0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8, 0x26, 0x20}]}}}]}, 0x3c}}, 0x0) 19:01:29 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:29 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 19:01:29 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 19:01:29 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 19:01:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 19:01:29 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:30 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140), 0x0, 0x10000}], 0x0, 0x0) 19:01:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) [ 163.362461][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 163.368323][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:30 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[]}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 19:01:30 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:30 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 19:01:30 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140), 0x0, 0x10000}], 0x0, 0x0) 19:01:30 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 164.060620][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 164.060630][ T26] audit: type=1804 audit(1570129290.746:144): pid=9691 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/80/file0" dev="sda1" ino=16920 res=1 19:01:30 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 19:01:30 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:30 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 164.148514][ T26] audit: type=1804 audit(1570129290.796:145): pid=9688 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/80/file0" dev="sda1" ino=16925 res=1 19:01:30 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140), 0x0, 0x10000}], 0x0, 0x0) 19:01:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 164.288806][ T26] audit: type=1804 audit(1570129290.976:146): pid=9709 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/81/file0" dev="sda1" ino=16887 res=1 [ 164.333696][ T26] audit: type=1804 audit(1570129291.016:147): pid=9710 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/81/file0" dev="sda1" ino=16885 res=1 19:01:31 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[]}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) 19:01:31 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:31 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 19:01:31 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 19:01:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 164.955487][ T26] audit: type=1804 audit(1570129291.646:148): pid=9732 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/82/file0" dev="sda1" ino=16929 res=1 [ 164.982468][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 164.988279][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:31 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:31 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 19:01:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 165.068809][ T26] audit: type=1804 audit(1570129291.676:149): pid=9731 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/82/file0" dev="sda1" ino=16926 res=1 19:01:31 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 165.168554][ T9751] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 165.192555][ T26] audit: type=1804 audit(1570129291.856:150): pid=9749 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/83/file0" dev="sda1" ino=16915 res=1 [ 165.288434][ T26] audit: type=1804 audit(1570129291.936:151): pid=9757 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/83/file0" dev="sda1" ino=16933 res=1 19:01:32 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[]}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:32 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:32 executing program 2: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:32 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:32 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) [ 165.804534][ T26] audit: type=1804 audit(1570129292.496:152): pid=9772 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir283216334/syzkaller.Mgy9si/96/file0" dev="sda1" ino=16937 res=1 19:01:32 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:32 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 19:01:32 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 19:01:32 executing program 2 (fault-call:1 fault-nth:0): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 165.964790][ T26] audit: type=1804 audit(1570129292.496:153): pid=9771 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/84/file0" dev="sda1" ino=16939 res=1 19:01:32 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 166.039563][ T9795] FAULT_INJECTION: forcing a failure. [ 166.039563][ T9795] name failslab, interval 1, probability 0, space 0, times 1 [ 166.107979][ T9795] CPU: 1 PID: 9795 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 166.115812][ T9795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.125862][ T9795] Call Trace: [ 166.129148][ T9795] dump_stack+0x1d8/0x2f8 [ 166.133462][ T9795] should_fail+0x555/0x770 [ 166.137858][ T9795] __should_failslab+0x11a/0x160 [ 166.142775][ T9795] should_failslab+0x9/0x20 [ 166.147267][ T9795] kmem_cache_alloc_node+0x65/0x280 [ 166.152440][ T9795] ? __alloc_skb+0x9f/0x500 [ 166.156922][ T9795] __alloc_skb+0x9f/0x500 [ 166.161229][ T9795] netlink_sendmsg+0x756/0xc50 [ 166.165975][ T9795] ? netlink_getsockopt+0x9f0/0x9f0 [ 166.171150][ T9795] ___sys_sendmsg+0x60d/0x910 [ 166.175817][ T9795] ? rcu_lock_release+0xd/0x30 [ 166.180559][ T9795] ? rcu_lock_release+0x26/0x30 [ 166.185385][ T9795] ? __fget+0x4e6/0x510 [ 166.189522][ T9795] ? __fdget+0x17c/0x200 [ 166.193759][ T9795] __x64_sys_sendmsg+0x17c/0x200 [ 166.198680][ T9795] do_syscall_64+0xf7/0x1c0 [ 166.203161][ T9795] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.209025][ T9795] RIP: 0033:0x459a29 [ 166.212897][ T9795] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 166.232477][ T9795] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 166.240860][ T9795] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 166.248809][ T9795] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 166.256759][ T9795] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 166.264710][ T9795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 166.272658][ T9795] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:33 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 19:01:33 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:33 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x0, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:33 executing program 2 (fault-call:1 fault-nth:1): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:33 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) [ 166.672649][ T9812] FAULT_INJECTION: forcing a failure. [ 166.672649][ T9812] name failslab, interval 1, probability 0, space 0, times 0 19:01:33 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 166.729806][ T9812] CPU: 0 PID: 9812 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 166.737654][ T9812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.747703][ T9812] Call Trace: [ 166.751004][ T9812] dump_stack+0x1d8/0x2f8 [ 166.755343][ T9812] should_fail+0x555/0x770 [ 166.759761][ T9812] __should_failslab+0x11a/0x160 [ 166.764698][ T9812] should_failslab+0x9/0x20 [ 166.769200][ T9812] kmem_cache_alloc_node_trace+0x6e/0x2d0 19:01:33 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 166.774907][ T9812] ? __kmalloc_node_track_caller+0x3c/0x60 [ 166.780706][ T9812] __kmalloc_node_track_caller+0x3c/0x60 [ 166.786337][ T9812] ? netlink_sendmsg+0x756/0xc50 [ 166.791273][ T9812] __alloc_skb+0xe8/0x500 [ 166.795597][ T9812] netlink_sendmsg+0x756/0xc50 [ 166.800350][ T9812] ? netlink_getsockopt+0x9f0/0x9f0 [ 166.805541][ T9812] ___sys_sendmsg+0x60d/0x910 [ 166.810212][ T9812] ? rcu_lock_release+0xd/0x30 [ 166.814967][ T9812] ? rcu_lock_release+0x26/0x30 [ 166.820234][ T9812] ? __fget+0x4e6/0x510 [ 166.824385][ T9812] ? __fdget+0x17c/0x200 [ 166.828616][ T9812] __x64_sys_sendmsg+0x17c/0x200 [ 166.833558][ T9812] do_syscall_64+0xf7/0x1c0 [ 166.838047][ T9812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 166.843921][ T9812] RIP: 0033:0x459a29 [ 166.847801][ T9812] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 166.867511][ T9812] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 19:01:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x20, 0x10, 0x705}, 0x20}}, 0x0) 19:01:33 executing program 2 (fault-call:1 fault-nth:2): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 166.875914][ T9812] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 166.883870][ T9812] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 166.891830][ T9812] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 166.899791][ T9812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 166.907760][ T9812] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:33 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 19:01:33 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 167.078419][ T9834] FAULT_INJECTION: forcing a failure. [ 167.078419][ T9834] name failslab, interval 1, probability 0, space 0, times 0 [ 167.117917][ T9834] CPU: 0 PID: 9834 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 167.125751][ T9834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.135829][ T9834] Call Trace: [ 167.139136][ T9834] dump_stack+0x1d8/0x2f8 [ 167.143477][ T9834] should_fail+0x555/0x770 [ 167.147910][ T9834] __should_failslab+0x11a/0x160 [ 167.152864][ T9834] ? skb_clone+0x1cc/0x380 [ 167.157286][ T9834] should_failslab+0x9/0x20 [ 167.161802][ T9834] kmem_cache_alloc+0x56/0x2e0 [ 167.166546][ T9834] ? check_preemption_disabled+0x47/0x2a0 [ 167.172244][ T9834] skb_clone+0x1cc/0x380 [ 167.176470][ T9834] netlink_deliver_tap+0x4bd/0x880 [ 167.181563][ T9834] netlink_unicast+0x75d/0x8f0 [ 167.186314][ T9834] netlink_sendmsg+0x993/0xc50 [ 167.191057][ T9834] ? netlink_getsockopt+0x9f0/0x9f0 [ 167.196232][ T9834] ___sys_sendmsg+0x60d/0x910 [ 167.200903][ T9834] ? rcu_lock_release+0xd/0x30 [ 167.205658][ T9834] ? rcu_lock_release+0x26/0x30 [ 167.210488][ T9834] ? __fget+0x4e6/0x510 [ 167.214637][ T9834] ? __fdget+0x17c/0x200 [ 167.218868][ T9834] __x64_sys_sendmsg+0x17c/0x200 [ 167.223806][ T9834] do_syscall_64+0xf7/0x1c0 [ 167.228297][ T9834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.234172][ T9834] RIP: 0033:0x459a29 [ 167.238053][ T9834] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.257699][ T9834] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 167.266089][ T9834] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 167.274063][ T9834] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 167.282029][ T9834] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 167.290065][ T9834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 167.298030][ T9834] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 167.306979][ T9834] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:34 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:34 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 19:01:34 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x10, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:34 executing program 2 (fault-call:1 fault-nth:3): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:34 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x0, 0x0) [ 167.569367][ T9855] FAULT_INJECTION: forcing a failure. [ 167.569367][ T9855] name failslab, interval 1, probability 0, space 0, times 0 [ 167.582318][ T9855] CPU: 1 PID: 9855 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 167.590121][ T9855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.590135][ T9855] Call Trace: [ 167.590155][ T9855] dump_stack+0x1d8/0x2f8 [ 167.590177][ T9855] should_fail+0x555/0x770 [ 167.603518][ T9855] __should_failslab+0x11a/0x160 [ 167.603533][ T9855] ? skb_clone+0x1cc/0x380 [ 167.603546][ T9855] should_failslab+0x9/0x20 [ 167.603558][ T9855] kmem_cache_alloc+0x56/0x2e0 [ 167.603568][ T9855] ? check_preemption_disabled+0x47/0x2a0 [ 167.603579][ T9855] skb_clone+0x1cc/0x380 [ 167.603595][ T9855] dev_queue_xmit_nit+0x305/0xaa0 [ 167.612312][ T9855] ? validate_xmit_xfrm+0x58/0xe00 [ 167.612330][ T9855] dev_hard_start_xmit+0x12c/0x3f0 [ 167.612351][ T9855] __dev_queue_xmit+0x1e53/0x3010 [ 167.612361][ T9855] ? __copy_skb_header+0x41f/0x530 [ 167.612374][ T9855] ? __kasan_check_write+0x14/0x20 [ 167.612395][ T9855] dev_queue_xmit+0x17/0x20 [ 167.621705][ T9855] netlink_deliver_tap+0x619/0x880 [ 167.621729][ T9855] netlink_unicast+0x75d/0x8f0 [ 167.621748][ T9855] netlink_sendmsg+0x993/0xc50 [ 167.621768][ T9855] ? netlink_getsockopt+0x9f0/0x9f0 [ 167.630991][ T9855] ___sys_sendmsg+0x60d/0x910 [ 167.640928][ T9855] ? rcu_lock_release+0xd/0x30 [ 167.640948][ T9855] ? rcu_lock_release+0x26/0x30 [ 167.640958][ T9855] ? __fget+0x4e6/0x510 [ 167.640975][ T9855] ? __fdget+0x17c/0x200 [ 167.651073][ T9855] __x64_sys_sendmsg+0x17c/0x200 [ 167.651097][ T9855] do_syscall_64+0xf7/0x1c0 [ 167.651113][ T9855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 167.651123][ T9855] RIP: 0033:0x459a29 [ 167.651135][ T9855] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 167.661227][ T9855] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 19:01:34 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 167.661238][ T9855] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 167.661244][ T9855] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 167.661250][ T9855] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 167.661256][ T9855] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 167.661262][ T9855] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 167.810401][ T9855] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 19:01:34 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x10, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:34 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x0, 0x0) [ 167.922454][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 