendmsg$rds(r1, &(0x7f00000004c0)={&(0x7f0000000100)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000140)=""/4, 0x4}, {&(0x7f0000000180)=""/97, 0x61}, {&(0x7f0000000200)=""/157, 0x9d}], 0x3, &(0x7f0000000440)=[@rdma_args={0x48, 0x114, 0x1, {{0xd9, 0x7ff}, {&(0x7f0000000300)=""/44, 0x2c}, &(0x7f0000000400)=[{&(0x7f0000000340)=""/181, 0xb5}], 0x1, 0x2, 0x6}}], 0x48, 0x18}, 0x80) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) fcntl$getown(r5, 0x9) capget(&(0x7f0000000040)={0x19980330, r4}, &(0x7f0000000080)={0x400, 0xffffffffffffd0a7, 0x8, 0x6, 0x71e, 0x401}) 05:25:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 277.173010][T13801] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 277.173017][T13801] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 277.173023][T13801] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 277.173030][T13801] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 277.256192][T13801] FAT-fs (loop1): bogus number of reserved sectors 05:25:21 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = open(&(0x7f0000000080)='./file0\x00', 0x8840, 0xd0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$UI_DEV_DESTROY(r1, 0x5502) 05:25:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 277.284985][T13801] FAT-fs (loop1): Can't find a valid FAT filesystem [ 277.303448][T13873] capability: warning: `syz-executor.5' uses 32-bit capabilities (legacy support in use) 05:25:21 executing program 1 (fault-call:0 fault-nth:34): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 277.363266][T13924] binder: BINDER_SET_CONTEXT_MGR already set [ 277.395120][T13924] binder: 13921:13924 ioctl 40046207 0 returned -16 05:25:21 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f00000000c0)) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000080)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) pwritev(r3, &(0x7f00000012c0)=[{&(0x7f0000000140)="35e448bd54b3bb2ac1bdc394ea8fd09a909bfe5c0cc6cb330dcf74bb95c79086a1c65d7b167cd292f352f68d1aac6343258bdae4c44d8bdfab6aaf14701744d767f123da899ea29d4bd8d5e16dd8b2a6468b6a8f2def5e140c986dacefaec6f6b65f9ab9469fcb8c400ae209f30bd7c4bcc73329b098c19968cb2283b001bc033794e24ba17d494509674815652b9d5d55ee500ccca0a1555da03160e5f21e55677e20cc75b73289d1181521d81122e4832b0ec09852d4ad74e05c868fc17d391808cf0dfb9bda2307a2aef65413e2432b5b4aec521192879eaf34e8586d08", 0xdf}, {&(0x7f0000000240)="b5468c200a1573efdd58f696c67483cf571b6f941cea2d2a5e575e285ac50bb6515f94598aef744a2e9d411ac2a5af38691fdee788db5edb2bfde9187ce0fb4dbe9217b0e411c190b47973c56b1a9df4ea7a482fb0a9fed1c92bbb3add22b0084baabd9e8588c6db9c36629d8fdbd65bc7bb7bd22e2e89c690542533a2bfe11f21e30074e2fd6eede84a2479a2209aae9d0bbc10fe8b0844a18a7cd467df4033c2fd36f438d0766f7f4cfe780145f54df86d2d8d4210521cc69131db1adbe53cd706ae9e4b0ecb1b4c2285e387d1175146089f5fdca7c015b56ec65495e6ad62b840a13425046ae20d715e4f778531a46e675deda96b875a74064b742209929264826512ea6dc5ddb82f9ff906a00973e23495cc97f9731624fa7a1c12798f6b22c23ab5df0f88151382b3128400a5e97c904dd2d61a658ed933a9e9be21667bf573a28c8948f469a651834f35addd9ff043575e677e40de1c8570f85e007498510c58e19ce21d3f38b9f4a244ae17b6289a5a39665db5eb9c8bd3e17cc5c01e191b6e36fcefeb4c5b7be3f5ce335adf7c2da9cca7efcce2a97e12b5ff43e6f82ab3888ea3f1defed2bb36df188d6b1a17874bc2d4e43b2683f064424f68371827820bd02a8ee927fd3369e48261664fcb05f60cb358a638c73cd04bda3d31b20a8da86aec1cb1a21ea8799d1851ade18b69d963cd8dcf8d65be721b53af1a13ef10e5a733b3d2cf6fda31e8d277f7e29e31220667480ef73e9d21bd4e6d1f2a3f58ebc85569128938fd0b9d0196a49e2cba140e6354f0e59ba244314c9d0874f7782c28f6debc14842e478c2de97db0674785341428f72951ffbf8c64c97592e67c636274da6d1d36121b366de1cfcbb3c0a175cbca0d7c9797e14e674f656916bcf4e429daa7e489dda596862bfe2a3df702f6115bcb164a449360d6c981197193de8edd6980805b1d437dd09d38d07373e33837a1c3a8298df51401c896b6c5d425d04a9abfd85de68df31e25c4fed4a2553afeb4547a7c23670ca363818832cc79d80921458f83ecb6726b74eccebdc69ea6f6f461522d9a7ce07c598470dec25d113344fd4fd96436736048fc13811d9d28b886cf9861a1b54cc3b7b3cfe84cd06d1532635a19c381a98f66be6533dfb7c86f167fc7f7fe51a183aef95cdecdef3912ce36fd56faf2bbb67d4176db5566d5937d38301acfa26995bf7be233cc5a6fa2da05af58f1f9c52c6e3d58c77b49fb5be7f19218b02e2eaffc4df18dee76818554df20fe4ba9664f0c39e2f9648fcafe8e68811832c664b7eca6f39ddf848c3f06c47268ce93c90eb469715cc9f1450c1d479c05cc15a17d443589ddcb547f1b54e1fb611d2f3ac3197ebe511f0e8b2d00865b6331c709b9df44dd1a42d95129ea01b0f56019353ffd42fdb6dc9821c8d503ef0d95a2b6b6516d168145544198d4f2330e647a946ee8739cf72a8431f56e6b813f3da786dc976123958dedc8b6a2aeccccca8537ad2a067fd4de5883c5bb6b2b97e90f5be6c018c8f3db4aa3e420b99d6f709b6af2319085c6b730bdc7e25b9cbcc915456ad1913187c1fd9a89654da80a4bb774e18da11a1356d3c1b7b0d1444d7aaf47334b997db0b3439f646d71298f234e2fc4549a79aca2fcd9d675397bc2427cf5035781315a268c85a9baa3edaf5fbef44d349d0e3b221499b4362f1671275af89383474feebf2b6520793b7eaf210282834c10e94a7f40204a28d07992436c97892982957b45043765d5e5103808c74d35b70981d51c39ebadf5014bf489c0efffc016b490946a768a48565f0c50127353ef22e089647d8be25b7c1bc004797c5d049e38701cfacfccb447c967cc31c5aca09635c6eac7ec7c0b1c2bf034d6289b2eb2394c4eb662a50b4bef174d5c7ad0d28ed68f918140984673e638ec5118c377a26f4724c96401c5313500f33c758d67e4124f24e9b62158feae49c0987b2b945d8966e4c3e8f31a0bea08ce233eadf1b1cc5d687cb2b5e4356827e1c4d2debdb179479bdb0fa70c739075b5fe337344ce5d87c1fb1f03e1ebbdbd52c954b3c916d1db9592b773bae688076bed8767d1dc0fcb37ba874d110b532fde4fb27fd03e9dd7c000c5752a48cfc43ca9bba4c30b7cf90a1003c6ce57fd42ff6d7f3adbaaa76159a978f271676a198852cea36832737d82da7794d2e55c2b22f190b8897800abdee498e0c457de39f03e3c95dcc2f0587fa828d05310aafa2fd6eba5f07db078a03cf1d67dbb128b09691626de2b6916e56f7f38a9fa5884ba0313cc3de9101be3d21a158a79814bb381bf0036139999cb56bed36d467072a779180def8a79a03deca058d025cb79cef846a532143168bf6889a45f45a2d3172a0affc6baa4a8a70b61d36f81a5d9c34bb7036f4277307858a3f102a92f598bfa69040476551e845c85855089f50975c6abe154e32a27ae56496844fe3403b7b220d2004e8cc20ed71ff5be3b9b777d0e1306194aea40d499d63aafa50b124132ac1325f566a2868fb9bd69bc065d01f3bab4d8e9e5ca76f35daf2288d9917481e652ebb82032a9e8faf0cf50947d2ea574ddc872c27fecff2fc1b13de921a688c86518713d355cb60efeb56349b3c27d0ba2af7252cdb18ce9e6d8c9b09b4cf968d63c92bcfe815bfac78f0807a9972d5602ef1e7275996fb57592a63a85c42fdec39f6f84b6949b22731a36ae3ca46d26b8a4245164672969ac74fb16ff4ff69374586b60801f220d94ef4e5def3092fadc8e9c493629e8a3a74656ba912bdc0e2fa6de899bfadc5a682237a922960188d0e917c57a083a7dde84fed2b5a2f0f23f3ede4a0feb974a64742e070227f6601284ccacf43fc18c032a27627c3c4fedd0b79291861be341e3ad3f1bc01075a5f1e2827c279ea6929ba92779592755a783cbaac47a5c2e661895ab90447ffbe8b72efa8357ec30350bfc237f73cce124451c664a827fb1745909810126ca612d8c70946b47465f7ddc55b2a5492042b8e64c56d4ac76297e5b4e42e339ee1a9dd108af0f3ed8f8efccadeb342a9a28e5df7aefca515a325079cc70e02bc300c5ba868fc8035ebc6b7584c431de138f131736559cf1a05900e66887861f69651c71a0c28145ef9e5ab68f48d317f3435e37c69eb82c0943fd2e20c8a16e13eadd45433f7755f1b9b0c7af93aa519cae0f775b62b70366a8934d044f77a1aee896245370470977743ba9aa16021e2c32f526cc29745300a095fc85d00026c8f4535c132fc309debfd5448cdd99a6ba7979aa6838a10183232be2249e31ee20d237fb67f6d273d1a696ab17caaf47f7a0cee806babd922f0c26f446989bfc81e0e83e8f06a61e1c56ec23ff1593435877755281d737f1d6001de7995c0fa73cdbf691d032214b9fd4d9a1e428d457bad46d888928e2b927d2e9bf1c426963cf0f06ad523d6eb65089f302b7b69186b38c66dd2cc3c525ba6cbb20d8cd78f35b1e32c28a88224e7d8a3fd8b01822d219d23c59045dc002a0e966e9bf97f26b4449454d563813519cbeb990d55a4d659df1ae7cb5c7f60bf0142ccafd5dd04fbfc267b39bacc71f2ccf5508481a4fc798415cee90b4f0662b85092bf8070633b0270f83c316609e3ca447dc5240612b02d723f93a9ccbbee63927f87c36ff2fa7424a63c22eb2a93c0102b0e1f754d3de121276dab105bd0a1b0a0ad91eccd73e57b252b5b2affc54bc0f511ba914d74c6eb0a0d1218dc2025e3a9a631ad5a3b8fe6957d5fefed697699bc60f12b536fde45fc23b94ad7d7906ec6e4c746c5353a28b9b820d80cfe95ddee6e39bb53545f45422149cc0ee68c5e2fd83b9dd5ce8e018d772970a0c84374910d27e16983613047f185f359877fce68e1a935111edb6a34409149c98fb90b513d5f4c18d932a29bf3c208a6d84ec388600b586116663ac340c7ecb54c85c8ab18f2e3be3dfd2da9d08389e68782db6bd8fcf3ab82db5b3fdb012f9e005863b9974cb1ff9760f5fd5227b4369e23ad267a4f4ae7416e01d6639b1f2bc779600d68b27889cdeb6baa5c679311952cf4e06ff599902bb743765e621bb7c3246c5b421dc3df909337e7f7c2905af9ce9b895211cd0dccba0cac3d0952b6c81d7a2c777fcc1901d32a8d19077ff82f9c34cc0654000d50834dfc6b80d077e2410b10339fcbc63f3218b92563f9fafdb1051257e7e9836162e32e429babbdc4554e9e11216fc35d45d3399aeaa89e10ca21fe26ce22653742da5d5b13aaad46c509dcab6eeea0ce55b3e2d6debcdc36ae450d2553e57909c99d87cfdaad6dbf778eef03d913c399dcd41d8f8d2a385c1837c637e07229701119564262a861cf2b80566d5b1a2538a6a0fb75a70159aca6c70fb3066376443bb5cb50e35cddf289bcaa7c2f15a4b66c55dd22e2fbde3d1a461fd345b77475f466a56518d985ee9a7d797214e2131441863c819d788e7013c72bdbc270fed2018b74196dcc84253e3c50bd58348d3b4ef9a04609b5311a5a9cf1ffd772c68d367956aff42213b83fc732eb8ba14dfe81aaaba78bdcb12992e1a8b2105d3fabba6744044053bf46beb616dcf9356e5a4c6ce0305b67dbd3b7fef4cfce8bab4333db50997ad80214ba8692ef522182337d3efe0695eb824da59bfea3f23423daf71f6c13beebbb72049ca336e0a749d84f1bcec18bd983fa0d97672a91aee241ab6a4b47002df28bd0b944fe195a058ab0691aec35bc3fe18d94620f927c290092eae18cbf609102a7f8045eff1f3cb8e6d7b99d598a351cc6122ca5d4803c0af13f96a51f984853f5b55f02c703e561a39e3728eeff5118b9f6566665b074fe6f71614da13b78e6d3dd5e688db2186fd7fedd9bdd945aa7c254b6aff83f85eb3d156d3b65257caa8a5805b4686130a1f8d0c5be4315b730ad202738751bdd054208091dc333afd585ee33c675effdc2e3a25f06a4ab4d8de2480828a9f7022856f8a9e993022fe95dd466649bd79d8e6dc0e4580972f7ae59769ce6ef5f821571799a8ee71dcdc348c5cf8e6fc87365f3a034d00db9e96c7726e49b206418acbb7d5e5a7d499dd938abb8988a54fc2824e4f535ef9e4eccadcee013108e9148650db42e86e30304fb6a4fd0fe433a8eb485c1c0499b973f57b52d6844782906466e97844ac749acabb515f5c9982a18df0ecf13df47f4609bbbed4f84e074068af9e0a9d150be8c990063a1809ae91b9f5af7185efad81fadd38064dbf3f64415a35fb0e8ab96e4646cd0e5b59cf5e2310a484037335296f09a3b5b6bdcd725089e35ee87d8f441be26923c2a98201e9b7e89a68641a3c39cb1b9f64774c20f5e57cbbcd328c08bba42f5505d27224112074eb39ec42c8a865fc44dd75264c3f7b470e88a1d3b37658c5218983d4e13c02d21166b984760b4f177efebaf642dcd37b48523ccf0a8228df3ddc08ece6519abbdb9b2491d45d83d6b772435a83ff3857e701df1b2f94330ae3234a2b21e8753145a0a0920b890fa1e4205121e31ae109970abf50dabdc0aec0e1f8e4078121530135ddeb1574412dfa794abe9d5732a45cf41c1c3c519e0aa06a99a7b346f95d6266611324c10fb1ff62db99b8c0670e7b678e00d8017b2328f8408aced1bdf30a94b2dc85cf68112a575f1a7e721d7bf57d88f97484c4f9cf25f514e8ab34fc724ede8e1ae48048d07ec9f869f9ffccc2ae20f388790fb1a47b85fd4aa0e2be399513dd092d070e2fd9fd3026f567f42b3e91b7eb6d28c043caf17f45da4cd72b3fe415", 0x1000}, {&(0x7f0000001240)="cc4d7246532901bd94ae45a0b7ddd5ee8b7eddfe96257d01c4e5920714ad2e02ab69dd4c2a7155db38540cbe2227b2a4e91f75eb1b40600e7ed87f315900c7fd0279d91b6c8339821d20b77d7cc697e50888e0a787801d1e2e0a72a956174c2b0961c72283b0be5706fad5cfbb7f9f2fcab6a0c90d40eba786", 0x79}], 0x3, 0x0) 05:25:21 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="01fffffff6000000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 277.463226][T13951] FAULT_INJECTION: forcing a failure. [ 277.463226][T13951] name failslab, interval 1, probability 0, space 0, times 0 [ 277.492494][T13951] CPU: 1 PID: 13951 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 277.501191][T13951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 277.511235][T13951] Call Trace: [ 277.514513][T13951] dump_stack+0x172/0x1f0 [ 277.518827][T13951] should_fail.cold+0xa/0x15 [ 277.523423][T13951] ? __kasan_check_read+0x11/0x20 [ 277.528428][T13951] ? fault_create_debugfs_attr+0x180/0x180 [ 277.534212][T13951] ? kernel_init_free_pages+0x120/0x120 [ 277.539736][T13951] ? ___might_sleep+0x163/0x2c0 [ 277.544569][T13951] __should_failslab+0x121/0x190 [ 277.549487][T13951] should_failslab+0x9/0x14 [ 277.553975][T13951] kmem_cache_alloc+0x2aa/0x710 [ 277.558805][T13951] ? __fget+0x384/0x560 [ 277.562955][T13951] getname_flags+0xd6/0x5b0 [ 277.567441][T13951] do_mkdirat+0xa0/0x2a0 [ 277.571662][T13951] ? __ia32_sys_mknod+0xb0/0xb0 [ 277.576492][T13951] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 277.582535][T13951] ? trace_hardirqs_off_caller+0x65/0x230 [ 277.588232][T13951] __x64_sys_mkdir+0x5c/0x80 [ 277.592802][T13951] do_syscall_64+0xfa/0x760 [ 277.597283][T13951] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 277.603160][T13951] RIP: 0033:0x458d07 [ 277.607033][T13951] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 277.626629][T13951] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 277.635018][T13951] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 277.642967][T13951] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 277.650916][T13951] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 277.658863][T13951] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 277.666815][T13951] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:21 executing program 3: prctl$PR_SET_ENDIAN(0x14, 0x2) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @remote, @broadcast}, &(0x7f0000000100)=0xc) bind$bt_hci(r1, &(0x7f0000000140)={0x1f, r2, 0x3}, 0xc) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:21 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 277.717257][T14039] binder: BINDER_SET_CONTEXT_MGR already set [ 277.730010][T14039] binder: 14036:14039 ioctl 40046207 0 returned -16 05:25:21 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:21 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x7}}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x0, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:22 executing program 3: syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x8000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) r6 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r7 = getpgrp(0x0) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r7}) fcntl$setsig(r6, 0xa, 0x11) fcntl$setlease(r6, 0x400, 0x0) fcntl$setlease(r6, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000240)) [ 277.851274][T14053] binder: BINDER_SET_CONTEXT_MGR already set [ 277.868767][T14053] binder: 14051:14053 ioctl 40046207 0 returned -16 05:25:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:22 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100000000000000d6e29980f7530095c8b06e543af40722283ed7deffc8d73e0066a34f730bd74e492c328bdc5c479ec285a650cc8f536572d470c15f7e2168997009102a91cd4fe9ca75af977e04ac0356a2ed8bcbcdf0ab4bbbc38bb3b80ff20c35ce8b2c145257a6fc3903d58725bad948b5d98981b97fb18236b3c0080ebde9888a7b833351716cb743f938a71ae6be2a49ab6c7531e270a746b379c3093811b40628f95c3ea7fdadaf"], 0x8, 0x0) msgget(0x2, 0x9) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = msgget$private(0x0, 0x98) r4 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r5) r6 = getpid() mlockall(0x4) r7 = getpgid(0xffffffffffffffff) r8 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r9 = getpgrp(0x0) fcntl$setownex(r8, 0xf, &(0x7f0000000040)={0x2, r9}) fcntl$setsig(r8, 0xa, 0x11) fcntl$setlease(r8, 0x400, 0x0) fcntl$setlease(r8, 0x400, 0x2) ioctl$TIOCSISO7816(r8, 0xc0285443, &(0x7f0000000080)={0x721, 0x1c3, 0x9, 0xe09e, 0x6}) msgctl$IPC_SET(r3, 0x1, &(0x7f0000000380)={{0x9, r5, 0x0, r1, r2, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r6, r7}) msgctl$IPC_RMID(r3, 0x0) 05:25:22 executing program 1 (fault-call:0 fault-nth:35): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:22 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:22 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$KVM_GET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee2, &(0x7f0000000100)={0x0, 0x401, 0x7, &(0x7f0000000080)=0x9}) fgetxattr(r1, &(0x7f00000000c0)=@known='system.sockprotoname\x02', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 278.007179][T14150] binder: BINDER_SET_CONTEXT_MGR already set [ 278.038730][T14150] binder: 14149:14150 ioctl 40046207 0 returned -16 05:25:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:22 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) r2 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r4, 0xc0305302, &(0x7f0000000200)) r6 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r7 = getpgrp(0x0) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r7}) fcntl$setsig(r6, 0xa, 0x11) fcntl$setlease(r6, 0x400, 0x0) fcntl$setlease(r6, 0x400, 0x2) write$P9_RAUTH(r6, &(0x7f0000000100)={0x14, 0x67, 0x1, {0x0, 0x2, 0x6}}, 0x14) [ 278.112381][T14177] FAULT_INJECTION: forcing a failure. [ 278.112381][T14177] name failslab, interval 1, probability 0, space 0, times 0 [ 278.148756][T14177] CPU: 0 PID: 14177 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 278.157642][T14177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.157648][T14177] Call Trace: [ 278.157672][T14177] dump_stack+0x172/0x1f0 [ 278.157688][T14177] should_fail.cold+0xa/0x15 [ 278.157702][T14177] ? fault_create_debugfs_attr+0x180/0x180 [ 278.157722][T14177] ? ___might_sleep+0x163/0x2c0 [ 278.179992][T14177] __should_failslab+0x121/0x190 [ 278.195539][T14177] should_failslab+0x9/0x14 [ 278.200045][T14177] __kmalloc+0x2e0/0x770 [ 278.204292][T14177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 278.210549][T14177] ? d_absolute_path+0x11b/0x170 [ 278.215481][T14177] ? __d_path+0x140/0x140 [ 278.219809][T14177] ? tomoyo_encode2.part.0+0xf5/0x400 [ 278.225192][T14177] tomoyo_encode2.part.0+0xf5/0x400 [ 278.230397][T14177] tomoyo_encode+0x2b/0x50 [ 278.234812][T14177] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 278.240439][T14177] tomoyo_path_number_perm+0x1dd/0x520 [ 278.245990][T14177] ? tomoyo_path_number_perm+0x193/0x520 [ 278.251610][T14177] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 278.257405][T14177] ? __kasan_check_write+0x14/0x20 [ 278.262508][T14177] ? quarantine_put+0x11c/0x1c0 [ 278.267340][T14177] ? trace_hardirqs_on+0x67/0x240 [ 278.272473][T14177] ? putname+0xef/0x130 [ 278.276624][T14177] ? kmem_cache_free+0x1a7/0x320 [ 278.281555][T14177] tomoyo_path_mkdir+0xaa/0xf0 [ 278.286302][T14177] ? tomoyo_file_ioctl+0x30/0x30 [ 278.291221][T14177] ? kern_path_mountpoint+0x40/0x40 [ 278.296401][T14177] ? strncpy_from_user+0x2b4/0x400 [ 278.301494][T14177] security_path_mkdir+0x113/0x170 [ 278.306625][T14177] do_mkdirat+0x160/0x2a0 [ 278.310938][T14177] ? __ia32_sys_mknod+0xb0/0xb0 [ 278.315772][T14177] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 278.321816][T14177] ? trace_hardirqs_off_caller+0x65/0x230 [ 278.327512][T14177] __x64_sys_mkdir+0x5c/0x80 [ 278.332088][T14177] do_syscall_64+0xfa/0x760 [ 278.336580][T14177] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 278.342457][T14177] RIP: 0033:0x458d07 [ 278.346340][T14177] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 278.365919][T14177] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 278.374316][T14177] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 278.382266][T14177] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 278.390907][T14177] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 278.399116][T14177] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 05:25:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:22 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 278.407067][T14177] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 278.431740][T14183] binder: BINDER_SET_CONTEXT_MGR already set [ 278.445872][T14183] binder: 14182:14183 ioctl 40046207 0 returned -16 05:25:22 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 278.531135][T14190] binder: BINDER_SET_CONTEXT_MGR already set [ 278.546076][T14190] binder: 14189:14190 ioctl 40046207 0 returned -16 05:25:22 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 278.640271][T14294] binder: BINDER_SET_CONTEXT_MGR already set [ 278.666782][T14294] binder: 14293:14294 ioctl 40046207 0 returned -16 [ 278.677217][T14177] ERROR: Out of memory at tomoyo_realpath_from_path. [ 278.700413][T14177] FAT-fs (loop1): bogus number of reserved sectors [ 278.723629][T14177] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:23 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x400000, 0x0) ioctl$KVM_GET_EMULATED_CPUID(r1, 0xc008ae09, &(0x7f0000000040)=""/4096) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgctl$IPC_RMID(r0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$CAPI_CLR_FLAGS(r2, 0x80044325, &(0x7f0000001080)=0x10000) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000001040)='westwood\x00', 0x9) 05:25:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:23 executing program 1 (fault-call:0 fault-nth:36): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:23 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) modify_ldt$write(0x1, &(0x7f0000000080)={0x7dfb, 0x178dad71bf2ac904, 0x2000, 0x0, 0x0, 0x8000, 0x2, 0xfffffffffffffff7, 0x3, 0x2}, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 278.930612][T14403] binder: BINDER_SET_CONTEXT_MGR already set [ 278.948014][T14409] FAULT_INJECTION: forcing a failure. [ 278.948014][T14409] name failslab, interval 1, probability 0, space 0, times 0 [ 278.957277][T14403] binder: 14402:14403 ioctl 40046207 0 returned -16 05:25:23 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = dup2(0xffffffffffffffff, r1) sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2481c0}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x4, 0x70bd2c, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x4000000) io_setup(0x5, &(0x7f0000000080)=0x0) io_getevents(r4, 0x3, 0x6, &(0x7f00000000c0)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000180)) r5 = getpid() ptrace$setsig(0x4203, r5, 0x4, &(0x7f00000001c0)={0xa, 0x401, 0x100000000}) [ 279.043227][T14409] CPU: 0 PID: 14409 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 279.051929][T14409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.062045][T14409] Call Trace: [ 279.065348][T14409] dump_stack+0x172/0x1f0 [ 279.069692][T14409] should_fail.cold+0xa/0x15 [ 279.074326][T14409] ? fault_create_debugfs_attr+0x180/0x180 [ 279.080163][T14409] ? __kasan_check_write+0x14/0x20 [ 279.085278][T14409] ? ___might_sleep+0x163/0x2c0 [ 279.090120][T14409] __should_failslab+0x121/0x190 [ 279.095047][T14409] should_failslab+0x9/0x14 [ 279.099535][T14409] __kmalloc+0x2e0/0x770 [ 279.103762][T14409] ? quarantine_put+0x11c/0x1c0 [ 279.108602][T14409] ? ext4_find_extent+0x76e/0x9d0 [ 279.113611][T14409] ext4_find_extent+0x76e/0x9d0 [ 279.118459][T14409] ? ext4_ext_map_blocks+0x912/0x3ac0 [ 279.123815][T14409] ext4_ext_map_blocks+0x1dc/0x3ac0 [ 279.128998][T14409] ? __kasan_check_read+0x11/0x20 [ 279.134006][T14409] ? ext4_ext_release+0x10/0x10 [ 279.138838][T14409] ? lock_acquire+0x190/0x410 [ 279.143496][T14409] ? ext4_map_blocks+0x4b3/0x17e0 [ 279.148498][T14409] ? __kasan_check_write+0x14/0x20 [ 279.153594][T14409] ? down_write+0xdf/0x150 [ 279.157990][T14409] ? down_write_killable+0x170/0x170 [ 279.163253][T14409] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 279.169467][T14409] ? ext4_es_lookup_extent+0x426/0xd40 [ 279.174909][T14409] ext4_map_blocks+0x52b/0x17e0 [ 279.179748][T14409] ? ext4_issue_zeroout+0x190/0x190 [ 279.184922][T14409] ? ext4_set_acl+0x4f0/0x4f0 [ 279.189578][T14409] ? _raw_spin_unlock+0x2d/0x50 [ 279.194417][T14409] ? __kasan_check_write+0x14/0x20 [ 279.199507][T14409] ext4_getblk+0xc4/0x570 [ 279.203823][T14409] ? ext4_iomap_begin+0x1000/0x1000 [ 279.209005][T14409] ext4_bread+0x8f/0x390 [ 279.213226][T14409] ? ext4_getblk+0x570/0x570 [ 279.217799][T14409] ext4_append+0x155/0x370 [ 279.222214][T14409] ext4_mkdir+0x632/0xe20 [ 279.226964][T14409] ? ext4_init_dot_dotdot+0x520/0x520 [ 279.232317][T14409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 279.238546][T14409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 279.244790][T14409] ? security_inode_permission+0xcb/0x100 [ 279.250511][T14409] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 279.256735][T14409] ? security_inode_mkdir+0xe4/0x120 [ 279.262002][T14409] vfs_mkdir+0x42e/0x670 [ 279.266232][T14409] do_mkdirat+0x234/0x2a0 [ 279.270545][T14409] ? __ia32_sys_mknod+0xb0/0xb0 [ 279.275379][T14409] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 279.281428][T14409] ? trace_hardirqs_off_caller+0x65/0x230 [ 279.287127][T14409] __x64_sys_mkdir+0x5c/0x80 [ 279.291698][T14409] do_syscall_64+0xfa/0x760 [ 279.296190][T14409] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.302074][T14409] RIP: 0033:0x458d07 [ 279.305959][T14409] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 279.325542][T14409] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 279.333933][T14409] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 05:25:23 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:23 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000100)={@my=0x0}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x181000, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r3, 0x4018aee2, &(0x7f00000000c0)={0x0, 0x1, 0x8, &(0x7f0000000080)=0xffffffff}) 05:25:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 279.341881][T14409] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 279.349846][T14409] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 279.357795][T14409] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 279.365743][T14409] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 279.428017][T14526] binder: BINDER_SET_CONTEXT_MGR already set [ 279.434498][T14526] binder: 14525:14526 ioctl 40046207 0 returned -16 05:25:23 executing program 5: r0 = msgget$private(0x0, 0x0) setsockopt$inet_sctp_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000080)=0x200, 0x4) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000040)=0x1, 0x4) msgctl$IPC_RMID(r0, 0x0) 05:25:23 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 279.517742][T14531] binder: BINDER_SET_CONTEXT_MGR already set [ 279.535457][T14531] binder: 14530:14531 ioctl 40046207 0 returned -16 05:25:23 executing program 1 (fault-call:0 fault-nth:37): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 279.623209][T14538] binder: BINDER_SET_CONTEXT_MGR already set [ 279.629861][T14538] binder: 14535:14538 ioctl 40046207 0 returned -16 05:25:23 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x10000) fcntl$getown(r1, 0x9) 05:25:23 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 279.707895][T14638] binder: BINDER_SET_CONTEXT_MGR already set [ 279.729067][T14638] binder: 14589:14638 ioctl 40046207 0 returned -16 [ 279.789797][T14651] binder: BINDER_SET_CONTEXT_MGR already set [ 279.800842][T14645] FAULT_INJECTION: forcing a failure. [ 279.800842][T14645] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 279.814058][T14645] CPU: 1 PID: 14645 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 279.822716][T14645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 279.832757][T14645] Call Trace: [ 279.836051][T14645] dump_stack+0x172/0x1f0 [ 279.840382][T14645] should_fail.cold+0xa/0x15 [ 279.844981][T14645] ? fault_create_debugfs_attr+0x180/0x180 [ 279.850801][T14645] ? is_bpf_text_address+0xac/0x170 [ 279.856003][T14645] ? __kasan_check_read+0x11/0x20 [ 279.861029][T14645] ? __brelse+0x95/0xb0 [ 279.865187][T14645] should_fail_alloc_page+0x50/0x60 [ 279.870379][T14645] __alloc_pages_nodemask+0x1a1/0x900 [ 279.875744][T14645] ? __bpf_address_lookup+0x310/0x310 [ 279.881111][T14645] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 279.887780][T14645] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 279.893495][T14645] ? fault_create_debugfs_attr+0x180/0x180 [ 279.897240][T14651] binder: 14649:14651 ioctl 40046207 0 returned -16 [ 279.899291][T14645] ? __kernel_text_address+0xd/0x40 [ 279.899308][T14645] cache_grow_begin+0x90/0xd20 [ 279.899329][T14645] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 279.921504][T14645] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 279.927730][T14645] __kmalloc+0x6b2/0x770 [ 279.931957][T14645] ? mark_held_locks+0xf0/0xf0 [ 279.936707][T14645] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 279.942404][T14645] tomoyo_realpath_from_path+0xcd/0x7b0 [ 279.947949][T14645] ? tomoyo_path_number_perm+0x193/0x520 [ 279.953578][T14645] tomoyo_path_number_perm+0x1dd/0x520 [ 279.959044][T14645] ? tomoyo_path_number_perm+0x193/0x520 [ 279.964667][T14645] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 279.970460][T14645] ? __kasan_check_write+0x14/0x20 [ 279.975556][T14645] ? quarantine_put+0x11c/0x1c0 [ 279.980405][T14645] ? trace_hardirqs_on+0x67/0x240 [ 279.985408][T14645] ? putname+0xef/0x130 [ 279.989545][T14645] ? kmem_cache_free+0x1a7/0x320 [ 279.994463][T14645] tomoyo_path_mkdir+0xaa/0xf0 [ 279.999208][T14645] ? tomoyo_file_ioctl+0x30/0x30 [ 280.004123][T14645] ? kern_path_mountpoint+0x40/0x40 [ 280.009299][T14645] ? strncpy_from_user+0x2b4/0x400 [ 280.014390][T14645] security_path_mkdir+0x113/0x170 [ 280.019480][T14645] do_mkdirat+0x160/0x2a0 [ 280.023789][T14645] ? __ia32_sys_mknod+0xb0/0xb0 [ 280.028620][T14645] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 280.034681][T14645] ? trace_hardirqs_off_caller+0x65/0x230 [ 280.040379][T14645] __x64_sys_mkdir+0x5c/0x80 [ 280.044952][T14645] do_syscall_64+0xfa/0x760 [ 280.049437][T14645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 280.055307][T14645] RIP: 0033:0x458d07 [ 280.059182][T14645] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 280.078764][T14645] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 280.087163][T14645] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 280.095122][T14645] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 280.103079][T14645] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 280.111041][T14645] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 280.119598][T14645] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 280.159611][T14645] FAT-fs (loop1): bogus number of reserved sectors [ 280.176899][T14645] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x41c800) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x2) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000100)={0x1ff, 0x4, 0x4, 0x1000, {0x77359400}, {0x5, 0xc, 0x2000, 0x3f, 0xff, 0xff, "bd466308"}, 0x0, 0x7, @planes=&(0x7f00000000c0)={0x1, 0x20, @mem_offset=0x7, 0x81}, 0x4}) 05:25:24 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:24 executing program 1 (fault-call:0 fault-nth:38): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:24 executing program 5: msgget$private(0x0, 0x0) r0 = msgget$private(0x0, 0x0) r1 = geteuid() r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r4, 0x40186f40, 0x7600f4) r5 = socket(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f0000000000)=r7, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000240)={r7, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000040)={r7}, &(0x7f0000000080)=0x8) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, r1, 0x0, 0x0, 0x0, 0x118}, 0x8000000000000000}) gettid() msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x0) 05:25:24 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x6, 0x200000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 280.403538][T14671] binder: BINDER_SET_CONTEXT_MGR already set [ 280.413070][T14669] FAULT_INJECTION: forcing a