167.928325][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:34 executing program 2 (fault-call:1 fault-nth:4): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:34 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x10, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 168.060626][ T9882] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 168.069337][ T9882] FAULT_INJECTION: forcing a failure. [ 168.069337][ T9882] name failslab, interval 1, probability 0, space 0, times 0 [ 168.082664][ T9882] CPU: 0 PID: 9882 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 168.090489][ T9882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.100535][ T9882] Call Trace: [ 168.103825][ T9882] dump_stack+0x1d8/0x2f8 [ 168.108166][ T9882] should_fail+0x555/0x770 [ 168.112596][ T9882] __should_failslab+0x11a/0x160 [ 168.117554][ T9882] should_failslab+0x9/0x20 [ 168.122080][ T9882] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 168.127799][ T9882] ? __kmalloc_node+0x3c/0x60 [ 168.132468][ T9882] __kmalloc_node+0x3c/0x60 [ 168.136971][ T9882] kvmalloc_node+0xcc/0x130 [ 168.141476][ T9882] alloc_netdev_mqs+0x8e/0xe50 [ 168.146239][ T9882] ? security_capable+0xa2/0xd0 [ 168.151088][ T9882] ? ns_capable+0x91/0xf0 [ 168.155418][ T9882] ? br_netpoll_disable+0x80/0x80 [ 168.160447][ T9882] rtnl_create_link+0x23b/0x8e0 [ 168.165304][ T9882] rtnl_newlink+0x1208/0x1af0 [ 168.169990][ T9882] ? rtnl_newlink+0xa81/0x1af0 [ 168.174819][ T9882] ? __mutex_lock_common+0x4f5/0x2e20 [ 168.180194][ T9882] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 168.185311][ T9882] ? rcu_lock_release+0x9/0x30 [ 168.185336][ T9882] ? rtnl_setlink+0x460/0x460 [ 168.185346][ T9882] rtnetlink_rcv_msg+0x889/0xd40 [ 168.185357][ T9882] ? rcu_lock_release+0xd/0x30 [ 168.185376][ T9882] ? __local_bh_enable_ip+0x13a/0x240 [ 168.185390][ T9882] ? local_bh_enable+0x9/0x30 [ 168.185402][ T9882] ? trace_hardirqs_on+0x74/0x80 [ 168.185410][ T9882] ? __local_bh_enable_ip+0x13a/0x240 [ 168.185423][ T9882] ? local_bh_enable+0x1f/0x30 [ 168.194834][ T9882] ? rcu_lock_release+0x9/0x30 [ 168.194853][ T9882] ? rcu_lock_release+0x9/0x30 [ 168.194871][ T9882] netlink_rcv_skb+0x19e/0x3d0 [ 168.204526][ T9882] ? rtnetlink_bind+0x80/0x80 [ 168.204544][ T9882] rtnetlink_rcv+0x1c/0x20 [ 168.204558][ T9882] netlink_unicast+0x787/0x8f0 [ 168.204576][ T9882] netlink_sendmsg+0x993/0xc50 [ 168.204595][ T9882] ? netlink_getsockopt+0x9f0/0x9f0 [ 168.204609][ T9882] ___sys_sendmsg+0x60d/0x910 [ 168.204631][ T9882] ? rcu_lock_release+0xd/0x30 [ 168.204646][ T9882] ? rcu_lock_release+0x26/0x30 [ 168.204654][ T9882] ? __fget+0x4e6/0x510 [ 168.204670][ T9882] ? __fdget+0x17c/0x200 [ 168.219611][ T9882] __x64_sys_sendmsg+0x17c/0x200 [ 168.219637][ T9882] do_syscall_64+0xf7/0x1c0 [ 168.219654][ T9882] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.229752][ T9882] RIP: 0033:0x459a29 [ 168.229764][ T9882] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.229769][ T9882] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.229780][ T9882] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 168.229786][ T9882] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 168.229795][ T9882] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 168.239285][ T9882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 168.239292][ T9882] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:35 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 19:01:35 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x10, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:35 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x0, 0x0) 19:01:35 executing program 2 (fault-call:1 fault-nth:5): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:35 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x10, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 168.516979][ T9901] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 168.540988][ T9901] FAULT_INJECTION: forcing a failure. [ 168.540988][ T9901] name failslab, interval 1, probability 0, space 0, times 0 [ 168.558124][ T9901] CPU: 1 PID: 9901 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 168.566056][ T9901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.576120][ T9901] Call Trace: [ 168.579420][ T9901] dump_stack+0x1d8/0x2f8 [ 168.583731][ T9901] should_fail+0x555/0x770 [ 168.588131][ T9901] __should_failslab+0x11a/0x160 [ 168.593052][ T9901] should_failslab+0x9/0x20 [ 168.597549][ T9901] kmem_cache_alloc_trace+0x5d/0x2f0 [ 168.602820][ T9901] ? dev_addr_init+0x107/0x410 [ 168.607571][ T9901] dev_addr_init+0x107/0x410 [ 168.612154][ T9901] alloc_netdev_mqs+0x132/0xe50 [ 168.616985][ T9901] ? security_capable+0xa2/0xd0 [ 168.621817][ T9901] ? ns_capable+0x91/0xf0 [ 168.626127][ T9901] ? br_netpoll_disable+0x80/0x80 [ 168.631181][ T9901] rtnl_create_link+0x23b/0x8e0 [ 168.636010][ T9901] rtnl_newlink+0x1208/0x1af0 [ 168.640671][ T9901] ? rtnl_newlink+0xa81/0x1af0 [ 168.645449][ T9901] ? __mutex_lock_common+0x4f5/0x2e20 [ 168.650799][ T9901] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 168.655883][ T9901] ? rcu_lock_release+0x9/0x30 [ 168.660629][ T9901] ? rtnl_setlink+0x460/0x460 [ 168.665281][ T9901] rtnetlink_rcv_msg+0x889/0xd40 [ 168.670191][ T9901] ? rcu_lock_release+0xd/0x30 [ 168.675023][ T9901] ? __local_bh_enable_ip+0x13a/0x240 [ 168.680377][ T9901] ? local_bh_enable+0x9/0x30 [ 168.685041][ T9901] ? trace_hardirqs_on+0x74/0x80 [ 168.689952][ T9901] ? __local_bh_enable_ip+0x13a/0x240 [ 168.695302][ T9901] ? local_bh_enable+0x1f/0x30 [ 168.700043][ T9901] ? rcu_lock_release+0x9/0x30 [ 168.704883][ T9901] ? rcu_lock_release+0x9/0x30 [ 168.709663][ T9901] netlink_rcv_skb+0x19e/0x3d0 [ 168.714406][ T9901] ? rtnetlink_bind+0x80/0x80 [ 168.719061][ T9901] rtnetlink_rcv+0x1c/0x20 [ 168.723451][ T9901] netlink_unicast+0x787/0x8f0 [ 168.728209][ T9901] netlink_sendmsg+0x993/0xc50 [ 168.732954][ T9901] ? netlink_getsockopt+0x9f0/0x9f0 [ 168.738149][ T9901] ___sys_sendmsg+0x60d/0x910 [ 168.742821][ T9901] ? rcu_lock_release+0xd/0x30 [ 168.747578][ T9901] ? rcu_lock_release+0x26/0x30 [ 168.752401][ T9901] ? __fget+0x4e6/0x510 [ 168.756548][ T9901] ? __fdget+0x17c/0x200 [ 168.760767][ T9901] __x64_sys_sendmsg+0x17c/0x200 [ 168.765697][ T9901] do_syscall_64+0xf7/0x1c0 [ 168.770178][ T9901] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 168.776054][ T9901] RIP: 0033:0x459a29 [ 168.779938][ T9901] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 168.799526][ T9901] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 168.807927][ T9901] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 168.815874][ T9901] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 168.823844][ T9901] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 168.831789][ T9901] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 168.839742][ T9901] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 168.847991][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 168.853831][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 168.859772][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 168.865615][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:01:35 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x10, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:35 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:35 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:35 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x0, 0x0) 19:01:35 executing program 2 (fault-call:1 fault-nth:6): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 168.957341][ T9916] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:35 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 169.076875][ T9927] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 169.103000][ T9927] FAULT_INJECTION: forcing a failure. [ 169.103000][ T9927] name failslab, interval 1, probability 0, space 0, times 0 [ 169.120253][ T9927] CPU: 1 PID: 9927 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 169.128073][ T9927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.138108][ T9927] Call Trace: [ 169.141388][ T9927] dump_stack+0x1d8/0x2f8 [ 169.145713][ T9927] should_fail+0x555/0x770 [ 169.150133][ T9927] __should_failslab+0x11a/0x160 [ 169.155056][ T9927] should_failslab+0x9/0x20 [ 169.159533][ T9927] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 169.165231][ T9927] ? __kmalloc_node+0x3c/0x60 [ 169.169886][ T9927] __kmalloc_node+0x3c/0x60 [ 169.174378][ T9927] kvmalloc_node+0xcc/0x130 [ 169.178866][ T9927] alloc_netdev_mqs+0x5b0/0xe50 [ 169.183692][ T9927] ? security_capable+0xa2/0xd0 [ 169.188525][ T9927] ? br_netpoll_disable+0x80/0x80 [ 169.193654][ T9927] rtnl_create_link+0x23b/0x8e0 [ 169.198487][ T9927] rtnl_newlink+0x1208/0x1af0 [ 169.203161][ T9927] ? rtnl_newlink+0xa81/0x1af0 [ 169.207975][ T9927] ? __mutex_lock_common+0x4f5/0x2e20 [ 169.213349][ T9927] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 169.218457][ T9927] ? rcu_lock_release+0x9/0x30 [ 169.223238][ T9927] ? rtnl_setlink+0x460/0x460 [ 169.223253][ T9927] rtnetlink_rcv_msg+0x889/0xd40 [ 169.223263][ T9927] ? rcu_lock_release+0xd/0x30 [ 169.223280][ T9927] ? __local_bh_enable_ip+0x13a/0x240 [ 169.223294][ T9927] ? local_bh_enable+0x9/0x30 [ 169.232880][ T9927] ? trace_hardirqs_on+0x74/0x80 [ 169.232890][ T9927] ? __local_bh_enable_ip+0x13a/0x240 [ 169.232902][ T9927] ? local_bh_enable+0x1f/0x30 [ 169.232914][ T9927] ? rcu_lock_release+0x9/0x30 [ 169.232931][ T9927] ? rcu_lock_release+0x9/0x30 [ 169.272189][ T9927] netlink_rcv_skb+0x19e/0x3d0 [ 169.276956][ T9927] ? rtnetlink_bind+0x80/0x80 [ 169.281642][ T9927] rtnetlink_rcv+0x1c/0x20 [ 169.281656][ T9927] netlink_unicast+0x787/0x8f0 [ 169.281677][ T9927] netlink_sendmsg+0x993/0xc50 [ 169.281698][ T9927] ? netlink_getsockopt+0x9f0/0x9f0 [ 169.281715][ T9927] ___sys_sendmsg+0x60d/0x910 [ 169.295671][ T9927] ? rcu_lock_release+0xd/0x30 [ 169.295689][ T9927] ? rcu_lock_release+0x26/0x30 [ 169.295699][ T9927] ? __fget+0x4e6/0x510 [ 169.295718][ T9927] ? __fdget+0x17c/0x200 [ 169.295734][ T9927] __x64_sys_sendmsg+0x17c/0x200 [ 169.295755][ T9927] do_syscall_64+0xf7/0x1c0 [ 169.305615][ T9927] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.305625][ T9927] RIP: 0033:0x459a29 [ 169.305636][ T9927] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.315211][ T9927] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 169.315221][ T9927] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 19:01:36 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fc"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:36 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:36 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x0, 0x0) 19:01:36 executing program 2 (fault-call:1 fault-nth:7): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 169.315227][ T9927] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 169.315233][ T9927] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 169.315240][ T9927] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 169.315246][ T9927] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 169.390010][ T26] kauditd_printk_skb: 18 callbacks suppressed [ 169.390018][ T26] audit: type=1804 audit(1570129296.076:172): pid=9933 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/94/file0" dev="sda1" ino=16931 res=1 [ 169.459971][ T9940] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:36 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 169.475084][ T26] audit: type=1804 audit(1570129296.166:173): pid=9939 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/93/file0" dev="sda1" ino=16985 res=1 [ 169.507403][ T9941] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:36 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x0, 0x0) 19:01:36 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 169.542063][ T9941] FAULT_INJECTION: forcing a failure. [ 169.542063][ T9941] name failslab, interval 1, probability 0, space 0, times 0 19:01:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 169.638500][ T9941] CPU: 0 PID: 9941 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 169.639206][ T26] audit: type=1804 audit(1570129296.326:174): pid=9952 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/95/file0" dev="sda1" ino=16932 res=1 [ 169.646352][ T9941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.646357][ T9941] Call Trace: [ 169.646380][ T9941] dump_stack+0x1d8/0x2f8 [ 169.646396][ T9941] should_fail+0x555/0x770 [ 169.646414][ T9941] __should_failslab+0x11a/0x160 [ 169.646436][ T9941] should_failslab+0x9/0x20 [ 169.701483][ T9941] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 169.707208][ T9941] ? __kmalloc_node+0x3c/0x60 [ 169.711892][ T9941] __kmalloc_node+0x3c/0x60 [ 169.716406][ T9941] kvmalloc_node+0xcc/0x130 [ 169.720909][ T9941] alloc_netdev_mqs+0x5b0/0xe50 [ 169.725755][ T9941] ? security_capable+0xa2/0xd0 [ 169.730609][ T9941] ? br_netpoll_disable+0x80/0x80 [ 169.735637][ T9941] rtnl_create_link+0x23b/0x8e0 [ 169.740487][ T9941] rtnl_newlink+0x1208/0x1af0 [ 169.745157][ T9941] ? rtnl_newlink+0xa81/0x1af0 [ 169.749923][ T9941] ? __lock_acquire+0xc75/0x1be0 [ 169.749971][ T9941] ? __mutex_lock_common+0x1b25/0x2e20 [ 169.760317][ T9941] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 169.760345][ T9941] ? rtnl_setlink+0x460/0x460 [ 169.760358][ T9941] rtnetlink_rcv_msg+0x889/0xd40 [ 169.775028][ T9941] ? rcu_lock_release+0xd/0x30 [ 169.779794][ T9941] ? __local_bh_enable_ip+0x13a/0x240 [ 169.785166][ T9941] ? local_bh_enable+0x9/0x30 [ 169.789840][ T9941] ? trace_hardirqs_on+0x74/0x80 [ 169.794774][ T9941] ? __local_bh_enable_ip+0x13a/0x240 [ 169.800148][ T9941] ? local_bh_enable+0x1f/0x30 [ 169.804914][ T9941] ? rcu_lock_release+0x9/0x30 [ 169.809687][ T9941] ? rcu_lock_release+0x9/0x30 [ 169.814461][ T9941] netlink_rcv_skb+0x19e/0x3d0 [ 169.819225][ T9941] ? rtnetlink_bind+0x80/0x80 [ 169.823916][ T9941] rtnetlink_rcv+0x1c/0x20 [ 169.828327][ T9941] netlink_unicast+0x787/0x8f0 [ 169.833104][ T9941] netlink_sendmsg+0x993/0xc50 19:01:36 executing program 3: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 169.837887][ T9941] ? netlink_getsockopt+0x9f0/0x9f0 [ 169.843081][ T9941] ___sys_sendmsg+0x60d/0x910 [ 169.847761][ T9941] ? rcu_lock_release+0xd/0x30 [ 169.852529][ T9941] ? rcu_lock_release+0x26/0x30 [ 169.857382][ T9941] ? __fget+0x4e6/0x510 [ 169.861539][ T9941] ? __fdget+0x17c/0x200 [ 169.865785][ T9941] __x64_sys_sendmsg+0x17c/0x200 [ 169.868059][ T26] audit: type=1804 audit(1570129296.556:175): pid=9966 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/94/file0" dev="sda1" ino=16973 res=1 [ 169.870726][ T9941] do_syscall_64+0xf7/0x1c0 [ 169.870743][ T9941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 169.870752][ T9941] RIP: 0033:0x459a29 [ 169.870763][ T9941] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 169.928171][ T9941] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 19:01:36 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 169.936564][ T9941] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 169.944531][ T9941] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 169.952501][ T9941] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 169.960462][ T9941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 169.968409][ T9941] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:36 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 170.099688][ T26] audit: type=1804 audit(1570129296.786:176): pid=9971 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir535779791/syzkaller.JbcIgq/116/file0" dev="sda1" ino=16962 res=1 [ 170.129340][ T26] audit: type=1804 audit(1570129296.786:177): pid=9976 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/95/file0" dev="sda1" ino=16964 res=1 19:01:37 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fc"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:37 executing program 2 (fault-call:1 fault-nth:8): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:37 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) 19:01:37 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:37 executing program 3 (fault-call:1 fault-nth:0): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:37 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 170.357156][ T9988] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 170.376112][ T26] audit: type=1804 audit(1570129297.066:178): pid=9992 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/96/file0" dev="sda1" ino=16988 res=1 [ 170.384600][ T9991] FAULT_INJECTION: forcing a failure. [ 170.384600][ T9991] name failslab, interval 1, probability 0, space 0, times 0 [ 170.419374][ T9988] FAULT_INJECTION: forcing a failure. [ 170.419374][ T9988] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 170.436882][ T9988] CPU: 1 PID: 9988 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 170.444697][ T9988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.454750][ T9988] Call Trace: [ 170.458052][ T9988] dump_stack+0x1d8/0x2f8 [ 170.462386][ T9988] should_fail+0x555/0x770 [ 170.466815][ T9988] should_fail_alloc_page+0x55/0x60 [ 170.472012][ T9988] prepare_alloc_pages+0x283/0x460 [ 170.477112][ T9988] __alloc_pages_nodemask+0xb2/0x5d0 [ 170.482395][ T9988] alloc_pages_current+0x2db/0x500 [ 170.487501][ T9988] get_zeroed_page+0x17/0x40 [ 170.492079][ T9988] dev_alloc_name_ns+0x415/0x750 [ 170.497017][ T9988] dev_get_valid_name+0x1e5/0x350 [ 170.502034][ T9988] register_netdevice+0x2ab/0x13b0 [ 170.507147][ T9988] br_dev_newlink+0x2a/0x120 [ 170.511726][ T9988] rtnl_newlink+0x13a6/0x1af0 [ 170.516403][ T9988] ? rtnl_newlink+0xa81/0x1af0 [ 170.521206][ T9988] ? __mutex_lock_common+0x4f5/0x2e20 [ 170.526571][ T9988] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 170.531762][ T9988] ? rcu_lock_release+0x9/0x30 [ 170.536527][ T9988] ? rtnl_setlink+0x460/0x460 [ 170.541203][ T9988] rtnetlink_rcv_msg+0x889/0xd40 [ 170.546123][ T9988] ? rcu_lock_release+0xd/0x30 [ 170.550883][ T9988] ? __local_bh_enable_ip+0x13a/0x240 [ 170.556246][ T9988] ? local_bh_enable+0x9/0x30 [ 170.560909][ T9988] ? trace_hardirqs_on+0x74/0x80 [ 170.565830][ T9988] ? __local_bh_enable_ip+0x13a/0x240 [ 170.571191][ T9988] ? local_bh_enable+0x1f/0x30 [ 170.575940][ T9988] ? rcu_lock_release+0x9/0x30 [ 170.580694][ T9988] ? rcu_lock_release+0x9/0x30 [ 170.585452][ T9988] netlink_rcv_skb+0x19e/0x3d0 [ 170.590201][ T9988] ? rtnetlink_bind+0x80/0x80 [ 170.594871][ T9988] rtnetlink_rcv+0x1c/0x20 [ 170.599275][ T9988] netlink_unicast+0x787/0x8f0 [ 170.604036][ T9988] netlink_sendmsg+0x993/0xc50 [ 170.608818][ T9988] ? netlink_getsockopt+0x9f0/0x9f0 [ 170.614005][ T9988] ___sys_sendmsg+0x60d/0x910 [ 170.618675][ T9988] ? rcu_lock_release+0xd/0x30 [ 170.623429][ T9988] ? rcu_lock_release+0x26/0x30 [ 170.628265][ T9988] ? __fget+0x4e6/0x510 [ 170.632413][ T9988] ? __fdget+0x17c/0x200 [ 170.636648][ T9988] __x64_sys_sendmsg+0x17c/0x200 [ 170.641587][ T9988] do_syscall_64+0xf7/0x1c0 [ 170.646077][ T9988] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.651959][ T9988] RIP: 0033:0x459a29 [ 170.655843][ T9988] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.675431][ T9988] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.683828][ T9988] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 170.691784][ T9988] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 170.699741][ T9988] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 170.707781][ T9988] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 170.715736][ T9988] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 170.723713][ T9991] CPU: 0 PID: 9991 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 170.731528][ T9991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.741585][ T9991] Call Trace: [ 170.744880][ T9991] dump_stack+0x1d8/0x2f8 [ 170.749215][ T9991] should_fail+0x555/0x770 [ 170.753675][ T9991] __should_failslab+0x11a/0x160 [ 170.758589][ T9991] should_failslab+0x9/0x20 [ 170.763071][ T9991] kmem_cache_alloc_node+0x65/0x280 [ 170.768243][ T9991] ? __alloc_skb+0x9f/0x500 [ 170.772723][ T9991] __alloc_skb+0x9f/0x500 [ 170.777031][ T9991] netlink_sendmsg+0x756/0xc50 [ 170.781774][ T9991] ? netlink_getsockopt+0x9f0/0x9f0 [ 170.786951][ T9991] ___sys_sendmsg+0x60d/0x910 [ 170.791619][ T9991] ? rcu_lock_release+0xd/0x30 [ 170.796383][ T9991] ? rcu_lock_release+0x26/0x30 [ 170.801287][ T9991] ? __fget+0x4e6/0x510 [ 170.805424][ T9991] ? __fdget+0x17c/0x200 [ 170.809645][ T9991] __x64_sys_sendmsg+0x17c/0x200 [ 170.814561][ T9991] do_syscall_64+0xf7/0x1c0 [ 170.819043][ T9991] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 170.824912][ T9991] RIP: 0033:0x459a29 [ 170.828780][ T9991] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 170.848360][ T9991] RSP: 002b:00007f6d4bef3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 170.856831][ T9991] RAX: ffffffffffffffda RBX: 00007f6d4bef3c90 RCX: 0000000000459a29 [ 170.864794][ T9991] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 170.872743][ T9991] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 170.880716][ T9991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d4bef46d4 [ 170.882446][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 170.888671][ T9991] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 170.902517][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:01:37 executing program 3 (fault-call:1 fault-nth:1): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:37 executing program 2 (fault-call:1 fault-nth:9): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:37 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:37 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 170.908331][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 170.914128][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 171.024469][T10007] FAULT_INJECTION: forcing a failure. [ 171.024469][T10007] name failslab, interval 1, probability 0, space 0, times 0 19:01:37 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) 19:01:37 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 171.069849][T10013] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 171.095220][ T26] audit: type=1804 audit(1570129297.786:179): pid=10012 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/97/file0" dev="sda1" ino=16988 res=1 [ 171.099496][T10007] CPU: 0 PID: 10007 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 171.126857][T10007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.136522][T10013] FAULT_INJECTION: forcing a failure. [ 171.136522][T10013] name failslab, interval 1, probability 0, space 0, times 0 [ 171.136909][T10007] Call Trace: [ 171.136925][T10007] dump_stack+0x1d8/0x2f8 [ 171.136940][T10007] should_fail+0x555/0x770 [ 171.161500][T10007] __should_failslab+0x11a/0x160 [ 171.166438][T10007] should_failslab+0x9/0x20 [ 171.170942][T10007] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 171.176656][T10007] ? __kmalloc_node_track_caller+0x3c/0x60 [ 171.182455][T10007] __kmalloc_node_track_caller+0x3c/0x60 [ 171.188087][T10007] ? netlink_sendmsg+0x756/0xc50 [ 171.193015][T10007] __alloc_skb+0xe8/0x500 [ 171.197338][T10007] netlink_sendmsg+0x756/0xc50 [ 171.202096][T10007] ? netlink_getsockopt+0x9f0/0x9f0 [ 171.207286][T10007] ___sys_sendmsg+0x60d/0x910 [ 171.211960][T10007] ? rcu_lock_release+0xd/0x30 [ 171.216720][T10007] ? rcu_lock_release+0x26/0x30 [ 171.221561][T10007] ? __fget+0x4e6/0x510 [ 171.225713][T10007] ? __fdget+0x17c/0x200 [ 171.229984][T10007] __x64_sys_sendmsg+0x17c/0x200 [ 171.234924][T10007] do_syscall_64+0xf7/0x1c0 [ 171.234939][T10007] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.234948][T10007] RIP: 0033:0x459a29 [ 171.234957][T10007] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.234962][T10007] RSP: 002b:00007f6d4bef3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.234971][T10007] RAX: ffffffffffffffda RBX: 00007f6d4bef3c90 RCX: 0000000000459a29 [ 171.234976][T10007] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 171.234982][T10007] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 171.234987][T10007] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d4bef46d4 [ 171.234993][T10007] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 171.238000][T10013] CPU: 0 PID: 10013 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 171.277284][T10013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.277291][T10013] Call Trace: [ 171.277309][T10013] dump_stack+0x1d8/0x2f8 [ 171.277323][T10013] should_fail+0x555/0x770 [ 171.277340][T10013] __should_failslab+0x11a/0x160 [ 171.293463][T10013] should_failslab+0x9/0x20 [ 171.293479][T10013] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 171.293489][T10013] ? __kmalloc_node+0x3c/0x60 [ 171.293496][T10013] ? memset+0x31/0x40 [ 171.293507][T10013] __kmalloc_node+0x3c/0x60 [ 171.293521][T10013] kvmalloc_node+0xcc/0x130 [ 171.293534][T10013] alloc_netdev_mqs+0xa21/0xe50 [ 171.293554][T10013] rtnl_create_link+0x23b/0x8e0 [ 171.293566][T10013] rtnl_newlink+0x1208/0x1af0 [ 171.293582][T10013] ? rtnl_newlink+0xa81/0x1af0 [ 171.293649][T10013] ? __mutex_lock_common+0x4f5/0x2e20 [ 171.335461][T10013] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 171.335474][T10013] ? rcu_lock_release+0x9/0x30 [ 171.335496][T10013] ? rtnl_setlink+0x460/0x460 [ 171.343074][T10013] rtnetlink_rcv_msg+0x889/0xd40 [ 171.343087][T10013] ? rcu_lock_release+0xd/0x30 [ 171.343105][T10013] ? __local_bh_enable_ip+0x13a/0x240 [ 171.343119][T10013] ? local_bh_enable+0x9/0x30 [ 171.343133][T10013] ? trace_hardirqs_on+0x74/0x80 [ 171.343141][T10013] ? __local_bh_enable_ip+0x13a/0x240 [ 171.343151][T10013] ? local_bh_enable+0x1f/0x30 [ 171.343164][T10013] ? rcu_lock_release+0x9/0x30 [ 171.343180][T10013] ? rcu_lock_release+0x9/0x30 [ 171.343198][T10013] netlink_rcv_skb+0x19e/0x3d0 [ 171.343207][T10013] ? rtnetlink_bind+0x80/0x80 [ 171.343224][T10013] rtnetlink_rcv+0x1c/0x20 [ 171.477305][T10013] netlink_unicast+0x787/0x8f0 [ 171.482072][T10013] netlink_sendmsg+0x993/0xc50 [ 171.486838][T10013] ? netlink_getsockopt+0x9f0/0x9f0 [ 171.492021][T10013] ___sys_sendmsg+0x60d/0x910 [ 171.496686][T10013] ? rcu_lock_release+0xd/0x30 [ 171.501445][T10013] ? rcu_lock_release+0x26/0x30 [ 171.506278][T10013] ? __fget+0x4e6/0x510 [ 171.510502][T10013] ? __fdget+0x17c/0x200 [ 171.514728][T10013] __x64_sys_sendmsg+0x17c/0x200 [ 171.519651][T10013] do_syscall_64+0xf7/0x1c0 [ 171.524138][T10013] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.530022][T10013] RIP: 0033:0x459a29 [ 171.533917][T10013] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.553530][T10013] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.561949][T10013] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 19:01:38 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fc"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:38 executing program 3 (fault-call:1 fault-nth:2): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 171.569968][T10013] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 171.577924][T10013] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 171.585922][T10013] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 171.593885][T10013] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:38 executing program 2 (fault-call:1 fault-nth:10): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:38 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 171.661689][T10026] FAULT_INJECTION: forcing a failure. [ 171.661689][T10026] name failslab, interval 1, probability 0, space 0, times 0 19:01:38 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) [ 171.750701][T10026] CPU: 1 PID: 10026 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 171.758663][T10026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.768722][T10026] Call Trace: [ 171.772022][T10026] dump_stack+0x1d8/0x2f8 [ 171.776407][T10026] should_fail+0x555/0x770 [ 171.780837][T10026] __should_failslab+0x11a/0x160 [ 171.785777][T10026] ? skb_clone+0x1cc/0x380 [ 171.788503][T10040] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 171.790198][T10026] should_failslab+0x9/0x20 [ 171.790221][T10026] kmem_cache_alloc+0x56/0x2e0 [ 171.790236][T10026] ? check_preemption_disabled+0x47/0x2a0 [ 171.790252][T10026] skb_clone+0x1cc/0x380 [ 171.790271][T10026] netlink_deliver_tap+0x4bd/0x880 [ 171.798840][T10040] FAULT_INJECTION: forcing a failure. [ 171.798840][T10040] name failslab, interval 1, probability 0, space 0, times 0 [ 171.802911][T10026] netlink_unicast+0x75d/0x8f0 [ 171.802933][T10026] netlink_sendmsg+0x993/0xc50 [ 171.802955][T10026] ? netlink_getsockopt+0x9f0/0x9f0 [ 171.802969][T10026] ___sys_sendmsg+0x60d/0x910 [ 171.802990][T10026] ? rcu_lock_release+0xd/0x30 [ 171.803005][T10026] ? rcu_lock_release+0x26/0x30 [ 171.803017][T10026] ? __fget+0x4e6/0x510 [ 171.868345][T10026] ? __fdget+0x17c/0x200 [ 171.872587][T10026] __x64_sys_sendmsg+0x17c/0x200 [ 171.877529][T10026] do_syscall_64+0xf7/0x1c0 [ 171.882023][T10026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 171.887907][T10026] RIP: 0033:0x459a29 [ 171.891798][T10026] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 171.911389][T10026] RSP: 002b:00007f6d4bef3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 171.919791][T10026] RAX: ffffffffffffffda RBX: 00007f6d4bef3c90 RCX: 0000000000459a29 [ 171.927749][T10026] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 171.935711][T10026] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 171.943673][T10026] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d4bef46d4 [ 171.951636][T10026] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 171.959616][T10040] CPU: 0 PID: 10040 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 171.967537][T10040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.977593][T10040] Call Trace: [ 171.980880][T10040] dump_stack+0x1d8/0x2f8 [ 171.985200][T10040] should_fail+0x555/0x770 [ 171.985225][T10040] __should_failslab+0x11a/0x160 [ 171.994549][T10040] should_failslab+0x9/0x20 [ 171.994563][T10040] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 171.994571][T10040] ? __kmalloc_node+0x3c/0x60 [ 171.994579][T10040] ? memset+0x31/0x40 [ 171.994590][T10040] __kmalloc_node+0x3c/0x60 [ 171.994605][T10040] kvmalloc_node+0xcc/0x130 [ 171.994618][T10040] rhashtable_init+0x50c/0xb40 [ 171.994633][T10040] br_fdb_hash_init+0x23/0x30 [ 171.994644][T10040] br_dev_init+0xee/0x260 [ 171.994659][T10040] register_netdevice+0x30b/0x13b0 [ 171.994681][T10040] br_dev_newlink+0x2a/0x120 [ 171.994696][T10040] rtnl_newlink+0x13a6/0x1af0 [ 171.994709][T10040] ? rtnl_newlink+0xa81/0x1af0 [ 171.994772][T10040] ? __mutex_lock_common+0x4f5/0x2e20 [ 171.994784][T10040] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 172.065793][T10040] ? rcu_lock_release+0x9/0x30 [ 172.070566][T10040] ? rtnl_setlink+0x460/0x460 [ 172.075226][T10040] rtnetlink_rcv_msg+0x889/0xd40 [ 172.080141][T10040] ? rcu_lock_release+0xd/0x30 [ 172.084898][T10040] ? __local_bh_enable_ip+0x13a/0x240 [ 172.090259][T10040] ? local_bh_enable+0x9/0x30 [ 172.094915][T10040] ? trace_hardirqs_on+0x74/0x80 [ 172.099830][T10040] ? __local_bh_enable_ip+0x13a/0x240 [ 172.105195][T10040] ? local_bh_enable+0x1f/0x30 [ 172.109937][T10040] ? rcu_lock_release+0x9/0x30 [ 172.114683][T10040] ? rcu_lock_release+0x9/0x30 [ 172.119423][T10040] netlink_rcv_skb+0x19e/0x3d0 [ 172.124167][T10040] ? rtnetlink_bind+0x80/0x80 [ 172.128824][T10040] rtnetlink_rcv+0x1c/0x20 [ 172.133216][T10040] netlink_unicast+0x787/0x8f0 [ 172.137961][T10040] netlink_sendmsg+0x993/0xc50 [ 172.142713][T10040] ? netlink_getsockopt+0x9f0/0x9f0 [ 172.147887][T10040] ___sys_sendmsg+0x60d/0x910 [ 172.152549][T10040] ? rcu_lock_release+0xd/0x30 [ 172.157303][T10040] ? rcu_lock_release+0x26/0x30 [ 172.162136][T10040] ? __fget+0x4e6/0x510 [ 172.166273][T10040] ? __fdget+0x17c/0x200 [ 172.170539][T10040] __x64_sys_sendmsg+0x17c/0x200 [ 172.175470][T10040] do_syscall_64+0xf7/0x1c0 [ 172.179969][T10040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.185847][T10040] RIP: 0033:0x459a29 [ 172.189719][T10040] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.209337][T10040] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 172.217727][T10040] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 172.225675][T10040] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 172.233622][T10040] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 172.241570][T10040] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 19:01:38 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:38 executing program 2 (fault-call:1 fault-nth:11): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 172.249522][T10040] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 172.267469][T10026] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:39 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:39 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) [ 172.365045][ T26] audit: type=1804 audit(1570129299.056:180): pid=10049 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/98/file0" dev="sda1" ino=17017 res=1 [ 172.395085][T10050] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:39 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:39 executing program 3 (fault-call:1 fault-nth:3): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 172.418755][T10050] FAULT_INJECTION: forcing a failure. [ 172.418755][T10050] name failslab, interval 1, probability 0, space 0, times 0 [ 172.466034][T10050] CPU: 0 PID: 10050 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 172.473964][T10050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.484016][T10050] Call Trace: [ 172.487312][T10050] dump_stack+0x1d8/0x2f8 [ 172.491654][T10050] should_fail+0x555/0x770 [ 172.496085][T10050] __should_failslab+0x11a/0x160 [ 172.501033][T10050] should_failslab+0x9/0x20 [ 172.505537][T10050] kmem_cache_alloc_trace+0x5d/0x2f0 [ 172.510816][T10050] ? br_vlan_init+0x53/0x1b0 19:01:39 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 172.515413][T10050] br_vlan_init+0x53/0x1b0 [ 172.519832][T10050] br_dev_init+0x195/0x260 [ 172.524244][T10050] register_netdevice+0x30b/0x13b0 [ 172.524268][T10050] br_dev_newlink+0x2a/0x120 [ 172.524285][T10050] rtnl_newlink+0x13a6/0x1af0 [ 172.524298][T10050] ? rtnl_newlink+0xa81/0x1af0 [ 172.524359][T10050] ? __mutex_lock_common+0x4f5/0x2e20 [ 172.524369][T10050] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 172.524382][T10050] ? rcu_lock_release+0x9/0x30 [ 172.534068][T10050] ? rtnl_setlink+0x460/0x460 [ 172.534082][T10050] rtnetlink_rcv_msg+0x889/0xd40 [ 172.534090][T10050] ? rcu_lock_release+0xd/0x30 [ 172.534110][T10050] ? __local_bh_enable_ip+0x13a/0x240 [ 172.534124][T10050] ? local_bh_enable+0x9/0x30 [ 172.534137][T10050] ? trace_hardirqs_on+0x74/0x80 [ 172.534146][T10050] ? __local_bh_enable_ip+0x13a/0x240 [ 172.534158][T10050] ? local_bh_enable+0x1f/0x30 [ 172.534172][T10050] ? rcu_lock_release+0x9/0x30 [ 172.534188][T10050] ? rcu_lock_release+0x9/0x30 [ 172.607611][T10050] netlink_rcv_skb+0x19e/0x3d0 [ 172.612367][T10050] ? rtnetlink_bind+0x80/0x80 [ 172.617053][T10050] rtnetlink_rcv+0x1c/0x20 [ 172.621470][T10050] netlink_unicast+0x787/0x8f0 [ 172.626243][T10050] netlink_sendmsg+0x993/0xc50 [ 172.631006][T10050] ? netlink_getsockopt+0x9f0/0x9f0 [ 172.636184][T10050] ___sys_sendmsg+0x60d/0x910 [ 172.640879][T10050] ? rcu_lock_release+0xd/0x30 [ 172.645640][T10050] ? rcu_lock_release+0x26/0x30 [ 172.650466][T10050] ? __fget+0x4e6/0x510 [ 172.654602][T10050] ? __fdget+0x17c/0x200 [ 172.658825][T10050] __x64_sys_sendmsg+0x17c/0x200 [ 172.663768][T10050] do_syscall_64+0xf7/0x1c0 [ 172.668263][T10050] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 172.674138][T10050] RIP: 0033:0x459a29 [ 172.678028][T10050] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 172.697619][T10050] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 172.706013][T10050] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 172.713968][T10050] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 172.721923][T10050] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 172.729878][T10050] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 172.737849][T10050] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 172.747317][T10063] FAULT_INJECTION: forcing a failure. [ 172.747317][T10063] name failslab, interval 1, probability 0, space 0, times 0 19:01:39 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 172.769983][T10063] CPU: 0 PID: 10063 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 172.777900][T10063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.787952][T10063] Call Trace: [ 172.791251][T10063] dump_stack+0x1d8/0x2f8 [ 172.795588][T10063] should_fail+0x555/0x770 [ 172.800002][T10063] __should_failslab+0x11a/0x160 [ 172.804926][T10063] should_failslab+0x9/0x20 [ 172.809424][T10063] kmem_cache_alloc_trace+0x5d/0x2f0 [ 172.814692][T10063] ? rtnl_newlink+0x77/0x1af0 [ 172.819351][T10063] rtnl_newlink+0x77/0x1af0 [ 172.823843][T10063] ? update_cfs_rq_load_avg+0x340/0x5a0 [ 172.829372][T10063] ? finish_lock_switch+0x31/0x40 [ 172.834378][T10063] ? __lock_acquire+0xc75/0x1be0 [ 172.839295][T10063] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 172.844554][T10063] ? _raw_spin_unlock_irq+0x27/0x80 [ 172.849737][T10063] ? finish_lock_switch+0x31/0x40 [ 172.854740][T10063] ? finish_task_switch+0x24f/0x550 [ 172.859916][T10063] ? __mutex_lock_common+0x1b1b/0x2e20 [ 172.865357][T10063] ? __kasan_check_read+0x11/0x20 [ 172.870358][T10063] ? do_raw_spin_unlock+0x49/0x260 [ 172.875445][T10063] ? __mutex_lock_common+0x1b25/0x2e20 [ 172.880877][T10063] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 172.885977][T10063] ? rtnl_setlink+0x460/0x460 [ 172.890627][T10063] rtnetlink_rcv_msg+0x889/0xd40 [ 172.895539][T10063] ? rcu_lock_release+0xd/0x30 [ 172.900281][T10063] ? __local_bh_enable_ip+0x13a/0x240 [ 172.905628][T10063] ? local_bh_enable+0x9/0x30 [ 172.910289][T10063] ? trace_hardirqs_on+0x74/0x80 [ 172.915201][T10063] ? __local_bh_enable_ip+0x13a/0x240 [ 172.920549][T10063] ? local_bh_enable+0x1f/0x30 [ 172.925292][T10063] ? rcu_lock_release+0x9/0x30 [ 172.930033][T10063] ? rcu_lock_release+0x9/0x30 [ 172.934775][T10063] netlink_rcv_skb+0x19e/0x3d0 [ 172.939515][T10063] ? rtnetlink_bind+0x80/0x80 [ 172.944172][T10063] rtnetlink_rcv+0x1c/0x20 [ 172.948566][T10063] netlink_unicast+0x787/0x8f0 [ 172.953323][T10063] netlink_sendmsg+0x993/0xc50 [ 172.958069][T10063] ? netlink_getsockopt+0x9f0/0x9f0 [ 172.963243][T10063] ___sys_sendmsg+0x60d/0x910 [ 172.967901][T10063] ? rcu_lock_release+0xd/0x30 [ 172.972644][T10063] ? rcu_lock_release+0x26/0x30 [ 172.977467][T10063] ? __fget+0x4e6/0x510 [ 172.981611][T10063] ? __fdget+0x17c/0x200 [ 172.985919][T10063] __x64_sys_sendmsg+0x17c/0x200 [ 172.990840][T10063] do_syscall_64+0xf7/0x1c0 [ 172.995322][T10063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.001188][T10063] RIP: 0033:0x459a29 [ 173.005066][T10063] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.024647][T10063] RSP: 002b:00007f6d4bef3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 173.033033][T10063] RAX: ffffffffffffffda RBX: 00007f6d4bef3c90 RCX: 0000000000459a29 [ 173.040979][T10063] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 173.048923][T10063] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 173.056871][T10063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d4bef46d4 19:01:39 executing program 2 (fault-call:1 fault-nth:12): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 173.064823][T10063] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:39 executing program 3 (fault-call:1 fault-nth:4): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 173.184866][T10075] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 173.220992][T10075] FAULT_INJECTION: forcing a failure. [ 173.220992][T10075] name failslab, interval 1, probability 0, space 0, times 0 [ 173.244401][T10075] CPU: 1 PID: 10075 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 173.252324][T10075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.262377][T10075] Call Trace: [ 173.265670][T10075] dump_stack+0x1d8/0x2f8 [ 173.270003][T10075] should_fail+0x555/0x770 [ 173.274423][T10075] __should_failslab+0x11a/0x160 [ 173.279368][T10075] should_failslab+0x9/0x20 [ 173.283879][T10075] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 173.289605][T10075] ? __kmalloc_node+0x3c/0x60 19:01:39 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:39 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 173.294287][T10075] ? memset+0x31/0x40 [ 173.298270][T10075] __kmalloc_node+0x3c/0x60 [ 173.302782][T10075] kvmalloc_node+0xcc/0x130 [ 173.307291][T10075] rhashtable_init+0x50c/0xb40 [ 173.312061][T10075] br_mdb_hash_init+0x23/0x30 [ 173.316733][T10075] br_dev_init+0x160/0x260 [ 173.318646][ T26] audit: type=1804 audit(1570129299.936:181): pid=10083 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/102/file0" dev="sda1" ino=17011 res=1 [ 173.321144][T10075] register_netdevice+0x30b/0x13b0 [ 173.321171][T10075] br_dev_newlink+0x2a/0x120 [ 173.321187][T10075] rtnl_newlink+0x13a6/0x1af0 [ 173.321198][T10075] ? rtnl_newlink+0xa81/0x1af0 [ 173.321257][T10075] ? __mutex_lock_common+0x4f5/0x2e20 [ 173.369375][T10075] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 173.374467][T10075] ? rcu_lock_release+0x9/0x30 [ 173.379235][T10075] ? rtnl_setlink+0x460/0x460 [ 173.383900][T10075] rtnetlink_rcv_msg+0x889/0xd40 [ 173.388913][T10075] ? rcu_lock_release+0xd/0x30 [ 173.393653][T10075] ? __local_bh_enable_ip+0x13a/0x240 [ 173.399004][T10075] ? local_bh_enable+0x9/0x30 [ 173.403668][T10075] ? trace_hardirqs_on+0x74/0x80 [ 173.408583][T10075] ? __local_bh_enable_ip+0x13a/0x240 [ 173.413947][T10075] ? local_bh_enable+0x1f/0x30 [ 173.418781][T10075] ? rcu_lock_release+0x9/0x30 [ 173.423537][T10075] ? rcu_lock_release+0x9/0x30 [ 173.428300][T10075] netlink_rcv_skb+0x19e/0x3d0 [ 173.433055][T10075] ? rtnetlink_bind+0x80/0x80 [ 173.437715][T10075] rtnetlink_rcv+0x1c/0x20 [ 173.442113][T10075] netlink_unicast+0x787/0x8f0 [ 173.446861][T10075] netlink_sendmsg+0x993/0xc50 [ 173.451604][T10075] ? netlink_getsockopt+0x9f0/0x9f0 [ 173.457057][T10075] ___sys_sendmsg+0x60d/0x910 [ 173.461731][T10075] ? rcu_lock_release+0xd/0x30 [ 173.466483][T10075] ? rcu_lock_release+0x26/0x30 [ 173.471318][T10075] ? __fget+0x4e6/0x510 [ 173.475471][T10075] ? __fdget+0x17c/0x200 [ 173.479696][T10075] __x64_sys_sendmsg+0x17c/0x200 [ 173.484631][T10075] do_syscall_64+0xf7/0x1c0 [ 