failure. [ 280.413070][T14669] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 280.426378][T14669] CPU: 1 PID: 14669 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 280.435047][T14669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 280.435491][T14671] binder: 14665:14671 ioctl 40046207 0 returned -16 [ 280.445121][T14669] Call Trace: [ 280.445147][T14669] dump_stack+0x172/0x1f0 [ 280.445165][T14669] should_fail.cold+0xa/0x15 [ 280.445181][T14669] ? fault_create_debugfs_attr+0x180/0x180 [ 280.445195][T14669] ? is_bpf_text_address+0xac/0x170 [ 280.445207][T14669] ? __kasan_check_read+0x11/0x20 [ 280.445225][T14669] ? __brelse+0x95/0xb0 [ 280.445242][T14669] should_fail_alloc_page+0x50/0x60 [ 280.445261][T14669] __alloc_pages_nodemask+0x1a1/0x900 [ 280.494656][T14669] ? __bpf_address_lookup+0x310/0x310 [ 280.500036][T14669] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 280.505760][T14669] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 280.511490][T14669] ? fault_create_debugfs_attr+0x180/0x180 [ 280.517295][T14669] ? __kernel_text_address+0xd/0x40 [ 280.522502][T14669] cache_grow_begin+0x90/0xd20 [ 280.527273][T14669] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 280.533002][T14669] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 280.539249][T14669] __kmalloc+0x6b2/0x770 [ 280.543498][T14669] ? mark_held_locks+0xf0/0xf0 [ 280.548265][T14669] ? tomoyo_realpath_from_path+0xcd/0x7b0 05:25:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 280.548287][T14669] tomoyo_realpath_from_path+0xcd/0x7b0 [ 280.559511][T14669] ? tomoyo_path_number_perm+0x193/0x520 [ 280.565139][T14669] tomoyo_path_number_perm+0x1dd/0x520 [ 280.565152][T14669] ? tomoyo_path_number_perm+0x193/0x520 [ 280.565166][T14669] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 280.565183][T14669] ? __kasan_check_write+0x14/0x20 [ 280.565207][T14669] ? quarantine_put+0x11c/0x1c0 [ 280.591991][T14669] ? trace_hardirqs_on+0x67/0x240 [ 280.597021][T14669] ? putname+0xef/0x130 05:25:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 280.601186][T14669] ? kmem_cache_free+0x1a7/0x320 [ 280.601685][T14780] binder: BINDER_SET_CONTEXT_MGR already set [ 280.606131][T14669] tomoyo_path_mkdir+0xaa/0xf0 [ 280.606145][T14669] ? tomoyo_file_ioctl+0x30/0x30 [ 280.606158][T14669] ? kern_path_mountpoint+0x40/0x40 [ 280.606171][T14669] ? strncpy_from_user+0x2b4/0x400 [ 280.606193][T14669] security_path_mkdir+0x113/0x170 [ 280.618848][T14780] binder: 14779:14780 ioctl 40046207 0 returned -16 [ 280.621837][T14669] do_mkdirat+0x160/0x2a0 [ 280.621852][T14669] ? __ia32_sys_mknod+0xb0/0xb0 [ 280.621873][T14669] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 280.659533][T14669] ? trace_hardirqs_off_caller+0x65/0x230 [ 280.665259][T14669] __x64_sys_mkdir+0x5c/0x80 [ 280.669860][T14669] do_syscall_64+0xfa/0x760 [ 280.674363][T14669] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 280.674373][T14669] RIP: 0033:0x458d07 [ 280.674390][T14669] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:25:24 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x1000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 280.684157][T14669] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 280.684169][T14669] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 280.684176][T14669] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 280.684183][T14669] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 280.684195][T14669] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 280.684202][T14669] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:24 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 280.748571][T14785] binder: BINDER_SET_CONTEXT_MGR already set [ 280.758413][T14669] FAT-fs (loop1): bogus number of reserved sectors [ 280.771617][T14669] FAT-fs (loop1): Can't find a valid FAT filesystem [ 280.779569][T14785] binder: 14784:14785 ioctl 40046207 0 returned -16 05:25:24 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:24 executing program 1 (fault-call:0 fault-nth:39): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:24 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='Hde\x00\x00\xff\x00', 0x0, 0x602) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x0, 0x2) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) r6 = getpgrp(r5) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r7, 0x40186f40, 0x7600f4) r8 = socket(0xa, 0x1, 0x0) close(r8) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r9, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r8, 0x84, 0x78, &(0x7f0000000000)=r10, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r7, 0x84, 0x6c, &(0x7f0000000240)={r10, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f00000000c0)={r10, 0x5747}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000140)={r11, 0x102000, 0x4, 0x4939}, 0x10) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r12 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r13 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r13, 0x40042408, r14) ioctl$PERF_EVENT_IOC_SET_BPF(r12, 0x40042408, r14) write$binfmt_misc(r14, &(0x7f0000000340)={'syz0', "7ab49c72bb81f539db7f7d1e5f1c9d5cfcf5aea780a6b7538162d0e7862acfa39946741d69d10a26d9211b1babfdf3c7b3ac01f5742633d86c535326325462cb8df700b3dbbd609830f084418a6c862d062686d84ea3497a9edf309f5d5d3e4b7496cdb30b9641d106d1f89ab5fb09fb8a44e2593a2bb3caf1ea975cfb606aa6844dd247b77d61552458343a4b9590aa27c03b9b23702a005e05fcd6b729b279a40d8ef3b1f169dcbd1f2ebfd75dd3d4853390bf4b03856e1b4f26de38ab558dcf0d5e490bab852f5c3bfff7c912860371ac779161a328db782e008d7f19cf9db289e8c7cb62ed9a5fcd57672b04b66e2ee343c720e9631f7d"}, 0xfd) [ 280.857513][T14852] binder: BINDER_SET_CONTEXT_MGR already set [ 280.888528][T14852] binder: 14851:14852 ioctl 40046207 0 returned -16 05:25:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 280.947835][T14900] FAULT_INJECTION: forcing a failure. [ 280.947835][T14900] name failslab, interval 1, probability 0, space 0, times 0 [ 280.983003][T14900] CPU: 0 PID: 14900 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 280.991804][T14900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.001863][T14900] Call Trace: [ 281.005173][T14900] dump_stack+0x172/0x1f0 [ 281.006665][T14903] binder: BINDER_SET_CONTEXT_MGR already set [ 281.009519][T14900] should_fail.cold+0xa/0x15 [ 281.009535][T14900] ? fault_create_debugfs_attr+0x180/0x180 [ 281.009556][T14900] ? lock_downgrade+0x920/0x920 [ 281.025500][T14903] binder: 14902:14903 ioctl 40046207 0 returned -16 [ 281.025911][T14900] ? ___might_sleep+0x163/0x2c0 [ 281.042185][T14900] __should_failslab+0x121/0x190 [ 281.047153][T14900] should_failslab+0x9/0x14 [ 281.051676][T14900] kmem_cache_alloc+0x2aa/0x710 [ 281.056545][T14900] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 281.062795][T14900] ? __mark_inode_dirty+0x3d1/0x1390 [ 281.062809][T14900] ext4_mb_new_blocks+0x5b9/0x3900 [ 281.062826][T14900] ? quarantine_put+0x11c/0x1c0 [ 281.062847][T14900] ? ext4_find_extent+0x76e/0x9d0 [ 281.073236][T14900] ext4_ext_map_blocks+0x23c9/0x3ac0 [ 281.073253][T14900] ? ext4_ext_release+0x10/0x10 [ 281.073267][T14900] ? lock_acquire+0x190/0x410 [ 281.073285][T14900] ? ext4_map_blocks+0x4b3/0x17e0 [ 281.102969][T14900] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 281.109221][T14900] ? ext4_es_lookup_extent+0x426/0xd40 [ 281.114787][T14900] ext4_map_blocks+0x52b/0x17e0 [ 281.119654][T14900] ? ext4_issue_zeroout+0x190/0x190 [ 281.124866][T14900] ? ext4_set_acl+0x4f0/0x4f0 [ 281.129562][T14900] ? _raw_spin_unlock+0x2d/0x50 [ 281.134421][T14900] ? __kasan_check_write+0x14/0x20 [ 281.139542][T14900] ext4_getblk+0xc4/0x570 [ 281.143884][T14900] ? ext4_iomap_begin+0x1000/0x1000 [ 281.149093][T14900] ext4_bread+0x8f/0x390 [ 281.153345][T14900] ? ext4_getblk+0x570/0x570 [ 281.157946][T14900] ext4_append+0x155/0x370 [ 281.162369][T14900] ext4_mkdir+0x632/0xe20 [ 281.166709][T14900] ? ext4_init_dot_dotdot+0x520/0x520 [ 281.172184][T14900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 281.178445][T14900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 281.184704][T14900] ? security_inode_permission+0xcb/0x100 [ 281.190474][T14900] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 281.196726][T14900] ? security_inode_mkdir+0xe4/0x120 [ 281.202017][T14900] vfs_mkdir+0x42e/0x670 [ 281.206265][T14900] do_mkdirat+0x234/0x2a0 [ 281.210608][T14900] ? __ia32_sys_mknod+0xb0/0xb0 [ 281.215467][T14900] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 281.221540][T14900] ? trace_hardirqs_off_caller+0x65/0x230 [ 281.227270][T14900] __x64_sys_mkdir+0x5c/0x80 [ 281.231874][T14900] do_syscall_64+0xfa/0x760 [ 281.237515][T14900] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 281.243594][T14900] RIP: 0033:0x458d07 05:25:25 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$EVIOCGKEY(r1, 0x80404518, &(0x7f0000000080)=""/202) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x2, 0x2) ioctl$KVM_GET_API_VERSION(r2, 0xae00, 0x0) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000006b"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 281.247498][T14900] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 281.268189][T14900] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 281.276622][T14900] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 281.284761][T14900] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 05:25:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 281.284768][T14900] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 281.284775][T14900] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 281.284781][T14900] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 281.332084][T14911] binder: BINDER_SET_CONTEXT_MGR already set 05:25:25 executing program 4: mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 281.347329][T14911] binder: 14910:14911 ioctl 40046207 0 returned -16 05:25:25 executing program 1 (fault-call:0 fault-nth:40): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:25 executing program 4: mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:25 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x7600f4) r3 = socket(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000000)=r5, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r5, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000080)={r5, @in={{0x2, 0x4e24, @remote}}}, 0x84) msgctl$IPC_RMID(r0, 0x0) 05:25:25 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 281.480349][T15019] binder: BINDER_SET_CONTEXT_MGR already set [ 281.492896][T15019] binder: 15018:15019 ioctl 40046207 0 returned -16 [ 281.501252][T15021] FAULT_INJECTION: forcing a failure. [ 281.501252][T15021] name failslab, interval 1, probability 0, space 0, times 0 05:25:25 executing program 4: mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 281.576559][T15029] ubi: mtd0 is already attached to ubi0 [ 281.584587][T15021] CPU: 1 PID: 15021 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 281.593632][T15021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.603710][T15021] Call Trace: [ 281.607018][T15021] dump_stack+0x172/0x1f0 [ 281.611381][T15021] should_fail.cold+0xa/0x15 [ 281.615988][T15021] ? fault_create_debugfs_attr+0x180/0x180 [ 281.621815][T15021] ? __kasan_check_write+0x14/0x20 [ 281.626934][T15021] ? ___might_sleep+0x163/0x2c0 [ 281.626953][T15021] __should_failslab+0x121/0x190 [ 281.626967][T15021] should_failslab+0x9/0x14 [ 281.626985][T15021] __kmalloc+0x2e0/0x770 [ 281.636791][T15021] ? quarantine_put+0x11c/0x1c0 [ 281.636807][T15021] ? ext4_find_extent+0x76e/0x9d0 [ 281.636823][T15021] ext4_find_extent+0x76e/0x9d0 [ 281.636839][T15021] ? ext4_ext_map_blocks+0x912/0x3ac0 [ 281.636854][T15021] ext4_ext_map_blocks+0x1dc/0x3ac0 [ 281.636869][T15021] ? __kasan_check_read+0x11/0x20 [ 281.677130][T15021] ? ext4_ext_release+0x10/0x10 [ 281.682003][T15021] ? lock_acquire+0x190/0x410 [ 281.686690][T15021] ? ext4_map_blocks+0x4b3/0x17e0 [ 281.691848][T15021] ? __kasan_check_write+0x14/0x20 [ 281.696965][T15021] ? down_write+0xdf/0x150 [ 281.701383][T15021] ? down_write_killable+0x170/0x170 [ 281.706679][T15021] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 281.712912][T15021] ? ext4_es_lookup_extent+0x426/0xd40 [ 281.718455][T15021] ext4_map_blocks+0x52b/0x17e0 [ 281.723300][T15021] ? ext4_issue_zeroout+0x190/0x190 [ 281.728509][T15021] ? ext4_set_acl+0x4f0/0x4f0 [ 281.733179][T15021] ? _raw_spin_unlock+0x2d/0x50 [ 281.738022][T15021] ? __kasan_check_write+0x14/0x20 [ 281.743123][T15021] ext4_getblk+0xc4/0x570 [ 281.747447][T15021] ? ext4_iomap_begin+0x1000/0x1000 [ 281.752642][T15021] ext4_bread+0x8f/0x390 [ 281.756874][T15021] ? ext4_getblk+0x570/0x570 [ 281.761457][T15021] ext4_append+0x155/0x370 [ 281.765868][T15021] ext4_mkdir+0x632/0xe20 [ 281.770193][T15021] ? ext4_init_dot_dotdot+0x520/0x520 [ 281.775594][T15021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 281.781912][T15021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 281.788205][T15021] ? security_inode_permission+0xcb/0x100 [ 281.793919][T15021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 281.800144][T15021] ? security_inode_mkdir+0xe4/0x120 [ 281.805436][T15021] vfs_mkdir+0x42e/0x670 [ 281.809715][T15021] do_mkdirat+0x234/0x2a0 [ 281.814036][T15021] ? __ia32_sys_mknod+0xb0/0xb0 [ 281.818896][T15021] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 281.825069][T15021] ? trace_hardirqs_off_caller+0x65/0x230 [ 281.830781][T15021] __x64_sys_mkdir+0x5c/0x80 [ 281.835359][T15021] do_syscall_64+0xfa/0x760 [ 281.839866][T15021] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 281.845796][T15021] RIP: 0033:0x458d07 [ 281.850638][T15021] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 281.870290][T15021] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 281.878693][T15021] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 281.886695][T15021] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 281.894657][T15021] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 281.902660][T15021] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 281.910766][T15021] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 281.936947][T15035] binder: BINDER_SET_CONTEXT_MGR already set [ 281.943291][T15035] binder: 15031:15035 ioctl 40046207 0 returned -16 05:25:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = dup2(0xffffffffffffffff, r1) r3 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, r2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e713acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b080eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x10000, 0x100) ioctl$EVIOCGVERSION(r5, 0x80044501, &(0x7f0000000ac0)=""/4096) fstatfs(r4, &(0x7f0000000080)=""/151) 05:25:26 executing program 1 (fault-call:0 fault-nth:41): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:26 executing program 4: r0 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:26 executing program 4: r0 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 282.150806][T15046] FAULT_INJECTION: forcing a failure. [ 282.150806][T15046] name failslab, interval 1, probability 0, space 0, times 0 [ 282.153220][T15045] binder: BINDER_SET_CONTEXT_MGR already set [ 282.189880][T15046] CPU: 0 PID: 15046 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 282.198802][T15046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 282.208869][T15046] Call Trace: [ 282.212275][T15046] dump_stack+0x172/0x1f0 [ 282.216796][T15046] should_fail.cold+0xa/0x15 [ 282.220504][T15045] binder: 15043:15045 ioctl 40046207 0 returned -16 [ 282.221553][T15046] ? fault_create_debugfs_attr+0x180/0x180 [ 282.234066][T15046] ? lock_downgrade+0x920/0x920 [ 282.239094][T15046] ? ___might_sleep+0x163/0x2c0 [ 282.244239][T15046] __should_failslab+0x121/0x190 [ 282.249188][T15046] should_failslab+0x9/0x14 [ 282.253702][T15046] kmem_cache_alloc+0x2aa/0x710 [ 282.258565][T15046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 282.264817][T15046] ? __mark_inode_dirty+0x3d1/0x1390 [ 282.270115][T15046] ext4_mb_new_blocks+0x5b9/0x3900 [ 282.275241][T15046] ? quarantine_put+0x11c/0x1c0 [ 282.280108][T15046] ? ext4_find_extent+0x76e/0x9d0 [ 282.285143][T15046] ext4_ext_map_blocks+0x23c9/0x3ac0 [ 282.290439][T15046] ? ext4_ext_release+0x10/0x10 [ 282.295291][T15046] ? lock_acquire+0x190/0x410 [ 282.300058][T15046] ? ext4_map_blocks+0x4b3/0x17e0 [ 282.305095][T15046] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 282.311344][T15046] ? ext4_es_lookup_extent+0x426/0xd40 [ 282.316813][T15046] ext4_map_blocks+0x52b/0x17e0 [ 282.321675][T15046] ? ext4_issue_zeroout+0x190/0x190 [ 282.327081][T15046] ? ext4_set_acl+0x4f0/0x4f0 [ 282.332002][T15046] ? _raw_spin_unlock+0x2d/0x50 [ 282.336862][T15046] ? __kasan_check_write+0x14/0x20 [ 282.341987][T15046] ext4_getblk+0xc4/0x570 [ 282.346332][T15046] ? ext4_iomap_begin+0x1000/0x1000 [ 282.351556][T15046] ext4_bread+0x8f/0x390 [ 282.355806][T15046] ? ext4_getblk+0x570/0x570 [ 282.360411][T15046] ext4_append+0x155/0x370 [ 282.364834][T15046] ext4_mkdir+0x632/0xe20 [ 282.369303][T15046] ? ext4_init_dot_dotdot+0x520/0x520 [ 282.374682][T15046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 282.380927][T15046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 282.387628][T15046] ? security_inode_permission+0xcb/0x100 [ 282.393460][T15046] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 282.399721][T15046] ? security_inode_mkdir+0xe4/0x120 [ 282.405104][T15046] vfs_mkdir+0x42e/0x670 [ 282.409359][T15046] do_mkdirat+0x234/0x2a0 [ 282.413698][T15046] ? __ia32_sys_mknod+0xb0/0xb0 [ 282.418644][T15046] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 282.424888][T15046] ? trace_hardirqs_off_caller+0x65/0x230 [ 282.430621][T15046] __x64_sys_mkdir+0x5c/0x80 [ 282.435344][T15046] do_syscall_64+0xfa/0x760 [ 282.439857][T15046] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 282.445829][T15046] RIP: 0033:0x458d07 [ 282.449734][T15046] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 282.469434][T15046] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 282.477867][T15046] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 282.486013][T15046] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 282.494122][T15046] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 05:25:26 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:26 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 282.502138][T15046] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 282.510111][T15046] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:26 executing program 4: r0 = open(0x0, 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:26 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000258f88)) ioctl$KVM_GET_DIRTY_LOG(0xffffffffffffffff, 0x4010ae42, &(0x7f0000000040)={0x10003, 0x0, &(0x7f0000ff9000/0x4000)=nil}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 282.568323][T15024] ubi: mtd0 is already attached to ubi0 [ 282.590793][T15160] binder: BINDER_SET_CONTEXT_MGR already set [ 282.604890][T15160] binder: 15158:15160 ioctl 40046207 0 returned -16 05:25:26 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) r7 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r8 = getpgrp(0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000040)={0x2, r8}) fcntl$setsig(r7, 0xa, 0x11) fcntl$setlease(r7, 0x400, 0x0) fcntl$setlease(r7, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000180)) 05:25:26 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:26 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000fff000/0x1000)=nil, 0x1000}, &(0x7f0000000080)=0x10) msgctl$IPC_RMID(r0, 0x0) 05:25:27 executing program 1 (fault-call:0 fault-nth:42): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:27 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x200000, 0xa1) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) ioctl$KDGKBMETA(r3, 0x4b62, &(0x7f0000000340)) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000100), &(0x7f00000000c0)=0xffffffffffffff4d) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) getsockopt$inet6_opts(r5, 0x29, 0x39, &(0x7f0000000280)=""/154, &(0x7f0000000200)=0x9a) r7 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x20000000138, 0x800) setxattr$security_evm(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000240)=ANY=[@ANYBLOB="0236f98193caf92172f5790300000000000000d3c8bf18bfe41e144700100000b7ed689e8b86bad40bb379b729657d6b32"], 0x7, 0x0) ioctl$KVM_GET_ONE_REG(r7, 0x4010aeab, &(0x7f0000000140)={0xfffffffffffffffd, 0x3c28}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:27 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:27 executing program 5: openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x200080, 0x0) r0 = msgget$private(0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) ioctl$FIGETBSZ(r1, 0x2, &(0x7f0000000080)) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$MON_IOCQ_RING_SIZE(r1, 0x9205) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x4}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 282.941481][T15281] binder: BINDER_SET_CONTEXT_MGR already set [ 282.964407][T15281] binder: 15280:15281 ioctl 40046207 0 returned -16 [ 283.044797][T15322] FAULT_INJECTION: forcing a failure. [ 283.044797][T15322] name failslab, interval 1, probability 0, space 0, times 0 [ 283.057566][T15322] CPU: 1 PID: 15322 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 283.066350][T15322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.076693][T15322] Call Trace: [ 283.080012][T15322] dump_stack+0x172/0x1f0 [ 283.080037][T15322] should_fail.cold+0xa/0x15 [ 283.089350][T15322] ? fault_create_debugfs_attr+0x180/0x180 05:25:27 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x200480) clock_nanosleep(0x5, 0x1, &(0x7f0000000080)={0x0, 0x1c9c380}, &(0x7f00000000c0)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 283.095173][T15322] __should_failslab+0x121/0x190 [ 283.100212][T15322] should_failslab+0x9/0x14 [ 283.104730][T15322] kmem_cache_alloc+0x47/0x710 [ 283.109509][T15322] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 283.115247][T15322] ? ext4_es_can_be_merged+0x1a3/0x2a0 [ 283.120734][T15322] ? do_raw_write_lock+0x124/0x290 [ 283.126137][T15322] __es_insert_extent+0x2cc/0xf20 [ 283.131285][T15322] ext4_es_insert_extent+0x2d2/0xa70 [ 283.136585][T15322] ? ext4_es_scan_clu+0xe0/0xe0 [ 283.141450][T15322] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 283.147811][T15322] ? ext4_es_lookup_extent+0x426/0xd40 [ 283.153286][T15322] ext4_map_blocks+0x7ed/0x17e0 [ 283.158156][T15322] ? ext4_issue_zeroout+0x190/0x190 [ 283.164064][T15322] ? ext4_set_acl+0x4f0/0x4f0 [ 283.168871][T15322] ? _raw_spin_unlock+0x2d/0x50 [ 283.173817][T15322] ? __kasan_check_write+0x14/0x20 [ 283.179037][T15322] ext4_getblk+0xc4/0x570 [ 283.183542][T15322] ? ext4_iomap_begin+0x1000/0x1000 [ 283.188881][T15322] ext4_bread+0x8f/0x390 05:25:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 283.193159][T15322] ? ext4_getblk+0x570/0x570 [ 283.197764][T15322] ext4_append+0x155/0x370 [ 283.202387][T15322] ext4_mkdir+0x632/0xe20 [ 283.206740][T15322] ? ext4_init_dot_dotdot+0x520/0x520 [ 283.212331][T15322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.218587][T15322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.225010][T15322] ? security_inode_permission+0xcb/0x100 [ 283.230873][T15322] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.237125][T15322] ? security_inode_mkdir+0xe4/0x120 05:25:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 283.237140][T15322] vfs_mkdir+0x42e/0x670 [ 283.237157][T15322] do_mkdirat+0x234/0x2a0 [ 283.251269][T15322] ? __ia32_sys_mknod+0xb0/0xb0 [ 283.256224][T15322] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 283.262530][T15322] ? trace_hardirqs_off_caller+0x65/0x230 [ 283.262548][T15322] __x64_sys_mkdir+0x5c/0x80 [ 283.262563][T15322] do_syscall_64+0xfa/0x760 [ 283.262583][T15322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.283393][T15322] RIP: 0033:0x458d07 [ 283.286641][T15403] binder: BINDER_SET_CONTEXT_MGR already set 05:25:27 executing program 3: socket$inet_dccp(0x2, 0x6, 0x0) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000080)={0x1}) llistxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0) [ 283.287292][T15322] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 283.287301][T15322] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 283.287314][T15322] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 283.287322][T15322] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 283.287329][T15322] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a 05:25:27 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 283.287336][T15322] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 283.287349][T15322] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 283.308914][T15403] binder: 15402:15403 ioctl 40046207 0 returned -16 [ 283.332443][T15322] FAT-fs (loop1): bogus number of reserved sectors [ 283.385802][T15322] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:27 executing program 1 (fault-call:0 fault-nth:43): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:27 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0xffffffff7ffffffe, 0x0, 0x0, r4, 0xee01, 0x4}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, r3}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:27 executing program 3: r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000001c0)=@nat={'nat\x00', 0x1b, 0x5, 0x5a8, 0x158, 0x0, 0x378, 0x0, 0x158, 0x4d8, 0x4d8, 0x4d8, 0x4d8, 0x4d8, 0x5, &(0x7f0000000140), {[{{@uncond, 0x0, 0x110, 0x158, 0x0, {}, [@common=@hbh={0x48, 'hbh\x00', 0x0, {0x0, 0x2, 0x0, [0x3, 0x9c, 0x0, 0x1000, 0x1, 0x4, 0xfffffffffffffffd, 0x8, 0x200, 0x5, 0x5, 0x9, 0x1, 0xfffffffffffffffa, 0x81, 0x5], 0xf}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x32, @ipv4=@broadcast, @ipv4=@broadcast, @icmp_id=0x67, @gre_key=0x5}}}, {{@uncond, 0x0, 0xc8, 0x110}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0xa, @ipv6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv6=@ipv4={[], [], @remote}, @gre_key=0x200, @port=0x4e21}}}, {{@ipv6={@mcast1, @empty, [0x0, 0xffffff00, 0x0, 0xff000000], [0xff000000, 0xff, 0xb58c97fd6a7de10d, 0xffffff00], 'vcan0\x00', 'bpq0\x00', {}, {}, 0x3c, 0x4, 0x0, 0x26}, 0x0, 0xc8, 0x110}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x3, @ipv6=@mcast2, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, @port=0x4e23, @port=0x4e23}}}, {{@ipv6={@dev={0xfe, 0x80, [], 0x26}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, [0xffffffff, 0xffffff00, 0x0, 0xff], [0x7f800000, 0xff000000, 0x0, 0xffffffff], 'nlmon0\x00', 'veth1_to_hsr\x00', {0xff}, {0x4dcd8c9e8ef6357c}, 0x47, 0x1, 0x1, 0x40}, 0x0, 0x138, 0x160, 0x0, {}, [@common=@hbh={0x48, 'hbh\x00', 0x0, {0xffffffff, 0x4, 0x1, [0xd7, 0x1000, 0x10001, 0x1000, 0x400, 0xc0, 0x4, 0x4, 0x100000000, 0x3, 0x8, 0xfffffffffffffffb, 0x5, 0x80000001, 0x7ff, 0x2], 0x1}}, @common=@ipv6header={0x28, 'ipv6header\x00', 0x0, {0x25, 0x20, 0x1}}]}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x7, 0x4}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x608) r2 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) getresgid(&(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000100)) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0305302, &(0x7f0000000000)) 05:25:27 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:27 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 283.547489][T15508] FAULT_INJECTION: forcing a failure. [ 283.547489][T15508] name failslab, interval 1, probability 0, space 0, times 0 [ 283.595711][T15522] binder: BINDER_SET_CONTEXT_MGR already set [ 283.604852][T15508] CPU: 1 PID: 15508 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 283.613679][T15508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 283.623737][T15508] Call Trace: [ 283.627047][T15508] dump_stack+0x172/0x1f0 [ 283.631535][T15508] should_fail.cold+0xa/0x15 [ 283.636143][T15508] ? arch_stack_walk+0x97/0xf0 [ 283.640931][T15508] ? fault_create_debugfs_attr+0x180/0x180 [ 283.645021][T15522] binder: 15520:15522 ioctl 40046207 0 returned -16 [ 283.646836][T15508] ? ___might_sleep+0x163/0x2c0 [ 283.658314][T15508] __should_failslab+0x121/0x190 [ 283.663339][T15508] should_failslab+0x9/0x14 [ 283.668015][T15508] __kmalloc+0x2e0/0x770 [ 283.672252][T15508] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 283.678728][T15508] ? mark_page_accessed+0x6ec/0x1230 [ 283.684095][T15508] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 283.689853][T15508] ? ext4_find_extent+0x76e/0x9d0 [ 283.694871][T15508] ext4_find_extent+0x76e/0x9d0 [ 283.699726][T15508] ? ___might_sleep+0x163/0x2c0 [ 283.704729][T15508] ext4_ext_map_blocks+0x1dc/0x3ac0 [ 283.710013][T15508] ? mark_held_locks+0xf0/0xf0 [ 283.714774][T15508] ? ext4_ext_release+0x10/0x10 [ 283.719631][T15508] ? __kasan_check_write+0x14/0x20 [ 283.724780][T15508] ? down_read+0x109/0x430 [ 283.729211][T15508] ? down_read_killable+0x490/0x490 [ 283.734430][T15508] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 283.740661][T15508] ? ext4_es_lookup_extent+0x426/0xd40 [ 283.746161][T15508] ext4_map_blocks+0xdc7/0x17e0 [ 283.751008][T15508] ? ext4_issue_zeroout+0x190/0x190 [ 283.756256][T15508] ? ext4_set_acl+0x4f0/0x4f0 [ 283.761184][T15508] ? _raw_spin_unlock+0x2d/0x50 [ 283.766028][T15508] ? __kasan_check_write+0x14/0x20 [ 283.771133][T15508] ext4_getblk+0xc4/0x570 [ 283.775499][T15508] ? ext4_iomap_begin+0x1000/0x1000 [ 283.780693][T15508] ext4_bread+0x8f/0x390 [ 283.784924][T15508] ? ext4_getblk+0x570/0x570 [ 283.789512][T15508] ext4_append+0x155/0x370 [ 283.793921][T15508] ext4_mkdir+0x632/0xe20 [ 283.798242][T15508] ? ext4_init_dot_dotdot+0x520/0x520 [ 283.803621][T15508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.809851][T15508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.816178][T15508] ? security_inode_permission+0xcb/0x100 [ 283.821887][T15508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 283.828212][T15508] ? security_inode_mkdir+0xe4/0x120 [ 283.833502][T15508] vfs_mkdir+0x42e/0x670 [ 283.837736][T15508] do_mkdirat+0x234/0x2a0 [ 283.842143][T15508] ? __ia32_sys_mknod+0xb0/0xb0 [ 283.846990][T15508] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 283.853049][T15508] ? trace_hardirqs_off_caller+0x65/0x230 [ 283.858828][T15508] __x64_sys_mkdir+0x5c/0x80 [ 283.863410][T15508] do_syscall_64+0xfa/0x760 [ 283.867999][T15508] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 283.873966][T15508] RIP: 0033:0x458d07 05:25:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) sendmsg$rds(r1, &(0x7f0000001640)={0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f00000000c0)=""/147, 0x93}, {&(0x7f0000000180)=""/90, 0x5a}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/65, 0x41}, {&(0x7f0000001280)=""/16, 0x10}, {&(0x7f00000012c0)=""/135, 0x87}, {&(0x7f0000001380)=""/30, 0x1e}, {&(0x7f00000013c0)=""/221, 0xdd}], 0x8, &(0x7f00000015c0)=ANY=[@ANYBLOB="580000000000000014010000070000000500000000000000", @ANYPTR=&(0x7f0000001540)=ANY=[@ANYBLOB="0101000000000000"], @ANYPTR=&(0x7f0000001580)=ANY=[@ANYBLOB="0400000000000000"], @ANYBLOB="04000000000000005f030000000000008c4700000000000003000000000000000400000000000000bc00000000000000"], 0x58, 0x880}, 0x4000) [ 283.877855][T15508] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 283.897968][T15508] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 283.906366][T15508] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 283.914328][T15508] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 283.922896][T15508] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 283.930855][T15508] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 283.939259][T15508] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 283.999409][T15508] FAT-fs (loop1): bogus number of reserved sectors [ 284.009581][T15508] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:28 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x1, 0x0) ioctl$PPPIOCGDEBUG(r2, 0x80047441, &(0x7f00000000c0)) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(0xffffffffffffffff, 0xc0305302, &(0x7f0000000180)) 05:25:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 284.050837][T15535] binder: BINDER_SET_CONTEXT_MGR already set [ 284.064802][T15535] binder: 15533:15535 ioctl 40046207 0 returned -16 05:25:28 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x10, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:28 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0xc39c31c4708e1289, 0x4) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x3, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000080)) [ 284.184175][T15542] binder: BINDER_SET_CONTEXT_MGR already set [ 284.190205][T15542] binder: 15540:15542 ioctl 40046207 0 returned -16 05:25:28 executing program 1 (fault-call:0 fault-nth:44): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:28 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = geteuid() r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000200)) lchown(&(0x7f0000000000)='./file0\x00', r1, 0xffffffffffffffff) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, r1}}) r4 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000040)) r5 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r5, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r6, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'vcan0\x00', r6}) sendto$packet(r4, &(0x7f0000000080)="ecf37e83480148a83bfeea236e71574d9c88ceb09294850c4115b84c6da8ab22aeb2c00bd384e7e61d8b608a9b975378b607656b091c124d1c73fb35290a602034e07e345794e6b3c80f355a7765a30c917d0100962c91d9a3c2d52f4d81f3a898c11f43a01a19d24bb77f49a833562ef847d7b8655818d48872ac23c95ee8b29deeed5b69e7646749f766c88ef8b4409d3129757c48f92ca1af392f76bc510ee2e86bb5dbd65964ee1a3a5821540d02c12e679d7f8d3433c5df11f632e9a9156722bfe5c540d06e26d2d5fb2eacf5811637cb2b37e50bf39e", 0xd9, 0x0, &(0x7f00000001c0)={0x11, 0xc, r7, 0x1, 0x7, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x0, &(0x7f0000000080)=ANY=[], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:28 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000080)={0x0, 0x1, 0x5, 0x1, 0xf, 0xfffffffffffff53b, 0x1, 0x3, 0x5, 0x100000000, 0x7, 0x3}) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f00000000c0)) 05:25:28 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x0, &(0x7f0000000080)=ANY=[], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 284.294348][T15602] binder: BINDER_SET_CONTEXT_MGR already set [ 284.315107][T15602] binder: 15585:15602 ioctl 40046207 0 returned -16 [ 284.398090][T15641] FAULT_INJECTION: forcing a failure. [ 284.398090][T15641] name failslab, interval 1, probability 0, space 0, times 0 [ 284.436586][T15641] CPU: 0 PID: 15641 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 284.445294][T15641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.455536][T15641] Call Trace: [ 284.458876][T15641] dump_stack+0x172/0x1f0 [ 284.463204][T15641] should_fail.cold+0xa/0x15 [ 284.467832][T15641] ? fault_create_debugfs_attr+0x180/0x180 [ 284.473636][T15641] ? lock_downgrade+0x920/0x920 [ 284.478825][T15641] ? ___might_sleep+0x163/0x2c0 [ 284.483719][T15641] __should_failslab+0x121/0x190 [ 284.488649][T15641] should_failslab+0x9/0x14 [ 284.493181][T15641] kmem_cache_alloc+0x2aa/0x710 [ 284.498021][T15641] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 284.504249][T15641] ? __mark_inode_dirty+0x3d1/0x1390 [ 284.509611][T15641] ext4_mb_new_blocks+0x5b9/0x3900 [ 284.514714][T15641] ? quarantine_put+0x11c/0x1c0 [ 284.519604][T15641] ? ext4_find_extent+0x76e/0x9d0 [ 284.524622][T15641] ext4_ext_map_blocks+0x23c9/0x3ac0 [ 284.529946][T15641] ? ext4_ext_release+0x10/0x10 [ 284.534791][T15641] ? lock_acquire+0x190/0x410 [ 284.539547][T15641] ? ext4_map_blocks+0x4b3/0x17e0 [ 284.544695][T15641] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 284.550963][T15641] ? ext4_es_lookup_extent+0x426/0xd40 [ 284.556412][T15641] ext4_map_blocks+0x52b/0x17e0 [ 284.561314][T15641] ? ext4_issue_zeroout+0x190/0x190 [ 284.566501][T15641] ? ext4_set_acl+0x4f0/0x4f0 [ 284.571218][T15641] ? _raw_spin_unlock+0x2d/0x50 [ 284.576085][T15641] ? __kasan_check_write+0x14/0x20 [ 284.581229][T15641] ext4_getblk+0xc4/0x570 [ 284.585551][T15641] ? ext4_iomap_begin+0x1000/0x1000 [ 284.590745][T15641] ext4_bread+0x8f/0x390 [ 284.594978][T15641] ? ext4_getblk+0x570/0x570 [ 284.599563][T15641] ext4_append+0x155/0x370 [ 284.604040][T15641] ext4_mkdir+0x632/0xe20 [ 284.608365][T15641] ? ext4_init_dot_dotdot+0x520/0x520 [ 284.613824][T15641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 284.620051][T15641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 284.626279][T15641] ? security_inode_permission+0xcb/0x100 [ 284.631995][T15641] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 284.638275][T15641] ? security_inode_mkdir+0xe4/0x120 [ 284.643554][T15641] vfs_mkdir+0x42e/0x670 [ 284.647789][T15641] do_mkdirat+0x234/0x2a0 [ 284.652113][T15641] ? __ia32_sys_mknod+0xb0/0xb0 [ 284.656998][T15641] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 284.663090][T15641] ? trace_hardirqs_off_caller+0x65/0x230 [ 284.668803][T15641] __x64_sys_mkdir+0x5c/0x80 [ 284.673471][T15641] do_syscall_64+0xfa/0x760 [ 284.678191][T15641] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 284.685027][T15641] RIP: 0033:0x458d07 [ 284.689044][T15641] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.708653][T15641] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 284.717138][T15641] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 284.725098][T15641] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 [ 284.733106][T15641] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 284.741159][T15641] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 284.749119][T15641] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:28 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000300)={0x4, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) bind$nfc_llcp(r1, &(0x7f0000000100)={0x27, 0x1, 0x1, 0x6, 0x4, 0xc0b3, "8821bd97263b9d2ab1c45ce7f6ec46ea4df1717502184786e856c7a04008731c9a62b2689d9bcb9b4fa2dbe3de6cc1735c8f71c120e72f78b876abe96128b6"}, 0x60) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000000180)={0x0, 0x5, 0x1, 'queue1\x00'}) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) r5 = perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x4, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c56692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408582b09f492a6871e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab84600100000acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbdea604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc670eaef3152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b5dc81f3a765fcdb9c3fe66c9d505c27a32cc967688a1fc3929429442f8d1a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcef3d46ee1d55d4695e0d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c47758260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba13a6a44ba989721b4e64e6fe0f79a68486375de730000"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) fstat(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-monitor\x00', 0x800, 0x0) r9 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r10 = getpgrp(0x0) fcntl$setownex(r9, 0xf, &(0x7f0000000040)={0x2, r10}) write$cgroup_pid(r8, &(0x7f0000000280)=r10, 0x12) r11 = fcntl$getown(0xffffffffffffffff, 0x9) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, r7}, 0x0, 0x0, 0x0, 0xd2, 0x0, 0x3, r11, r4}) r12 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r13 = getpgrp(0x0) r14 = socket$packet(0x11, 0x3, 0x300) fcntl$setownex(r14, 0xf, &(0x7f0000000040)={0x2, r13}) fcntl$setsig(r12, 0xa, 0x11) fcntl$setlease(r12, 0x400, 0x0) fcntl$setlease(r12, 0x400, 0x2) setsockopt$inet6_tcp_TCP_REPAIR(r12, 0x6, 0x13, &(0x7f00000002c0)=0x1, 0x4) msgsnd(r0, &(0x7f0000000040)=ANY=[], 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:28 executing program 3: epoll_create(0x7) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000180)={0x8, 0x10001, 0xfffffffffffffffb, 0xffffffff, 0x6, 0x8000}) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0xa7169f47a63df865, 0x0) ioctl$BLKPG(r3, 0x1269, &(0x7f0000000140)={0xfffffffffffffff7, 0x8000, 0x69, &(0x7f00000000c0)="5371e9f597f282e5e8c1f60804de4768f37e983b118ce7f5b8db864432f5c8b9d104ad1b5fa46d89c15bccea4dfc2ca8dc7f2c4548b773320bf28459c64fe400aa71b4f08eafe33f13961ebbb82c5168a7a3c42d2823c2bfd924b9c0d4f0475e8cefca0bbdfe6a9994"}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r4 = semget(0x1, 0x2, 0x0) semctl$IPC_INFO(r4, 0x0, 0x3, &(0x7f0000000180)=""/17) semctl$GETZCNT(r4, 0x4, 0xf, &(0x7f00000001c0)=""/63) 05:25:28 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x0, &(0x7f0000000080)=ANY=[], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 284.818391][T15666] binder: BINDER_SET_CONTEXT_MGR already set [ 284.842799][T15666] binder: 15665:15666 ioctl 40046207 0 returned -16 05:25:29 executing program 1 (fault-call:0 fault-nth:45): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 284.943122][T15721] binder: BINDER_SET_CONTEXT_MGR already set [ 284.958526][T15721] binder: 15676:15721 ioctl 40046207 0 returned -16 [ 285.023244][T15783] FAULT_INJECTION: forcing a failure. [ 285.023244][T15783] name failslab, interval 1, probability 0, space 0, times 0 [ 285.037847][T15783] CPU: 1 PID: 15783 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 285.046539][T15783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.056594][T15783] Call Trace: [ 285.059961][T15783] dump_stack+0x172/0x1f0 [ 285.064527][T15783] should_fail.cold+0xa/0x15 [ 285.069161][T15783] ? fault_create_debugfs_attr+0x180/0x180 [ 285.074994][T15783] ? kernel_init_free_pages+0x120/0x120 [ 285.080535][T15783] ? ___might_sleep+0x163/0x2c0 [ 285.085463][T15783] __should_failslab+0x121/0x190 [ 285.090614][T15783] should_failslab+0x9/0x14 [ 285.095108][T15783] __kmalloc_track_caller+0x2dc/0x760 [ 285.100467][T15783] ? mntput+0x74/0xa0 [ 285.104616][T15783] ? strndup_user+0x77/0xd0 [ 285.109112][T15783] memdup_user+0x26/0xb0 [ 285.113404][T15783] strndup_user+0x77/0xd0 [ 285.117724][T15783] ksys_mount+0x3c/0x150 [ 285.122002][T15783] __x64_sys_mount+0xbe/0x150 [ 285.126674][T15783] do_syscall_64+0xfa/0x760 [ 285.131297][T15783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.137201][T15783] RIP: 0033:0x45c33a [ 285.141171][T15783] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 285.160763][T15783] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 05:25:29 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 285.169161][T15783] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 285.177122][T15783] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 285.185083][T15783] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 285.193177][T15783] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 285.201140][T15783] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 285.228403][T15788] binder: BINDER_SET_CONTEXT_MGR already set [ 285.250512][T15788] binder: 15785:15788 ioctl 40046207 0 returned -16 [ 285.317046][T15894] binder: BINDER_SET_CONTEXT_MGR already set 05:25:29 executing program 1 (fault-call:0 fault-nth:46): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:29 executing program 5: r0 = msgget$private(0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@ipv4={[], [], @empty}, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@multicast1}}, &(0x7f0000000140)=0xe8) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, r1}, 0x0, 0x0, 0x0, 0x0, 0xbf96}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 285.362039][T15894] binder: 15866:15894 ioctl 40046207 0 returned -16 05:25:29 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, 0xffffffffffffffff, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:29 executing program 3: r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) recvfrom$ax25(r0, &(0x7f0000000080)=""/73, 0x49, 0x2, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}, 0x48) r2 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000180)='/dev/vcsa#\x00', 0x9, 0x20000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0305302, &(0x7f0000000000)) [ 285.449564][T15898] FAULT_INJECTION: forcing a failure. [ 285.449564][T15898] name failslab, interval 1, probability 0, space 0, times 0 [ 285.462284][T15898] CPU: 1 PID: 15898 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 285.471102][T15898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 285.481165][T15898] Call Trace: [ 285.484474][T15898] dump_stack+0x172/0x1f0 [ 285.488960][T15898] should_fail.cold+0xa/0x15 [ 285.493560][T15898] ? fault_create_debugfs_attr+0x180/0x180 05:25:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 285.499367][T15898] __should_failslab+0x121/0x190 [ 285.499385][T15898] should_failslab+0x9/0x14 [ 285.508922][T15898] kmem_cache_alloc+0x47/0x710 [ 285.513699][T15898] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 285.519425][T15898] ? ext4_es_can_be_merged+0x1a3/0x2a0 [ 285.524887][T15898] ? do_raw_write_lock+0x124/0x290 [ 285.530144][T15898] __es_insert_extent+0x2cc/0xf20 [ 285.535186][T15898] ext4_es_insert_extent+0x2d2/0xa70 [ 285.540481][T15898] ? ext4_es_scan_clu+0xe0/0xe0 [ 285.545345][T15898] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 285.551709][T15898] ? ext4_es_lookup_extent+0x426/0xd40 [ 285.557190][T15898] ext4_map_blocks+0x7ed/0x17e0 [ 285.557208][T15898] ? ext4_issue_zeroout+0x190/0x190 [ 285.566250][T15908] binder: BINDER_SET_CONTEXT_MGR already set [ 285.567232][T15898] ? ext4_set_acl+0x4f0/0x4f0 [ 285.567256][T15898] ? _raw_spin_unlock+0x2d/0x50 [ 285.582866][T15898] ? __kasan_check_write+0x14/0x20 [ 285.587986][T15898] ext4_getblk+0xc4/0x570 [ 285.592318][T15898] ? ext4_iomap_begin+0x1000/0x1000 [ 285.597526][T15898] ext4_bread+0x8f/0x390 [ 285.601778][T15898] ? ext4_getblk+0x570/0x570 [ 285.606379][T15898] ext4_append+0x155/0x370 [ 285.610927][T15898] ext4_mkdir+0x632/0xe20 [ 285.615272][T15898] ? ext4_init_dot_dotdot+0x520/0x520 [ 285.620656][T15898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 285.626902][T15898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 285.633275][T15898] ? security_inode_permission+0xcb/0x100 [ 285.639008][T15898] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 05:25:29 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0x8001, 0x20000) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000240), &(0x7f0000000280)=0x4) syz_open_dev$binder(&(0x7f00000001c0)='/dev/binder#\x00', 0x0, 0x2) msgctl$IPC_RMID(r0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = msgget$private(0x0, 0x98) r5 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r6) r7 = getpid() r8 = getpgid(0xffffffffffffffff) msgctl$IPC_SET(r4, 0x1, &(0x7f0000000380)={{0x9, r6, 0x0, r2, r3, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r7, r8}) msgrcv(r4, &(0x7f0000000040)={0x0, ""/223}, 0xe7, 0x2, 0x2000) 05:25:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x4) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 285.644040][T15908] binder: 15902:15908 ioctl 40046207 0 returned -16 [ 285.645263][T15898] ? security_inode_mkdir+0xe4/0x120 [ 285.645281][T15898] vfs_mkdir+0x42e/0x670 [ 285.645301][T15898] do_mkdirat+0x234/0x2a0 [ 285.665796][T15898] ? __ia32_sys_mknod+0xb0/0xb0 [ 285.665812][T15898] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 285.665828][T15898] ? trace_hardirqs_off_caller+0x65/0x230 [ 285.683269][T15898] __x64_sys_mkdir+0x5c/0x80 [ 285.687874][T15898] do_syscall_64+0xfa/0x760 [ 285.692400][T15898] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 285.698296][T15898] RIP: 0033:0x458d07 [ 285.702197][T15898] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 285.721934][T15898] RSP: 002b:00007f88264fda88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 285.721946][T15898] RAX: ffffffffffffffda RBX: 0000000000000010 RCX: 0000000000458d07 [ 285.721954][T15898] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200003c0 05:25:29 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x40000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 285.721961][T15898] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000000a [ 285.721968][T15898] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 285.721975][T15898] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 285.773890][T15898] FAT-fs (loop1): bogus number of reserved sectors [ 285.782232][T15898] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:29 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:29 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:30 executing program 1 (fault-call:0 fault-nth:47): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 285.836427][T15995] binder: BINDER_SET_CONTEXT_MGR already set [ 285.859018][T15995] binder: 15973:15995 ioctl 40046207 0 returned -16 05:25:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x404141, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f00000000c0)={0x0, 0x2a, 0x2023}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 285.977767][T16032] FAULT_INJECTION: forcing a failure. [ 285.977767][T16032] name failslab, interval 1, probability 0, space 0, times 0 [ 286.008116][T16032] CPU: 1 PID: 16032 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 286.017002][T16032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.017008][T16032] Call Trace: [ 286.017027][T16032] dump_stack+0x172/0x1f0 [ 286.017046][T16032] should_fail.cold+0xa/0x15 [ 286.017060][T16032] ? fault_create_debugfs_attr+0x180/0x180 [ 286.017075][T16032] ? ___might_sleep+0x163/0x2c0 [ 286.017092][T16032] __should_failslab+0x121/0x190 [ 286.017106][T16032] should_failslab+0x9/0x14 [ 286.017119][T16032] __kmalloc+0x2e0/0x770 [ 286.017131][T16032] ? save_stack+0x5c/0x90 [ 286.017140][T16032] ? save_stack+0x23/0x90 [ 286.017153][T16032] ? tomoyo_encode2.part.0+0xf5/0x400 [ 286.017169][T16032] tomoyo_encode2.part.0+0xf5/0x400 [ 286.017182][T16032] ? do_syscall_64+0xfa/0x760 [ 286.017203][T16032] tomoyo_encode+0x2b/0x50 [ 286.017218][T16032] tomoyo_mount_acl+0xe0/0x840 [ 286.017230][T16032] ? __kasan_check_read+0x11/0x20 [ 286.017242][T16032] ? __kasan_check_write+0x14/0x20 [ 286.017263][T16032] ? lock_downgrade+0x920/0x920 [ 286.039975][T16032] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 286.039991][T16032] ? debug_check_no_obj_freed+0xc0/0x43f [ 286.040012][T16032] ? trace_hardirqs_off+0x62/0x240 [ 286.133893][T16032] ? lock_acquire+0x190/0x410 [ 286.138583][T16032] ? tomoyo_mount_permission+0x10a/0x410 [ 286.144493][T16032] tomoyo_mount_permission+0x16a/0x410 [ 286.150104][T16032] ? tomoyo_mount_permission+0x10a/0x410 [ 286.156118][T16032] ? tomoyo_mount_acl+0x840/0x840 [ 286.161163][T16032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 286.167583][T16032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 286.173922][T16032] ? strncpy_from_user+0x2b4/0x400 [ 286.180521][T16032] tomoyo_sb_mount+0x35/0x40 [ 286.185659][T16032] security_sb_mount+0x87/0xd0 [ 286.191313][T16032] do_mount+0x1d0/0x1d10 [ 286.195664][T16032] ? kasan_kmalloc+0x9/0x10 [ 286.200267][T16032] ? copy_mount_string+0x40/0x40 [ 286.205514][T16032] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 286.212560][T16032] ? _copy_from_user+0x12c/0x1a0 [ 286.217878][T16032] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 286.224684][T16032] ? copy_mount_options+0x2e8/0x3f0 [ 286.230254][T16032] ksys_mount+0xdb/0x150 [ 286.234694][T16032] __x64_sys_mount+0xbe/0x150 [ 286.239568][T16032] do_syscall_64+0xfa/0x760 [ 286.244120][T16032] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.250217][T16032] RIP: 0033:0x45c33a [ 286.254319][T16032] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 286.274817][T16032] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 286.285337][T16032] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 286.293718][T16032] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 286.303871][T16032] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 286.315865][T16032] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 05:25:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 286.324562][T16032] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 286.440289][T16194] binder: BINDER_SET_CONTEXT_MGR already set [ 286.450340][T16194] binder: 16186:16194 ioctl 40046207 0 returned -16 05:25:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:30 executing program 1 (fault-call:0 fault-nth:48): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:30 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:30 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0xd9bc, 0x260) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r5 = getpgrp(0x0) fcntl$setownex(r4, 0xf, &(0x7f0000000040)={0x2, r5}) fcntl$setsig(r4, 0xa, 0x11) fcntl$setlease(r4, 0x400, 0x0) fcntl$setlease(r4, 0x400, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r4, 0x40305652, &(0x7f0000000140)={0x4000000000000, 0x2, 0x9, 0x5, 0xff, 0x944, 0xf9c}) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000000000000000000000000000003000000000000"]) ioctl$VHOST_SET_VRING_NUM(r1, 0x4008af10, &(0x7f00000000c0)={0x5847f45e93365658}) 05:25:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 286.616294][T16256] FAULT_INJECTION: forcing a failure. [ 286.616294][T16256] name failslab, interval 1, probability 0, space 0, times 0 [ 286.621215][T16258] binder: BINDER_SET_CONTEXT_MGR already set [ 286.649160][T16256] CPU: 0 PID: 16256 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 286.658820][T16256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 286.668884][T16256] Call Trace: [ 286.672195][T16256] dump_stack+0x172/0x1f0 [ 286.674978][T16258] binder: 16251:16258 ioctl 40046207 0 returned -16 [ 286.676540][T16256] should_fail.cold+0xa/0x15 [ 286.676559][T16256] ? fault_create_debugfs_attr+0x180/0x180 [ 286.676576][T16256] ? kernel_init_free_pages+0x120/0x120 [ 286.676598][T16256] ? ___might_sleep+0x163/0x2c0 [ 286.704148][T16256] __should_failslab+0x121/0x190 [ 286.709119][T16256] should_failslab+0x9/0x14 [ 286.713638][T16256] kmem_cache_alloc_trace+0x2d3/0x790 [ 286.719030][T16256] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 286.725282][T16256] ? _copy_from_user+0x12c/0x1a0 [ 286.736741][T16256] copy_mount_options+0x5c/0x3f0 [ 286.736759][T16256] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 286.736776][T16256] ksys_mount+0xa7/0x150 [ 286.747929][T16256] __x64_sys_mount+0xbe/0x150 [ 286.747949][T16256] do_syscall_64+0xfa/0x760 [ 286.747970][T16256] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 286.767228][T16256] RIP: 0033:0x45c33a [ 286.769359][T16266] binder: BINDER_SET_CONTEXT_MGR already set [ 286.771120][T16256] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 286.771128][T16256] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 286.771141][T16256] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a 05:25:30 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = msgget$private(0x0, 0x98) r4 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r5) r6 = getpid() r7 = getpgid(0xffffffffffffffff) msgctl$IPC_SET(r3, 0x1, &(0x7f0000000380)={{0x9, r5, 0x0, r1, r2, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r6, r7}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000040)={{{@in=@empty, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f0000000140)=0xe8) r9 = gettid() r10 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r10, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") r11 = syz_open_dev$cec(&(0x7f0000000240)='/dev/cec#\x00', 0x1, 0x2) ioctl$VIDIOC_ENUMINPUT(r11, 0xc050561a, &(0x7f0000000280)={0x100000001, "c746e69000d359c856321ea62ec9a79a0dbabcbaefb123d6723fc7dac8801b38", 0x0, 0x0, 0xba4a276ffa86702d, 0xf900, 0x800, 0x2}) ioctl$sock_SIOCGPGRP(r10, 0x8904, &(0x7f0000000180)=0x0) msgctl$IPC_SET(r3, 0x1, &(0x7f00000001c0)={{0x9, r8, 0x0, 0xee00, 0x0, 0x120, 0x6}, 0x8001, 0x2440d400, 0x8, 0x527, 0xff, 0x5a, r9, r12}) msgctl$IPC_RMID(r0, 0x0) 05:25:30 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:30 executing program 3: ioctl$SNDRV_SEQ_IOCTL_PVERSION(0xffffffffffffffff, 0x80045300, &(0x7f0000000080)) r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 286.771148][T16256] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 286.771156][T16256] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 286.771169][T16256] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 286.787058][T16266] binder: 16265:16266 ioctl 40046207 0 returned -16 [ 286.796724][T16256] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:31 executing program 1 (fault-call:0 fault-nth:49): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:31 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x20082, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) write$FUSE_LK(r3, &(0x7f00000000c0)={0x28, 0x0, 0x6, {{0x0, 0x401, 0x2, r2}}}, 0x28) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc0305302, &(0x7f0000000000)) fcntl$getown(r0, 0x9) [ 287.013769][T16382] binder: BINDER_SET_CONTEXT_MGR already set [ 287.034598][T16383] FAULT_INJECTION: forcing a failure. [ 287.034598][T16383] name failslab, interval 1, probability 0, space 0, times 0 [ 287.052838][T16382] binder: 16350:16382 ioctl 40046207 0 returned -16 [ 287.072801][T16383] CPU: 1 PID: 16383 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 287.081505][T16383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.091564][T16383] Call Trace: [ 287.094865][T16383] dump_stack+0x172/0x1f0 [ 287.099209][T16383] should_fail.cold+0xa/0x15 [ 287.103806][T16383] ? fault_create_debugfs_attr+0x180/0x180 [ 287.109634][T16383] ? kernel_init_free_pages+0x120/0x120 [ 287.115197][T16383] ? ___might_sleep+0x163/0x2c0 [ 287.115213][T16383] __should_failslab+0x121/0x190 [ 287.115227][T16383] should_failslab+0x9/0x14 [ 287.115241][T16383] kmem_cache_alloc_trace+0x2d3/0x790 [ 287.115261][T16383] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 287.124998][T16383] ? _copy_from_user+0x12c/0x1a0 [ 287.125013][T16383] copy_mount_options+0x5c/0x3f0 [ 287.125028][T16383] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 287.125040][T16383] ksys_mount+0xa7/0x150 [ 287.125051][T16383] __x64_sys_mount+0xbe/0x150 [ 287.125066][T16383] do_syscall_64+0xfa/0x760 [ 287.125082][T16383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.125096][T16383] RIP: 0033:0x45c33a [ 287.180401][T16383] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 287.200006][T16383] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 287.208418][T16383] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a 05:25:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:31 executing program 5: r0 = msgget$private(0x0, 0x0) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, r1}, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0xfffffffffffffffd}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$VIDIOC_LOG_STATUS(r2, 0x5646, 0x0) stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)) 05:25:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x8000) write$P9_RSTAT(r1, &(0x7f00000000c0)={0x5f, 0x7d, 0x2, {0x0, 0x58, 0x7fff, 0x81, {0x8, 0x4, 0x6}, 0x800000, 0xfffffffffffffffe, 0x6, 0x800, 0xd, '/dev/snd/seq\x00', 0xd, '/dev/snd/seq\x00', 0xb, '[&mime_type'}}, 0x5f) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 287.216650][T16383] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 287.224623][T16383] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 287.232595][T16383] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 287.240576][T16383] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:31 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:31 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0305302, &(0x7f0000000080)) 05:25:31 executing program 5: r0 = msgget$private(0x0, 0x100) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x8}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x605, 0xffffffffffffffff) setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f0000000100)={0x2, 0x3, 0x7f, 0x7}, 0x10) msgctl$IPC_RMID(r0, 0x0) r2 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x400) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}, &(0x7f00000000c0)=0x10) [ 287.300619][T16398] binder: BINDER_SET_CONTEXT_MGR already set [ 287.330696][T16398] binder: 16395:16398 ioctl 40046207 0 returned -16 05:25:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 287.468489][T16512] binder: BINDER_SET_CONTEXT_MGR already set [ 287.474681][T16512] binder: 16511:16512 ioctl 40046207 0 returned -16 05:25:31 executing program 1 (fault-call:0 fault-nth:50): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:31 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x4c8541) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:31 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:31 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:31 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) read(r1, &(0x7f0000000200)=""/168, 0xa8) ioctl$VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x4}) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000040)) msgctl$IPC_RMID(r0, 0x0) [ 287.636004][T16626] binder: BINDER_SET_CONTEXT_MGR already set [ 287.653029][T16626] binder: 16557:16626 ioctl 40046207 0 returned -16 [ 287.670949][T16594] FAULT_INJECTION: forcing a failure. [ 287.670949][T16594] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 287.684161][T16594] CPU: 1 PID: 16594 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 287.684170][T16594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 287.684175][T16594] Call Trace: [ 287.684194][T16594] dump_stack+0x172/0x1f0 [ 287.684211][T16594] should_fail.cold+0xa/0x15 [ 287.684227][T16594] ? __kmalloc+0x163/0x770 [ 287.684241][T16594] ? fault_create_debugfs_attr+0x180/0x180 [ 287.684254][T16594] ? do_mount+0x1d0/0x1d10 [ 287.684272][T16594] ? ksys_mount+0xdb/0x150 [ 287.719525][T16594] ? __x64_sys_mount+0xbe/0x150 [ 287.719539][T16594] ? do_syscall_64+0xfa/0x760 [ 287.719561][T16594] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.743625][T16594] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 