173.489114][T10075] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.494985][T10075] RIP: 0033:0x459a29 [ 173.498855][T10075] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 173.518452][T10075] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 173.526871][T10075] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 173.534866][T10075] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 19:01:40 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) [ 173.542819][T10075] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 173.550779][T10075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 173.558731][T10075] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:40 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 173.586780][T10079] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 173.604939][T10079] FAULT_INJECTION: forcing a failure. [ 173.604939][T10079] name failslab, interval 1, probability 0, space 0, times 0 [ 173.646592][T10079] CPU: 0 PID: 10079 Comm: syz-executor.3 Not tainted 5.4.0-rc1+ #0 [ 173.654517][T10079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.664584][T10079] Call Trace: [ 173.667873][T10079] dump_stack+0x1d8/0x2f8 [ 173.672203][T10079] should_fail+0x555/0x770 [ 173.676619][T10079] __should_failslab+0x11a/0x160 [ 173.681563][T10079] should_failslab+0x9/0x20 [ 173.686065][T10079] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 173.691782][T10079] ? __kmalloc_node+0x3c/0x60 [ 173.696460][T10079] __kmalloc_node+0x3c/0x60 [ 173.700960][T10079] kvmalloc_node+0xcc/0x130 [ 173.705445][T10079] alloc_netdev_mqs+0x8e/0xe50 [ 173.710197][T10079] ? security_capable+0xa2/0xd0 [ 173.715027][T10079] ? ns_capable+0x91/0xf0 [ 173.719357][T10079] ? br_netpoll_disable+0x80/0x80 [ 173.724367][T10079] rtnl_create_link+0x23b/0x8e0 [ 173.729197][T10079] rtnl_newlink+0x1208/0x1af0 [ 173.733855][T10079] ? rtnl_newlink+0xa81/0x1af0 [ 173.738611][T10079] ? __lock_acquire+0xc75/0x1be0 [ 173.743561][T10079] ? __mutex_lock_common+0x1b25/0x2e20 [ 173.748998][T10079] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 173.754096][T10079] ? rtnl_setlink+0x460/0x460 [ 173.758746][T10079] rtnetlink_rcv_msg+0x889/0xd40 [ 173.763662][T10079] ? rcu_lock_release+0xd/0x30 [ 173.768406][T10079] ? __local_bh_enable_ip+0x13a/0x240 [ 173.773753][T10079] ? local_bh_enable+0x9/0x30 [ 173.778406][T10079] ? trace_hardirqs_on+0x74/0x80 [ 173.783317][T10079] ? __local_bh_enable_ip+0x13a/0x240 [ 173.788667][T10079] ? local_bh_enable+0x1f/0x30 [ 173.793416][T10079] ? rcu_lock_release+0x9/0x30 [ 173.798160][T10079] ? rcu_lock_release+0x9/0x30 [ 173.802905][T10079] netlink_rcv_skb+0x19e/0x3d0 [ 173.807649][T10079] ? rtnetlink_bind+0x80/0x80 [ 173.812304][T10079] rtnetlink_rcv+0x1c/0x20 [ 173.816693][T10079] netlink_unicast+0x787/0x8f0 [ 173.821436][T10079] netlink_sendmsg+0x993/0xc50 [ 173.826182][T10079] ? netlink_getsockopt+0x9f0/0x9f0 [ 173.831356][T10079] ___sys_sendmsg+0x60d/0x910 [ 173.836012][T10079] ? rcu_lock_release+0xd/0x30 [ 173.840756][T10079] ? rcu_lock_release+0x26/0x30 [ 173.845581][T10079] ? __fget+0x4e6/0x510 [ 173.849719][T10079] ? __fdget+0x17c/0x200 [ 173.853938][T10079] __x64_sys_sendmsg+0x17c/0x200 [ 173.858858][T10079] do_syscall_64+0xf7/0x1c0 [ 173.863339][T10079] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 173.869207][T10079] RIP: 0033:0x459a29 [ 173.873076][T10079] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:01:40 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:40 executing program 2 (fault-call:1 fault-nth:13): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 173.892658][T10079] RSP: 002b:00007f6d4bef3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 173.901043][T10079] RAX: ffffffffffffffda RBX: 00007f6d4bef3c90 RCX: 0000000000459a29 [ 173.908999][T10079] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 173.916956][T10079] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 173.924905][T10079] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6d4bef46d4 [ 173.932862][T10079] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:40 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 19:01:40 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 174.024361][T10100] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 174.042757][T10100] FAULT_INJECTION: forcing a failure. [ 174.042757][T10100] name failslab, interval 1, probability 0, space 0, times 0 [ 174.065205][T10100] CPU: 0 PID: 10100 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 174.073131][T10100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.073136][T10100] Call Trace: [ 174.073153][T10100] dump_stack+0x1d8/0x2f8 [ 174.073169][T10100] should_fail+0x555/0x770 [ 174.073186][T10100] __should_failslab+0x11a/0x160 [ 174.073202][T10100] should_failslab+0x9/0x20 [ 174.104652][T10100] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 174.110363][T10100] ? __kmalloc_node+0x3c/0x60 [ 174.110375][T10100] ? memset+0x31/0x40 [ 174.110387][T10100] __kmalloc_node+0x3c/0x60 19:01:40 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 174.110401][T10100] kvmalloc_node+0xcc/0x130 [ 174.127986][T10100] rhashtable_init+0x50c/0xb40 [ 174.132755][T10100] br_vlan_init+0x7a/0x1b0 [ 174.137175][T10100] br_dev_init+0x195/0x260 [ 174.141594][T10100] register_netdevice+0x30b/0x13b0 [ 174.146731][T10100] br_dev_newlink+0x2a/0x120 [ 174.151336][T10100] rtnl_newlink+0x13a6/0x1af0 [ 174.156015][T10100] ? rtnl_newlink+0xa81/0x1af0 [ 174.160776][T10100] ? __lock_acquire+0xc75/0x1be0 [ 174.165712][T10100] ? __mutex_lock_common+0x1b25/0x2e20 [ 174.171146][T10100] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 174.176246][T10100] ? rtnl_setlink+0x460/0x460 [ 174.180900][T10100] rtnetlink_rcv_msg+0x889/0xd40 [ 174.185817][T10100] ? rcu_lock_release+0xd/0x30 [ 174.190571][T10100] ? __local_bh_enable_ip+0x13a/0x240 [ 174.195940][T10100] ? local_bh_enable+0x9/0x30 [ 174.200610][T10100] ? trace_hardirqs_on+0x74/0x80 [ 174.205554][T10100] ? __local_bh_enable_ip+0x13a/0x240 [ 174.210917][T10100] ? local_bh_enable+0x1f/0x30 [ 174.215660][T10100] ? rcu_lock_release+0x9/0x30 [ 174.220477][T10100] ? rcu_lock_release+0x9/0x30 [ 174.225238][T10100] netlink_rcv_skb+0x19e/0x3d0 [ 174.229995][T10100] ? rtnetlink_bind+0x80/0x80 [ 174.234674][T10100] rtnetlink_rcv+0x1c/0x20 [ 174.239071][T10100] netlink_unicast+0x787/0x8f0 [ 174.243839][T10100] netlink_sendmsg+0x993/0xc50 [ 174.248594][T10100] ? netlink_getsockopt+0x9f0/0x9f0 [ 174.253781][T10100] ___sys_sendmsg+0x60d/0x910 [ 174.258462][T10100] ? rcu_lock_release+0xd/0x30 [ 174.263225][T10100] ? rcu_lock_release+0x26/0x30 [ 174.268080][T10100] ? __fget+0x4e6/0x510 [ 174.272232][T10100] ? __fdget+0x17c/0x200 [ 174.276455][T10100] __x64_sys_sendmsg+0x17c/0x200 [ 174.281382][T10100] do_syscall_64+0xf7/0x1c0 [ 174.285881][T10100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.291756][T10100] RIP: 0033:0x459a29 [ 174.295631][T10100] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.315382][T10100] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e 19:01:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:41 executing program 2 (fault-call:1 fault-nth:14): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 174.323779][T10100] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 174.331738][T10100] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 174.339686][T10100] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 174.347636][T10100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 174.355584][T10100] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:41 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:41 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:41 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(0x0, 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 174.450956][T10121] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 174.484718][T10120] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:41 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x0, 0x0) [ 174.524963][T10120] FAULT_INJECTION: forcing a failure. [ 174.524963][T10120] name failslab, interval 1, probability 0, space 0, times 0 [ 174.576411][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 174.576419][ T26] audit: type=1804 audit(1570129301.266:184): pid=10127 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/105/file0" dev="sda1" ino=16529 res=1 [ 174.586134][T10120] CPU: 0 PID: 10120 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 174.614228][T10120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.624290][T10120] Call Trace: [ 174.627587][T10120] dump_stack+0x1d8/0x2f8 [ 174.631923][T10120] should_fail+0x555/0x770 [ 174.636362][T10120] __should_failslab+0x11a/0x160 [ 174.641306][T10120] should_failslab+0x9/0x20 [ 174.645807][T10120] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 174.645819][T10120] ? __kmalloc_node+0x3c/0x60 [ 174.645828][T10120] ? memset+0x31/0x40 [ 174.645841][T10120] __kmalloc_node+0x3c/0x60 [ 174.645855][T10120] kvmalloc_node+0xcc/0x130 [ 174.645869][T10120] rhashtable_init+0x50c/0xb40 19:01:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 174.656231][T10120] vlan_tunnel_init+0x23/0x30 [ 174.656241][T10120] br_vlan_init+0xa4/0x1b0 [ 174.656254][T10120] br_dev_init+0x195/0x260 [ 174.656273][T10120] register_netdevice+0x30b/0x13b0 [ 174.656298][T10120] br_dev_newlink+0x2a/0x120 [ 174.656313][T10120] rtnl_newlink+0x13a6/0x1af0 [ 174.656325][T10120] ? rtnl_newlink+0xa81/0x1af0 [ 174.656346][T10120] ? __lock_acquire+0xc75/0x1be0 [ 174.711678][T10120] ? __mutex_lock_common+0x1b25/0x2e20 [ 174.717171][T10120] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 174.722271][T10120] ? rtnl_setlink+0x460/0x460 [ 174.726925][T10120] rtnetlink_rcv_msg+0x889/0xd40 [ 174.731847][T10120] ? rcu_lock_release+0xd/0x30 [ 174.736615][T10120] ? __local_bh_enable_ip+0x13a/0x240 [ 174.741972][T10120] ? local_bh_enable+0x9/0x30 [ 174.746636][T10120] ? trace_hardirqs_on+0x74/0x80 [ 174.751556][T10120] ? __local_bh_enable_ip+0x13a/0x240 [ 174.756905][T10120] ? local_bh_enable+0x1f/0x30 [ 174.761659][T10120] ? rcu_lock_release+0x9/0x30 [ 174.766405][T10120] ? rcu_lock_release+0x9/0x30 [ 174.771184][T10120] netlink_rcv_skb+0x19e/0x3d0 [ 174.775933][T10120] ? rtnetlink_bind+0x80/0x80 [ 174.780601][T10120] rtnetlink_rcv+0x1c/0x20 [ 174.784997][T10120] netlink_unicast+0x787/0x8f0 [ 174.789790][T10120] netlink_sendmsg+0x993/0xc50 [ 174.794727][T10120] ? netlink_getsockopt+0x9f0/0x9f0 [ 174.799899][T10120] ___sys_sendmsg+0x60d/0x910 [ 174.804564][T10120] ? rcu_lock_release+0xd/0x30 [ 174.809333][T10120] ? rcu_lock_release+0x26/0x30 [ 174.814203][T10120] ? __fget+0x4e6/0x510 [ 174.818338][T10120] ? __fdget+0x17c/0x200 [ 174.822820][T10120] __x64_sys_sendmsg+0x17c/0x200 [ 174.827756][T10120] do_syscall_64+0xf7/0x1c0 [ 174.832255][T10120] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.838136][T10120] RIP: 0033:0x459a29 [ 174.842017][T10120] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 174.861594][T10120] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 174.869980][T10120] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 19:01:41 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 174.877927][T10120] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 174.885890][T10120] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 174.893838][T10120] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 174.901786][T10120] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:41 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:41 executing program 2 (fault-call:1 fault-nth:15): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 175.021203][ T26] audit: type=1804 audit(1570129301.706:185): pid=10140 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/106/file0" dev="sda1" ino=17007 res=1 [ 175.045200][ C1] net_ratelimit: 2 callbacks suppressed [ 175.045206][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 175.050809][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 175.062306][ C1] protocol 88fb is buggy, dev hsr_slave_0 19:01:41 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 175.068088][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:01:41 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x0, 0x0) 19:01:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 175.099125][T10146] FAULT_INJECTION: forcing a failure. [ 175.099125][T10146] name failslab, interval 1, probability 0, space 0, times 0 [ 175.122454][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 175.128246][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 175.175090][T10146] CPU: 0 PID: 10146 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 175.183035][T10146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.189060][ T26] audit: type=1804 audit(1570129301.816:186): pid=10145 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/105/file0" dev="sda1" ino=17015 res=1 [ 175.193078][T10146] Call Trace: [ 175.193098][T10146] dump_stack+0x1d8/0x2f8 [ 175.193113][T10146] should_fail+0x555/0x770 [ 175.193132][T10146] __should_failslab+0x11a/0x160 [ 175.193145][T10146] ? kvasprintf_const+0x139/0x180 [ 175.193157][T10146] should_failslab+0x9/0x20 [ 175.193174][T10146] __kmalloc_track_caller+0x79/0x340 [ 175.248730][T10146] kstrdup_const+0x55/0x90 [ 175.253128][T10146] kvasprintf_const+0x139/0x180 [ 175.257959][T10146] kobject_set_name_vargs+0x63/0x120 [ 175.263225][T10146] dev_set_name+0x6c/0x90 [ 175.267542][T10146] ? pm_runtime_init+0x295/0x370 [ 175.272472][T10146] netdev_register_kobject+0xb4/0x2f0 [ 175.277831][T10146] register_netdevice+0xc4d/0x13b0 [ 175.282956][T10146] br_dev_newlink+0x2a/0x120 [ 175.287535][T10146] rtnl_newlink+0x13a6/0x1af0 [ 175.292392][T10146] ? rtnl_newlink+0xa81/0x1af0 [ 175.297179][T10146] ? __mutex_lock_common+0x4f5/0x2e20 [ 175.302547][T10146] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 175.307648][T10146] ? rcu_lock_release+0x9/0x30 [ 175.312411][T10146] ? rtnl_setlink+0x460/0x460 [ 175.317078][T10146] rtnetlink_rcv_msg+0x889/0xd40 [ 175.322006][T10146] ? rcu_lock_release+0xd/0x30 [ 175.326844][T10146] ? __local_bh_enable_ip+0x13a/0x240 [ 175.332215][T10146] ? local_bh_enable+0x9/0x30 [ 175.336881][T10146] ? trace_hardirqs_on+0x74/0x80 [ 175.341827][T10146] ? __local_bh_enable_ip+0x13a/0x240 [ 175.347188][T10146] ? local_bh_enable+0x1f/0x30 [ 175.352124][T10146] ? rcu_lock_release+0x9/0x30 [ 175.356887][T10146] ? rcu_lock_release+0x9/0x30 [ 175.361657][T10146] netlink_rcv_skb+0x19e/0x3d0 [ 175.366417][T10146] ? rtnetlink_bind+0x80/0x80 [ 175.371113][T10146] rtnetlink_rcv+0x1c/0x20 [ 175.375534][T10146] netlink_unicast+0x787/0x8f0 [ 175.381296][T10146] netlink_sendmsg+0x993/0xc50 [ 175.386055][T10146] ? netlink_getsockopt+0x9f0/0x9f0 [ 175.391335][T10146] ___sys_sendmsg+0x60d/0x910 [ 175.396064][T10146] ? rcu_lock_release+0xd/0x30 [ 175.400821][T10146] ? rcu_lock_release+0x26/0x30 [ 175.405655][T10146] ? __fget+0x4e6/0x510 [ 175.409798][T10146] ? __fdget+0x17c/0x200 [ 175.414078][T10146] __x64_sys_sendmsg+0x17c/0x200 [ 175.419008][T10146] do_syscall_64+0xf7/0x1c0 [ 175.423516][T10146] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.429390][T10146] RIP: 0033:0x459a29 [ 175.433280][T10146] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 175.453028][T10146] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 175.461427][T10146] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 19:01:42 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:42 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 175.469383][T10146] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 175.477356][T10146] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 175.485329][T10146] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 175.493297][T10146] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:42 executing program 1: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x0, 0x0) 19:01:42 executing program 2 (fault-call:1 fault-nth:16): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 175.627207][T10164] validate_nla: 2 callbacks suppressed [ 175.627216][T10164] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 175.651240][ T26] audit: type=1804 audit(1570129302.336:187): pid=10160 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/106/file0" dev="sda1" ino=16992 res=1 [ 175.682474][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 175.688350][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:42 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:42 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 175.731167][ T26] audit: type=1804 audit(1570129302.386:188): pid=10165 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/107/file0" dev="sda1" ino=17013 res=1 [ 175.768951][T10168] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 175.791674][T10168] FAULT_INJECTION: forcing a failure. [ 175.791674][T10168] name failslab, interval 1, probability 0, space 0, times 0 [ 175.806941][T10168] CPU: 0 PID: 10168 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 175.814870][T10168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.824931][T10168] Call Trace: [ 175.828237][T10168] dump_stack+0x1d8/0x2f8 [ 175.832583][T10168] should_fail+0x555/0x770 [ 175.837020][T10168] __should_failslab+0x11a/0x160 19:01:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 175.841974][T10168] ? kvasprintf_const+0x139/0x180 [ 175.846998][T10168] should_failslab+0x9/0x20 [ 175.851491][T10168] __kmalloc_track_caller+0x79/0x340 [ 175.856779][T10168] kstrdup_const+0x55/0x90 [ 175.856794][T10168] kvasprintf_const+0x139/0x180 [ 175.856811][T10168] kobject_set_name_vargs+0x63/0x120 [ 175.856824][T10168] dev_set_name+0x6c/0x90 [ 175.856833][T10168] ? pm_runtime_init+0x295/0x370 [ 175.856852][T10168] netdev_register_kobject+0xb4/0x2f0 [ 175.856866][T10168] register_netdevice+0xc4d/0x13b0 [ 175.856891][T10168] br_dev_newlink+0x2a/0x120 [ 175.856904][T10168] rtnl_newlink+0x13a6/0x1af0 [ 175.856916][T10168] ? rtnl_newlink+0xa81/0x1af0 [ 175.856937][T10168] ? __lock_acquire+0xc75/0x1be0 [ 175.880798][T10168] ? __mutex_lock_common+0x1b25/0x2e20 [ 175.910132][T10168] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 175.910163][T10168] ? rtnl_setlink+0x460/0x460 [ 175.910175][T10168] rtnetlink_rcv_msg+0x889/0xd40 [ 175.910184][T10168] ? rcu_lock_release+0xd/0x30 [ 175.910203][T10168] ? __local_bh_enable_ip+0x13a/0x240 [ 175.940461][T10168] ? local_bh_enable+0x9/0x30 [ 175.945148][T10168] ? trace_hardirqs_on+0x74/0x80 [ 175.950090][T10168] ? __local_bh_enable_ip+0x13a/0x240 [ 175.950108][T10168] ? local_bh_enable+0x1f/0x30 [ 175.950124][T10168] ? rcu_lock_release+0x9/0x30 [ 175.950141][T10168] ? rcu_lock_release+0x9/0x30 [ 175.969766][T10168] netlink_rcv_skb+0x19e/0x3d0 [ 175.974538][T10168] ? rtnetlink_bind+0x80/0x80 [ 175.979227][T10168] rtnetlink_rcv+0x1c/0x20 [ 175.983650][T10168] netlink_unicast+0x787/0x8f0 [ 175.988426][T10168] netlink_sendmsg+0x993/0xc50 [ 175.993200][T10168] ? netlink_getsockopt+0x9f0/0x9f0 [ 175.998398][T10168] ___sys_sendmsg+0x60d/0x910 [ 176.003086][T10168] ? rcu_lock_release+0xd/0x30 [ 176.007947][T10168] ? rcu_lock_release+0x26/0x30 [ 176.012914][T10168] ? __fget+0x4e6/0x510 [ 176.017084][T10168] ? __fdget+0x17c/0x200 [ 176.021339][T10168] __x64_sys_sendmsg+0x17c/0x200 [ 176.026295][T10168] do_syscall_64+0xf7/0x1c0 [ 176.030816][T10168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.036709][T10168] RIP: 0033:0x459a29 [ 176.040601][T10168] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.060314][T10168] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.061773][ T26] audit: type=1804 audit(1570129302.686:189): pid=10181 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/107/file0" dev="sda1" ino=17013 res=1 19:01:42 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 176.068752][T10168] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 176.068760][T10168] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 176.068764][T10168] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 176.068769][T10168] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 176.068774][T10168] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:42 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 176.134845][ T26] audit: type=1804 audit(1570129302.816:190): pid=10180 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/108/file0" dev="sda1" ino=16990 res=1 19:01:42 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:42 executing program 2 (fault-call:1 fault-nth:17): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 176.191627][T10178] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:43 executing program 1: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 176.270345][ T26] audit: type=1804 audit(1570129302.956:191): pid=10191 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/108/file0" dev="sda1" ino=17011 res=1 [ 176.341357][T10199] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:43 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:43 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 176.382728][ T26] audit: type=1804 audit(1570129303.016:192): pid=10194 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/109/file0" dev="sda1" ino=17030 res=1 [ 176.408560][T10199] FAULT_INJECTION: forcing a failure. [ 176.408560][T10199] name failslab, interval 1, probability 0, space 0, times 0 [ 176.482853][T10199] CPU: 1 PID: 10199 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 176.490873][T10199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.500925][T10199] Call Trace: [ 176.504220][T10199] dump_stack+0x1d8/0x2f8 [ 176.508553][T10199] should_fail+0x555/0x770 [ 176.512977][T10199] __should_failslab+0x11a/0x160 [ 176.517916][T10199] ? __kernfs_new_node+0x4c/0x6b0 [ 176.522938][T10199] should_failslab+0x9/0x20 [ 176.527449][T10199] __kmalloc_track_caller+0x79/0x340 [ 176.532733][T10199] ? check_preemption_disabled+0x47/0x2a0 [ 176.538479][T10199] kstrdup_const+0x55/0x90 [ 176.542900][T10199] __kernfs_new_node+0x4c/0x6b0 [ 176.543132][ T26] audit: type=1804 audit(1570129303.176:193): pid=10215 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/109/file0" dev="sda1" ino=17014 res=1 [ 176.547742][T10199] ? __irq_work_queue_local+0xd0/0xe0 [ 176.547760][T10199] ? net_ns_get_ownership+0xff/0x180 [ 176.547772][T10199] ? net_get_ownership+0x48/0x50 [ 176.547786][T10199] kernfs_create_dir_ns+0x9b/0x230 [ 176.547800][T10199] sysfs_create_dir_ns+0x10a/0x290 [ 176.547818][T10199] kobject_add_internal+0x459/0xd50 [ 176.602576][T10199] kobject_add+0xef/0x190 [ 176.606900][T10199] ? mutex_unlock+0xd/0x10 [ 176.611412][T10199] ? get_device_parent+0x33c/0x4e0 [ 176.616544][T10199] device_add+0x4a8/0x14e0 [ 176.620965][T10199] ? kobject_set_name_vargs+0xd0/0x120 [ 176.626428][T10199] ? pm_runtime_init+0x295/0x370 [ 176.631360][T10199] netdev_register_kobject+0x152/0x2f0 [ 176.636824][T10199] register_netdevice+0xc4d/0x13b0 [ 176.641926][T10199] br_dev_newlink+0x2a/0x120 [ 176.646495][T10199] rtnl_newlink+0x13a6/0x1af0 [ 176.651160][T10199] ? rtnl_newlink+0xa81/0x1af0 [ 176.655942][T10199] ? __mutex_lock_common+0x4f5/0x2e20 [ 176.662941][T10199] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 176.668035][T10199] ? rcu_lock_release+0x9/0x30 [ 176.672792][T10199] ? rtnl_setlink+0x460/0x460 [ 176.677442][T10199] rtnetlink_rcv_msg+0x889/0xd40 [ 176.682360][T10199] ? rcu_lock_release+0xd/0x30 [ 176.687116][T10199] ? __local_bh_enable_ip+0x13a/0x240 [ 176.692465][T10199] ? local_bh_enable+0x9/0x30 [ 176.697122][T10199] ? trace_hardirqs_on+0x74/0x80 [ 176.702043][T10199] ? __local_bh_enable_ip+0x13a/0x240 [ 176.707400][T10199] ? local_bh_enable+0x1f/0x30 [ 176.712145][T10199] ? rcu_lock_release+0x9/0x30 [ 176.716886][T10199] ? rcu_lock_release+0x9/0x30 [ 176.721637][T10199] netlink_rcv_skb+0x19e/0x3d0 [ 176.726386][T10199] ? rtnetlink_bind+0x80/0x80 [ 176.731041][T10199] rtnetlink_rcv+0x1c/0x20 [ 176.735432][T10199] netlink_unicast+0x787/0x8f0 [ 176.740190][T10199] netlink_sendmsg+0x993/0xc50 [ 176.744935][T10199] ? netlink_getsockopt+0x9f0/0x9f0 [ 176.750119][T10199] ___sys_sendmsg+0x60d/0x910 [ 176.754778][T10199] ? rcu_lock_release+0xd/0x30 [ 176.759528][T10199] ? rcu_lock_release+0x26/0x30 [ 176.764377][T10199] ? __fget+0x4e6/0x510 [ 176.768524][T10199] ? __fdget+0x17c/0x200 [ 176.772752][T10199] __x64_sys_sendmsg+0x17c/0x200 [ 176.777688][T10199] do_syscall_64+0xf7/0x1c0 [ 176.782186][T10199] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 176.788075][T10199] RIP: 0033:0x459a29 [ 176.791943][T10199] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 176.811524][T10199] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 176.819920][T10199] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 19:01:43 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:43 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) [ 176.827871][T10199] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 176.835837][T10199] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 176.843786][T10199] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 176.851732][T10199] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 176.861311][T10199] kobject_add_internal failed for bridge15 (error: -12 parent: net) 19:01:43 executing program 2 (fault-call:1 fault-nth:18): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 176.923425][T10207] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:43 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:43 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 177.030592][T10227] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 177.050592][T10227] FAULT_INJECTION: forcing a failure. [ 177.050592][T10227] name failslab, interval 1, probability 0, space 0, times 0 [ 177.078904][T10227] CPU: 1 PID: 10227 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 177.086819][T10227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.096866][T10227] Call Trace: [ 177.100156][T10227] dump_stack+0x1d8/0x2f8 [ 177.104487][T10227] should_fail+0x555/0x770 [ 177.108908][T10227] __should_failslab+0x11a/0x160 [ 177.113848][T10227] ? __kernfs_new_node+0x4c/0x6b0 [ 177.118870][T10227] should_failslab+0x9/0x20 [ 177.123370][T10227] __kmalloc_track_caller+0x79/0x340 [ 177.128651][T10227] ? console_unlock+0xe41/0xef0 [ 177.133499][T10227] kstrdup_const+0x55/0x90 [ 177.137919][T10227] __kernfs_new_node+0x4c/0x6b0 [ 177.142773][T10227] ? net_ns_get_ownership+0xff/0x180 [ 177.148033][T10227] ? net_get_ownership+0x48/0x50 [ 177.152946][T10227] kernfs_create_dir_ns+0x9b/0x230 [ 177.158033][T10227] sysfs_create_dir_ns+0x10a/0x290 [ 177.163128][T10227] kobject_add_internal+0x459/0xd50 [ 177.168307][T10227] kobject_add+0xef/0x190 [ 177.172621][T10227] ? mutex_unlock+0xd/0x10 [ 177.177019][T10227] ? get_device_parent+0x33c/0x4e0 [ 177.182109][T10227] device_add+0x4a8/0x14e0 [ 177.186515][T10227] ? kobject_set_name_vargs+0xd0/0x120 [ 177.192019][T10227] ? pm_runtime_init+0x295/0x370 [ 177.196949][T10227] netdev_register_kobject+0x152/0x2f0 [ 177.202389][T10227] register_netdevice+0xc4d/0x13b0 [ 177.207485][T10227] br_dev_newlink+0x2a/0x120 [ 177.212059][T10227] rtnl_newlink+0x13a6/0x1af0 [ 177.216719][T10227] ? rtnl_newlink+0xa81/0x1af0 [ 177.221499][T10227] ? __mutex_lock_common+0x4f5/0x2e20 [ 177.226861][T10227] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 177.231958][T10227] ? rcu_lock_release+0x9/0x30 [ 177.236703][T10227] ? rtnl_setlink+0x460/0x460 [ 177.241355][T10227] rtnetlink_rcv_msg+0x889/0xd40 [ 177.246267][T10227] ? rcu_lock_release+0xd/0x30 [ 177.251009][T10227] ? __local_bh_enable_ip+0x13a/0x240 [ 177.256364][T10227] ? local_bh_enable+0x9/0x30 [ 177.261026][T10227] ? trace_hardirqs_on+0x74/0x80 [ 177.265946][T10227] ? __local_bh_enable_ip+0x13a/0x240 [ 177.271319][T10227] ? local_bh_enable+0x1f/0x30 [ 177.276058][T10227] ? rcu_lock_release+0x9/0x30 [ 177.280797][T10227] ? rcu_lock_release+0x9/0x30 [ 177.285694][T10227] netlink_rcv_skb+0x19e/0x3d0 [ 177.290451][T10227] ? rtnetlink_bind+0x80/0x80 [ 177.295111][T10227] rtnetlink_rcv+0x1c/0x20 [ 177.299508][T10227] netlink_unicast+0x787/0x8f0 [ 177.304273][T10227] netlink_sendmsg+0x993/0xc50 [ 177.309047][T10227] ? netlink_getsockopt+0x9f0/0x9f0 [ 177.314238][T10227] ___sys_sendmsg+0x60d/0x910 [ 177.319024][T10227] ? rcu_lock_release+0xd/0x30 [ 177.323804][T10227] ? rcu_lock_release+0x26/0x30 [ 177.328648][T10227] ? __fget+0x4e6/0x510 [ 