287.743640][T16594] ? bpf_prog_kallsyms_find+0x50/0x2c0 [ 287.743655][T16594] should_fail_alloc_page+0x50/0x60 [ 287.743671][T16594] __alloc_pages_nodemask+0x1a1/0x900 [ 287.755419][T16594] ? kernel_text_address+0x73/0xf0 [ 287.755433][T16594] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 287.755445][T16594] ? unwind_get_return_address+0x61/0xa0 [ 287.755463][T16594] ? profile_setup.cold+0xbb/0xbb [ 287.792846][T16594] ? should_fail+0x1de/0x852 [ 287.797433][T16594] ? fault_create_debugfs_attr+0x180/0x180 [ 287.803235][T16594] cache_grow_begin+0x90/0xd20 [ 287.808001][T16594] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 287.813713][T16594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 287.819949][T16594] __kmalloc+0x6b2/0x770 [ 287.824186][T16594] ? kasan_kmalloc+0x9/0x10 [ 287.828688][T16594] ? __kmalloc+0x351/0x770 [ 287.833106][T16594] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 287.838829][T16594] tomoyo_realpath_from_path+0xcd/0x7b0 [ 287.844375][T16594] tomoyo_mount_acl+0x149/0x840 [ 287.849222][T16594] ? __kasan_check_read+0x11/0x20 [ 287.854242][T16594] ? __kasan_check_write+0x14/0x20 [ 287.859351][T16594] ? lock_downgrade+0x920/0x920 [ 287.864199][T16594] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 287.869743][T16594] ? debug_check_no_obj_freed+0xc0/0x43f [ 287.875378][T16594] ? trace_hardirqs_off+0x62/0x240 [ 287.880501][T16594] ? lock_acquire+0x190/0x410 [ 287.885178][T16594] ? tomoyo_mount_permission+0x10a/0x410 [ 287.890812][T16594] tomoyo_mount_permission+0x16a/0x410 [ 287.896266][T16594] ? tomoyo_mount_permission+0x10a/0x410 [ 287.901896][T16594] ? tomoyo_mount_acl+0x840/0x840 [ 287.906914][T16594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 287.913166][T16594] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 287.919399][T16594] ? strncpy_from_user+0x2b4/0x400 [ 287.924499][T16594] tomoyo_sb_mount+0x35/0x40 [ 287.929086][T16594] security_sb_mount+0x87/0xd0 [ 287.933862][T16594] do_mount+0x1d0/0x1d10 [ 287.938108][T16594] ? kasan_kmalloc+0x9/0x10 [ 287.942606][T16594] ? copy_mount_string+0x40/0x40 [ 287.947546][T16594] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 287.953786][T16594] ? copy_mount_options+0x2e8/0x3f0 [ 287.959080][T16594] ksys_mount+0xdb/0x150 [ 287.963318][T16594] __x64_sys_mount+0xbe/0x150 [ 287.967995][T16594] do_syscall_64+0xfa/0x760 [ 287.972528][T16594] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 287.978417][T16594] RIP: 0033:0x45c33a [ 287.982301][T16594] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 287.982309][T16594] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 287.982327][T16594] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 288.018253][T16594] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 288.026224][T16594] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 05:25:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:31 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000180)="b3208e7055eba39f91e7bdb8d845a2857140543c2c3b7bebdf8bab17fbb0e2ea40c36d81d8", 0x25, 0xfffffffffffffff9) r1 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r1) keyctl$link(0x8, r0, r1) r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000180)="b3208e7055eba39f91e7bdb8d845a2857140543c2c3b7bebdf8bab17fbb0e2ea40c36d81d8", 0x25, 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r3) keyctl$link(0x8, r2, r3) r4 = add_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RLERRORu(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000007ffff0f008d9ad385ff9ca7eaf6abe39653d4"], 0x17) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@noextend='noextend'}]}}) keyctl$KEYCTL_MOVE(0x1e, r0, r3, r4, 0x1) r7 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000000)={0x0, 0xf000000, &(0x7f0000000080)={&(0x7f00000001c0)={0x5c, r9, 0x1, 0x0, 0x0, {}, [{{0x8, 0x1, r10}, {0x40, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8}}}]}}]}, 0x5c}}, 0x0) r11 = getpgrp(0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000040)={0x2, r11}) fcntl$setsig(r7, 0xa, 0x11) fcntl$setlease(r7, 0x400, 0x0) fcntl$setlease(r7, 0x400, 0x2) connect$rxrpc(r7, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1d}}}, 0x24) open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) 05:25:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 288.034193][T16594] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 288.042157][T16594] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:32 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:32 executing program 5: r0 = msgget$private(0x0, 0x0) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x4000, r1, 0x0, 0x0, 0x0, 0x1e73ba1c38ddfbd1}, 0xdd, 0x0, 0x0, 0x0, 0xfffffffffffffffc}) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0108000000000000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x3f, 0x40) ioctl$CAPI_GET_FLAGS(r2, 0x80044323, &(0x7f0000000080)) [ 288.090110][T16737] 9pnet: p9_errstr2errno: server reported unknown error šÓ…ÿœ§êö«ã–SÔ 05:25:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 288.135855][T16739] binder: BINDER_SET_CONTEXT_MGR already set [ 288.141860][T16739] binder: 16738:16739 ioctl 40046207 0 returned -16 [ 288.153905][T16792] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 288.206311][T16737] 9pnet: p9_errstr2errno: server reported unknown error šÓ…ÿœ§êö«ã–SÔ [ 288.231369][T16850] binder: BINDER_SET_CONTEXT_MGR already set [ 288.238683][T16594] FAT-fs (loop1): bogus number of reserved sectors [ 288.245836][T16594] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:32 executing program 1 (fault-call:0 fault-nth:51): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:32 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000180000000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 288.253055][T16850] binder: 16849:16850 ioctl 40046207 0 returned -16 [ 288.267899][T16848] netlink: 'syz-executor.3': attribute type 3 has an invalid length. 05:25:32 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[], 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 288.349400][T16859] binder: BINDER_SET_CONTEXT_MGR already set [ 288.378523][T16863] FAULT_INJECTION: forcing a failure. [ 288.378523][T16863] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 288.378695][T16859] binder: 16857:16859 ioctl 40046207 0 returned -16 05:25:32 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x214200) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/99], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 288.391826][T16863] CPU: 0 PID: 16863 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 288.391836][T16863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 288.391840][T16863] Call Trace: [ 288.391860][T16863] dump_stack+0x172/0x1f0 [ 288.391878][T16863] should_fail.cold+0xa/0x15 [ 288.391893][T16863] ? fault_create_debugfs_attr+0x180/0x180 [ 288.391914][T16863] ? stack_trace_save+0xac/0xe0 [ 288.439970][T16863] ? stack_trace_consume_entry+0x190/0x190 [ 288.445781][T16863] should_fail_alloc_page+0x50/0x60 [ 288.451069][T16863] __alloc_pages_nodemask+0x1a1/0x900 [ 288.456445][T16863] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 288.462168][T16863] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 288.467795][T16863] ? __kasan_check_read+0x11/0x20 [ 288.472838][T16863] ? fault_create_debugfs_attr+0x180/0x180 [ 288.473011][T16971] binder: BINDER_SET_CONTEXT_MGR already set [ 288.478642][T16863] cache_grow_begin+0x90/0xd20 [ 288.478657][T16863] ? getname_flags+0xd6/0x5b0 [ 288.478672][T16863] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 05:25:32 executing program 3: membarrier(0x1, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a85323, &(0x7f0000000080)={{0x1, 0x7}, 'port0\x00', 0x80, 0x60002, 0x8000, 0x1, 0x9, 0x6, 0xff, 0x0, 0x2, 0x76e}) r2 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0305302, &(0x7f0000000000)) 05:25:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/99], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 288.478691][T16863] kmem_cache_alloc+0x64e/0x710 [ 288.492195][T16971] binder: 16969:16971 ioctl 40046207 0 returned -16 [ 288.494051][T16863] getname_flags+0xd6/0x5b0 [ 288.494066][T16863] user_path_at_empty+0x2f/0x50 [ 288.494081][T16863] do_mount+0x14e/0x1d10 [ 288.494098][T16863] ? kasan_kmalloc+0x9/0x10 [ 288.529748][T16863] ? copy_mount_string+0x40/0x40 [ 288.534695][T16863] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 288.541460][T16863] ? copy_mount_options+0x2e8/0x3f0 05:25:32 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/99], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 288.546920][T16863] ksys_mount+0xdb/0x150 [ 288.551163][T16863] __x64_sys_mount+0xbe/0x150 [ 288.555189][T16976] binder: BINDER_SET_CONTEXT_MGR already set [ 288.555838][T16863] do_syscall_64+0xfa/0x760 [ 288.555858][T16863] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 288.561939][T16976] binder: 16974:16976 ioctl 40046207 0 returned -16 [ 288.566385][T16863] RIP: 0033:0x45c33a [ 288.566399][T16863] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 288.566406][T16863] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 288.566419][T16863] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 288.566427][T16863] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 288.566434][T16863] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 288.566447][T16863] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 288.611843][T16980] binder: BINDER_SET_CONTEXT_MGR already set 05:25:32 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0109000000000000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = msgget$private(0x0, 0x98) r4 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r5) r6 = getpid() r7 = getpgid(0xffffffffffffffff) msgctl$IPC_SET(r3, 0x1, &(0x7f0000000380)={{0x9, r5, 0x0, r1, r2, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r6, r7}) msgctl$IPC_RMID(r3, 0x0) [ 288.619656][T16863] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 288.681522][T16980] binder: 16978:16980 ioctl 40046207 0 returned -16 05:25:32 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[], 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 288.824508][T16863] FAT-fs (loop1): bogus number of reserved sectors [ 288.831132][T16863] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:33 executing program 1 (fault-call:0 fault-nth:52): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:33 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r2, 0xc0305302, &(0x7f0000000100)) 05:25:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/101], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:33 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0x3, 0x0) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000280)=0x1, 0x4) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r3) r4 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_PKEY_QUERY(0x18, r4, 0x0, &(0x7f0000000180)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', &(0x7f0000000200)) r5 = dup2(0xffffffffffffffff, r1) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f0000000040)=0x9) msgctl$IPC_RMID(r0, 0x0) 05:25:33 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[], 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 288.980964][T16991] binder: BINDER_SET_CONTEXT_MGR already set 05:25:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_REFRESH(r0, 0x2402, 0x6) [ 289.022899][T16991] binder: 16990:16991 ioctl 40046207 0 returned -16 05:25:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/101], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:33 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000080)) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000140)={0x3, 0x20, 0x2, 'queue1\x00', 0x9748}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/rt6_stats\x00') ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000100)=0xe56) 05:25:33 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 289.230870][T17110] binder: BINDER_SET_CONTEXT_MGR already set [ 289.250363][T17110] binder: 17109:17110 ioctl 40046207 0 returned -16 05:25:33 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/101], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0), 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 289.393356][T17119] binder: BINDER_SET_CONTEXT_MGR already set [ 289.406275][T17119] binder: 17118:17119 ioctl 40046207 0 returned -16 [ 289.495105][T17120] FAULT_INJECTION: forcing a failure. [ 289.495105][T17120] name failslab, interval 1, probability 0, space 0, times 0 [ 289.536307][T17120] CPU: 1 PID: 17120 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 289.545005][T17120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 289.555061][T17120] Call Trace: [ 289.558355][T17120] dump_stack+0x172/0x1f0 [ 289.562687][T17120] should_fail.cold+0xa/0x15 [ 289.567279][T17120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.573524][T17120] ? fault_create_debugfs_attr+0x180/0x180 [ 289.579326][T17120] ? fault_create_debugfs_attr+0x180/0x180 [ 289.585132][T17120] ? ___might_sleep+0x163/0x2c0 [ 289.589980][T17120] __should_failslab+0x121/0x190 [ 289.594922][T17120] should_failslab+0x9/0x14 [ 289.599420][T17120] __kmalloc+0x2e0/0x770 [ 289.603658][T17120] ? kasan_kmalloc+0x9/0x10 [ 289.608161][T17120] ? __kmalloc+0x351/0x770 [ 289.612575][T17120] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 289.618292][T17120] tomoyo_realpath_from_path+0xcd/0x7b0 [ 289.623841][T17120] tomoyo_mount_acl+0x149/0x840 [ 289.628684][T17120] ? __kasan_check_read+0x11/0x20 [ 289.633702][T17120] ? __kasan_check_write+0x14/0x20 [ 289.638807][T17120] ? lock_downgrade+0x920/0x920 [ 289.643654][T17120] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 289.649195][T17120] ? debug_check_no_obj_freed+0xc0/0x43f [ 289.654829][T17120] ? trace_hardirqs_off+0x62/0x240 [ 289.659940][T17120] ? lock_acquire+0x190/0x410 [ 289.664612][T17120] ? tomoyo_mount_permission+0x10a/0x410 [ 289.670244][T17120] tomoyo_mount_permission+0x16a/0x410 [ 289.675716][T17120] ? tomoyo_mount_permission+0x10a/0x410 [ 289.681338][T17120] ? tomoyo_mount_acl+0x840/0x840 [ 289.686363][T17120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.692607][T17120] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 289.698844][T17120] ? strncpy_from_user+0x2b4/0x400 [ 289.703949][T17120] tomoyo_sb_mount+0x35/0x40 [ 289.708538][T17120] security_sb_mount+0x87/0xd0 [ 289.713298][T17120] do_mount+0x1d0/0x1d10 [ 289.717543][T17120] ? retint_kernel+0x2b/0x2b [ 289.722125][T17120] ? copy_mount_string+0x40/0x40 [ 289.727058][T17120] ? copy_mount_options+0x260/0x3f0 [ 289.732254][T17120] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 289.738488][T17120] ? copy_mount_options+0x2e8/0x3f0 [ 289.743683][T17120] ksys_mount+0xdb/0x150 [ 289.747921][T17120] __x64_sys_mount+0xbe/0x150 [ 289.752680][T17120] do_syscall_64+0xfa/0x760 [ 289.757181][T17120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 289.763159][T17120] RIP: 0033:0x45c33a [ 289.767048][T17120] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 289.786647][T17120] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 289.795053][T17120] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 289.803034][T17120] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 289.811003][T17120] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 289.818969][T17120] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 289.827284][T17120] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 289.916433][T17120] ERROR: Out of memory at tomoyo_realpath_from_path. 05:25:34 executing program 1 (fault-call:0 fault-nth:53): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:34 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) fcntl$dupfd(r0, 0x0, r0) 05:25:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) fsetxattr(0xffffffffffffffff, &(0x7f0000000080)=@known='user.syz\x00', &(0x7f00000000c0)='/dev/snd/seq\x00', 0xd, 0x1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000100)) 05:25:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0), 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:34 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00r)f'], 0x8, 0x0) r1 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r1, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)='vmnet1\x8feth1-{*\x00'}, 0x30) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000ac0)='/dev/audio\x00', 0x492080, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000001140)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000001240)=0xe8) r4 = getegid() r5 = dup(0xffffffffffffffff) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = gettid() r8 = getegid() r9 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) fchmod(r9, 0x138) fsetxattr$system_posix_acl(r9, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [{0x2, 0x1}, {}], {0x4, 0x1}, [{0x8, 0x1}, {}, {0x8, 0x6, r8}, {0x8, 0x4}], {0x10, 0x1}, {0x20, 0x4}}, 0x54, 0x1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001100)=[{&(0x7f00000000c0)={0x810, 0x42, 0x2, 0x70bd27, 0x0, "", [@generic="ba3fa6f66f62c9bbfdd98520b6a607fe619d41ea32ebe34c27a87b72a8c8a73310f5340bf8607bc907bd8c58808409b861b84eaae363e27eddd334144d63e4f0b518f9619114b8e3ba25b67b86fd4c12d60bb55831c0c79c60d43de088620c6dd7ab23b94a4b5f4d755b2ef36952add583bcc35d9ef2e8dc0f29a9b8eef7972bc1ca854301bedf50694a41f320b7ac5517f41d5072ecee6375d71b14cbc64eb416272e9d4cb549cc69dd297640821210a1d187de203a067e56750cf56bf64b33b346141c42394d6bc41d05dc8490d3225712ea367667328b37acd19fa4ff10b4bb526ffa805afc42381b3da56e6dd9f440c163f6917dc002ef987c0e0a0bb51b1acc33155b178a77d75d8cc483613b2f8a47f619e6de7b86852f574780619ddb130ebbd24a897fb202567bfa944d561fdb19461b3481aa4c3f048089f983a547959ca6799433d581472fe5a75ef637f2cc0956faee63c2a8230fe3203924e629570ed6c6b25841f987a5af01e11cf8cb6710b1c567daee534b95bc2146d09a7b323823cd65d64426d7ee83ec7be0ca83dfac16c3f53e81a1a936964495078a56a818e7865aa1ff8a14fb712d221cebf53217461f7a8599a105e8e904144e68ea51cd71946e76921ec598aad55a963a1aa0c4b2271aee16b49f7cd3a7f1f8a1cfcdccbe418501c34b3781bdd11233967b0d8a359a85ac04e1b35fac7e30eb14fdbd68c73f6c6e0d6be6aeed646c73648064532c5fcec145647202b8f3bf1776ed6953c2a5e068f78dae2b91cff410cd2a1a316b75adf70246194fb395dc16cdbb68b61d9619c2be037a56cfbacb0ffa407e19632922f78100a546a035e4d012f1317300c65db81fbf82a83099c7412247c799f909b296a568a1021857ca894f08c19c1baa26e2a3f610d7ee3da54f89fb3481e20630475522fa0c02d04f60d17f9cd90ea8d7ae223bc75fb21c42e21961615d711846223d605f52dcf9902e89c2a055d1906bd9d20ffc33db5356c124eca7142b0f875752a2476f5098ccf1c1fce52507b3e6fa3f80ffe16ff45f9d4eb9c3eb1d302d736539225396889761e7ada23c28824fce786ebfddd6ed0042fcb6ce4447e77a72ec63e1f3a4595bb7a717c7796f6f981c2c098177df3d83923acdff548a380c12f42f397fcb36cf05c5887c8a2cebcfa93a3b6256f42202b60b0d7dcbacaf14d9c5ad9cf765dac5802b140cb22fbe41ac6e585d320a24971f009c39288ce6a4d83ea4eed9f0b0fb641d3556826b43923148a8bf1dfdaca421a82b2207b84f2cd02fe2fa9161e8c04b961f97dafa773905c99c51e0b360c786539e89f2d3fc0c9a56454baa7fec40280c716f38232471881bc4060e54be1588f9f0d2521b386b592c1ea4b9552123f13c5724cae290e6cb7d2a90ca5bcc799774a1a8fce9fdf2679be8b6952505fbeaf3f6d2aa7178d22dfe79349381b8a482561ac4e95ca207e86f7d56a9e2ea3b682c4d833fd9b65d0d91b2fb8bc8feef96d247dc79a08a5dafd0cc86551fd0352562079abe950f39d05d2bb1f651de696680d313b224b197d48bed9a0ed4240d17b3c876440b181d2145ab5c895cd24d29018f673811fd808610e15b1625ca3b0e0d69f0fbcd6d4f9c66edd080a9e4c1c88f3767c2f7183a957861f772b2dac372dc11e1409ed112ead3a939ca4b2df8bb8b1539fb031c6fba066ee3f2159731d97885118ab830b42b59d9ed7b43462d6370d30a6942d6ba16f0bdc71f661e476491bb8deefd411b0e4f3df692f6fb71adec70d807d013d73bee7837929baa2c4a17107ab6a4c0ab14a3624768b167e8144b555443c3b89a108e5dcc118d12e62e45f770967ac77bdaf86cb131fc39ac6055d362ae4f600db0afd8214b2395efb192b76ce42c87849d2fcfadf64a7e6e83de25f3b8efc3839e09807f477fe83f5113230f3b34747f10424acb71fbd46709cd820cbe2c868b0a85269f00e2b889f541c809d7a8aa19ac9092593a53a95d75db0dbd7b33da7f43cc9f6d9bb679ea86510cc293adc7c174d1dab8eb94b591ce805add8eefb3abd79870a19fa411ae23cf97c868b944c8dd1364a1ed16adb73176b1ad9d715d09f3d048b2dd2c3fab4a99c75675acd50703bfafdac5cc0b3fef90b4c3463d2a114af149ce577ab74608cc844bd27f0918a0d83f58eaf3623180e9a0034db3b05a0259ef0dc754f290f586ba8e78673440b5d5956c20cfa29ae01e184a8bcee520a7f99c260653202ae8b7799e453e352c8bdb3fa37c189d2d64523bb355e21fef2085e564d3fc4568617ab0d06430c1f082183e140100236b966bd80c6bdd3c5def8d98f4ad5b373d935750c1e6748a931cbc80b267ffd24e5b3c1d41aa620559ea7916e8780b89cebf7d76cc528a6daadd6f7d96be7a20df6b5964bee644459b4c626ce98c10a2cc4497f69fe9a70dd5f083f4f9fd71f23aafb337d0da653acad9bf6f7ac7b852bbc59b67ac7a0ac0fa6fe1a0c95cc2ee073b8200894e8ee76b7f64b6228d9f8f7d1c0172f461175014e5f42a141a857272d21e057f4fefeec41f0fbb316e82243ca905fb2bbc7e68dcb4db476b500e815501c99023d04e214b31729cb4d33e17072c9bac0647cceaf36fe4ef2f1c02c5cd17598f806e5816701a0312d23f2745e84475ccf257168d349383cd4e163be45ab3b7cef4931dcad17fdfe550a113e751b18edc6e86325817555c3ecaf0e707989267baff1046813b43f5ddccd6fdee83e113a9026e31e7a289b9260d32f6790cade4702ebb150e0cb45eefc515a7b972f28e689ff35bc455dd972ddde56077ac9ac7a3b4cb6f32185a1722f5dcb5fbe87c77bc0e78857fe65a6b18aacd7115c797d359e2e0548a03c60f4e3c7fd6ad74584744"]}, 0x810}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r1, r3, r4}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r5]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r6, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r7, 0x0, r8}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0xb8, 0x40000}, 0x8000) r10 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r11 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r11, 0x40042408, r12) ioctl$PERF_EVENT_IOC_SET_BPF(r10, 0x40042408, r12) fstat(r12, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) r14 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r14, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") getsockopt$inet_IP_IPSEC_POLICY(r14, 0x0, 0x10, &(0x7f0000000100)={{{@in6=@empty, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@broadcast}}, &(0x7f0000000200)=0xe8) r16 = getuid() r17 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r17, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)='vmnet1\x8feth1-{*\x00'}, 0x30) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001140)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000001240)=0xe8) r19 = getegid() r20 = dup(0xffffffffffffffff) r21 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r22 = gettid() r23 = getegid() r24 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) fchmod(r24, 0x138) fsetxattr$system_posix_acl(r24, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [{0x2, 0x1}, {}], {0x4, 0x1}, [{0x8, 0x1}, {}, {0x8, 0x6, r23}, {0x8, 0x4}], {0x10, 0x1}, {0x20, 0x4}}, 0x54, 0x1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001100)=[{&(0x7f00000000c0)={0x810, 0x42, 0x2, 0x70bd27, 0x0, "", [@generic="ba3fa6f66f62c9bbfdd98520b6a607fe619d41ea32ebe34c27a87b72a8c8a73310f5340bf8607bc907bd8c58808409b861b84eaae363e27eddd334144d63e4f0b518f9619114b8e3ba25b67b86fd4c12d60bb55831c0c79c60d43de088620c6dd7ab23b94a4b5f4d755b2ef36952add583bcc35d9ef2e8dc0f29a9b8eef7972bc1ca854301bedf50694a41f320b7ac5517f41d5072ecee6375d71b14cbc64eb416272e9d4cb549cc69dd297640821210a1d187de203a067e56750cf56bf64b33b346141c42394d6bc41d05dc8490d3225712ea367667328b37acd19fa4ff10b4bb526ffa805afc42381b3da56e6dd9f440c163f6917dc002ef987c0e0a0bb51b1acc33155b178a77d75d8cc483613b2f8a47f619e6de7b86852f574780619ddb130ebbd24a897fb202567bfa944d561fdb19461b3481aa4c3f048089f983a547959ca6799433d581472fe5a75ef637f2cc0956faee63c2a8230fe3203924e629570ed6c6b25841f987a5af01e11cf8cb6710b1c567daee534b95bc2146d09a7b323823cd65d64426d7ee83ec7be0ca83dfac16c3f53e81a1a936964495078a56a818e7865aa1ff8a14fb712d221cebf53217461f7a8599a105e8e904144e68ea51cd71946e76921ec598aad55a963a1aa0c4b2271aee16b49f7cd3a7f1f8a1cfcdccbe418501c34b3781bdd11233967b0d8a359a85ac04e1b35fac7e30eb14fdbd68c73f6c6e0d6be6aeed646c73648064532c5fcec145647202b8f3bf1776ed6953c2a5e068f78dae2b91cff410cd2a1a316b75adf70246194fb395dc16cdbb68b61d9619c2be037a56cfbacb0ffa407e19632922f78100a546a035e4d012f1317300c65db81fbf82a83099c7412247c799f909b296a568a1021857ca894f08c19c1baa26e2a3f610d7ee3da54f89fb3481e20630475522fa0c02d04f60d17f9cd90ea8d7ae223bc75fb21c42e21961615d711846223d605f52dcf9902e89c2a055d1906bd9d20ffc33db5356c124eca7142b0f875752a2476f5098ccf1c1fce52507b3e6fa3f80ffe16ff45f9d4eb9c3eb1d302d736539225396889761e7ada23c28824fce786ebfddd6ed0042fcb6ce4447e77a72ec63e1f3a4595bb7a717c7796f6f981c2c098177df3d83923acdff548a380c12f42f397fcb36cf05c5887c8a2cebcfa93a3b6256f42202b60b0d7dcbacaf14d9c5ad9cf765dac5802b140cb22fbe41ac6e585d320a24971f009c39288ce6a4d83ea4eed9f0b0fb641d3556826b43923148a8bf1dfdaca421a82b2207b84f2cd02fe2fa9161e8c04b961f97dafa773905c99c51e0b360c786539e89f2d3fc0c9a56454baa7fec40280c716f38232471881bc4060e54be1588f9f0d2521b386b592c1ea4b9552123f13c5724cae290e6cb7d2a90ca5bcc799774a1a8fce9fdf2679be8b6952505fbeaf3f6d2aa7178d22dfe79349381b8a482561ac4e95ca207e86f7d56a9e2ea3b682c4d833fd9b65d0d91b2fb8bc8feef96d247dc79a08a5dafd0cc86551fd0352562079abe950f39d05d2bb1f651de696680d313b224b197d48bed9a0ed4240d17b3c876440b181d2145ab5c895cd24d29018f673811fd808610e15b1625ca3b0e0d69f0fbcd6d4f9c66edd080a9e4c1c88f3767c2f7183a957861f772b2dac372dc11e1409ed112ead3a939ca4b2df8bb8b1539fb031c6fba066ee3f2159731d97885118ab830b42b59d9ed7b43462d6370d30a6942d6ba16f0bdc71f661e476491bb8deefd411b0e4f3df692f6fb71adec70d807d013d73bee7837929baa2c4a17107ab6a4c0ab14a3624768b167e8144b555443c3b89a108e5dcc118d12e62e45f770967ac77bdaf86cb131fc39ac6055d362ae4f600db0afd8214b2395efb192b76ce42c87849d2fcfadf64a7e6e83de25f3b8efc3839e09807f477fe83f5113230f3b34747f10424acb71fbd46709cd820cbe2c868b0a85269f00e2b889f541c809d7a8aa19ac9092593a53a95d75db0dbd7b33da7f43cc9f6d9bb679ea86510cc293adc7c174d1dab8eb94b591ce805add8eefb3abd79870a19fa411ae23cf97c868b944c8dd1364a1ed16adb73176b1ad9d715d09f3d048b2dd2c3fab4a99c75675acd50703bfafdac5cc0b3fef90b4c3463d2a114af149ce577ab74608cc844bd27f0918a0d83f58eaf3623180e9a0034db3b05a0259ef0dc754f290f586ba8e78673440b5d5956c20cfa29ae01e184a8bcee520a7f99c260653202ae8b7799e453e352c8bdb3fa37c189d2d64523bb355e21fef2085e564d3fc4568617ab0d06430c1f082183e140100236b966bd80c6bdd3c5def8d98f4ad5b373d935750c1e6748a931cbc80b267ffd24e5b3c1d41aa620559ea7916e8780b89cebf7d76cc528a6daadd6f7d96be7a20df6b5964bee644459b4c626ce98c10a2cc4497f69fe9a70dd5f083f4f9fd71f23aafb337d0da653acad9bf6f7ac7b852bbc59b67ac7a0ac0fa6fe1a0c95cc2ee073b8200894e8ee76b7f64b6228d9f8f7d1c0172f461175014e5f42a141a857272d21e057f4fefeec41f0fbb316e82243ca905fb2bbc7e68dcb4db476b500e815501c99023d04e214b31729cb4d33e17072c9bac0647cceaf36fe4ef2f1c02c5cd17598f806e5816701a0312d23f2745e84475ccf257168d349383cd4e163be45ab3b7cef4931dcad17fdfe550a113e751b18edc6e86325817555c3ecaf0e707989267baff1046813b43f5ddccd6fdee83e113a9026e31e7a289b9260d32f6790cade4702ebb150e0cb45eefc515a7b972f28e689ff35bc455dd972ddde56077ac9ac7a3b4cb6f32185a1722f5dcb5fbe87c77bc0e78857fe65a6b18aacd7115c797d359e2e0548a03c60f4e3c7fd6ad74584744"]}, 0x810}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r17, r18, r19}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r20]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r21, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r22, 0x0, r23}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0xb8, 0x40000}, 0x8000) r25 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r26 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r25, 0x40042408, r26) fstat(r25, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000002c0)={{}, {0x1, 0x8}, [{0x2, 0x4, r3}, {0x2, 0x2, r13}, {0x2, 0x1, r15}, {0x2, 0xd4747515fd5f16df, r16}], {0x4, 0x7}, [{0x8, 0x2, r19}, {0x8, 0x0, r27}], {0x10, 0x1}, {0x20, 0x1}}, 0x54, 0x3) msgctl$IPC_RMID(r0, 0x0) 05:25:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) fcntl$dupfd(r0, 0x0, r0) 05:25:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f00000000c0)) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400000, 0x0) r2 = accept(r1, &(0x7f0000000180)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0xfffffd56) ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000140)) [ 290.013984][T17234] binder: BINDER_SET_CONTEXT_MGR already set [ 290.025907][T17234] binder: 17226:17234 ioctl 40046207 0 returned -16 [ 290.076350][T17239] FAULT_INJECTION: forcing a failure. [ 290.076350][T17239] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 290.089580][T17239] CPU: 1 PID: 17239 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 290.089596][T17239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.108294][T17239] Call Trace: [ 290.108318][T17239] dump_stack+0x172/0x1f0 [ 290.108336][T17239] should_fail.cold+0xa/0x15 [ 290.108350][T17239] ? fault_create_debugfs_attr+0x180/0x180 [ 290.108366][T17239] ? stack_trace_save+0xac/0xe0 [ 290.108384][T17239] ? stack_trace_consume_entry+0x190/0x190 [ 290.108401][T17239] should_fail_alloc_page+0x50/0x60 [ 290.108412][T17239] __alloc_pages_nodemask+0x1a1/0x900 [ 290.108423][T17239] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 290.108434][T17239] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 290.108444][T17239] ? __kasan_check_read+0x11/0x20 [ 290.108459][T17239] ? fault_create_debugfs_attr+0x180/0x180 [ 290.108473][T17239] cache_grow_begin+0x90/0xd20 [ 290.108492][T17239] ? getname_flags+0xd6/0x5b0 [ 290.152639][T17299] binder: BINDER_SET_CONTEXT_MGR already set [ 290.153488][T17239] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 290.153506][T17239] kmem_cache_alloc+0x64e/0x710 [ 290.153523][T17239] getname_flags+0xd6/0x5b0 [ 290.153537][T17239] user_path_at_empty+0x2f/0x50 [ 290.153551][T17239] do_mount+0x14e/0x1d10 [ 290.153563][T17239] ? kasan_kmalloc+0x9/0x10 [ 290.153582][T17239] ? copy_mount_string+0x40/0x40 [ 290.165804][T17299] binder: 17252:17299 ioctl 40046207 0 returned -16 [ 290.170038][T17239] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.170059][T17239] ? copy_mount_options+0x2e8/0x3f0 [ 290.237278][T17239] ksys_mount+0xdb/0x150 [ 290.241508][T17239] __x64_sys_mount+0xbe/0x150 [ 290.246178][T17239] do_syscall_64+0xfa/0x760 [ 290.250667][T17239] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 290.256537][T17239] RIP: 0033:0x45c33a [ 290.260413][T17239] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 290.279993][T17239] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 290.288380][T17239] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 290.296332][T17239] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 290.304283][T17239] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 290.312230][T17239] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 290.320179][T17239] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) fcntl$dupfd(r0, 0x0, r0) 05:25:34 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:34 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000080)={'NETMAP\x00'}, &(0x7f00000000c0)=0x1e) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 290.349505][T17239] FAT-fs (loop1): bogus number of reserved sectors [ 290.380121][T17239] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:34 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) [ 290.416432][T17354] binder: BINDER_SET_CONTEXT_MGR already set [ 290.422590][T17354] binder: 17353:17354 ioctl 40046207 0 returned -16 05:25:34 executing program 1 (fault-call:0 fault-nth:54): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:34 executing program 3: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) 05:25:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0), 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 290.541131][T17366] FAULT_INJECTION: forcing a failure. [ 290.541131][T17366] name failslab, interval 1, probability 0, space 0, times 0 [ 290.543747][T17364] binder: BINDER_SET_CONTEXT_MGR already set [ 290.575343][T17366] CPU: 0 PID: 17366 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 290.584038][T17366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 290.594175][T17366] Call Trace: [ 290.597459][T17366] dump_stack+0x172/0x1f0 [ 290.601785][T17366] should_fail.cold+0xa/0x15 [ 290.606390][T17366] ? fault_create_debugfs_attr+0x180/0x180 [ 290.608764][T17364] binder: 17362:17364 ioctl 40046207 0 returned -16 [ 290.612206][T17366] ? ___might_sleep+0x163/0x2c0 [ 290.612229][T17366] __should_failslab+0x121/0x190 [ 290.628577][T17366] should_failslab+0x9/0x14 [ 290.633086][T17366] __kmalloc+0x2e0/0x770 [ 290.637334][T17366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.643571][T17366] ? d_absolute_path+0x11b/0x170 [ 290.648503][T17366] ? __d_path+0x140/0x140 [ 290.652829][T17366] ? tomoyo_encode2.part.0+0xf5/0x400 [ 290.658257][T17366] tomoyo_encode2.part.0+0xf5/0x400 [ 290.663459][T17366] tomoyo_encode+0x2b/0x50 [ 290.667872][T17366] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 290.673528][T17366] tomoyo_mount_acl+0x149/0x840 [ 290.678390][T17366] ? __kasan_check_read+0x11/0x20 [ 290.683420][T17366] ? __kasan_check_write+0x14/0x20 [ 290.688538][T17366] ? lock_downgrade+0x920/0x920 [ 290.693390][T17366] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 290.698931][T17366] ? debug_check_no_obj_freed+0xc0/0x43f [ 290.704564][T17366] ? trace_hardirqs_off+0x62/0x240 [ 290.709684][T17366] ? lock_acquire+0x190/0x410 [ 290.714355][T17366] ? tomoyo_mount_permission+0x10a/0x410 [ 290.719985][T17366] tomoyo_mount_permission+0x16a/0x410 [ 290.725439][T17366] ? tomoyo_mount_permission+0x10a/0x410 [ 290.731073][T17366] ? tomoyo_mount_acl+0x840/0x840 [ 290.736101][T17366] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 290.742344][T17366] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 290.748582][T17366] ? strncpy_from_user+0x2b4/0x400 [ 290.753688][T17366] tomoyo_sb_mount+0x35/0x40 [ 290.758278][T17366] security_sb_mount+0x87/0xd0 [ 290.763040][T17366] do_mount+0x1d0/0x1d10 [ 290.767284][T17366] ? kasan_kmalloc+0x9/0x10 [ 290.771781][T17366] ? copy_mount_string+0x40/0x40 [ 290.776718][T17366] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 290.782954][T17366] ? copy_mount_options+0x2e8/0x3f0 [ 290.788153][T17366] ksys_mount+0xdb/0x150 [ 290.792398][T17366] __x64_sys_mount+0xbe/0x150 [ 290.797164][T17366] do_syscall_64+0xfa/0x760 [ 290.801667][T17366] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 290.807552][T17366] RIP: 0033:0x45c33a [ 290.811444][T17366] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 290.831042][T17366] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 290.839445][T17366] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 290.847413][T17366] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 290.855376][T17366] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 290.863337][T17366] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 290.871302][T17366] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 290.883495][T17366] ERROR: Out of memory at tomoyo_realpath_from_path. 05:25:35 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="11dca5055e0bcffe7bf0704fe7e680c7ca023de3e228e40cd66ede25e35cb39417c03702454438309d50921832f239a9fd8df7f2a9b28a84e1c9415935e40a08279c96cc98f50af0e6f169e255c8110af8d436ce9d18de6379b0ac82add4ab8a660764") ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'bridge_slave_1\x00', {0x2, 0x4e23, @broadcast}}) msgctl$IPC_RMID(r0, 0x0) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000080)=0x49) 05:25:35 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='H'], 0x1) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) 05:25:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000100)) r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x64f, 0x82) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f00000000c0)=""/47) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) 05:25:35 executing program 1 (fault-call:0 fault-nth:55): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 290.984462][T17390] binder: BINDER_SET_CONTEXT_MGR already set [ 291.010657][T17390] binder: 17389:17390 ioctl 40046207 0 returned -16 05:25:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) 05:25:35 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r1, 0x40186f40, 0x7600f4) r2 = socket(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000000)=r4, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000240)={r4, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={r4, 0x1, 0xbd4}, &(0x7f0000000100)=0x8) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:35 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='H'], 0x1) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) 05:25:35 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = fcntl$getown(0xffffffffffffffff, 0x9) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fstat(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = msgget$private(0x0, 0x98) r7 = socket$l2tp(0x18, 0x1, 0x1) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0}, &(0x7f0000000000)=0xc) setfsuid(r8) r9 = getpid() r10 = getpgid(0xffffffffffffffff) msgctl$IPC_SET(r6, 0x1, &(0x7f0000000380)={{0x9, r8, 0x0, r4, r5, 0x106, 0x9}, 0x1, 0xbc, 0x4, 0x0, 0x64e, 0x6, r9, r10}) msgctl$IPC_SET(r6, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, r1, r3}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 291.137423][T17488] binder: BINDER_SET_CONTEXT_MGR already set [ 291.160313][T17488] binder: 17487:17488 ioctl 40046207 0 returned -16 05:25:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:35 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000040)=""/28) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="faffffff03000000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) [ 291.259209][T17498] binder: BINDER_SET_CONTEXT_MGR already set [ 291.280858][T17498] binder: 17496:17498 ioctl 40046207 0 returned -16 [ 291.295916][T17491] FAULT_INJECTION: forcing a failure. [ 291.295916][T17491] name failslab, interval 1, probability 0, space 0, times 0 [ 291.331369][T17491] CPU: 0 PID: 17491 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 291.340328][T17491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.350380][T17491] Call Trace: [ 291.350401][T17491] dump_stack+0x172/0x1f0 [ 291.350423][T17491] should_fail.cold+0xa/0x15 [ 291.362576][T17491] ? debug_check_no_obj_freed+0xc0/0x43f [ 291.368214][T17491] ? fault_create_debugfs_attr+0x180/0x180 [ 291.374043][T17491] ? kernel_init_free_pages+0x120/0x120 [ 291.374057][T17491] ? ___might_sleep+0x163/0x2c0 [ 291.374073][T17491] __should_failslab+0x121/0x190 [ 291.374092][T17491] should_failslab+0x9/0x14 [ 291.393979][T17491] kmem_cache_alloc+0x2aa/0x710 [ 291.398846][T17491] ? __kasan_check_write+0x14/0x20 [ 291.403964][T17491] getname_kernel+0x53/0x370 [ 291.408551][T17491] kern_path+0x20/0x40 [ 291.412621][T17491] tomoyo_mount_acl+0x28c/0x840 [ 291.417470][T17491] ? __kasan_check_read+0x11/0x20 [ 291.422504][T17491] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 291.428051][T17491] ? debug_check_no_obj_freed+0xc0/0x43f [ 291.433681][T17491] ? trace_hardirqs_off+0x62/0x240 [ 291.438808][T17491] ? lock_acquire+0x190/0x410 [ 291.443483][T17491] ? tomoyo_mount_permission+0x10a/0x410 [ 291.449116][T17491] tomoyo_mount_permission+0x16a/0x410 [ 291.454571][T17491] ? tomoyo_mount_permission+0x10a/0x410 [ 291.460199][T17491] ? tomoyo_mount_acl+0x840/0x840 [ 291.465218][T17491] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 291.471458][T17491] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 291.477692][T17491] ? strncpy_from_user+0x2b4/0x400 [ 291.482802][T17491] tomoyo_sb_mount+0x35/0x40 [ 291.487388][T17491] security_sb_mount+0x87/0xd0 [ 291.492147][T17491] do_mount+0x1d0/0x1d10 [ 291.496390][T17491] ? kasan_kmalloc+0x9/0x10 [ 291.500891][T17491] ? copy_mount_string+0x40/0x40 [ 291.505837][T17491] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 291.512078][T17491] ? copy_mount_options+0x2e8/0x3f0 [ 291.518146][T17491] ksys_mount+0xdb/0x150 [ 291.522435][T17491] __x64_sys_mount+0xbe/0x150 [ 291.527111][T17491] do_syscall_64+0xfa/0x760 [ 291.531623][T17491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 291.537511][T17491] RIP: 0033:0x45c33a [ 291.541402][T17491] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 291.561021][T17491] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 291.569430][T17491] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a 05:25:35 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB='H'], 0x1) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 291.577402][T17491] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 291.585373][T17491] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 291.593339][T17491] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 291.601303][T17491] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:35 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="b6207972906876c3"], 0x8, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x2, 0x80) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10) msgctl$IPC_RMID(r0, 0x0) [ 291.634288][T17609] binder: BINDER_SET_CONTEXT_MGR already set [ 291.640338][T17609] binder: 17603:17609 ioctl 40046207 0 returned -16 05:25:35 executing program 1 (fault-call:0 fault-nth:56): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:35 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) [ 291.742906][T17656] binder: BINDER_SET_CONTEXT_MGR already set [ 291.758396][T17656] binder: 17617:17656 ioctl 40046207 0 returned -16 [ 291.850864][T17724] FAULT_INJECTION: forcing a failure. [ 291.850864][T17724] name failslab, interval 1, probability 0, space 0, times 0 [ 291.863575][T17724] CPU: 0 PID: 17724 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 291.872244][T17724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 291.872250][T17724] Call Trace: [ 291.872270][T17724] dump_stack+0x172/0x1f0 [ 291.872291][T17724] should_fail.cold+0xa/0x15 [ 291.894548][T17724] ? fault_create_debugfs_attr+0x180/0x180 [ 291.900358][T17724] ? ___might_sleep+0x163/0x2c0 [ 291.905208][T17724] __should_failslab+0x121/0x190 [ 291.910143][T17724] should_failslab+0x9/0x14 [ 291.914645][T17724] __kmalloc+0x2e0/0x770 [ 291.918901][T17724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 291.925133][T17724] ? d_absolute_path+0x11b/0x170 [ 291.930064][T17724] ? __d_path+0x140/0x140 [ 291.934409][T17724] ? tomoyo_encode2.part.0+0xf5/0x400 [ 291.939782][T17724] tomoyo_encode2.part.0+0xf5/0x400 [ 291.944978][T17724] tomoyo_encode+0x2b/0x50 [ 291.949394][T17724] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 291.955027][T17724] tomoyo_mount_acl+0x149/0x840 [ 291.959872][T17724] ? __kasan_check_read+0x11/0x20 [ 291.964889][T17724] ? __kasan_check_write+0x14/0x20 [ 291.970001][T17724] ? lock_downgrade+0x920/0x920 [ 291.974849][T17724] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 291.980394][T17724] ? debug_check_no_obj_freed+0xc0/0x43f [ 291.986025][T17724] ? trace_hardirqs_off+0x62/0x240 [ 291.991142][T17724] ? lock_acquire+0x190/0x410 [ 291.995822][T17724] ? tomoyo_mount_permission+0x10a/0x410 [ 292.001452][T17724] tomoyo_mount_permission+0x16a/0x410 [ 292.006910][T17724] ? tomoyo_mount_permission+0x10a/0x410 [ 292.012554][T17724] ? tomoyo_mount_acl+0x840/0x840 [ 292.017585][T17724] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 292.023832][T17724] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 292.030067][T17724] ? strncpy_from_user+0x2b4/0x400 [ 292.035173][T17724] tomoyo_sb_mount+0x35/0x40 [ 292.039765][T17724] security_sb_mount+0x87/0xd0 [ 292.044526][T17724] do_mount+0x1d0/0x1d10 [ 292.048764][T17724] ? kasan_kmalloc+0x9/0x10 [ 292.053263][T17724] ? copy_mount_string+0x40/0x40 [ 292.058205][T17724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 292.064448][T17724] ? copy_mount_options+0x2e8/0x3f0 [ 292.069648][T17724] ksys_mount+0xdb/0x150 [ 292.073893][T17724] __x64_sys_mount+0xbe/0x150 [ 292.078585][T17724] do_syscall_64+0xfa/0x760 [ 292.083095][T17724] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 292.088984][T17724] RIP: 0033:0x45c33a [ 292.092880][T17724] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 292.112999][T17724] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 292.121415][T17724] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 292.129381][T17724] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 292.137346][T17724] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 05:25:36 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) r5 = getpgid(r4) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, r5}) msgsnd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000001649b9758a996a2a8ab6ce995bedb969ae0f4e8aeb203515983a3660e2f98a93713bc13d49c4f1c103e6823d86ab82dc3a993721564a9224f6c9c607846cd53f779da0286aa89f50df63559ab999393fec56be012f536fbccf9d832f57e3505362f14adcc724277cfe25277a8aca48cdd89d4cc36b765e55"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:36 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:36 executing program 2: sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x30000}, 0xc, &(0x7f0000000140), 0x1, 0x0, 0x0, 0x10000014}, 0x40) r0 = syz_open_procfs(0x0, 0x0) ioctl$TIOCSPTLCK(r0, 0x40045431, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x205d6a92b46c1c5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 05:25:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 292.145313][T17724] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 292.153403][T17724] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 [ 292.173901][T17724] ERROR: Out of memory at tomoyo_realpath_from_path. 05:25:36 executing program 3: r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) r2 = syz_open_procfs(r1, &(0x7f0000000100)='fdinfo\x00') setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000140)={0xfff}, 0x4) r3 = getpgrp(0x0) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(0xffffffffffffffff, 0xa, 0x11) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x2) syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0xb3f, 0x2400) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}) r4 = syz_open_dev$sndseq(&(0x7f0000000240)='/dev/snd/seq\x00', 0x0, 0x357503) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc\x11capi/cncci\x00', 0x481, 0x0) r6 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r7 = getpgrp(0x0) fcntl$setownex(r6, 0xf, &(0x7f0000000040)={0x2, r7}) fcntl$setsig(r6, 0xa, 0x11) fcntl$setlease(r6, 0x400, 0x0) fcntl$setlease(r6, 0x400, 0x2) ioctl$sock_inet_sctp_SIOCINQ(r6, 0x541b, &(0x7f00000001c0)) ioctl$VHOST_VSOCK_SET_GUEST_CID(r5, 0x4008af60, &(0x7f00000000c0)={@my=0x1}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r4, 0xc0305302, &(0x7f0000000000)) 05:25:36 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) 05:25:36 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:36 executing program 1 (fault-call:0 fault-nth:57): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:36 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x8, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000300)='/dev/dmmidi#\x00', 0x8, 0x2) setsockopt$ax25_int(r1, 0x101, 0x7, &(0x7f0000000340)=0x17c1ed83, 0x4) msgctl$IPC_RMID(r0, 0x0) 05:25:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) [ 292.347075][T17839] FAULT_INJECTION: forcing a failure. [ 292.347075][T17839] name failslab, interval 1, probability 0, space 0, times 0 [ 292.405056][T17839] CPU: 1 PID: 17839 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 292.413761][T17839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.423809][T17839] Call Trace: [ 292.423830][T17839] dump_stack+0x172/0x1f0 [ 292.423848][T17839] should_fail.cold+0xa/0x15 [ 292.423869][T17839] ? fault_create_debugfs_attr+0x180/0x180 [ 292.441825][T17839] ? nd_jump_link+0x1d0/0x1d0 [ 292.441845][T17839] ? ___might_sleep+0x163/0x2c0 [ 292.451331][T17839] __should_failslab+0x121/0x190 [ 292.456271][T17839] should_failslab+0x9/0x14 [ 292.460780][T17839] __kmalloc+0x2e0/0x770 [ 292.465025][T17839] ? kmem_cache_alloc+0x314/0x710 [ 292.470054][T17839] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 292.475787][T17839] tomoyo_realpath_from_path+0xcd/0x7b0 [ 292.481334][T17839] tomoyo_mount_acl+0x2cc/0x840 [ 292.481353][T17839] ? __kasan_check_read+0x11/0x20 [ 292.491291][T17839] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 292.496834][T17839] ? debug_check_no_obj_freed+0xc0/0x43f [ 292.502467][T17839] ? trace_hardirqs_off+0x62/0x240 [ 292.507592][T17839] ? lock_acquire+0x190/0x410 [ 292.512263][T17839] ? tomoyo_mount_permission+0x10a/0x410 [ 292.512284][T17839] tomoyo_mount_permission+0x16a/0x410 [ 292.523331][T17839] ? tomoyo_mount_permission+0x10a/0x410 [ 292.528969][T17839] ? tomoyo_mount_acl+0x840/0x840 [ 292.533999][T17839] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 292.540248][T17839] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 292.546485][T17839] ? strncpy_from_user+0x2b4/0x400 [ 292.551595][T17839] tomoyo_sb_mount+0x35/0x40 [ 292.556195][T17839] security_sb_mount+0x87/0xd0 [ 292.560949][T17839] do_mount+0x1d0/0x1d10 [ 292.565180][T17839] ? kasan_kmalloc+0x9/0x10 [ 292.569664][T17839] ? copy_mount_string+0x40/0x40 [ 292.574588][T17839] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 292.580807][T17839] ? copy_mount_options+0x2e8/0x3f0 [ 292.585993][T17839] ksys_mount+0xdb/0x150 [ 292.590218][T17839] __x64_sys_mount+0xbe/0x150 [ 292.594878][T17839] do_syscall_64+0xfa/0x760 [ 292.599364][T17839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 292.605231][T17839] RIP: 0033:0x45c33a [ 292.609104][T17839] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 292.628684][T17839] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 292.637070][T17839] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 292.645019][T17839] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 05:25:36 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:36 executing program 2: syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0xfffffffffffff577, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="eb3c906d6b66732e66617400020401ed01000270fff8", 0x16}], 0x10, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000180)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RCLUNK(r2, &(0x7f0000000000)={0x7}, 0x7) fallocate(r2, 0x0, 0x0, 0x2000402) write$UHID_INPUT(r2, &(0x7f0000000300)={0x8, "f69eae3da5429079f845db13264c0e21df7ee5078a26375fb9d1f2e7896055e61e11eba5a1970440b0d379688cf7e0beaedb304d7ed4e8808da9f6deff74dc7747a2e1d7d90132ebf7a19c02c24d5840997ac24d2dc35a542533ad4f6ae4def44c172d872ccd4a9a21e0432a9f3690d284911a4c0f61bdef96e29bc995ae1bbc3ab8aceb11e3092d4933da133b5c0fd20ab8d774fc40b55484b826778ed5b1cd6117bd76a96bc6429cf84ca89faf1ec739f5f69ac9b88d764d8d6883ef0010b2350db575f5ff1705ddb4a0231fd4a95acc636e284fca2aff3bb52584b5004ec5225948f7e9ee71f0c8aa03741d781d247af717beb752140676ac47dceb1420658b01ff43e006777ef0cfa8905c4692fcc757f44d340a52f866c6dffa4e77f77d8ce447cff4dcfdecb8df5c6de230adee4df85178a1f8282a6f2dad25e37a55c096dc69d7d7fb7bd8ab5c89098027396e9e18f2e3cbe939b2e73083d657a93299e4daf9504afdc0c9c373e55f587677ee57bfd2123993c2465fcb2cb2a692454e23cd418878a48bd8a17a65336949b08476c565f3362ae42ae5f878c96f3a7e05593eb3e6b297140f2e77f84a28a7362db7e2951702915273a4334676b2fe70dca4ca8ea4e1c095a878b65e3c7604d52ce29f2ea62201ef0d853b9c844f4537b26a539672345c06d0618f20501b6728309f0b0bb4f4f9c7ec2de3ac63f2412d967385a00d4942452180b23d4324e6a0e09b49f0fb690a413d1083804a0efbc6019d8ed8bd1656f6048b08aa583e7012bdda3ba6602bdc597088da73bcc16b1dcb871a288c6f193243b9b690593440be829012c6b3f04417d8d685aae7820ea5300c4c5697265c6332f7c244a92265cb1217cae18377815d7a9ab55a6ebfad5c95ff436474aa3dd3721ad934b8a98751f32a531bc05c61241981985865a746c0f726579c3ff46816dbcc82fa3b17c87a17801b8ce0a90ceb3942dbc7632e069b8344e56ac1e54c2b7354e85ee6ad43d0f46dbf179d059eaf2b8b1380f3ea92c010e48e8a3f892b2f3840604ed7e05f18416b41c792b2eab18b898806af25cc3589475c82b51fba3b63e47a8c4c131108678b6a1f69c6d6b993afe9352d443498d6ed50bee6fa810f1ff2b0a6a01fb75593650bb72888415532b9b08c5f588c3634162233904e9ccc221a8b4f9035df9097c39ed8e0de8420a8ef00927b6e54a649849056a6b968c207a87f16072d150b6d87019a8aa27855caf9d7bd922119e357f65f9ad55f746d155af7223d9f6c9caa8e51bb056cd36842a0c7fe1733fe47e7d0932bf2bbd839d0750ba2d98de1b45f10183b68292d1afe0c4f5852e54a625ff1796cd6de69d5afac273b1fd9a6f4f34217f8a355a7938a3f809a0478f292f3c2ae489041917751a6f047e93c9a1636d54a82c06a6d561431b929bd115f6472801f27792ac6f9df0281d22e565bfaec6cdd748446712ee0972bf03f4a83edad31190e002a5b7e31490d25ac311a607b751cf6e1e8ea8f955a8e35f6e6566abfe6fc7eeb858f11b7c1da01a8c780bcd54022d7278a1689fa06c6ef42d16275031c63ac222223a5a05a2d44b7620e344192748bbfb0fba6d28b28ca2402f417a8fc60beb1e0987ce1d2a32ffb0333d6bd929dbfc5b1b9e4f5f0cdb4e4a8bc3823c4b7dd2b1e9e1621f930213258f181d8fa96461c36d2b10f5620f224e73211c1ac66b061c58d6012c150f87ab7b05c7a29d3fde3573be470640796facd353cf436a68ca2e1291aad637339448bc9e6bc47dd6fa5f166aaf8eafe55ee30fd923d8e728a7629814922962cf541868c76e58e0c00d18616003cbbcae40135f1de3fd2d79e59d171e583c9f5119d821a775a6c49b6149fda870945ca01103ef22a450a005b7f0c1723d0f5a8651555ff97d500ae8e30d6361a9a3fc8892775fc0a0432c2d7f7e2c5796e7492130353dac9006e3bcd72f9dcb65489905a89ebfae52291515b8641c01a988331c9e9dc57887cb4b38847f236cb36915e0387883a68ede0c52d0e627edbff813f5ee9c33953fbc19d97bcaf3e4706228bac8f87fe3b0568503d0084f9da598e6c272039f3a099c246f052da1a5759e97ee31a939b0753d9c3a95c57c4513e678744356769dfca45f1abf8754a6cba75628b6c42d3b1b64f72cf2a7e2a3620038cd7e2d0e45da256cadab3a443805571ee7eda8be8eb685ffae3df3b5cc5ac63f6e9bda729e42157ca7af40064fc250363f98990140d3a09b4d9f7a6162c2dfa8cb43daa5529ff908cc1c6ed632b54891f667775ba7118f52828b9f7cf161d1c11f6e0836fe977e1a6471d6910a6109965d15d864087fb1a7c3cf8ce780d0062af3c8ca34c765b3e88324370d0557427b827af3f46176e78329f0dd603ee8d119307ca08440fa80fb8ecb824ec78e1c67181304c383c705f6ebfbae054dfa13367420e9ebc3fcd7af40feefb2acc658259912915519b9df981f7d1eb56fb29fc187ae74e6a5999f199895b163cba410c1c6bedf1a08ca482221dca978b6c65ea9795e35ec4abab4d968e06fd2f3a8c40f6b1bf15e2a50909072ba041045641a66a69368ae762153c5cde3a1b1fcc2ab4faf1b6f2e31d1bc7e36d5c1d1b1260993da7855376d154177859ca5d510e162c507be43b3d92b7711a02ea483685c2807e60ec04eb9fff24f5faafd0f70cd1e700122bd162afbc4e80ff188f4e936f06aa025377fe9bf444d091dbd2558253cb63bf7a7fcd91805b9a083f5a93a04b1c8dce7daed71c181d07637544f19e2d559bba7cc71348416be7afcf7d9e5aed74d974d50a1639abab2de0b89696a969328ef02e0984ded11fd57a51ae15c350974b426d819dcd505082c8ea08b78d8d88ffa00221b658395f1fa8ebd9f13b3c816a062e26459c4e4219decc09de928ef097261ce299c914fb8a9713ffd888c9f86717ebb2b67b6850fa5a05ba985d3fc08985fcd2913b3bd9e5b836ff6c5e34b1f82f591fd2ad630d73dbe2a789d587c224a9ea58042d20c7e7a3d7f5947112a304334bc898e0e8814ccea72ec88cf7b1ff59ebd4f054fefa07d5350b95a470c7d1beb955b6830686c874007d8b7497d3ff3493688539a5a81ec837f1fe827cdf7fa16acfa8cd220c1d61f5a286e82a6b8304433720ef114146c05a455a0eba3f4c7b3decb18a2ae7b20418df24aff4524536fb1592115328e825ae30a4970b186e1b937a7fdf1c595218ea22048aea09bffb81b3990c4682f08f9fedf6449e218fcaa946305f68f14cd7ccd752d302ad039b526663b5fbbc02d4be21e880c5f533a5c5d8216643080b78933ecc3e0a228a912c3c4e5375ea48cb455cb6c25a583a71d3672b2b2cd56240ce73b9ae6a501de621f9ac772f852a3e736e13eec01e570807ae03af7ab755eda0063020b20954c3482d6ea2e9f0adec0fab840a32621a36e3d33705915bd942f055d7c0586ab987b19c73d14ae9f325911b8feb0dd47a85870a39da501d02e826880015afcd5b63dca862603e3c0f07a92c284869a9cb70092fd72014073bf59051512bf6ba51784d9f9b6dd8aae7cb93677393b59f5599adfab1865624b9c3f804b2f7636fd8e89b600c003bb66292737ec250a677d73caa58d0b1294de666d3908c239a3adb0c92bc8f72ca4fa01b556b323f47db22d8a668a00e61299dba6a55ca51b254e562ae49b6f38619825c27a9011cd55665f713c90a9ea4f7b332d4fcea444b5af83c928ac0648a4b7d4d1ac0aff530d5574b0c6795faba4964f6475200a2df574573eaa17817aa054f69ed798ffa1919204076ffa9d7f2e34ab3a7a809c4cbbce71708750e72de761410415cb30c72509912a7834ad6dfbec5d6cd1bf017ad327e65dd8c375aa137c0dadebafa13b8b300a62b75884be28b0bb63572b81ff96802b744f984d61b1cdc710026f6c2f3c7780bce0322a2f3a11ee8491fdb0a66b5d4e8013333562f74edf0b5f7872fd7e21042b8432d2e0c58175734f966edbb2a7c1b74ca47e2f3700e41ab2e9e4663e7b519f84346b95a7d54b9fb791a27928d121dee387af336494e4ceb0fedd66a217079dc2e29d34dd8326d7e2c33eb259451e6abadd6502195875220ca418965db25a183c3e92856d6224a256d94b1a33370a9b2701c91b6bc1e231830d2c69713fc0a4c0c07bc20b57ee2a7b9b79a1da3ab4d7cc5531fc13baf8f105e6b641c062dba7f33a03a4840b7e383fa0b1e5c8f37bb0c53fb7a5c09fc3845e009b035053b8614e13bb211f72561e10fdbac1d0d7749d49a18713b90781a61ba7deb81149fe68b7cfe1531f45eccc6d8e64e2cac4f29a842d56d8be7c6b004d90ae9dfe13a5bf23a0d8374315d1379b60c36fc3245edea1ba46c6a1b60c1845d42cf96869a854b4bea5ce92e659f93fd599501b46002b893b01e644248e8206e0dd0c6e726c0189fbfd118f00d46509e065045420a0bdae92e6589af6aa5ec417cda63fdd0fb3e7b5fff9d07fb5be2aceedcc341e7b75e1336b378f6f277b558acdc8dc60c1712537e7ebb54778979e282851b7d75ab5402008ed5a312a58ba8d68cf1829bbf178664f716746d838cfaa3b6be1543c0443f982b85c58ed1a332f03bf3b3db4422a24eb5c4c100438b4582e9087a7825278cf8e6b7606012da7009f5c63e4dee487e710a55854420c36b7e48a7692ba75b99efdd8c45059f2979e4599fc6bff6adf318b42b51be94cbf4f0b81c5e4718e82a94afbb350c3cce73cac4e9fdd87162736686f776d196343d7c3c38993edf7ecf210678c69f66c589bf4d5c7ac02e06db35a4bf822a9207fc7974869bd027f34bf6ee4505e1c33dd7cedd335585c24e07173abea1079f9e522e3704df1945c6865d5270ab49a78981f251c3785ae0faa4cd9030ccb0edf0d07f3f699fe4fa4f8d47b5c809a0629867b8eca68bf752d97dd54d66071191d2be94fc204268466dedd7858d9ec68d4ece840892e3b7c6832e67ee01a80fb43e38e4946f645d8eb43f330572e2e518735d0c1afc0485c4312f49199c354308cc910b2799728bcab39c9d33460415547e2fcf9b4ed523aadbfbd4371d4328889a359841e8d681cb4aa96e75be278a0374d5a526bd57e55bf923dca6a7e096ed4baa20e7d16046ad0b7ae4a21770903351b128fe50d77fc95b7de553fad693653facd7ecf9aba46970db48c18c86332e6b12e55955c1f7c26201cf6a20a3195a794a0eca10784270def37482561e628cfce021c5be9e656490b1e24780d54bdca5e216f406237b1274abc331d379b4d05bfda146268f5ffc9a0e5e5fa5d550f1019fb8fd2fb096d13b08e25ffdd1adfdd24e98f8f9f13ea7c2cced748d88f9a9393caa474a799b15dabae1dfe5f41fc50ceb14715a7b7b70e133bdee59e96c5ffbf5e3279872b0d9c732bd1ebcaedbceb1a21efca93431a2511794b4a7b388a24f21e68eb1919568e973265afcac15ccbb8b708bf5c41aa36d985f3236bf6b1548f7bfaea0367c0ce8f20a940708f3715e559fe6251f4e8f2b7d853a275b90549fcff9d0677b7eda624a5a71980076bddf230576b2b9a2525c899074134a1aff235bcb01b79cd9dfecf6b18a9f2cdfe7ce430ff7c7e8e9a5e3457a6cf828b596c9791c5a5ffd7ee434b2b75a0e203c10656530726ec65281eea95083b4fe0cbcccd57127e1f6b7524790fda46586988ec9cf7ceb53b473e5d85243a00105714b4f01869cd81236052e201e5d20d630822a2c8d6ebfa45a95baa74b12ac95e10f958b2a7e103e76cbfd28e985f8", 0x1000}, 0x1006) write$P9_RCLUNK(r1, &(0x7f0000000000)={0x7}, 0x7) 05:25:36 executing program 5: r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) r3 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0xf6, 0x240) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000005c0)={0xc0, 0x0, &(0x7f0000000500)=[@enter_looper, @reply_sg={0x40486312, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000200)={@flat=@binder={0x73622a85, 0xa, 0x1}, @ptr={0x70742a85, 0x0, &(0x7f0000000140)=""/155, 0x9b, 0x1, 0x31}, @flat=@handle={0x73682a85, 0x100, 0x2}}, &(0x7f0000000280)={0x0, 0x18, 0x40}}, 0x800}, @dead_binder_done, @transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x18, &(0x7f00000003c0)={@fda={0x66646185, 0x0, 0x0, 0x21}, @ptr={0x70742a85, 0xcb1, &(0x7f00000002c0)=""/249, 0xf9, 0x0, 0x29}, @fd={0x66642a85, 0x0, r2}}, &(0x7f00000004c0)={0x0, 0x20, 0x48}}, 0x840}, @acquire={0x40046305, 0x3}, @request_death={0x400c630e, 0x2}], 0x1000, 0x0, &(0x7f0000000ac0)="6349b92dec8effa4b85fbd75b8ea1a91295445ce56e11aade8019128aa183d9142d4ecebe2bb70d12a975a3390c2852075b6006c0a227dc8c692a586e192a2126a2f5069aa324fbaec6dadcc7c5e127aeecd0d754efc08d87e572d4811a16b583c5e1b1273dbd05bb462b155127f943b174350f56900be2c59e8480c6a5d2658a1be79a39eabef4331ced91e66afca8ae7e8e6e3b778a41fd1b2d49c30b68fd8613712a77bdd91be43b3f49ee3a713b3ca8ab3b5d8d12bf39a724fb2b2c4dae5bf3af297906ece61c15e5c11707c937ee5f0956e712253cc8d79336bfce3ea5a4baa039d8a715ec245f0f2c0d479b597c16e16455057c9899ffc4eddda97cdb82e654e731f0aeb2a50c21dc67c90d88413c967916e291f08ef11b0f6926c48f3479c5cbbe04447321e05832bf83dfbe3514f644f17f18a94b0707d6cc7b393fafc6dc4baa4e451294bb103ce22d8a9f6290ffe6c67b1bf074a8f97cd132bf89243d9eb64a831403e5df08118b8edb8ed56ebcfa762388b8be9f0413bb73aa0f78bcb26094cef85337bd2d322b291cfd60bf668b2a246fbb49ef7bc6c394cd5f2fa0425881e06c9d4fc43bb91bf92021c6e450c0b09f5fea40473a531f68c904a93751d229a748f636c40ed98c01be64490919245bf5314b8c017ac83661b27e953e9a854af9d400c30ad7f5c0cbe08bd76284e451f6b9b7ca2d3f14c042bc7c9358fc5b622d2e0231ec23de362fab7fc0a863b76c409d03c02b02caa0eca8925f484144c8315c0c12e7eb9ea223cb1c449d6dd665cc701b57e9b9692769539cf68c9a8aaf00c54619fd0dcf867e1c5d12a6b460ce18589f8dba27de0c1a6920d40e23deafb67567767080550b82ebd21e789a84245c3de283fef182c31f57ffac143d6b163d209b5234424d1fd3d5b16ae8c38312bc9b84cc62058b4b455a439065c5f12e4f101e8224cc438cb4cc7c4bf0779738427de482b298bcd322bea3f7b89587fe7da50b307b6c9b7b18ac7a78de36b872358a0e84bb44d58f6e7738702093531f0ae9646879a36133230a50fd239cc60cc53bc12be044ab0139b976af488d0ca22b129de309672d4f317df9154e8459d874dc67a956e75efa83ce07636fd1dcbe4926a919b5fc19c27a1486f1689f2866fd6e14e3b62e9b6ce0c96fc6f4c7467d8bb8a46a6705b6b0b2c2dfa3e7e0ff802ba95f35dedadb7903499f43778de6617cdafdabbf969f9709a2ba6d6a873ab141b6f458817fe97bc012205be434488868cf5fc2dc21b10692cd8d14a2692eea2ed67b926a1b0eb85913757847246dd167cf303fdcaee7b8d5e4bcd4905c8c7c4a3f94b78ba1ad864c3df0a9dab6c21a4c5653c38ad4143baea18412a4a31bab773663aa449f281f252825372b4edb776a88c1bbb1fd7ffeac5bd7f7e6bbbd778ec63343e43066f600823a013f7c2eb669527b9557a950a4216b805b00094d9bf21552e52d6c8686183627207710bdf1117b132bb8306350a8e807008c942dd1ef94b2ba948e228b74e8b9b58bedda224b0e211fcbabef675d6ca0d25bd9293d273372c1997bd5f97d2f6638a043532cbe2ddb4b69bd110b14831a47a72efa26fe80ab28be7a377c4f9c01f2aebf5f6c1d5dc9ec3420120d36ec56bdb9ba9a05087417498c45492a6a3fc409bf2d083faf74f0789029a17cc4a6261c3ca7f28629f75cfa67aaab021206b8cb086efc42e1a1a60537d0ad20622e5c69446edb1e483eda42b51d9723839e5da8501fb948dc129897fc81aefbe4d6831e0abe518812ff5533c14d48b558effc4dbde7e9fc87ad48580027cd1bb28cce2a88d6b471245dd53e2e047c8352d55338f08807cb410d45ce41b8d7af3292bf05672f82e38b2fffde708dbfc1c7e1683793dfb338cb53fd2c5df5c15595d5d5ed5241faaf6e0c2a116476bd1920c41bf96f587b444fc5168c38c6cb07776644a4bcfa2bd80915d73222b8b7a4c92bf67a2983dd335da79a5124d84ca190c68d6a91d7164cda3231700adf9cf2d6a6a34b85002825bdacee7e4f33060bed49e3bbeaaebd23e90ebacf537b92a4c663e99daa13197f6127a31c810741b4b4cc64234233204df9e60a3785214c7d32827a309d8cf733eda801b674662439f100b2f0018ef9e82f57a4f2a30b4a081f6a4eca32788fb957433f21d2b8f61e9a15c48c9a3a64342c1c64d409bdae1959b326a8e14ae100c77811600242401b34d6f807dc0c338ef1a4b78a5d79c7fcc757c9ea443296fd7c5cebb1cbe08c5c2dafd95ef35147420efea7d16cc4ebc1d7cfe7156971085401d9a171bac51aee74a12f1bf2bce47d69a2aa43e8bf4cd34d9e96bbc56aeb4d431c419f629619609cd02c731e5765ccd800623eef4753c19a5a8c09586bf9514b0b520d2bfa36ea6f77890f14ae3d5f59306e77fa153c732b437283ff3ddb7b51b44a148c7476b737d0bb90bc944a17f00c406186c8738140b6bf02d291af3d9bc3c24e67a72e8359994033fb3791ffb804e18dfbcd808e69c51a622d09bea95d1fd0451c44881eae35868b72350ea9b0a44da6dc8dbb082552d0ccfb968d45e5d2219cb4a6de1037b61c6b07bc59394f91cac67da975c3b9927f481785551f918a4ca41c0c65bcd34a65d498a5caa9fcc180acff04a5e54c19ed8736ed5ddeef5756b80939d0ae4e95fa6fec1de22ca1d717cf7627586db3d7da2fa40a78357aaf70fbfcc05e8f75fc93fddb584e666d42eab21d2267d141f517c042d1902120c53cb024a0ace9a76037de5b431b576d651cb673e91357be8b60e8579ff28d147fcc974eb52ca3d97fe82f7e2b05d49128f67cdd34194fd32e5ae52499d797bf9a6d7539d36a1457de1140e9f8de896fdd43dd1df4a9f53a0ce4c534235d5fac968330c0f1c97dc84d710500da2da7a807df23c0bef94e7297c3309e8ba46fc163b0ceae2e327fd4997613001bd4873be019a6ce012410a2a1f6a9f7fef046e151484f3c91d376d46c8270d7117d7467467cefbf561475172204a84d186f11fd2bf35355f5233ffb109677c19b1189fb442b5065a7433a51754edbaacd2ea9a4b3472a11c6329d44bbdfa62be79969da3239de65c4cd25d74fe6e8307245bac348f4a6a2a98e85812b441b219a139f2fc8a69975106274a98e75914f63a71d310ed6c78b8ec787f8ed9763954c0d5c3fbeb3b5568b987a42602bad9a696858f0d2b85912e694a6200fa1793c8a66afa811c94cbc8d94f46ed3e779bcd35a2984b1da6fc754ef097cb30c09736172b6900b1e7d560d64f4b14ad17032ec557f5bf22c5ba84776312f3e388fd4e893a47c11c5478711bf832683ac48b4bf59704b0e3e714dec847db9e2d5e1e189fea84bc2ef440cbd204d3bfeceaf8a95caca84379b99343774c2baadad76ed4bc22fc63ad2dfd1110d4882cbed821e4ee0f75c1ce0d00743c77ae07de0468804066e4b7f89b4c38799fc2fb403f73b80f72ae416e655eadb7190604d147f9e0b1c428c43f5f3bb488ecaaf6ea28af87f6902e68670bfc355beb11aa3ee51bf319048f458de5ceee3fc8b6fd30d4b6e1d71880ba0aab075b51b0e76d66e06f5d8cfd59beb94d58b7ac7e6ab47dfe44accbb8774d4d1eded69773c6496a232bcd83ac79e91785e58daac9d84ddab539975fe97365ca25d3282b14e64a96a4f9b48c0e6a8427ef99fb187596f7a135d29ac80533ee9870f2af136075147d486419338c94d8edb4c75e7e1be7a9eb81a053ed99b4ecf03a035d63af89aacf3df89b83d62d2636b5c483d85f75a8dde4c0291bb9393870970fe1380d1e208eefdade2c62ce775c3aed12b546a2ce717e845884ae7bf93beb656a6fe6e68b234db18b8f56e71510695bbff5098b274f56197fd2d097e7fa75be8de7879eb45e6741609f9544711d6e66706801036597f892eedeb350c3b72e013217131374f893922f7774bba458f107532dae25e5dce9e794b93832e8082377f0a004901ef52f17e5e6beb402b7e470e5fee20baea37f1a653e57bc6756903dd1062a58b2c31309f96d22e45ea0208e8db0cf3ae8046f4a90391b1b960ab81d02467b75900e34fe7805c3874f836439cbff594db48b191699bbccd7b27fea2a154f16e7176983b7b87f569a65d4c69bdaacaec336c2d36cbef278964fecf0393ce7ea525831da324a63637b568de9092ad96b7658e5193acf753112b15f7119b65990e5d02c8f962342096baaed7cb7386f42a6d3761cf60e38389a60cea4add20b20b465ffbd2bd6a1ce344414f786ce6270b45c8d804b30701557137f1ee2a2e81708e16a0079d354c26b485f04677ad1da0f54b46b4ba1a225b62909b69ebf6d34b3f62dd5c99859e2fd714744d7ffdc4afb7a46a5b60e7515261c0db31accd10f8c4a94bf72336ace9c4a4d247e7c9abd2888867af4e012eeddef0aa87bdf3e973da1c974cdd78d92d9d5e3626fca80b030f38e53e1ca307d10d46e623ad03fc5a3b8d8b7e6994535b5ef376478d4df2863c1cca21b17a1f2bc658aa8efc6ee92f85adbbc88f8cc5dfdbd3f85ec52b17de2f38e0375fb4f965114c67f981c8b4f7ff3a149336d5b0a09006626d098d24139d051cde383bdf6f65ce4f0d91ae7f8ed75106fb779e4655ed0159327853181c99149bfe7468fda07a4db24d9bfdb8091434b675e78923e8cb44d6c3198e98ae57a5fee58fe81d0bba634c56fd761b86533a166f6daf88a3bc692647693c9f85b034c46549c69f0c9f7e606d1bf877bff5ae1880655a4ba86448a742483cdd475244326ad50e6bb9254794f579690ae31201c19aa6c55cd9235e012fba98e637d1a8ab0098710bf7be2f85b5210ce10cf2622a638c888e47fc8b9de4738b34b744737f21d25f0029c0c7f75367fff37db27d4d69c893a86515c8519359f96297bfdc9254cc114e8f308755d8832cd270df1288d7b7abed6e6d479ff4b9875d8030b0cb7e3ee3a33bc89ea903c1faeb958a354098663da575cca2280ca85c8aa2eb0487c2daaf27bb54bc14fd00e7083dafa6c7c094aaa0b31958de54fb22b51d9765d8637d4a9a4efec2567238b29ce5a120af6129b07ec7aa822ebfdde1a088bdb4f97742e1392ea0a6a3f3681b47d5e5ac1771cf66a9e34deef6dd433303cd88cda2db9766bfccd05636c160d9bd6b6e024bcf902135204f159e0ca29709f02e58b67bb4d910bf79cec7fd268dd4159aaef5449626a0e31c326d05b2f5bca8b16cbd8b5aeddaf008d7cd3aa19483f950806aa2588f38d4ce930fef1d13c27c062a1c9b7ae7717765b0401f87337d4ca457297fdda54eebdd76ae52709e3fe1a9c440a58abf8cfaa5536b4d08a5e1991dbc2f3512824ef23f3ee62651c48127a25456f20275596bce7721246b918c105096cd175f907ef39f4d0ada1818c527768fde17859e1fb1ff7142601da01ab457abf90f493deb3a55512f5fff5cc629face0ee7acf92fe495f99fc06e4d6087d9b4a061159947163009e92c568027d0fa819a8beacd172421003c82cb0b4c17f23f339a64bb4f7b01b7294040097815016cf7cba7bd3cff938b6c8b82ce1d5d2a44b8242b3d7cdd28a0062139b613845a6f144f0b352330517c9f890e3aa5a246d9fd12e596964f38b02a05778eebe63d82fb3fa0c4385e1c6398894827f6d47dc7b4c360c7c0a4d576d00aa87d7b4ee55f57b1f0e9ad0d0b632bdf6f51ab2243d437dd2e090779864337eed84d5d260c8cde018422bc0fca36824e2645323394ffbe2f85aaea6f34200a8b1dde294bfcf2fb9"}) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) r4 = fcntl$dupfd(r0, 0xc0a, 0xffffffffffffffff) setsockopt$inet_tcp_buf(r4, 0x6, 0xd, &(0x7f0000000040)="a643436a6afac69a91cdf71228953c2542be6e1dd29e1d281f0347c2c34aab1b6a6fb0b3e50058651dd7413d90094a5851381db45dd8b673077511ed6517701c829acf92e2a5bf0d90622c0fce24df45e6119323d174dcf80db937da2fab82eb71289cf7175316a5ce1cfe078db88fa32a2047af9a7fc8eb1e5733e2433585712aeb", 0x82) r5 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r5, 0x1, &(0x7f0000258f88)) msgsnd(r5, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r5, 0x0) 05:25:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 292.652967][T17839] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 292.660914][T17839] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 292.668859][T17839] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:36 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:36 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000b40)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b438896703d8d77213a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6fccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c29bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f7637d4249305bebddaa60eb876545622f9626dc5a7df30610d188b1b168d91f5721b739eb7b9b8826439a89d4269e3df5ff0be0ac832167337a7183a22abd9bacfba674afbad0c77d52f4f51ba7892c200"/834], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r4, r1, 0x0, 0xd, &(0x7f0000000140)='/dev/snd/seq\x00', 0xffffffffffffffff}, 0x30) ioprio_get$pid(0xf1deb084f913c196, r5) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) r7 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x0, 0x9}, r6, 0x0, 0xffffffffffffffff, 0x0) r8 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r8, 0x40042408, r9) ioctl$PERF_EVENT_IOC_SET_BPF(r7, 0x40042408, r9) fcntl$dupfd(r1, 0x0, r9) [ 292.709912][T17839] ERROR: Out of memory at tomoyo_realpath_from_path. 05:25:36 executing program 1 (fault-call:0 fault-nth:58): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:36 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 292.862223][ T26] audit: type=1804 audit(1568697936.947:36): pid=17865 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir962130440/syzkaller.1aLEKe/211/file0" dev="sda1" ino=16786 res=1 [ 292.898425][T17909] FAULT_INJECTION: forcing a failure. [ 292.898425][T17909] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 292.911656][T17909] CPU: 0 PID: 17909 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 292.916297][ T26] audit: type=1804 audit(1568697936.947:37): pid=17917 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir962130440/syzkaller.1aLEKe/211/file0" dev="sda1" ino=16786 res=1 [ 292.920314][T17909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.920320][T17909] Call Trace: [ 292.920341][T17909] dump_stack+0x172/0x1f0 [ 292.920364][T17909] should_fail.cold+0xa/0x15 [ 292.966591][T17909] ? fault_create_debugfs_attr+0x180/0x180 [ 292.972487][T17909] ? tomoyo_mount_acl+0x149/0x840 [ 292.975977][ T26] audit: type=1804 audit(1568697936.957:38): pid=17918 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir962130440/syzkaller.1aLEKe/211/file0" dev="sda1" ino=16786 res=1 [ 292.977504][T17909] ? tomoyo_mount_permission+0x16a/0x410 [ 292.977516][T17909] ? tomoyo_sb_mount+0x35/0x40 [ 292.977528][T17909] ? security_sb_mount+0x87/0xd0 [ 292.977545][T17909] ? do_mount+0x1d0/0x1d10 [ 293.021410][T17909] ? ksys_mount+0xdb/0x150 [ 293.025821][T17909] ? __x64_sys_mount+0xbe/0x150 [ 293.030666][T17909] ? do_syscall_64+0xfa/0x760 [ 293.035375][T17909] should_fail_alloc_page+0x50/0x60 [ 293.040654][T17909] __alloc_pages_nodemask+0x1a1/0x900 [ 293.046019][T17909] ? __kasan_check_read+0x11/0x20 [ 293.051039][T17909] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 293.056754][T17909] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 293.062380][T17909] ? __kasan_check_read+0x11/0x20 [ 293.067422][T17909] ? fault_create_debugfs_attr+0x180/0x180 [ 293.073256][T17909] cache_grow_begin+0x90/0xd20 [ 293.078259][T17909] ? getname_kernel+0x53/0x370 [ 293.083037][T17909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 293.089283][T17909] kmem_cache_alloc+0x64e/0x710 [ 293.094140][T17909] getname_kernel+0x53/0x370 [ 293.098730][T17909] kern_path+0x20/0x40 [ 293.102802][T17909] tomoyo_mount_acl+0x28c/0x840 [ 293.108085][T17909] ? __kasan_check_read+0x11/0x20 [ 293.113114][T17909] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 293.118662][T17909] ? debug_check_no_obj_freed+0xc0/0x43f [ 293.124299][T17909] ? trace_hardirqs_off+0x62/0x240 [ 293.129439][T17909] ? lock_acquire+0x190/0x410 [ 293.134123][T17909] ? tomoyo_mount_permission+0x10a/0x410 [ 293.139766][T17909] tomoyo_mount_permission+0x16a/0x410 [ 293.145228][T17909] ? tomoyo_mount_permission+0x10a/0x410 [ 293.150863][T17909] ? tomoyo_mount_acl+0x840/0x840 [ 293.155894][T17909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 293.162139][T17909] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 293.168373][T17909] ? strncpy_from_user+0x2b4/0x400 [ 293.173478][T17909] tomoyo_sb_mount+0x35/0x40 [ 293.178109][T17909] security_sb_mount+0x87/0xd0 [ 293.182891][T17909] do_mount+0x1d0/0x1d10 [ 293.187141][T17909] ? copy_mount_string+0x40/0x40 [ 293.192081][T17909] ? copy_mount_options+0x270/0x3f0 [ 293.197285][T17909] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 293.203521][T17909] ? copy_mount_options+0x2e8/0x3f0 [ 293.208719][T17909] ksys_mount+0xdb/0x150 [ 293.212959][T17909] __x64_sys_mount+0xbe/0x150 [ 293.217634][T17909] do_syscall_64+0xfa/0x760 [ 293.222151][T17909] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 293.228037][T17909] RIP: 0033:0x45c33a [ 293.231931][T17909] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 293.251565][T17909] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 05:25:37 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x0, &(0x7f0000000000), 0x0, 0x0, 0x0) r1 = gettid() socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f00000001c0)={0x2, 'team0\x00', 0x4}, 0x18) sched_setscheduler(r1, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 05:25:37 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x144083, 0x0) ioctl$VFIO_GET_API_VERSION(r1, 0x3b64) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 293.259975][T17909] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 293.267945][T17909] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 293.275913][T17909] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 293.283891][T17909] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 293.291856][T17909] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:37 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x0, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 293.323597][T17909] FAT-fs (loop1): bogus number of reserved sectors [ 293.350627][T17909] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:37 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) syz_read_part_table(0xfbe0, 0x6, &(0x7f0000000440)=[{&(0x7f0000000080)="37c43165e40709279ebffea5d5d0b62f04a7c2cf35d666ed76438a79a9f1899ca6ba5ed766", 0x25}, {&(0x7f00000000c0)="5f34df7a96c1f51fc574b073360dfaac587f18b694a18dfaf71d898b16a34dc257e99c900e7532d2e85e0d1be0827b9754d27a0cb168619564ab34ca5a23a9298ba9ebf39e5bf3622f5521c118bf4813272d8dc038e3b431fa89f294f73129c009caed87", 0x64, 0x9}, {&(0x7f0000000140)="d228f500733549fc588e596a56c69cbfc9f8322ffd09d9e4ef05200e4868d36439c0562196b3f499b557d1124fd0575b7f89a6e2e33262106c12d86367ea1da1ca6981", 0x43, 0x1}, {&(0x7f00000001c0)="370aae5c96de03df259572300c0cf5c1e7806ae634e4a91222171edb9951ffe446af12af00906a0c3bc68b6e98501746e9b6c262c31ba0d628c8d6ab2c8e5691fde3136a192ecaf0f47a6857022847ae8a588d28dcde188b901da91bb7565fddc6f8f8e09d329cd8a03600d6050636682825d397a67acd60330d36254089cf050c0a3a3ddb6c1cf91a5ec0db09c6824a5c8770961c776dc5f6027e18e9a3", 0x9e, 0x2000}, {&(0x7f0000000280)="95c97caada17fae16eb6a3686785db3613fe967284234abc5215602496c4e43e3f08663e84d8c140cbd8ba640b37f7bd2bdead3464e0b53c902a059090edd64d0622c93db333164a331e36eadb193815f2442e6c076dadf843097de16f63859bafdbe0fb3ed97c989e51a77666f9e1b6e2cf0f765da61be2614b92b92306c76df77913b7147aa99fd541ee0d0a00bc1590d0d58de4a1cc0edafac0b81a5dd455f4", 0xa1, 0x1000}, {&(0x7f0000000340)="b9ebf3d1a61346b4a1206777c00222cc7e40c53c41bdb18d574af3e6f3dcf6d08a3613222e86932dc559250eca379b4c302ffb366679723503c36629e84b9f3ae37028b31ef796a30be85c81c42559b0eef5bfca5262723a5a61b3f8643a62bcbf7b0dff52f9af8f76d52af3cd8e82fcb19b85f010f2d961c0ed5c21b4583184e84982a3e0c5c0baa0bb10fee472a82d6d1e0f400252e1d40838de50d45397838c34e5b1afef0c4f36f16b40f34e2ee8503173cdae30471b043736f4f4c6b4f3c2c87db236ad90b04e16453a310af108a86e1225c2d9e812cd194f429520037094fa8d874087c3190fc6abae300071e890", 0xf1, 0x3f}]) 05:25:37 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:37 executing program 1 (fault-call:0 fault-nth:59): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:37 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x32, 0x0, &(0x7f0000002080)) 05:25:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 05:25:37 executing program 5: r0 = msgget$private(0x0, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000040)={{{@in6=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in=@multicast2}}, &(0x7f0000000140)=0xe8) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, r1, 0x0, 0x0, 0x0, 0x9}}) r2 = syz_open_dev$sndpcmp(&(0x7f0000000180)='/dev/snd/pcmC#D#p\x00', 0x3, 0x200000) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f00000001c0)=0x228100, 0x4) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffb000/0x2000)=nil) msgctl$IPC_RMID(r0, 0x0) 05:25:37 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:37 executing program 2: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) process_vm_readv(r1, &(0x7f0000000240)=[{&(0x7f0000000280)=""/61, 0x144}], 0x1, &(0x7f0000002540)=[{&(0x7f00000001c0)=""/63, 0x3f}], 0x1, 0x0) [ 293.636251][T18002] FAULT_INJECTION: forcing a failure. [ 293.636251][T18002] name failslab, interval 1, probability 0, space 0, times 0 [ 293.653841][T18010] ptrace attach of "/root/syz-executor.2"[9841] was attempted by "/root/syz-executor.2"[18010] [ 293.680975][T18002] CPU: 0 PID: 18002 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 293.689671][T18002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 293.699723][T18002] Call Trace: [ 293.703020][T18002] dump_stack+0x172/0x1f0 [ 293.707355][T18002] should_fail.cold+0xa/0x15 [ 293.711942][T18002] ? save_stack+0x23/0x90 [ 293.716273][T18002] ? fault_create_debugfs_attr+0x180/0x180 [ 293.722076][T18002] ? kernel_init_free_pages+0x120/0x120 [ 293.727617][T18002] ? ___might_sleep+0x163/0x2c0 [ 293.732466][T18002] __should_failslab+0x121/0x190 [ 293.737398][T18002] should_failslab+0x9/0x14 [ 293.741896][T18002] kmem_cache_alloc+0x2aa/0x710 [ 293.746743][T18002] ? should_fail+0x1de/0x852 [ 293.751344][T18002] ? fault_create_debugfs_attr+0x180/0x180 [ 293.758125][T18002] getname_kernel+0x53/0x370 [ 293.762720][T18002] kern_path+0x20/0x40 [ 293.766797][T18002] lookup_bdev.part.0+0x7b/0x1b0 [ 293.771725][T18002] ? blkdev_open+0x290/0x290 [ 293.776319][T18002] ? legacy_parse_param+0x116/0x6d0 [ 293.781513][T18002] ? __lookup_constant+0xd6/0x100 [ 293.786532][T18002] blkdev_get_by_path+0x81/0x130 [ 293.791467][T18002] mount_bdev+0x5d/0x3c0 [ 293.795705][T18002] ? msdos_mount+0x40/0x40 [ 293.800117][T18002] msdos_mount+0x35/0x40 [ 293.804356][T18002] ? setup+0xe0/0xe0 [ 293.808243][T18002] legacy_get_tree+0x108/0x220 [ 293.813001][T18002] vfs_get_tree+0x8e/0x300 [ 293.817413][T18002] do_mount+0x143d/0x1d10 [ 293.821740][T18002] ? copy_mount_string+0x40/0x40 [ 293.826681][T18002] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 293.832914][T18002] ? _copy_from_user+0x12c/0x1a0 [ 293.837848][T18002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 293.844078][T18002] ? copy_mount_options+0x2e8/0x3f0 [ 293.849276][T18002] ksys_mount+0xdb/0x150 [ 293.853512][T18002] __x64_sys_mount+0xbe/0x150 [ 293.858194][T18002] do_syscall_64+0xfa/0x760 [ 293.862694][T18002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 293.868576][T18002] RIP: 0033:0x45c33a [ 293.872986][T18002] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 293.892581][T18002] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 293.900984][T18002] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 293.908945][T18002] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 293.916907][T18002] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 293.924868][T18002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 05:25:38 executing program 2: connect$pptp(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe5}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x20000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xda9, 0x4) sendto$inet(r0, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a750fbf746bec66ba", 0xfe6a, 0xe, 0x0, 0xfffffffffffffe2b) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) mq_timedreceive(0xffffffffffffffff, &(0x7f0000000040)=""/50, 0x32, 0x0, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000480)="43107afd1bc67cf8d10d4fb5ee1d377c90719c229060baaa48a7ecdfb14116a5c2875fa73b1c09508603901badf28c246a612ea01395205546c9e69e50340326995a4e97f8107a7926dd88c42583e402815f69c33c34cd8de151baa97e68f09a6f10755ec369d403") ioctl$TCSETXF(0xffffffffffffffff, 0x5434, &(0x7f0000000080)={0x3, 0x0, [0x0, 0xffffffffffffff29, 0x100000000, 0x2002, 0x1000000000000], 0xb}) socketpair(0x2, 0x2, 0x7fff, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000200)=ANY=[@ANYBLOB="00000000eb5c1e2dfda29876d4e8b264697cf7062ab31edaef1b0f767677bb75a33170f6fcb079b0e42c", @ANYRES32=0x0], &(0x7f00000001c0)=0x2) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000000c0)={r2}, &(0x7f0000000100)=0x14) setsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r2, 0x4) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 05:25:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 05:25:38 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x202080, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000080)={0x8, 0x49323159, 0x3, @discrete={0x5, 0xfffffffffffffff9}}) 05:25:38 executing program 4: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 293.932829][T18002] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:38 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x9, 0x2b002) write$P9_RLINK(r1, &(0x7f00000000c0)={0x7, 0x47, 0x2}, 0x7) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc0305302, &(0x7f0000000000)) 05:25:38 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x26, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000001380)=""/238, 0x1a, 0xee, 0x1}, 0x20) 05:25:38 executing program 1 (fault-call:0 fault-nth:60): syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:38 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{}, 0x0, 0x0, 0x0, 0x5}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = shmget$private(0x0, 0x3000, 0x14a6, &(0x7f0000ffd000/0x3000)=nil) shmctl$SHM_INFO(r1, 0xe, &(0x7f0000000040)=""/102) [ 294.202559][T18234] FAULT_INJECTION: forcing a failure. [ 294.202559][T18234] name failslab, interval 1, probability 0, space 0, times 0 [ 294.246775][T18234] CPU: 1 PID: 18234 Comm: syz-executor.1 Not tainted 5.3.0-next-20190916 #0 [ 294.255475][T18234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 294.265527][T18234] Call Trace: [ 294.268828][T18234] dump_stack+0x172/0x1f0 [ 294.273164][T18234] should_fail.cold+0xa/0x15 [ 294.277760][T18234] ? fault_create_debugfs_attr+0x180/0x180 [ 294.283581][T18234] ? ___might_sleep+0x163/0x2c0 [ 294.288432][T18234] __should_failslab+0x121/0x190 [ 294.293374][T18234] should_failslab+0x9/0x14 [ 294.297878][T18234] __kmalloc+0x2e0/0x770 [ 294.302120][T18234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 294.308357][T18234] ? d_absolute_path+0x11b/0x170 [ 294.313292][T18234] ? __d_path+0x140/0x140 [ 294.317624][T18234] ? tomoyo_encode2.part.0+0xf5/0x400 [ 294.322999][T18234] tomoyo_encode2.part.0+0xf5/0x400 [ 294.328282][T18234] tomoyo_encode+0x2b/0x50 [ 294.332699][T18234] tomoyo_realpath_from_path+0x1d3/0x7b0 [ 294.338335][T18234] tomoyo_mount_acl+0x2cc/0x840 [ 294.343184][T18234] ? __kasan_check_read+0x11/0x20 [ 294.348212][T18234] ? tomoyo_check_mount_acl+0x1b0/0x1b0 [ 294.353756][T18234] ? debug_check_no_obj_freed+0xc0/0x43f [ 294.359389][T18234] ? trace_hardirqs_off+0x62/0x240 [ 294.364517][T18234] ? lock_acquire+0x190/0x410 [ 294.369199][T18234] ? tomoyo_mount_permission+0x10a/0x410 [ 294.374837][T18234] tomoyo_mount_permission+0x16a/0x410 [ 294.380296][T18234] ? tomoyo_mount_permission+0x10a/0x410 [ 294.385930][T18234] ? tomoyo_mount_acl+0x840/0x840 [ 294.390954][T18234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 294.397202][T18234] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 294.403576][T18234] ? strncpy_from_user+0x2b4/0x400 [ 294.408691][T18234] tomoyo_sb_mount+0x35/0x40 [ 294.413287][T18234] security_sb_mount+0x87/0xd0 [ 294.418050][T18234] do_mount+0x1d0/0x1d10 [ 294.422291][T18234] ? kasan_kmalloc+0x9/0x10 [ 294.426791][T18234] ? copy_mount_string+0x40/0x40 [ 294.431739][T18234] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 294.437980][T18234] ? copy_mount_options+0x2e8/0x3f0 [ 294.443177][T18234] ksys_mount+0xdb/0x150 [ 294.447424][T18234] __x64_sys_mount+0xbe/0x150 [ 294.452101][T18234] do_syscall_64+0xfa/0x760 [ 294.456607][T18234] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 294.462491][T18234] RIP: 0033:0x45c33a [ 294.466381][T18234] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 294.485986][T18234] RSP: 002b:00007f88264fda88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 05:25:38 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/protocols\x00') preadv(r1, &(0x7f0000000480), 0x10000000000002a1, 0x0) 05:25:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 05:25:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(0xffffffffffffffff, 0x0, r0) [ 294.494396][T18234] RAX: ffffffffffffffda RBX: 00007f88264fdb40 RCX: 000000000045c33a [ 294.502367][T18234] RDX: 00007f88264fdae0 RSI: 00000000200003c0 RDI: 00007f88264fdb00 [ 294.510338][T18234] RBP: 0000000000000000 R08: 00007f88264fdb40 R09: 00007f88264fdae0 [ 294.518304][T18234] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 294.526265][T18234] R13: 00000000004c8abc R14: 00000000004dfa38 R15: 0000000000000003 05:25:38 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x3}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:38 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) fcntl$dupfd(r0, 0x0, r0) [ 294.577896][T18244] binder: BINDER_SET_CONTEXT_MGR already set [ 294.607423][T18244] binder: 18242:18244 ioctl 40046207 0 returned -16 05:25:38 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff280000001803000005000001110500"/99], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:38 executing program 2: syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000180)="b3208e7055eba39f91e7bdb8d845a2857140543c2c3b7bebdf8bab17fbb0e2ea40c36d81d8", 0x25, 0xfffffffffffffff9) r1 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r1) keyctl$link(0x8, r0, r1) r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000180)="b3208e7055eba39f91e7bdb8d845a2857140543c2c3b7bebdf8bab17fbb0e2ea40c36d81d8", 0x25, 0xfffffffffffffff9) r3 = add_key(&(0x7f0000000240)='cifs.spnego\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) add_key$keyring(0x0, &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r3) keyctl$link(0x8, r2, r3) r4 = add_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff8) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RLERRORu(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c00000007ffff0f008d9ad385ff9ca7eaf6abe39653d4"], 0x17) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r6}, 0x2c, {[{@noextend='noextend'}]}}) keyctl$KEYCTL_MOVE(0x1e, r0, r3, r4, 0x1) r7 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vfio(0xffffffffffffff9c, 0x0, 0x0, 0x0) close(0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$team(&(0x7f00000003c0)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r8, &(0x7f0000000000)={0x0, 0xf000000, &(0x7f0000000080)={&(0x7f00000001c0)={0x5c, r9, 0x1, 0x0, 0x0, {}, [{{0x8, 0x1, r10}, {0x40, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8}}}]}}]}, 0x5c}}, 0x0) r11 = getpgrp(0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000040)={0x2, r11}) fcntl$setsig(r7, 0xa, 0x11) fcntl$setlease(r7, 0x400, 0x0) fcntl$setlease(r7, 0x400, 0x2) connect$rxrpc(r7, &(0x7f0000000100)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1d}}}, 0x24) open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) [ 294.701970][T18342] binder: BINDER_SET_CONTEXT_MGR already set [ 294.712037][T18350] binder: BINDER_SET_CONTEXT_MGR already set [ 294.722574][T18350] binder: 18344:18350 ioctl 40046207 0 returned -16 [ 294.729064][T18342] binder: 18329:18342 ioctl 40046207 0 returned -16 05:25:38 executing program 5: r0 = msgget$private(0x0, 0x52) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$PPPOEIOCDFWD(r1, 0xb101, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001440)=[{&(0x7f0000000200)=""/186, 0xba}, {&(0x7f00000002c0)=""/3, 0x3}, {&(0x7f0000000300)=""/75, 0x4b}, {&(0x7f0000000380)=""/147, 0x93}, {&(0x7f0000000440)=""/4096, 0x1000}], 0x5, 0x0) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f00000000c0)={0x0, 0xfb, 0x113, 0x0, 0x5007, "3e6dff7b3e129224d274d85fa005cca9", "7b86fa637ff063d652de04d14ec1c2bbab77aaef12f5651a41aea65438f57f6a38a0c6c5f97788e186a799d937681d6ab51940d6297fcd9015da86f6902978f72af8c4332bb0b763e66a691fc58eb84c36acf9e17677dc93443760268813135a7ace6742cde762752f5f9d98b61135f0cea9c3d4aeccf59955570cf9fd94f5599be9a1bd40767addfe7827c60441e56a14a2f8e42964caa30dba4f9cabb5110a16dac3f8a5c7b5f893165346ea2c732127f9a7782e0e1291763e6fe62737bf9bfed07ad88a18fdf3e7a17373ecf684368d4ef60cfbe2e6aebf88053957b7c7c8bdb588b1a0b51c4a0b68da21ae7701a79bf99afe050f03f35bca65988d49"}, 0x113, 0x2) msgctl$IPC_RMID(r0, 0x0) 05:25:38 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000fff000/0x1000)=nil, 0x1000}, &(0x7f0000000080)=0x10) msgctl$IPC_RMID(r0, 0x0) 05:25:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 294.840193][T18364] 9pnet: p9_errstr2errno: server reported unknown error šÓ…ÿœ§êö«ã–SÔ [ 294.902453][T18364] netlink: 'syz-executor.2': attribute type 3 has an invalid length. 05:25:39 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 295.066200][T18234] ERROR: Out of memory at tomoyo_realpath_from_path. 05:25:39 executing program 5: r0 = syz_genetlink_get_family_id$team(&(0x7f0000000180)='team\x00') r1 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r2, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) getsockopt$inet6_mreq(r3, 0x29, 0x7, &(0x7f00000001c0)={@remote, 0x0}, &(0x7f0000000200)=0x14) r6 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r6, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r7, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r8 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r8, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r9, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r10 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r11 = getpgrp(0x0) fcntl$setownex(r10, 0xf, &(0x7f0000000040)={0x2, r11}) fcntl$setsig(r10, 0xa, 0x11) fcntl$setlease(r10, 0x400, 0x0) fcntl$setlease(r10, 0x400, 0x2) getsockname$packet(r10, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) r13 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r13, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r14, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) accept4$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14, 0x800) r16 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r16, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") getsockopt$inet_mreqn(r16, 0x0, 0x20, &(0x7f0000000340)={@empty, @multicast1, 0x0}, &(0x7f0000000380)=0xc) r18 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r18, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r19, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r20 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r20, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r21, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r22 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r22, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r23, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r24 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r24, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r25, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r26 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r26, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r27, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r28 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r28, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r29, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x14cddd104cdf7ebd}, 0xc, &(0x7f00000007c0)={&(0x7f00000003c0)={0x3fc, r0, 0x400, 0x70bd29, 0x25dfdbfc, {}, [{{0x8, 0x1, r2}, {0x1a0, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r5}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x100000001}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0xecb}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r14}}}]}}, {{0x8, 0x1, r15}, {0xf0, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x5}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r17}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x7fff}}, {0x8, 0x6, r19}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0x1}}}]}}, {{0x8, 0x1, r21}, {0xc0, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @enabled={{{0x24, 0x1, 'enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r23}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0xec}}, {0x8, 0x6, r25}}}]}}, {{0x8, 0x1, r27}, {0x78, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r29}}}]}}]}, 0x3fc}, 0x1, 0x0, 0x0, 0x4004009}, 0x2000804) r30 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r30, 0x1, &(0x7f0000258f88)) msgsnd(r30, &(0x7f0000000000)={0x1}, 0x8, 0x0) r31 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x2000, 0x0) ioctl$PIO_UNISCRNMAP(r31, 0x4b6a, &(0x7f00000000c0)="1f164ad893c160a07d7e9c958e326b0a2a26ec61b9d0503e1ae1d4246cf129ad034cd18a00f51fe16440714a363808f0d1782df35543d46607913d0a09e9d4b4bf1ca23d104e28837b88f865859e3ec40b01462ac1ac7ad4e35b02eed1f4b0c0") msgctl$IPC_RMID(r30, 0x0) clock_getres(0x4, &(0x7f0000000040)) 05:25:39 executing program 2: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f0000fff000/0x1000)=nil, 0x1000}, &(0x7f0000000080)=0x10) msgctl$IPC_RMID(r0, 0x0) 05:25:39 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x7600f4) r3 = socket(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000000)=r5, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r5, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000080)={r5, @in={{0x2, 0x4e24, @remote}}}, 0x84) msgctl$IPC_RMID(r0, 0x0) 05:25:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 295.218629][T18479] ubi: mtd0 is already attached to ubi0 05:25:39 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 295.368996][T18585] FAT-fs (loop1): bogus number of reserved sectors [ 295.385595][T18585] FAT-fs (loop1): Can't find a valid FAT filesystem 05:25:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 05:25:39 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='\nsdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x0, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 295.569033][T18667] binder: BINDER_SET_CONTEXT_MGR already set [ 295.599151][T18667] binder: 18626:18667 ioctl 40046207 0 returned -16 05:25:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1925f88e, 0x0) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) 05:25:39 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 05:25:39 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='%sdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) getsockopt$inet_sctp6_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x74, &(0x7f00000007c0)=""/65, &(0x7f0000000440)=0x41) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x64e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x3, 0x9, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_timedreceive(r1, &(0x7f0000000180)=""/52, 0x34, 0x8, &(0x7f00000001c0)={0x0, 0x989680}) syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x42000) r2 = getpid() sched_setscheduler(r2, 0x5, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x5, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x4000000000003fe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_emit_ethernet(0x66, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c20000000180c289030086dd6076605100303afffe80034300050dff00000000000000ffff020000000000000000008f51000001860090780007880020c5961e00000000050400ff28000000180300000500000111050000000000000000000000000001"], 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)) fcntl$dupfd(r0, 0x0, r0) [ 295.738731][T18705] binder: BINDER_SET_CONTEXT_MGR already set [ 295.745818][T18705] binder: 18704:18705 ioctl 40046207 0 returned -16 [ 295.828729][T18735] binder: BINDER_SET_CONTEXT_MGR already set [ 295.845524][T18735] binder: 18712:18735 ioctl 40046207 0 returned -16 05:25:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) 05:25:40 executing program 2 (fault-call:3 fault-nth:0): r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:40 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='\\sdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:40 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x7600f4) r3 = socket(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000000)=r5, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r5, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000080)={r5, @in={{0x2, 0x4e24, @remote}}}, 0x84) msgctl$IPC_RMID(r0, 0x0) 05:25:40 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000040)={'bridge_slave_1\x00', {0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x25}}}) msgctl$IPC_RMID(r0, 0x0) [ 296.270606][T18824] FAULT_INJECTION: forcing a failure. [ 296.270606][T18824] name failslab, interval 1, probability 0, space 0, times 0 [ 296.305404][T18840] ubi: mtd0 is already attached to ubi0 [ 296.333257][T18824] CPU: 0 PID: 18824 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 296.341951][T18824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.352005][T18824] Call Trace: [ 296.352026][T18824] dump_stack+0x172/0x1f0 [ 296.352048][T18824] should_fail.cold+0xa/0x15 [ 296.364198][T18824] ? fault_create_debugfs_attr+0x180/0x180 [ 296.370007][T18824] ? kernel_init_free_pages+0x120/0x120 [ 296.370027][T18824] ? ___might_sleep+0x163/0x2c0 [ 296.380382][T18824] __should_failslab+0x121/0x190 [ 296.385315][T18824] should_failslab+0x9/0x14 [ 296.389816][T18824] kmem_cache_alloc_trace+0x2d3/0x790 [ 296.395187][T18824] ? lock_downgrade+0x920/0x920 [ 296.400035][T18824] ? rwlock_bug.part.0+0x90/0x90 [ 296.404971][T18824] perf_event_alloc.part.0+0xc0/0x33d0 [ 296.410426][T18824] ? __kasan_check_read+0x11/0x20 [ 296.415448][T18824] ? do_raw_spin_unlock+0x57/0x270 [ 296.420905][T18824] ? _raw_spin_unlock+0x2d/0x50 [ 296.425754][T18824] ? list_del_event+0x7f0/0x7f0 [ 296.430613][T18824] __do_sys_perf_event_open+0xa2d/0x2da0 [ 296.436242][T18824] ? __kasan_check_write+0x14/0x20 [ 296.441354][T18824] ? perf_event_set_output+0x4e0/0x4e0 [ 296.446811][T18824] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 296.453042][T18824] ? __ia32_sys_read+0xb0/0xb0 [ 296.457802][T18824] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 296.463870][T18824] __x64_sys_perf_event_open+0xbe/0x150 [ 296.469417][T18824] do_syscall_64+0xfa/0x760 [ 296.473922][T18824] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 296.479805][T18824] RIP: 0033:0x4598e9 [ 296.483693][T18824] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 296.503406][T18824] RSP: 002b:00007f9dc0aadc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 296.511819][T18824] RAX: ffffffffffffffda RBX: 00007f9dc0aadc90 RCX: 00000000004598e9 [ 296.519793][T18824] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 05:25:40 executing program 0 (fault-call:10 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 05:25:40 executing program 2 (fault-call:3 fault-nth:1): r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 296.527760][T18824] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 296.535726][T18824] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0aae6d4 [ 296.543692][T18824] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000004 05:25:40 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m\ndos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:40 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000000c0)={r1, &(0x7f0000000080)="c3c5ee4157c45789c1b1d5be8b2ff07b7de0453228327d880aca2943ec28c81925cec26a123f6575a4df71074eab7ae27107"}, 0x10) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 296.666796][T18935] FAULT_INJECTION: forcing a failure. [ 296.666796][T18935] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 296.680007][T18935] CPU: 0 PID: 18935 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 296.680021][T18935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.698715][T18935] Call Trace: [ 296.702003][T18935] dump_stack+0x172/0x1f0 [ 296.706332][T18935] should_fail.cold+0xa/0x15 [ 296.710923][T18935] ? fault_create_debugfs_attr+0x180/0x180 [ 296.716730][T18935] ? kernel_text_address+0x73/0xf0 [ 296.721837][T18935] ? __kernel_text_address+0xd/0x40 [ 296.727039][T18935] should_fail_alloc_page+0x50/0x60 [ 296.732235][T18935] __alloc_pages_nodemask+0x1a1/0x900 [ 296.737607][T18935] ? __alloc_pages_slowpath+0x28e0/0x28e0 [ 296.743328][T18935] ? fs_reclaim_acquire.part.0+0x30/0x30 [ 296.748953][T18935] ? __kasan_check_read+0x11/0x20 [ 296.753972][T18935] ? fault_create_debugfs_attr+0x180/0x180 [ 296.759776][T18935] cache_grow_begin+0x90/0xd20 [ 296.764535][T18935] ? perf_event_alloc.part.0+0xc0/0x33d0 [ 296.770163][T18935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 296.776402][T18935] kmem_cache_alloc_trace+0x6b3/0x790 [ 296.781773][T18935] perf_event_alloc.part.0+0xc0/0x33d0 [ 296.787223][T18935] ? __kasan_check_read+0x11/0x20 [ 296.792244][T18935] ? do_raw_spin_unlock+0x57/0x270 [ 296.797347][T18935] ? _raw_spin_unlock+0x2d/0x50 [ 296.797361][T18935] ? list_del_event+0x7f0/0x7f0 [ 296.797382][T18935] __do_sys_perf_event_open+0xa2d/0x2da0 [ 296.807058][T18935] ? __kasan_check_write+0x14/0x20 [ 296.807076][T18935] ? perf_event_set_output+0x4e0/0x4e0 [ 296.807093][T18935] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 296.807112][T18935] ? __ia32_sys_read+0xb0/0xb0 [ 296.817801][T18935] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 296.817817][T18935] __x64_sys_perf_event_open+0xbe/0x150 [ 296.817835][T18935] do_syscall_64+0xfa/0x760 [ 296.829505][T18935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 296.829516][T18935] RIP: 0033:0x4598e9 [ 296.829533][T18935] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 296.879657][T18935] RSP: 002b:00007f9dc0aadc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 296.888067][T18935] RAX: ffffffffffffffda RBX: 00007f9dc0aadc90 RCX: 00000000004598e9 [ 296.896047][T18935] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 [ 296.904024][T18935] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 05:25:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 296.911988][T18935] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0aae6d4 [ 296.919948][T18935] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000004 05:25:41 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x7600f4) r3 = socket(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000000)=r5, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r5, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000080)={r5, @in={{0x2, 0x4e24, @remote}}}, 0x84) msgctl$IPC_RMID(r0, 0x0) 05:25:41 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m#dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:41 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00') sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000540)={0x14, r6, 0x101, 0x0, 0x0, {0x2}}, 0x14}}, 0x0) r7 = socket(0x100000000011, 0x2, 0x0) getsockname$packet(r7, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], r8, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) sendmsg$FOU_CMD_GET(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x600}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r6, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@FOU_ATTR_PORT={0x8, 0x1, 0x4e23}, @FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x15}}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @multicast2}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @empty}, @FOU_ATTR_PEER_V4={0x8, 0x8, @empty}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_IFINDEX={0x8, 0xb, r8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4015}, 0x4000000) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$SIOCX25GSUBSCRIP(r1, 0x89e0, &(0x7f0000000040)={'nr0\x00', 0x7, 0x8}) 05:25:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f00000002c0)={0x0, {{0xa, 0x0, 0xfffffffffffffffe, @rand_addr="ae63931d3142057abcaecf79c9d031bd"}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r2, 0x40485404, &(0x7f0000000000)={{0xffffffffffffffff, 0x0, 0x2, 0x1, 0xfffffffffffff128}, 0x0, 0x1}) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 05:25:41 executing program 2 (fault-call:3 fault-nth:2): r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 297.175092][T19153] ubi: mtd0 is already attached to ubi0 05:25:41 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m%dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:41 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 297.334372][T19265] FAULT_INJECTION: forcing a failure. [ 297.334372][T19265] name failslab, interval 1, probability 0, space 0, times 0 [ 297.404193][T19265] CPU: 1 PID: 19265 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 297.412892][T19265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.422942][T19265] Call Trace: [ 297.426237][T19265] dump_stack+0x172/0x1f0 [ 297.430570][T19265] should_fail.cold+0xa/0x15 [ 297.435159][T19265] ? fault_create_debugfs_attr+0x180/0x180 [ 297.440963][T19265] ? kernel_init_free_pages+0x120/0x120 [ 297.446527][T19265] ? ___might_sleep+0x163/0x2c0 [ 297.451380][T19265] __should_failslab+0x121/0x190 [ 297.456312][T19265] should_failslab+0x9/0x14 [ 297.460809][T19265] kmem_cache_alloc+0x2aa/0x710 [ 297.465659][T19265] ? lock_downgrade+0x920/0x920 [ 297.470511][T19265] getname_kernel+0x53/0x370 [ 297.475097][T19265] kern_path+0x20/0x40 [ 297.479164][T19265] create_local_trace_uprobe+0x87/0x4a0 [ 297.484722][T19265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 297.490972][T19265] ? bpf_get_uprobe_info+0x340/0x340 [ 297.496261][T19265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 297.502499][T19265] ? memdup_user+0x65/0xb0 [ 297.506919][T19265] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 297.513166][T19265] perf_uprobe_init+0x131/0x210 [ 297.518016][T19265] perf_uprobe_event_init+0x106/0x1a0 [ 297.523385][T19265] perf_try_init_event+0x135/0x590 [ 297.528499][T19265] perf_event_alloc.part.0+0x1b89/0x33d0 [ 297.534127][T19265] ? __kasan_check_read+0x11/0x20 [ 297.539157][T19265] ? do_raw_spin_unlock+0x57/0x270 [ 297.544270][T19265] ? list_del_event+0x7f0/0x7f0 [ 297.549129][T19265] __do_sys_perf_event_open+0xa2d/0x2da0 [ 297.554770][T19265] ? __kasan_check_write+0x14/0x20 [ 297.559920][T19265] ? perf_event_set_output+0x4e0/0x4e0 [ 297.565381][T19265] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 297.571623][T19265] ? __ia32_sys_read+0xb0/0xb0 [ 297.576385][T19265] ? switch_fpu_return+0x1fa/0x4f0 [ 297.581499][T19265] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 297.587567][T19265] __x64_sys_perf_event_open+0xbe/0x150 [ 297.593117][T19265] do_syscall_64+0xfa/0x760 [ 297.597627][T19265] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.603514][T19265] RIP: 0033:0x4598e9 [ 297.607407][T19265] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.627006][T19265] RSP: 002b:00007f9dc0a8cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 297.635418][T19265] RAX: ffffffffffffffda RBX: 00007f9dc0a8cc90 RCX: 00000000004598e9 [ 297.643386][T19265] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 05:25:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x8) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 297.651357][T19265] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 297.659331][T19265] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0a8d6d4 [ 297.667307][T19265] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000003 05:25:41 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m*dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:41 executing program 5: r0 = msgget$private(0x0, 0x10) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x1, 0x2) getsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f0000000080)={@dev}, &(0x7f00000000c0)=0xc) socket$isdn(0x22, 0x3, 0x42) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x4000, 0x0) ioctl$TIOCGETD(r2, 0x5424, &(0x7f0000000140)) msgctl$IPC_RMID(r0, 0x0) 05:25:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x8840, 0x0) setsockopt$inet_tcp_TCP_ULP(r1, 0x6, 0x1f, 0x0, 0x0) r2 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000040)={0x7, 0x8, 0x3f}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 05:25:41 executing program 2 (fault-call:3 fault-nth:3): r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:42 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r2, 0x40186f40, 0x7600f4) r3 = socket(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f0000000000)=r5, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000240)={r5, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000080)={r5, @in={{0x2, 0x4e24, @remote}}}, 0x84) 05:25:42 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}) msgsnd(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="01000200c7003592f826aeb20000"], 0x8, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000080)) msgctl$IPC_RMID(r0, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000000)) 05:25:42 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m+dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 298.009319][T19422] FAULT_INJECTION: forcing a failure. [ 298.009319][T19422] name failslab, interval 1, probability 0, space 0, times 0 [ 298.038104][T19422] CPU: 0 PID: 19422 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 298.046806][T19422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.056872][T19422] Call Trace: [ 298.056893][T19422] dump_stack+0x172/0x1f0 [ 298.056914][T19422] should_fail.cold+0xa/0x15 [ 298.069107][T19422] ? fault_create_debugfs_attr+0x180/0x180 [ 298.074919][T19422] ? kernel_init_free_pages+0x120/0x120 [ 298.074933][T19422] ? ___might_sleep+0x163/0x2c0 [ 298.074948][T19422] __should_failslab+0x121/0x190 [ 298.074967][T19422] should_failslab+0x9/0x14 [ 298.090269][T19422] __kmalloc+0x2e0/0x770 [ 298.090288][T19422] ? lock_downgrade+0x920/0x920 [ 298.103830][T19422] ? memcpy+0x46/0x50 05:25:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) setsockopt$inet6_udp_encap(r2, 0x11, 0x64, &(0x7f0000000200)=0x4, 0x4) r3 = getpgrp(0x0) r4 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r4, 0x40042408, r5) fcntl$setownex(r5, 0xf, &(0x7f0000000240)={0x2, r3}) fcntl$setsig(r2, 0xa, 0x11) fcntl$setlease(r2, 0x400, 0x0) fcntl$setlease(r2, 0x400, 0x2) ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000000)={0x0, 0x4, 0x4, 0x70000, {0x0, 0x2710}, {0x4, 0x1, 0x0, 0x7, 0x3a180907, 0x0, "a36edb5c"}, 0x4, 0x4, @offset=0xeaf, 0x4}) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) [ 298.107802][T19422] ? alloc_trace_uprobe+0x3a/0x250 [ 298.107817][T19422] alloc_trace_uprobe+0x3a/0x250 [ 298.107834][T19422] create_local_trace_uprobe+0x109/0x4a0 [ 298.123445][T19422] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 298.129682][T19422] ? bpf_get_uprobe_info+0x340/0x340 [ 298.134971][T19422] ? memdup_user+0x65/0xb0 [ 298.139389][T19422] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 298.145632][T19422] perf_uprobe_init+0x131/0x210 [ 298.150487][T19422] perf_uprobe_event_init+0x106/0x1a0 [ 298.155857][T19422] perf_try_init_event+0x135/0x590 [ 298.160967][T19422] perf_event_alloc.part.0+0x1b89/0x33d0 [ 298.166596][T19422] ? __kasan_check_read+0x11/0x20 [ 298.171616][T19422] ? do_raw_spin_unlock+0x57/0x270 [ 298.176735][T19422] ? list_del_event+0x7f0/0x7f0 [ 298.181586][T19422] __do_sys_perf_event_open+0xa2d/0x2da0 [ 298.187217][T19422] ? __kasan_check_write+0x14/0x20 [ 298.192329][T19422] ? perf_event_set_output+0x4e0/0x4e0 [ 298.197786][T19422] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 298.204023][T19422] ? __ia32_sys_read+0xb0/0xb0 [ 298.208790][T19422] ? switch_fpu_return+0x1fa/0x4f0 [ 298.213903][T19422] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 298.219965][T19422] __x64_sys_perf_event_open+0xbe/0x150 [ 298.225620][T19422] do_syscall_64+0xfa/0x760 [ 298.230392][T19422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 298.236291][T19422] RIP: 0033:0x4598e9 [ 298.240185][T19422] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 298.260389][T19422] RSP: 002b:00007f9dc0aadc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 298.268793][T19422] RAX: ffffffffffffffda RBX: 00007f9dc0aadc90 RCX: 00000000004598e9 [ 298.276758][T19422] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 [ 298.284720][T19422] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 298.292689][T19422] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0aae6d4 [ 298.300654][T19422] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000004 05:25:42 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x2000000000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) accept4$rose(r3, &(0x7f0000000080)=@full={0xb, @remote, @netrom, 0x0, [@bcast, @remote, @default, @null, @rose, @bcast]}, &(0x7f00000000c0)=0x40, 0xac6d0af4908f3a82) r5 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r6 = getpgrp(0x0) fcntl$setownex(r5, 0xf, &(0x7f0000000040)={0x2, r6}) fcntl$setsig(r5, 0xa, 0x11) fcntl$setlease(r5, 0x400, 0x0) fcntl$setlease(r5, 0x400, 0x2) ioctl$TCSETXF(r5, 0x5434, &(0x7f0000000100)={0x9, 0x9ea9, [0x1, 0x0, 0x4, 0xcbc0, 0x6], 0x7}) r7 = msgget(0x3, 0x80) msgsnd(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="000000ff5e34a3cb71655ac9daca703fb24734b5f4a10000000000"], 0x1b, 0x0) msgctl$IPC_RMID(r0, 0x0) r8 = gettid() ptrace$peek(0x2, r8, &(0x7f0000000140)) [ 298.368464][T19503] ubi: mtd0 is already attached to ubi0 [ 298.430534][T19422] trace_uprobe: Failed to allocate trace_uprobe.(-12) 05:25:42 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m-dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:42 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) r3 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r3, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)='vmnet1\x8feth1-{*\x00'}, 0x30) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001140)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000001240)=0xe8) r5 = getegid() r6 = dup(0xffffffffffffffff) ioctl$VIDIOC_QUERY_DV_TIMINGS(r6, 0x80845663, &(0x7f0000000980)) r7 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r8 = getpgrp(0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000040)={0x2, r8}) fcntl$setsig(r7, 0xa, 0x11) fcntl$setlease(r7, 0x400, 0x0) fcntl$setlease(r7, 0x400, 0x2) ioctl$VIDIOC_G_TUNER(r7, 0xc054561d, &(0x7f0000000900)={0x3, "5706ef69acdfe59994cd1f0b7b52237048d996cb20411f176ab8e7b29c569742", 0x4, 0x800, 0x6, 0x7, 0x1, 0x2, 0x10000, 0x2}) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r10 = gettid() r11 = getegid() r12 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) fchmod(r12, 0x138) fsetxattr$system_posix_acl(r12, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [{0x2, 0x1}, {}], {0x4, 0x1}, [{0x8, 0x1}, {}, {0x8, 0x6, r11}, {0x8, 0x4}], {0x10, 0x1}, {0x20, 0x4}}, 0x54, 0x1) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001100)=[{&(0x7f00000000c0)={0x810, 0x42, 0x2, 0x70bd27, 0x0, "", [@generic="ba3fa6f66f62c9bbfdd98520b6a607fe619d41ea32ebe34c27a87b72a8c8a73310f5340bf8607bc907bd8c58808409b861b84eaae363e27eddd334144d63e4f0b518f9619114b8e3ba25b67b86fd4c12d60bb55831c0c79c60d43de088620c6dd7ab23b94a4b5f4d755b2ef36952add583bcc35d9ef2e8dc0f29a9b8eef7972bc1ca854301bedf50694a41f320b7ac5517f41d5072ecee6375d71b14cbc64eb416272e9d4cb549cc69dd297640821210a1d187de203a067e56750cf56bf64b33b346141c42394d6bc41d05dc8490d3225712ea367667328b37acd19fa4ff10b4bb526ffa805afc42381b3da56e6dd9f440c163f6917dc002ef987c0e0a0bb51b1acc33155b178a77d75d8cc483613b2f8a47f619e6de7b86852f574780619ddb130ebbd24a897fb202567bfa944d561fdb19461b3481aa4c3f048089f983a547959ca6799433d581472fe5a75ef637f2cc0956faee63c2a8230fe3203924e629570ed6c6b25841f987a5af01e11cf8cb6710b1c567daee534b95bc2146d09a7b323823cd65d64426d7ee83ec7be0ca83dfac16c3f53e81a1a936964495078a56a818e7865aa1ff8a14fb712d221cebf53217461f7a8599a105e8e904144e68ea51cd71946e76921ec598aad55a963a1aa0c4b2271aee16b49f7cd3a7f1f8a1cfcdccbe418501c34b3781bdd11233967b0d8a359a85ac04e1b35fac7e30eb14fdbd68c73f6c6e0d6be6aeed646c73648064532c5fcec145647202b8f3bf1776ed6953c2a5e068f78dae2b91cff410cd2a1a316b75adf70246194fb395dc16cdbb68b61d9619c2be037a56cfbacb0ffa407e19632922f78100a546a035e4d012f1317300c65db81fbf82a83099c7412247c799f909b296a568a1021857ca894f08c19c1baa26e2a3f610d7ee3da54f89fb3481e20630475522fa0c02d04f60d17f9cd90ea8d7ae223bc75fb21c42e21961615d711846223d605f52dcf9902e89c2a055d1906bd9d20ffc33db5356c124eca7142b0f875752a2476f5098ccf1c1fce52507b3e6fa3f80ffe16ff45f9d4eb9c3eb1d302d736539225396889761e7ada23c28824fce786ebfddd6ed0042fcb6ce4447e77a72ec63e1f3a4595bb7a717c7796f6f981c2c098177df3d83923acdff548a380c12f42f397fcb36cf05c5887c8a2cebcfa93a3b6256f42202b60b0d7dcbacaf14d9c5ad9cf765dac5802b140cb22fbe41ac6e585d320a24971f009c39288ce6a4d83ea4eed9f0b0fb641d3556826b43923148a8bf1dfdaca421a82b2207b84f2cd02fe2fa9161e8c04b961f97dafa773905c99c51e0b360c786539e89f2d3fc0c9a56454baa7fec40280c716f38232471881bc4060e54be1588f9f0d2521b386b592c1ea4b9552123f13c5724cae290e6cb7d2a90ca5bcc799774a1a8fce9fdf2679be8b6952505fbeaf3f6d2aa7178d22dfe79349381b8a482561ac4e95ca207e86f7d56a9e2ea3b682c4d833fd9b65d0d91b2fb8bc8feef96d247dc79a08a5dafd0cc86551fd0352562079abe950f39d05d2bb1f651de696680d313b224b197d48bed9a0ed4240d17b3c876440b181d2145ab5c895cd24d29018f673811fd808610e15b1625ca3b0e0d69f0fbcd6d4f9c66edd080a9e4c1c88f3767c2f7183a957861f772b2dac372dc11e1409ed112ead3a939ca4b2df8bb8b1539fb031c6fba066ee3f2159731d97885118ab830b42b59d9ed7b43462d6370d30a6942d6ba16f0bdc71f661e476491bb8deefd411b0e4f3df692f6fb71adec70d807d013d73bee7837929baa2c4a17107ab6a4c0ab14a3624768b167e8144b555443c3b89a108e5dcc118d12e62e45f770967ac77bdaf86cb131fc39ac6055d362ae4f600db0afd8214b2395efb192b76ce42c87849d2fcfadf64a7e6e83de25f3b8efc3839e09807f477fe83f5113230f3b34747f10424acb71fbd46709cd820cbe2c868b0a85269f00e2b889f541c809d7a8aa19ac9092593a53a95d75db0dbd7b33da7f43cc9f6d9bb679ea86510cc293adc7c174d1dab8eb94b591ce805add8eefb3abd79870a19fa411ae23cf97c868b944c8dd1364a1ed16adb73176b1ad9d715d09f3d048b2dd2c3fab4a99c75675acd50703bfafdac5cc0b3fef90b4c3463d2a114af149ce577ab74608cc844bd27f0918a0d83f58eaf3623180e9a0034db3b05a0259ef0dc754f290f586ba8e78673440b5d5956c20cfa29ae01e184a8bcee520a7f99c260653202ae8b7799e453e352c8bdb3fa37c189d2d64523bb355e21fef2085e564d3fc4568617ab0d06430c1f082183e140100236b966bd80c6bdd3c5def8d98f4ad5b373d935750c1e6748a931cbc80b267ffd24e5b3c1d41aa620559ea7916e8780b89cebf7d76cc528a6daadd6f7d96be7a20df6b5964bee644459b4c626ce98c10a2cc4497f69fe9a70dd5f083f4f9fd71f23aafb337d0da653acad9bf6f7ac7b852bbc59b67ac7a0ac0fa6fe1a0c95cc2ee073b8200894e8ee76b7f64b6228d9f8f7d1c0172f461175014e5f42a141a857272d21e057f4fefeec41f0fbb316e82243ca905fb2bbc7e68dcb4db476b500e815501c99023d04e214b31729cb4d33e17072c9bac0647cceaf36fe4ef2f1c02c5cd17598f806e5816701a0312d23f2745e84475ccf257168d349383cd4e163be45ab3b7cef4931dcad17fdfe550a113e751b18edc6e86325817555c3ecaf0e707989267baff1046813b43f5ddccd6fdee83e113a9026e31e7a289b9260d32f6790cade4702ebb150e0cb45eefc515a7b972f28e689ff35bc455dd972ddde56077ac9ac7a3b4cb6f32185a1722f5dcb5fbe87c77bc0e78857fe65a6b18aacd7115c797d359e2e0548a03c60f4e3c7fd6ad74584744"]}, 0x810}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r3, r4, r5}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r6]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r9, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r10, 0x0, r11}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0xb8, 0x40000}, 0x8000) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r5}, 0x78}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:42 executing program 2 (fault-call:3 fault-nth:4): r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:42 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0xfffffffffffffffd}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_crypto(0x10, 0x3, 0x15) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) recvfrom$rxrpc(r3, &(0x7f00000002c0)=""/4096, 0x1000, 0x40, &(0x7f0000000000)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e24, @multicast1}}, 0x24) 05:25:42 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000b80)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f469866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6ef9d4d6faca564c6caca3acde744224f677521e83db3ff042c5d992311e8e81beb4036170d5a69363db39a212ebb407b7b0afa8cfca9168d59981606a03c403ef144a5df16a09feba37a5c9c9a52d28de41b8516d40558798944662c81b13b76245c8687081604a20ba6c6a22d55a5bf1739105cded65035f5d9cd87f39ab21c442699690b21f919cc1e7c7d2cb36f8270151a78f9ab3ce9845d6d91821934f9b995298f96fbe0aad9b53b882dc3ffb63d5a1342098465dad774d3a32aa0e8bb19e009"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e000000520081f8f7000000000000040a4865160b0001000e000000000004000200000040d819a9ffe200000000", 0x2e}], 0x1}, 0x0) msgsnd(r0, &(0x7f0000000080)=ANY=[], 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:42 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m.dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 298.758890][T19626] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. [ 298.774357][T19629] FAULT_INJECTION: forcing a failure. [ 298.774357][T19629] name failslab, interval 1, probability 0, space 0, times 0 [ 298.813551][T19629] CPU: 1 PID: 19629 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 298.822252][T19629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.832302][T19629] Call Trace: [ 298.835595][T19629] dump_stack+0x172/0x1f0 [ 298.839928][T19629] should_fail.cold+0xa/0x15 [ 298.844522][T19629] ? fault_create_debugfs_attr+0x180/0x180 [ 298.850337][T19629] ? kernel_init_free_pages+0x120/0x120 [ 298.855880][T19629] ? ___might_sleep+0x163/0x2c0 [ 298.860727][T19629] __should_failslab+0x121/0x190 [ 298.865837][T19629] should_failslab+0x9/0x14 [ 298.870342][T19629] kmem_cache_alloc+0x2aa/0x710 [ 298.875199][T19629] ? __bpf_address_lookup+0x310/0x310 [ 298.880568][T19629] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 298.886282][T19629] __d_alloc+0x2e/0x8c0 [ 298.890449][T19629] d_alloc+0x4d/0x280 [ 298.894432][T19629] d_alloc_parallel+0xf4/0x1c30 [ 298.899279][T19629] ? arch_stack_walk+0x97/0xf0 [ 298.904049][T19629] ? stack_trace_save+0xac/0xe0 [ 298.908896][T19629] ? __d_lookup_rcu+0x6c0/0x6c0 [ 298.913747][T19629] ? __kasan_check_write+0x14/0x20 [ 298.918857][T19629] ? lockdep_init_map+0x1be/0x6d0 [ 298.923909][T19629] ? lockdep_init_map+0x1be/0x6d0 [ 298.928934][T19629] __lookup_slow+0x1ab/0x500 [ 298.933527][T19629] ? vfs_unlink+0x620/0x620 [ 298.938043][T19629] ? trailing_symlink+0x990/0x990 [ 298.943055][T19629] ? path_init+0x18f0/0x18f0 [ 298.947641][T19629] lookup_slow+0x58/0x80 [ 298.951882][T19629] walk_component+0x747/0x2000 [ 298.956646][T19629] ? inode_permission+0xb4/0x560 [ 298.961587][T19629] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 298.967835][T19629] ? path_init+0x18f0/0x18f0 [ 298.972434][T19629] ? walk_component+0x2000/0x2000 [ 298.977467][T19629] path_lookupat.isra.0+0x1f5/0x8d0 [ 298.982670][T19629] ? do_syscall_64+0xfa/0x760 [ 298.987351][T19629] ? path_parentat.isra.0+0x160/0x160 [ 298.992721][T19629] ? __kasan_check_read+0x11/0x20 [ 298.997748][T19629] ? __kasan_check_read+0x11/0x20 [ 299.002776][T19629] ? __alloc_pages_nodemask+0x579/0x900 [ 299.008328][T19629] ? cache_grow_end+0xa4/0x190 [ 299.013101][T19629] ? __kasan_check_read+0x11/0x20 [ 299.018127][T19629] filename_lookup+0x1b0/0x3f0 [ 299.022901][T19629] ? lock_downgrade+0x920/0x920 [ 299.027747][T19629] ? nd_jump_link+0x1d0/0x1d0 [ 299.032426][T19629] ? kasan_unpoison_shadow+0x35/0x50 [ 299.037708][T19629] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 299.043520][T19629] ? kmem_cache_alloc+0x314/0x710 [ 299.048545][T19629] ? lock_downgrade+0x920/0x920 [ 299.053402][T19629] ? memcpy+0x46/0x50 [ 299.057388][T19629] ? getname_kernel+0x223/0x370 [ 299.062244][T19629] kern_path+0x36/0x40 [ 299.066315][T19629] create_local_trace_uprobe+0x87/0x4a0 [ 299.071880][T19629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 299.078118][T19629] ? bpf_get_uprobe_info+0x340/0x340 [ 299.083410][T19629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 299.089653][T19629] ? memdup_user+0x65/0xb0 [ 299.094072][T19629] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 299.100314][T19629] perf_uprobe_init+0x131/0x210 [ 299.105164][T19629] perf_uprobe_event_init+0x106/0x1a0 [ 299.110547][T19629] perf_try_init_event+0x135/0x590 [ 299.115664][T19629] perf_event_alloc.part.0+0x1b89/0x33d0 [ 299.121299][T19629] ? __kasan_check_read+0x11/0x20 [ 299.126337][T19629] ? do_raw_spin_unlock+0x57/0x270 [ 299.131457][T19629] ? list_del_event+0x7f0/0x7f0 [ 299.136311][T19629] __do_sys_perf_event_open+0xa2d/0x2da0 [ 299.141947][T19629] ? __kasan_check_write+0x14/0x20 [ 299.147063][T19629] ? perf_event_set_output+0x4e0/0x4e0 [ 299.152527][T19629] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 299.158770][T19629] ? __ia32_sys_read+0xb0/0xb0 [ 299.163525][T19629] ? switch_fpu_return+0x1fa/0x4f0 [ 299.168632][T19629] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 299.174704][T19629] __x64_sys_perf_event_open+0xbe/0x150 [ 299.180256][T19629] do_syscall_64+0xfa/0x760 [ 299.184764][T19629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.190650][T19629] RIP: 0033:0x4598e9 [ 299.194543][T19629] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:25:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty, 0x7fff}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) r1 = geteuid() lchown(&(0x7f0000000000)='./file0\x00', r1, 0xffffffffffffffff) ioprio_get$uid(0x1, r1) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000040)=0xe1e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r2, 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r3, 0x80045700, &(0x7f00000000c0)={0x0, {0x77359400}}) tkill(r2, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vga_arbiter\x00', 0x551000, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r4, 0x84, 0x12, &(0x7f0000000240)=0x9, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x80001, 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r6, 0x84, 0x4, &(0x7f0000000300), &(0x7f0000000340)=0x4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r7 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xffffffffffffff85, 0x9943) ioctl$KVM_CHECK_EXTENSION_VM(r7, 0xae03, 0xdc79) 05:25:43 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r1, 0x40186f40, 0x7600f4) r2 = socket(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000000)=r4, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000240)={r4, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) [ 299.214145][T19629] RSP: 002b:00007f9dc0a8cc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 299.222562][T19629] RAX: ffffffffffffffda RBX: 00007f9dc0a8cc90 RCX: 00000000004598e9 [ 299.230533][T19629] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 [ 299.238500][T19629] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 299.246472][T19629] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0a8d6d4 [ 299.254442][T19629] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000003 [ 299.315084][T19632] netlink: 14 bytes leftover after parsing attributes in process `syz-executor.5'. 05:25:43 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m/dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:43 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0100090400cae8a6833a97005fe92963907802def889c27cb7c62b06021385e2b97ef5d125c880058f0e95ffff563ff0030dd1ec27ff195f966c3b4951f83d91976e3955d922da35a000"], 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 299.406331][T19703] ubi: mtd0 is already attached to ubi0 05:25:43 executing program 5: r0 = msgget$private(0x0, 0x0) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, r1, 0x0, 0xffffffffffffffff}}) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgrcv(0xffffffffffffffff, &(0x7f0000000040)={0x0, ""/118}, 0x7e, 0x1, 0x1000) msgget$private(0x0, 0x4) msgctl$IPC_RMID(r0, 0x0) 05:25:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xbc6}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) ptrace$cont(0xffffffffffffffff, r1, 0x7, 0x2) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') r3 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r4 = getpgrp(0x0) fcntl$setownex(r3, 0xf, &(0x7f0000000040)={0x2, r4}) fcntl$setsig(r3, 0xa, 0x11) fcntl$setlease(r3, 0x400, 0x0) fcntl$setlease(r3, 0x400, 0x2) write$P9_RXATTRWALK(r3, &(0x7f0000000200)={0xf, 0x1f, 0x1, 0x5}, 0xf) readv(r2, &(0x7f0000000140)=[{&(0x7f0000000180)=""/91, 0x2ee}], 0x1) write$P9_RXATTRWALK(r2, &(0x7f0000000080)={0xfffffffffffffdf2}, 0x2000008f) timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000014) r5 = gettid() setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 05:25:43 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m0dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:43 executing program 2 (fault-call:3 fault-nth:5): r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="48bd"], 0x2) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 05:25:43 executing program 5: r0 = msgget$private(0x0, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='cgroup\x00') ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r1, 0xc0a85320, &(0x7f0000000080)={{0x10000, 0x5}, 'port1\x00', 0xc1, 0x800, 0x5, 0x8, 0x20, 0x1ff, 0x0, 0x0, 0x4, 0xfffffffffffffff8}) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) 05:25:43 executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0xb2992350d3c314c3) ioctl$VIDIOC_RESERVED(r0, 0x5601, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x10010000000035) fcntl$setstatus(r2, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x20000000000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r6 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r6, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") connect$l2tp(r5, &(0x7f0000000240)=@pppol2tp={0x18, 0x1, {0x0, r6, {0x2, 0x4e20, @multicast2}, 0x1, 0x2, 0x4, 0x2}}, 0x26) r7 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r8 = getpgrp(0x0) fcntl$setownex(r7, 0xf, &(0x7f0000000040)={0x2, r8}) fcntl$setsig(r7, 0xa, 0x11) fcntl$setlease(r7, 0x400, 0x0) r9 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e6d3b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r9, 0x40042408, r10) fcntl$setlease(r9, 0x400, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r7, 0x29, 0x45, &(0x7f00000002c0)={'HL\x00'}, &(0x7f0000000300)=0x1e) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 05:25:43 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='mXdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) 05:25:44 executing program 5: r0 = msgget$private(0x0, 0x0) r1 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={r1, 0xffffffffffffffff, 0x0, 0xf, &(0x7f0000000000)='vmnet1\x8feth1-{*\x00'}, 0x30) r2 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r3 = getpgrp(0x0) fcntl$setownex(r2, 0xf, &(0x7f0000000040)={0x2, r3}) ioprio_set$pid(0x0, r3, 0x3) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000001140)={{{@in=@local, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000000980)=0xe8) r5 = getegid() r6 = dup(0xffffffffffffffff) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r8 = gettid() r9 = getegid() r10 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) fchmod(r10, 0x138) fsetxattr$system_posix_acl(r10, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {0x1, 0x4}, [{0x2, 0x1}, {}], {0x4, 0x1}, [{0x8, 0x1}, {}, {0x8, 0x6, r9}, {0x8, 0x4}], {0x10, 0x1}, {0x20, 0x4}}, 0x54, 0x1) r11 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r11, 0x1000008912, &(0x7f00000000c0)="11dca5055e0bcfe47bf070") ioctl$sock_inet_SIOCGARP(r11, 0x8954, &(0x7f0000000a00)={{0x2, 0x4e23, @rand_addr=0x400}, {0x6, @broadcast}, 0x20, {0x2, 0x4e20, @local}, 'nlmon0\x00'}) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000000c0)={0x810, 0x42, 0x2, 0x70bd27, 0x0, "", [@generic="ba3fa6f66f62c9bbfdd98520b6a607fe619d41ea32ebe34c27a87b72a8c8a73310f5340bf8607bc907bd8c58808409b861b84eaae363e27eddd334144d63e4f0b518f9619114b8e3ba25b67b86fd4c12d60bb55831c0c79c60d43de088620c6dd7ab23b94a4b5f4d755b2ef36952add583bcc35d9ef2e8dc0f29a9b8eef7972bc1ca854301bedf50694a41f320b7ac5517f41d5072ecee6375d71b14cbc64eb416272e9d4cb549cc69dd297640821210a1d187de203a067e56750cf56bf64b33b346141c42394d6bc41d05dc8490d3225712ea367667328b37acd19fa4ff10b4bb526ffa805afc42381b3da56e6dd9f440c163f6917dc002ef987c0e0a0bb51b1acc33155b178a77d75d8cc483613b2f8a47f619e6de7b86852f574780619ddb130ebbd24a897fb202567bfa944d561fdb19461b3481aa4c3f048089f983a547959ca6799433d581472fe5a75ef637f2cc0956faee63c2a8230fe3203924e629570ed6c6b25841f987a5af01e11cf8cb6710b1c567daee534b95bc2146d09a7b323823cd65d64426d7ee83ec7be0ca83dfac16c3f53e81a1a936964495078a56a818e7865aa1ff8a14fb712d221cebf53217461f7a8599a105e8e904144e68ea51cd71946e76921ec598aad55a963a1aa0c4b2271aee16b49f7cd3a7f1f8a1cfcdccbe418501c34b3781bdd11233967b0d8a359a85ac04e1b35fac7e30eb14fdbd68c73f6c6e0d6be6aeed646c73648064532c5fcec145647202b8f3bf1776ed6953c2a5e068f78dae2b91cff410cd2a1a316b75adf70246194fb395dc16cdbb68b61d9619c2be037a56cfbacb0ffa407e19632922f78100a546a035e4d012f1317300c65db81fbf82a83099c7412247c799f909b296a568a1021857ca894f08c19c1baa26e2a3f610d7ee3da54f89fb3481e20630475522fa0c02d04f60d17f9cd90ea8d7ae223bc75fb21c42e21961615d711846223d605f52dcf9902e89c2a055d1906bd9d20ffc33db5356c124eca7142b0f875752a2476f5098ccf1c1fce52507b3e6fa3f80ffe16ff45f9d4eb9c3eb1d302d736539225396889761e7ada23c28824fce786ebfddd6ed0042fcb6ce4447e77a72ec63e1f3a4595bb7a717c7796f6f981c2c098177df3d83923acdff548a380c12f42f397fcb36cf05c5887c8a2cebcfa93a3b6256f42202b60b0d7dcbacaf14d9c5ad9cf765dac5802b140cb22fbe41ac6e585d320a24971f009c39288ce6a4d83ea4eed9f0b0fb641d3556826b43923148a8bf1dfdaca421a82b2207b84f2cd02fe2fa9161e8c04b961f97dafa773905c99c51e0b360c786539e89f2d3fc0c9a56454baa7fec40280c716f38232471881bc4060e54be1588f9f0d2521b386b592c1ea4b9552123f13c5724cae290e6cb7d2a90ca5bcc799774a1a8fce9fdf2679be8b6952505fbeaf3f6d2aa7178d22dfe79349381b8a482561ac4e95ca207e86f7d56a9e2ea3b682c4d833fd9b65d0d91b2fb8bc8feef96d247dc79a08a5dafd0cc86551fd0352562079abe950f39d05d2bb1f651de696680d313b224b197d48bed9a0ed4240d17b3c876440b181d2145ab5c895cd24d29018f673811fd808610e15b1625ca3b0e0d69f0fbcd6d4f9c66edd080a9e4c1c88f3767c2f7183a957861f772b2dac372dc11e1409ed112ead3a939ca4b2df8bb8b1539fb031c6fba066ee3f2159731d97885118ab830b42b59d9ed7b43462d6370d30a6942d6ba16f0bdc71f661e476491bb8deefd411b0e4f3df692f6fb71adec70d807d013d73bee7837929baa2c4a17107ab6a4c0ab14a3624768b167e8144b555443c3b89a108e5dcc118d12e62e45f770967ac77bdaf86cb131fc39ac6055d362ae4f600db0afd8214b2395efb192b76ce42c87849d2fcfadf64a7e6e83de25f3b8efc3839e09807f477fe83f5113230f3b34747f10424acb71fbd46709cd820cbe2c868b0a85269f00e2b889f541c809d7a8aa19ac9092593a53a95d75db0dbd7b33da7f43cc9f6d9bb679ea86510cc293adc7c174d1dab8eb94b591ce805add8eefb3abd79870a19fa411ae23cf97c868b944c8dd1364a1ed16adb73176b1ad9d715d09f3d048b2dd2c3fab4a99c75675acd50703bfafdac5cc0b3fef90b4c3463d2a114af149ce577ab74608cc844bd27f0918a0d83f58eaf3623180e9a0034db3b05a0259ef0dc754f290f586ba8e78673440b5d5956c20cfa29ae01e184a8bcee520a7f99c260653202ae8b7799e453e352c8bdb3fa37c189d2d64523bb355e21fef2085e564d3fc4568617ab0d06430c1f082183e140100236b966bd80c6bdd3c5def8d98f4ad5b373d935750c1e6748a931cbc80b267ffd24e5b3c1d41aa620559ea7916e8780b89cebf7d76cc528a6daadd6f7d96be7a20df6b5964bee644459b4c626ce98c10a2cc4497f69fe9a70dd5f083f4f9fd71f23aafb337d0da653acad9bf6f7ac7b852bbc59b67ac7a0ac0fa6fe1a0c95cc2ee073b8200894e8ee76b7f64b6228d9f8f7d1c0172f461175014e5f42a141a857272d21e057f4fefeec41f0fbb316e82243ca905fb2bbc7e68dcb4db476b500e815501c99023d04e214b31729cb4d33e17072c9bac0647cceaf36fe4ef2f1c02c5cd17598f806e5816701a0312d23f2745e84475ccf257168d349383cd4e163be45ab3b7cef4931dcad17fdfe550a113e751b18edc6e86325817555c3ecaf0e707989267baff1046813b43f5ddccd6fdee83e113a9026e31e7a289b9260d32f6790cade4702ebb150e0cb45eefc515a7b972f28e689ff35bc455dd972ddde56077ac9ac7a3b4cb6f32185a1722f5dcb5fbe87c77bc0e78857fe65a6b18aacd7115c797d359e2e0548a03c60f4e3c7fd6ad74584744"]}, 0x810}], 0x1, &(0x7f0000001480)=[@cred={{0x1c, 0x1, 0x2, {r1, r4, r5}}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r6]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {r8, 0x0, r9}}}, @cred={{0xa, 0x1, 0x2, {0x0, 0x0, 0xee00}}}], 0xb8, 0x40000}, 0x8000) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, 0x0, 0x0, r9, 0x11a, 0x41f}, 0x0, 0x2, 0xfffffffffffffffd, 0x0, 0x100000000000000}) semget(0x0, 0x2, 0x31) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r12 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x0, 0x0) getsockopt$inet_pktinfo(r12, 0x0, 0x8, &(0x7f0000000080)={0x0, @broadcast, @broadcast}, &(0x7f0000000100)=0xc) accept$inet6(0xffffffffffffffff, 0x0, &(0x7f00000009c0)) msgctl$IPC_RMID(r0, 0x0) [ 299.951267][T19823] FAULT_INJECTION: forcing a failure. [ 299.951267][T19823] name failslab, interval 1, probability 0, space 0, times 0 [ 300.003256][T19823] CPU: 1 PID: 19823 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 300.011953][T19823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.022005][T19823] Call Trace: [ 300.025299][T19823] dump_stack+0x172/0x1f0 [ 300.029633][T19823] should_fail.cold+0xa/0x15 [ 300.034220][T19823] ? fault_create_debugfs_attr+0x180/0x180 [ 300.040025][T19823] ? kernel_init_free_pages+0x120/0x120 [ 300.045582][T19823] ? ___might_sleep+0x163/0x2c0 [ 300.050440][T19823] __should_failslab+0x121/0x190 [ 300.055387][T19823] should_failslab+0x9/0x14 [ 300.059899][T19823] __kmalloc_track_caller+0x2dc/0x760 [ 300.066247][T19823] ? kasan_kmalloc+0x9/0x10 [ 300.070764][T19823] ? kmem_cache_alloc_trace+0x346/0x790 [ 300.076318][T19823] ? trace_probe_init+0xda/0x510 [ 300.081259][T19823] kstrdup+0x3a/0x70 [ 300.085166][T19823] trace_probe_init+0xda/0x510 [ 300.089946][T19823] alloc_trace_uprobe+0x5e/0x250 [ 300.094891][T19823] create_local_trace_uprobe+0x109/0x4a0 [ 300.100526][T19823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 300.106766][T19823] ? bpf_get_uprobe_info+0x340/0x340 [ 300.112055][T19823] ? memdup_user+0x65/0xb0 [ 300.116470][T19823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 300.122710][T19823] perf_uprobe_init+0x131/0x210 [ 300.127561][T19823] perf_uprobe_event_init+0x106/0x1a0 [ 300.132938][T19823] perf_try_init_event+0x135/0x590 [ 300.138076][T19823] perf_event_alloc.part.0+0x1b89/0x33d0 [ 300.143708][T19823] ? __kasan_check_read+0x11/0x20 [ 300.148760][T19823] ? do_raw_spin_unlock+0x57/0x270 [ 300.153873][T19823] ? list_del_event+0x7f0/0x7f0 [ 300.158728][T19823] __do_sys_perf_event_open+0xa2d/0x2da0 [ 300.164362][T19823] ? __kasan_check_write+0x14/0x20 [ 300.169485][T19823] ? perf_event_set_output+0x4e0/0x4e0 [ 300.174953][T19823] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 300.181205][T19823] ? __ia32_sys_read+0xb0/0xb0 [ 300.185974][T19823] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 300.192057][T19823] __x64_sys_perf_event_open+0xbe/0x150 [ 300.197608][T19823] do_syscall_64+0xfa/0x760 [ 300.202114][T19823] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.208007][T19823] RIP: 0033:0x4598e9 [ 300.211904][T19823] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.231508][T19823] RSP: 002b:00007f9dc0aadc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 300.239924][T19823] RAX: ffffffffffffffda RBX: 00007f9dc0aadc90 RCX: 00000000004598e9 05:25:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = open(&(0x7f0000000000)='./file0\x00', 0x8840, 0x0) r1 = getpgrp(0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000040)={0x2, r1}) fcntl$setsig(r0, 0xa, 0x11) fcntl$setlease(r0, 0x400, 0x0) fcntl$setlease(r0, 0x400, 0x2) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000000)=""/56) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xdc, 0xdc, 0x7, [@fwd={0xd}, @datasec={0x10, 0x7, 0x0, 0xf, 0x1, [{0x5, 0x0, 0x8}, {0x1, 0x3, 0xd8}, {0x2, 0x1000, 0x7}, {0x1, 0x5}, {0x2, 0x1ff, 0xfffffffffffff1eb}, {0x3, 0x2, 0x200}, {0x5, 0x9, 0x5aa}], 'M'}, @enum={0xc, 0x1, 0x0, 0x6, 0x4, [{0x2, 0x9}]}, @func={0x4, 0x0, 0x0, 0xc, 0x4}, @var={0x2, 0x0, 0x0, 0xe, 0x4, 0x1}, @datasec={0xf, 0x3, 0x0, 0xf, 0x3, [{0x4, 0xb69, 0x27ff}, {0x1, 0x7e3, 0x100}, {0x1, 0x3, 0x8}], "c2e046"}, @ptr={0xa, 0x0, 0x0, 0x2, 0x5}]}, {0x0, [0x30, 0x5f, 0x0, 0x3f, 0xfef1dc13ed359699]}}, &(0x7f00000003c0)=""/150, 0xfb, 0x96}, 0x20) fadvise64(r3, 0x0, 0x1, 0x5) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="85000000070000002500000000e3ff0095000000000000004e8ed39b0743cdd150720000052667c16692072acc2119d4974e5e9da276a4fdc9f5f734cc2a33408529ebee82b09f492a4e71e215846d77bc4f31672751c964ccd2c0fde92b433a1e134b91d9b76074f37c7e233b488f95b25a762a43fd7fb3230a5d7bcbec88dd478cc9eeb46145af3f02403916e882f5ff88ec0c41b52877e763378976da2d3ec922313ab846f909e703acc12b2f4f107cfe6965966e397fbe83aa599fc09811ecd8e6216121d2777a6f2f217440e82e58520072f940cdc1fb0a819009c2540d464587615f46ae4ce0a5fca56ef242698bf2248dcacb2dbab5e31e41fe05d2b9395ef06b9a8db3da5fcf06718c354095c6ac594b44d3e167764b647cf535a6cb1a871bc9bc39dc51b43a25f26a4946364b0ca831ddaa6762cd068ca34bdac580643146a8fd2a69b18889c27901915e04516abff8a645d73636a4b93cbde8604b5aa2b95f329866308ecf92354472de42e502293a7bd6f2128d3d3d5fc67000f03152752a92dab6bccee1ee8c06804cd1ebce41214f5e6f424e44e9ed758febf2ed9fd438ccfcb3932966fe6aa52fc0d5b86c442a80497a13c4f38bcf4ef849b2b081eb8798cc18b1496cff9c32bdd6d6b529d43e2fc6cc12dc38489721b613a54bb3361d15c9bb3bd7580a042eb0849e34b97a1c3b11f32f615738d4240c5817d0310148bb4f4551ba39e2538bd4cfd70f3b649e5b685c8890e9fec75644bb65e1285351c4777a04cd7764521dff87111ee95ac48614595c9cbb34c8debd633a0000000000001124c8b4ceb759bc012ead43d7a548beaf8ca263dbf6c2d703372bf1abcc023084e6d2618288e9d4c670796b6cc81f3a765fcdb9c3fe66c9d505c27a32c496a5d4ffa5e7489ddb0b9cd1d53963f1c72f93550bfcefb9863f42d2e2291b39940d6de47936af1e7f1f8a6e9436972ac2aa4924b95c6d29fd767c478260c6fc9f5ec8374a2c8d0f85e4b3e1d82ba1989721b4e64e6fe0f79a68486375de73d09c29baafb68e0f76c6b7179be1ceb6"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r5, 0x40042408, r6) ioctl$FS_IOC_ENABLE_VERITY(r5, 0x6685, &(0x7f0000000580)={0x1, 0x8, 0x1000, 0x3, &(0x7f0000000240)="d778cc", 0xf0, 0x0, &(0x7f0000000480)="666adf6f7364cc738bdf8318068185e493ca24716d57ffb0fce0470f8a113994095288868bb4ed2c7f9d5f9ad042aaf738670dfa3cf4dd7f69c8673ac959f35aa2eaae84ca9e6600942c93d61eb96ad822a43016a5e1637b9c5c3c1757904071eef02a36ecb4ce4e827d145971d1dcdce4b760dbc30860db9323c27e4829663ca07d78846c74331391ccb1aad40804caf5bc4b80a9360a6b8215cee07d357420abffc8cc3f6d78396f7346f21231a27007235562b6e69187fe7d1b4d127bf6c0555a612be5386bab212e5bf10e2ec5284e00484d7619634fc24bc3f9d0e6b25dccea4e601d61f90c0af33bfd0f3eebed"}) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x10010000000035) fcntl$setstatus(r2, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) 05:25:44 executing program 4: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000007700"], 0x8, 0x0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r1, 0x40186f40, 0x7600f4) r2 = socket(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r2, 0x84, 0x78, &(0x7f0000000000)=r4, 0x4) 05:25:44 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='m\\dos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 300.247899][T19823] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 [ 300.255873][T19823] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 300.263856][T19823] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0aae6d4 [ 300.271832][T19823] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000004 05:25:44 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) r1 = open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x0) r2 = getpgrp(0x0) fcntl$setownex(r1, 0xf, &(0x7f0000000040)={0x2, r2}) fcntl$setsig(r1, 0xa, 0x11) fcntl$setlease(r1, 0x400, 0x0) fcntl$setlease(r1, 0x400, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000480)={0x50, r4, 0x31, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x3c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8}]}]}, 0x50}}, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x3301000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x206, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7f}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000000}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xf70d}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7f}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x4) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 300.449360][T19990] ubi: mtd0 is already attached to ubi0 [ 300.482827][T19823] kasan: CONFIG_KASAN_INLINE enabled [ 300.507869][T19823] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 300.545740][T19823] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 300.552718][T19823] CPU: 1 PID: 19823 Comm: syz-executor.2 Not tainted 5.3.0-next-20190916 #0 [ 300.561381][T19823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.571459][T19823] RIP: 0010:__list_del_entry_valid+0x85/0xf5 [ 300.577442][T19823] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d [ 300.602115][T19823] RSP: 0018:ffff88805b1579d8 EFLAGS: 00010246 [ 300.608189][T19823] RAX: dffffc0000000000 RBX: ffff8880a7d92ac0 RCX: ffffc9000a387000 [ 300.616165][T19823] RDX: 0000000000000000 RSI: ffffffff817c6013 RDI: ffff8880a7d92ac8 [ 300.624226][T19823] RBP: ffff88805b1579f0 R08: ffff888097170540 R09: fffffbfff120a763 [ 300.632198][T19823] R10: fffffbfff120a762 R11: ffffffff89053b13 R12: 0000000000000000 [ 300.640167][T19823] R13: 0000000000000000 R14: ffff8880a7d92ac0 R15: ffff8880a7d92ad0 [ 300.648165][T19823] FS: 00007f9dc0aae700(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 300.657123][T19823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 300.663713][T19823] CR2: 00007f9b8b3645c8 CR3: 00000000a7693000 CR4: 00000000001406e0 [ 300.671688][T19823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 300.679675][T19823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 300.689112][T19823] Call Trace: [ 300.697535][T19823] trace_probe_unlink+0x1f/0x200 [ 300.703614][T19823] trace_probe_cleanup+0xd3/0x110 [ 300.708648][T19823] trace_probe_init+0x3f2/0x510 [ 300.713506][T19823] alloc_trace_uprobe+0x5e/0x250 [ 300.718441][T19823] create_local_trace_uprobe+0x109/0x4a0 [ 300.724696][T19823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 300.731022][T19823] ? bpf_get_uprobe_info+0x340/0x340 [ 300.736316][T19823] ? memdup_user+0x65/0xb0 [ 300.740742][T19823] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 300.746990][T19823] perf_uprobe_init+0x131/0x210 [ 300.751844][T19823] perf_uprobe_event_init+0x106/0x1a0 [ 300.757219][T19823] perf_try_init_event+0x135/0x590 [ 300.762336][T19823] perf_event_alloc.part.0+0x1b89/0x33d0 [ 300.767969][T19823] ? __kasan_check_read+0x11/0x20 [ 300.772996][T19823] ? do_raw_spin_unlock+0x57/0x270 [ 300.778105][T19823] ? list_del_event+0x7f0/0x7f0 [ 300.782962][T19823] __do_sys_perf_event_open+0xa2d/0x2da0 [ 300.788600][T19823] ? __kasan_check_write+0x14/0x20 [ 300.793716][T19823] ? perf_event_set_output+0x4e0/0x4e0 [ 300.799187][T19823] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 300.805429][T19823] ? __ia32_sys_read+0xb0/0xb0 [ 300.810196][T19823] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 300.816266][T19823] __x64_sys_perf_event_open+0xbe/0x150 [ 300.821818][T19823] do_syscall_64+0xfa/0x760 [ 300.826331][T19823] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.832217][T19823] RIP: 0033:0x4598e9 [ 300.836108][T19823] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 05:25:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x41c800, 0x0) setsockopt$inet6_int(r1, 0x29, 0x48, &(0x7f0000000200)=0xa1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x8000, 0x0) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$ASHMEM_GET_SIZE(r4, 0x40186f40, 0x7600f4) r5 = socket(0xa, 0x1, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r6, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r5, 0x84, 0x78, &(0x7f0000000000)=r7, 0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000240)={r7, 0xed, "d0884c36b533c70347f53db0f73505e80aa0dce77327607af733d4e8b783beadd6d2a10e68a5ff46a74bd00a163ccab3b9fb6c45b5922df9265a3c386d3d0604c5a9b0ab9c318980a8ab85ebcd4a7452b949861f84009affd9123876947e8b2ada3947c03b33ec93d7cc7314137984bd3999adfbba37afaba9625e55f9f07a48f51f1dd708bab370d149344d7cc262bc3643b6ddff67a6aa260f173b5a919b51d830ec321d9121d4d670e75b7814f7f42b61cd4ecdef95a5e202475c7d37c5048ad19c1764b92f08287d245d409ec5af68de3752dd2f7beb40aad18e3d59a528265bab3ce8dc62f3a7fff527b9"}, &(0x7f00000001c0)=0xf5) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x1f, &(0x7f00000002c0)={r7, @in6={{0xa, 0x4e23, 0x6b9, @remote, 0x9a}}, 0x514, 0x3}, 0x90) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f00000000c0)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr="7d95ae6a060000e5ff00"}}}, 0x108) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x10010000000035) fcntl$setstatus(r0, 0x4, 0x80000000002c00) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000000c0)=0x202, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) [ 300.855711][T19823] RSP: 002b:00007f9dc0aadc78 EFLAGS: 00000246 ORIG_RAX: 000000000000012a [ 300.864125][T19823] RAX: ffffffffffffffda RBX: 00007f9dc0aadc90 RCX: 00000000004598e9 [ 300.872096][T19823] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000020000180 [ 300.880073][T19823] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 300.888042][T19823] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f9dc0aae6d4 [ 300.896015][T19823] R13: 00000000004c671d R14: 00000000004db7d8 R15: 0000000000000004 [ 300.903994][T19823] Modules linked in: [ 300.912975][T19909] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 300.920152][T19909] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' 05:25:45 executing program 1: syz_mount_image$msdos(&(0x7f0000000380)='mcdos\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000940)={[{@fat=@check_strict='check=strict'}]}) [ 300.968321][ T3893] kobject: 'loop0' (00000000fa0689b6): kobject_uevent_env [ 300.988033][ T3893] kobject: 'loop0' (00000000fa0689b6): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 301.006597][ T3893] kobject: 'loop5' (00000000b6ac80ad): kobject_uevent_env [ 301.019516][ T3893] kobject: 'loop5' (00000000b6ac80ad): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 301.038900][ T3893] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.053160][ T3893] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.071776][ T3893] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.086237][ T3893] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.096583][T20061] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.127192][T20061] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.152907][T19823] ---[ end trace 26376ec3a5d17611 ]--- [ 301.158653][T19823] RIP: 0010:__list_del_entry_valid+0x85/0xf5 05:25:45 executing program 5: r0 = msgget$private(0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000258f88)) msgsnd(r0, &(0x7f0000000000)={0x1}, 0x8, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x52000, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000080)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000001c0)=[{}], r3, 0x1, 0x1, 0x400000}}, 0x20) write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000080)={0x9, 0x108, 0xfa00, {r3, 0x12, "4a86f4", "bfbe0ef2615b44dbaf68befe265748adf6668ebe7d86fdea7fcb32fb4bb5fe0ec087acd0c7be4beda2eb71958eeed8df1c512f74c22e54288e4aa71bba7e2f177f5cb877650a867a63cc2af8e47966f8676dd804b3d116680fec1bfadad913583b038c9f5f19eef296c0153f9ecf25906fa862700286c4e5a5658843dbc487664cba83d7ebb72fc92831c8ce1167116bb5ae246a0aac58ba7b967f1002f7de42c0a88ba684d1ca1da8b606a2b4507f1f59d1802974676ba5e8ae1ef0889b0a0f008c02daa9ad43f9087c5e41de3c0bd6d5d5b5068762a07a4ba6ebe0a639ec4b99980c061720e7d9466c8d3de0a09a6dc126b6817e3a51e633cb3ffc131e6e89"}}, 0x110) msgctl$IPC_RMID(r0, 0x0) [ 301.180788][T19823] Code: 0f 84 e1 00 00 00 48 b8 22 01 00 00 00 00 ad de 49 39 c4 0f 84 e2 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 75 53 49 8b 14 24 4c 39 f2 0f 85 99 00 00 00 49 8d 7d [ 301.182470][ T3893] kobject: 'loop0' (00000000fa0689b6): kobject_uevent_env [ 301.223094][T20061] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.230278][T20061] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.242823][T19823] RSP: 0018:ffff88805b1579d8 EFLAGS: 00010246 [ 301.255120][ T3893] kobject: 'loop0' (00000000fa0689b6): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 301.266244][T20061] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.271530][T19823] RAX: dffffc0000000000 RBX: ffff8880a7d92ac0 RCX: ffffc9000a387000 [ 301.275587][T20061] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.292871][T19823] RDX: 0000000000000000 RSI: ffffffff817c6013 RDI: ffff8880a7d92ac8 [ 301.295600][ T3893] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.310583][ T3893] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.311823][T19823] RBP: ffff88805b1579f0 R08: ffff888097170540 R09: fffffbfff120a763 [ 301.328037][ T3893] kobject: 'loop4' (000000009aa3fe86): kobject_uevent_env [ 301.338502][ T3893] kobject: 'loop4' (000000009aa3fe86): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 301.350678][ T3893] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.362267][T19823] R10: fffffbfff120a762 R11: ffffffff89053b13 R12: 0000000000000000 [ 301.365184][ T3893] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.433016][ T9838] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.445532][ T9838] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.477042][ T3893] kobject: 'loop1' (000000006c3c7068): kobject_uevent_env [ 301.486632][ T3893] kobject: 'loop1' (000000006c3c7068): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 301.498573][ T3893] kobject: 'loop5' (00000000b6ac80ad): kobject_uevent_env [ 301.508344][ T3893] kobject: 'loop5' (00000000b6ac80ad): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 301.612811][T19823] R13: 0000000000000000 R14: ffff8880a7d92ac0 R15: ffff8880a7d92ad0 [ 301.631974][T19823] FS: 00007f9dc0aae700(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 301.642063][T19823] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.662262][T19823] CR2: 00007f9b8b0e1b70 CR3: 00000000a7693000 CR4: 00000000001406f0 [ 301.672353][T19823] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 301.692370][T19823] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 301.700505][T19823] Kernel panic - not syncing: Fatal exception [ 301.707820][T19823] Kernel Offset: disabled [ 301.712138][T19823] Rebooting in 86400 seconds..