177.332800][T10227] ? __fdget+0x17c/0x200 [ 177.337036][T10227] __x64_sys_sendmsg+0x17c/0x200 [ 177.341968][T10227] do_syscall_64+0xf7/0x1c0 [ 177.346470][T10227] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.352342][T10227] RIP: 0033:0x459a29 [ 177.356221][T10227] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.375806][T10227] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 177.384218][T10227] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 177.392181][T10227] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 177.400178][T10227] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 177.408162][T10227] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 177.416153][T10227] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 19:01:44 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:44 executing program 1 (fault-call:1 fault-nth:0): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 177.432650][T10227] kobject_add_internal failed for bridge15 (error: -12 parent: net) 19:01:44 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 177.510011][T10245] FAULT_INJECTION: forcing a failure. [ 177.510011][T10245] name failslab, interval 1, probability 0, space 0, times 0 [ 177.523026][T10245] CPU: 1 PID: 10245 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 177.531197][T10245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.541261][T10245] Call Trace: [ 177.544570][T10245] dump_stack+0x1d8/0x2f8 [ 177.548908][T10245] should_fail+0x555/0x770 [ 177.553341][T10245] __should_failslab+0x11a/0x160 [ 177.558415][T10245] ? __se_sys_memfd_create+0x10a/0x4b0 [ 177.563887][T10245] should_failslab+0x9/0x20 [ 177.568404][T10245] __kmalloc+0x7a/0x340 [ 177.572572][T10245] __se_sys_memfd_create+0x10a/0x4b0 [ 177.577865][T10245] ? do_syscall_64+0x1d/0x1c0 [ 177.582543][T10245] __x64_sys_memfd_create+0x5b/0x70 [ 177.587733][T10245] do_syscall_64+0xf7/0x1c0 [ 177.592223][T10245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 177.598098][T10245] RIP: 0033:0x459a29 [ 177.601980][T10245] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 177.621577][T10245] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 177.629988][T10245] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a29 [ 177.637940][T10245] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be948 [ 177.645890][T10245] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 19:01:44 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:44 executing program 2 (fault-call:1 fault-nth:19): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 177.653850][T10245] R10: 0000000000010000 R11: 0000000000000246 R12: 00007faddc1126d4 [ 177.661813][T10245] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 177.671919][T10229] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:44 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) 19:01:44 executing program 1 (fault-call:1 fault-nth:1): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 177.767846][T10255] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 177.817498][T10255] FAULT_INJECTION: forcing a failure. [ 177.817498][T10255] name failslab, interval 1, probability 0, space 0, times 0 [ 177.830518][T10255] CPU: 0 PID: 10255 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 177.838420][T10255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.848498][T10255] Call Trace: [ 177.851798][T10255] dump_stack+0x1d8/0x2f8 [ 177.856136][T10255] should_fail+0x555/0x770 [ 177.860569][T10255] __should_failslab+0x11a/0x160 19:01:44 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(0x0, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:44 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 177.865514][T10255] ? radix_tree_node_alloc+0x1a1/0x370 [ 177.870983][T10255] should_failslab+0x9/0x20 [ 177.875491][T10255] kmem_cache_alloc+0x56/0x2e0 [ 177.880256][T10255] ? __lock_acquire+0xc75/0x1be0 [ 177.885212][T10255] radix_tree_node_alloc+0x1a1/0x370 [ 177.890511][T10255] idr_get_free+0x2b8/0x890 [ 177.895016][T10255] idr_alloc_cyclic+0x18b/0x550 [ 177.899920][T10255] __kernfs_new_node+0x124/0x6b0 [ 177.904853][T10255] ? kernfs_add_one+0x515/0x670 [ 177.904871][T10255] kernfs_new_node+0x97/0x170 [ 177.904886][T10255] __kernfs_create_file+0x4a/0x2f0 [ 177.904901][T10255] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 177.904917][T10255] sysfs_create_file_ns+0x112/0x1b0 [ 177.904933][T10255] device_create_file+0x10a/0x1d0 [ 177.904944][T10255] device_add+0x55c/0x14e0 [ 177.904957][T10255] ? kobject_set_name_vargs+0xd0/0x120 [ 177.904970][T10255] ? pm_runtime_init+0x295/0x370 [ 177.904993][T10255] netdev_register_kobject+0x152/0x2f0 [ 177.916884][T10264] FAULT_INJECTION: forcing a failure. [ 177.916884][T10264] name failslab, interval 1, probability 0, space 0, times 0 [ 177.919577][T10255] register_netdevice+0xc4d/0x13b0 [ 177.919603][T10255] br_dev_newlink+0x2a/0x120 [ 177.919619][T10255] rtnl_newlink+0x13a6/0x1af0 [ 177.919632][T10255] ? rtnl_newlink+0xa81/0x1af0 [ 177.919692][T10255] ? __mutex_lock_common+0x4f5/0x2e20 [ 177.992375][T10255] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 177.997488][T10255] ? rcu_lock_release+0x9/0x30 [ 178.002256][T10255] ? rtnl_setlink+0x460/0x460 [ 178.006929][T10255] rtnetlink_rcv_msg+0x889/0xd40 [ 178.012642][T10255] ? rcu_lock_release+0xd/0x30 [ 178.017407][T10255] ? __local_bh_enable_ip+0x13a/0x240 [ 178.022775][T10255] ? local_bh_enable+0x9/0x30 [ 178.027455][T10255] ? trace_hardirqs_on+0x74/0x80 [ 178.032396][T10255] ? __local_bh_enable_ip+0x13a/0x240 [ 178.037767][T10255] ? local_bh_enable+0x1f/0x30 [ 178.042529][T10255] ? rcu_lock_release+0x9/0x30 [ 178.047303][T10255] ? rcu_lock_release+0x9/0x30 [ 178.052065][T10255] netlink_rcv_skb+0x19e/0x3d0 [ 178.056827][T10255] ? rtnetlink_bind+0x80/0x80 [ 178.061506][T10255] rtnetlink_rcv+0x1c/0x20 [ 178.065916][T10255] netlink_unicast+0x787/0x8f0 [ 178.070687][T10255] netlink_sendmsg+0x993/0xc50 [ 178.075454][T10255] ? netlink_getsockopt+0x9f0/0x9f0 [ 178.080646][T10255] ___sys_sendmsg+0x60d/0x910 [ 178.085325][T10255] ? rcu_lock_release+0xd/0x30 [ 178.090084][T10255] ? rcu_lock_release+0x26/0x30 [ 178.094924][T10255] ? __fget+0x4e6/0x510 [ 178.099079][T10255] ? __fdget+0x17c/0x200 [ 178.103316][T10255] __x64_sys_sendmsg+0x17c/0x200 [ 178.108264][T10255] do_syscall_64+0xf7/0x1c0 [ 178.112768][T10255] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.118652][T10255] RIP: 0033:0x459a29 [ 178.122535][T10255] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.142157][T10255] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.150565][T10255] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 178.158528][T10255] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 178.166491][T10255] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 178.174453][T10255] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 178.182418][T10255] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 178.190414][T10264] CPU: 1 PID: 10264 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 178.198315][T10264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.208372][T10264] Call Trace: [ 178.211674][T10264] dump_stack+0x1d8/0x2f8 [ 178.215997][T10264] should_fail+0x555/0x770 [ 178.220403][T10264] __should_failslab+0x11a/0x160 [ 178.225327][T10264] ? shmem_alloc_inode+0x1b/0x40 [ 178.225339][T10264] should_failslab+0x9/0x20 [ 178.225351][T10264] kmem_cache_alloc+0x56/0x2e0 [ 178.225361][T10264] ? shmem_match+0x180/0x180 [ 178.234764][T10264] shmem_alloc_inode+0x1b/0x40 [ 178.234772][T10264] ? shmem_match+0x180/0x180 [ 178.234782][T10264] new_inode_pseudo+0x68/0x240 [ 178.234793][T10264] new_inode+0x28/0x1c0 [ 178.244090][T10264] ? __kasan_check_read+0x11/0x20 [ 178.244103][T10264] shmem_get_inode+0x11b/0x700 [ 178.244112][T10264] ? __alloc_fd+0x58f/0x630 [ 178.244125][T10264] __shmem_file_setup+0x129/0x280 [ 178.253439][T10264] shmem_file_setup+0x2f/0x40 [ 178.253452][T10264] __se_sys_memfd_create+0x28e/0x4b0 [ 178.253465][T10264] ? do_syscall_64+0x1d/0x1c0 [ 178.262330][T10264] __x64_sys_memfd_create+0x5b/0x70 [ 178.272064][T10264] do_syscall_64+0xf7/0x1c0 [ 178.281556][T10264] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.291508][T10264] RIP: 0033:0x459a29 [ 178.301338][T10264] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.311678][T10264] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 178.335127][T10264] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a29 [ 178.335133][T10264] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be948 [ 178.335138][T10264] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 19:01:45 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:45 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 178.335144][T10264] R10: 0000000000010000 R11: 0000000000000246 R12: 00007faddc1126d4 [ 178.335149][T10264] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 178.361022][T10270] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:45 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(0x0, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:45 executing program 1 (fault-call:1 fault-nth:2): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:45 executing program 2 (fault-call:1 fault-nth:20): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:45 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:45 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(0x0, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 178.557972][T10287] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 178.585780][T10287] FAULT_INJECTION: forcing a failure. [ 178.585780][T10287] name failslab, interval 1, probability 0, space 0, times 0 [ 178.621570][T10291] FAULT_INJECTION: forcing a failure. [ 178.621570][T10291] name failslab, interval 1, probability 0, space 0, times 0 [ 178.630316][T10287] CPU: 1 PID: 10287 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 178.642076][T10287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.652123][T10287] Call Trace: [ 178.655410][T10287] dump_stack+0x1d8/0x2f8 [ 178.659733][T10287] should_fail+0x555/0x770 [ 178.664144][T10287] __should_failslab+0x11a/0x160 [ 178.669070][T10287] ? __kernfs_new_node+0x97/0x6b0 [ 178.674086][T10287] should_failslab+0x9/0x20 [ 178.678581][T10287] kmem_cache_alloc+0x56/0x2e0 [ 178.683333][T10287] __kernfs_new_node+0x97/0x6b0 [ 178.688180][T10287] ? __lock_acquire+0xc75/0x1be0 [ 178.693104][T10287] ? kernfs_add_one+0x515/0x670 [ 178.697948][T10287] kernfs_new_node+0x97/0x170 [ 178.702617][T10287] __kernfs_create_file+0x4a/0x2f0 [ 178.707718][T10287] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 178.713082][T10287] sysfs_create_file_ns+0x112/0x1b0 [ 178.718271][T10287] device_create_file+0x10a/0x1d0 [ 178.723283][T10287] device_add+0x55c/0x14e0 [ 178.727689][T10287] ? kobject_set_name_vargs+0xd0/0x120 [ 178.733138][T10287] ? pm_runtime_init+0x295/0x370 [ 178.738068][T10287] netdev_register_kobject+0x152/0x2f0 [ 178.743522][T10287] register_netdevice+0xc4d/0x13b0 [ 178.748637][T10287] br_dev_newlink+0x2a/0x120 [ 178.753216][T10287] rtnl_newlink+0x13a6/0x1af0 [ 178.757882][T10287] ? rtnl_newlink+0xa81/0x1af0 [ 178.762688][T10287] ? __mutex_lock_common+0x4f5/0x2e20 [ 178.768048][T10287] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 178.773146][T10287] ? rcu_lock_release+0x9/0x30 [ 178.777916][T10287] ? rtnl_setlink+0x460/0x460 [ 178.782581][T10287] rtnetlink_rcv_msg+0x889/0xd40 [ 178.787514][T10287] ? rcu_lock_release+0xd/0x30 [ 178.792270][T10287] ? __local_bh_enable_ip+0x13a/0x240 [ 178.797639][T10287] ? local_bh_enable+0x9/0x30 [ 178.802302][T10287] ? trace_hardirqs_on+0x74/0x80 [ 178.807223][T10287] ? __local_bh_enable_ip+0x13a/0x240 [ 178.812604][T10287] ? local_bh_enable+0x1f/0x30 [ 178.817355][T10287] ? rcu_lock_release+0x9/0x30 [ 178.822114][T10287] ? rcu_lock_release+0x9/0x30 [ 178.826872][T10287] netlink_rcv_skb+0x19e/0x3d0 [ 178.831623][T10287] ? rtnetlink_bind+0x80/0x80 [ 178.836294][T10287] rtnetlink_rcv+0x1c/0x20 [ 178.840692][T10287] netlink_unicast+0x787/0x8f0 [ 178.845451][T10287] netlink_sendmsg+0x993/0xc50 [ 178.850298][T10287] ? netlink_getsockopt+0x9f0/0x9f0 [ 178.855487][T10287] ___sys_sendmsg+0x60d/0x910 [ 178.860167][T10287] ? rcu_lock_release+0xd/0x30 [ 178.864922][T10287] ? rcu_lock_release+0x26/0x30 [ 178.869755][T10287] ? __fget+0x4e6/0x510 [ 178.873901][T10287] ? __fdget+0x17c/0x200 [ 178.878132][T10287] __x64_sys_sendmsg+0x17c/0x200 [ 178.883158][T10287] do_syscall_64+0xf7/0x1c0 [ 178.887652][T10287] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.893533][T10287] RIP: 0033:0x459a29 [ 178.897413][T10287] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 178.917004][T10287] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 178.925403][T10287] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 178.933359][T10287] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 178.941329][T10287] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 178.949288][T10287] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 178.957244][T10287] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 178.965222][T10291] CPU: 0 PID: 10291 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 178.973122][T10291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.983164][T10291] Call Trace: [ 178.983183][T10291] dump_stack+0x1d8/0x2f8 [ 178.983198][T10291] should_fail+0x555/0x770 [ 178.983216][T10291] __should_failslab+0x11a/0x160 [ 178.983227][T10291] ? security_inode_alloc+0x36/0x1e0 [ 178.983238][T10291] should_failslab+0x9/0x20 [ 178.983248][T10291] kmem_cache_alloc+0x56/0x2e0 [ 178.983258][T10291] ? rcu_read_lock_sched_held+0x10b/0x170 [ 178.983269][T10291] security_inode_alloc+0x36/0x1e0 [ 178.983281][T10291] inode_init_always+0x3b5/0x8d0 [ 178.983294][T10291] ? shmem_match+0x180/0x180 [ 178.983305][T10291] new_inode_pseudo+0x7f/0x240 [ 178.990909][T10291] new_inode+0x28/0x1c0 [ 178.990919][T10291] ? __kasan_check_read+0x11/0x20 [ 178.990933][T10291] shmem_get_inode+0x11b/0x700 [ 178.990944][T10291] ? __alloc_fd+0x58f/0x630 [ 178.990957][T10291] __shmem_file_setup+0x129/0x280 [ 178.990970][T10291] shmem_file_setup+0x2f/0x40 [ 179.067670][T10291] __se_sys_memfd_create+0x28e/0x4b0 [ 179.072931][T10291] ? do_syscall_64+0x1d/0x1c0 [ 179.077583][T10291] __x64_sys_memfd_create+0x5b/0x70 [ 179.082755][T10291] do_syscall_64+0xf7/0x1c0 [ 179.087235][T10291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.093101][T10291] RIP: 0033:0x459a29 [ 179.096986][T10291] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:01:45 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 179.116664][T10291] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 179.125054][T10291] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a29 [ 179.133013][T10291] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be948 [ 179.140959][T10291] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 179.148907][T10291] R10: 0000000000010000 R11: 0000000000000246 R12: 00007faddc1126d4 [ 179.156855][T10291] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:45 executing program 1 (fault-call:1 fault-nth:3): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:45 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f5608000300"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:45 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 179.269364][T10300] FAULT_INJECTION: forcing a failure. [ 179.269364][T10300] name failslab, interval 1, probability 0, space 0, times 0 [ 179.293594][T10300] CPU: 0 PID: 10300 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 179.301703][T10300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.311760][T10300] Call Trace: [ 179.315050][T10300] dump_stack+0x1d8/0x2f8 [ 179.319373][T10300] should_fail+0x555/0x770 [ 179.323783][T10300] __should_failslab+0x11a/0x160 [ 179.323797][T10300] ? __d_alloc+0x2d/0x6e0 [ 179.323810][T10300] should_failslab+0x9/0x20 [ 179.323821][T10300] kmem_cache_alloc+0x56/0x2e0 [ 179.323834][T10300] __d_alloc+0x2d/0x6e0 [ 179.323843][T10300] ? lockdep_init_map+0x2a/0x680 [ 179.323855][T10300] d_alloc_pseudo+0x1d/0x70 [ 179.323866][T10300] alloc_file_pseudo+0xc3/0x260 [ 179.323884][T10300] __shmem_file_setup+0x1a2/0x280 19:01:46 executing program 2 (fault-call:1 fault-nth:21): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 179.323902][T10300] shmem_file_setup+0x2f/0x40 [ 179.337621][T10300] __se_sys_memfd_create+0x28e/0x4b0 [ 179.355905][T10300] ? do_syscall_64+0x1d/0x1c0 [ 179.355920][T10300] __x64_sys_memfd_create+0x5b/0x70 [ 179.355931][T10300] do_syscall_64+0xf7/0x1c0 [ 179.355946][T10300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.355953][T10300] RIP: 0033:0x459a29 [ 179.355966][T10300] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.365794][T10300] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 179.365803][T10300] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a29 [ 179.365808][T10300] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be948 [ 179.365814][T10300] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 179.365820][T10300] R10: 0000000000010000 R11: 0000000000000246 R12: 00007faddc1126d4 [ 179.365826][T10300] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:46 executing program 1 (fault-call:1 fault-nth:4): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 179.442451][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 179.452303][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 179.488216][T10308] FAULT_INJECTION: forcing a failure. [ 179.488216][T10308] name failslab, interval 1, probability 0, space 0, times 0 [ 179.532963][T10308] CPU: 0 PID: 10308 Comm: syz-executor.2 Not tainted 5.4.0-rc1+ #0 [ 179.540882][T10308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.549453][T10315] FAULT_INJECTION: forcing a failure. [ 179.549453][T10315] name failslab, interval 1, probability 0, space 0, times 0 [ 179.550949][T10308] Call Trace: [ 179.550969][T10308] dump_stack+0x1d8/0x2f8 [ 179.550984][T10308] should_fail+0x555/0x770 [ 179.551002][T10308] __should_failslab+0x11a/0x160 [ 179.551016][T10308] ? __kernfs_new_node+0x4c/0x6b0 [ 179.585477][T10308] should_failslab+0x9/0x20 [ 179.589977][T10308] __kmalloc_track_caller+0x79/0x340 [ 179.595263][T10308] kstrdup_const+0x55/0x90 [ 179.599673][T10308] __kernfs_new_node+0x4c/0x6b0 [ 179.604526][T10308] ? sysfs_do_create_link_sd+0x7b/0x110 [ 179.610079][T10308] kernfs_new_node+0x97/0x170 [ 179.614756][T10308] kernfs_create_link+0xbb/0x210 [ 179.619686][T10308] sysfs_do_create_link_sd+0x89/0x110 [ 179.625060][T10308] sysfs_create_link+0x68/0x80 [ 179.629810][T10308] device_add+0x9e3/0x14e0 [ 179.634222][T10308] ? kobject_set_name_vargs+0xd0/0x120 [ 179.639671][T10308] ? pm_runtime_init+0x295/0x370 [ 179.644605][T10308] netdev_register_kobject+0x152/0x2f0 [ 179.650049][T10308] register_netdevice+0xc4d/0x13b0 [ 179.655166][T10308] br_dev_newlink+0x2a/0x120 [ 179.659755][T10308] rtnl_newlink+0x13a6/0x1af0 [ 179.664423][T10308] ? rtnl_newlink+0xa81/0x1af0 [ 179.669189][T10308] ? __lock_acquire+0xc75/0x1be0 [ 179.674162][T10308] ? __mutex_lock_common+0x1b25/0x2e20 [ 179.679608][T10308] ? rtnetlink_rcv_msg+0x83c/0xd40 [ 179.684728][T10308] ? rtnl_setlink+0x460/0x460 [ 179.689401][T10308] rtnetlink_rcv_msg+0x889/0xd40 [ 179.694327][T10308] ? rcu_lock_release+0xd/0x30 [ 179.699087][T10308] ? __local_bh_enable_ip+0x13a/0x240 [ 179.704449][T10308] ? local_bh_enable+0x9/0x30 [ 179.709115][T10308] ? trace_hardirqs_on+0x74/0x80 [ 179.714042][T10308] ? __local_bh_enable_ip+0x13a/0x240 [ 179.719410][T10308] ? local_bh_enable+0x1f/0x30 [ 179.724170][T10308] ? rcu_lock_release+0x9/0x30 [ 179.728930][T10308] ? rcu_lock_release+0x9/0x30 [ 179.733693][T10308] netlink_rcv_skb+0x19e/0x3d0 [ 179.738446][T10308] ? rtnetlink_bind+0x80/0x80 [ 179.743119][T10308] rtnetlink_rcv+0x1c/0x20 [ 179.747521][T10308] netlink_unicast+0x787/0x8f0 [ 179.752277][T10308] netlink_sendmsg+0x993/0xc50 [ 179.757041][T10308] ? netlink_getsockopt+0x9f0/0x9f0 [ 179.762226][T10308] ___sys_sendmsg+0x60d/0x910 [ 179.766905][T10308] ? rcu_lock_release+0xd/0x30 [ 179.771662][T10308] ? rcu_lock_release+0x26/0x30 [ 179.776493][T10308] ? __fget+0x4e6/0x510 [ 179.780643][T10308] ? __fdget+0x17c/0x200 [ 179.784879][T10308] __x64_sys_sendmsg+0x17c/0x200 [ 179.789818][T10308] do_syscall_64+0xf7/0x1c0 [ 179.794318][T10308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.800194][T10308] RIP: 0033:0x459a29 [ 179.804080][T10308] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.823676][T10308] RSP: 002b:00007fa7ccf63c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 179.832077][T10308] RAX: ffffffffffffffda RBX: 00007fa7ccf63c90 RCX: 0000000000459a29 [ 179.840035][T10308] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 179.847991][T10308] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 179.855951][T10308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa7ccf646d4 [ 179.863921][T10308] R13: 00000000004c7b68 R14: 00000000004dd8e8 R15: 0000000000000004 [ 179.872342][T10315] CPU: 0 PID: 10315 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 179.880262][T10315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.890306][T10315] Call Trace: [ 179.890324][T10315] dump_stack+0x1d8/0x2f8 [ 179.890339][T10315] should_fail+0x555/0x770 [ 179.890356][T10315] __should_failslab+0x11a/0x160 [ 179.890367][T10315] ? __alloc_file+0x2c/0x390 [ 179.890379][T10315] should_failslab+0x9/0x20 [ 179.890389][T10315] kmem_cache_alloc+0x56/0x2e0 [ 179.890400][T10315] __alloc_file+0x2c/0x390 [ 179.897978][T10315] alloc_empty_file+0xac/0x1b0 [ 179.897990][T10315] alloc_file+0x60/0x4c0 [ 179.898005][T10315] alloc_file_pseudo+0x1d4/0x260 [ 179.898025][T10315] __shmem_file_setup+0x1a2/0x280 [ 179.898039][T10315] shmem_file_setup+0x2f/0x40 [ 179.898051][T10315] __se_sys_memfd_create+0x28e/0x4b0 [ 179.954219][T10315] ? do_syscall_64+0x1d/0x1c0 [ 179.958872][T10315] __x64_sys_memfd_create+0x5b/0x70 [ 179.964045][T10315] do_syscall_64+0xf7/0x1c0 [ 179.968531][T10315] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.974399][T10315] RIP: 0033:0x459a29 [ 179.978267][T10315] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 179.997846][T10315] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 180.006231][T10315] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a29 [ 180.014176][T10315] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be948 [ 180.022122][T10315] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 19:01:46 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(0x0, 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:46 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 180.030067][T10315] R10: 0000000000010000 R11: 0000000000000246 R12: 00007faddc1126d4 [ 180.038012][T10315] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:46 executing program 1 (fault-call:1 fault-nth:5): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 180.101864][ T26] kauditd_printk_skb: 14 callbacks suppressed [ 180.101873][ T26] audit: type=1804 audit(1570129306.786:208): pid=10323 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/117/file0" dev="sda1" ino=17033 res=1 19:01:46 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f5608000300"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 180.156778][ T26] audit: type=1804 audit(1570129306.826:209): pid=10324 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/117/file0" dev="sda1" ino=16991 res=1 [ 180.206392][T10329] FAULT_INJECTION: forcing a failure. [ 180.206392][T10329] name failslab, interval 1, probability 0, space 0, times 0 [ 180.224154][T10329] CPU: 0 PID: 10329 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 180.232064][T10329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.242118][T10329] Call Trace: [ 180.245409][T10329] dump_stack+0x1d8/0x2f8 [ 180.245425][T10329] should_fail+0x555/0x770 [ 180.245444][T10329] __should_failslab+0x11a/0x160 [ 180.245457][T10329] ? security_file_alloc+0x36/0x200 [ 180.245471][T10329] should_failslab+0x9/0x20 [ 180.259108][T10329] kmem_cache_alloc+0x56/0x2e0 [ 180.259126][T10329] security_file_alloc+0x36/0x200 [ 180.259139][T10329] __alloc_file+0xde/0x390 [ 180.259152][T10329] alloc_empty_file+0xac/0x1b0 [ 180.259163][T10329] alloc_file+0x60/0x4c0 [ 180.259180][T10329] alloc_file_pseudo+0x1d4/0x260 [ 180.273592][T10329] __shmem_file_setup+0x1a2/0x280 [ 180.273608][T10329] shmem_file_setup+0x2f/0x40 19:01:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 180.273620][T10329] __se_sys_memfd_create+0x28e/0x4b0 [ 180.273630][T10329] ? do_syscall_64+0x1d/0x1c0 [ 180.273641][T10329] __x64_sys_memfd_create+0x5b/0x70 [ 180.273651][T10329] do_syscall_64+0xf7/0x1c0 [ 180.273666][T10329] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.273675][T10329] RIP: 0033:0x459a29 [ 180.273684][T10329] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.273690][T10329] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 180.273699][T10329] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a29 [ 180.273705][T10329] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be948 [ 180.273711][T10329] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 180.273716][T10329] R10: 0000000000010000 R11: 0000000000000246 R12: 00007faddc1126d4 [ 180.273726][T10329] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:47 executing program 1 (fault-call:1 fault-nth:6): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 180.288049][ C0] net_ratelimit: 4 callbacks suppressed [ 180.288055][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 180.297185][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:47 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:47 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(0x0, 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 180.493127][T10340] FAULT_INJECTION: forcing a failure. [ 180.493127][T10340] name failslab, interval 1, probability 0, space 0, times 0 [ 180.605559][ T26] audit: type=1804 audit(1570129307.296:210): pid=10348 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/118/file0" dev="sda1" ino=17033 res=1 [ 180.631118][T10340] CPU: 0 PID: 10340 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 180.639027][T10340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 180.649077][T10340] Call Trace: [ 180.652364][T10340] dump_stack+0x1d8/0x2f8 [ 180.656694][T10340] should_fail+0x555/0x770 [ 180.661122][T10340] __should_failslab+0x11a/0x160 [ 180.666060][T10340] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 180.671783][T10340] should_failslab+0x9/0x20 [ 180.671807][T10340] __kmalloc+0x7a/0x340 [ 180.671819][T10340] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 180.680443][T10340] tomoyo_realpath_from_path+0xdc/0x7c0 [ 180.680464][T10340] tomoyo_path_perm+0x192/0x850 [ 180.680500][T10340] tomoyo_path_truncate+0x1c/0x20 19:01:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 180.696528][T10340] security_path_truncate+0xd5/0x150 [ 180.696544][T10340] do_sys_ftruncate+0x493/0x710 [ 180.696559][T10340] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 180.696572][T10340] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 180.706844][T10340] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 180.706853][T10340] ? do_syscall_64+0x1d/0x1c0 [ 180.706865][T10340] __x64_sys_ftruncate+0x60/0x70 [ 180.706876][T10340] do_syscall_64+0xf7/0x1c0 [ 180.706892][T10340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 180.706901][T10340] RIP: 0033:0x4599f7 19:01:47 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 180.706911][T10340] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 180.706916][T10340] RSP: 002b:00007faddc111a88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 180.706924][T10340] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 00000000004599f7 [ 180.706930][T10340] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000005 [ 180.706936][T10340] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 180.706941][T10340] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000005 [ 180.706947][T10340] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 180.735640][ T26] audit: type=1804 audit(1570129307.326:211): pid=10350 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/118/file0" dev="sda1" ino=17041 res=1 [ 180.797665][T10340] ERROR: Out of memory at tomoyo_realpath_from_path. [ 180.845599][ T26] audit: type=1804 audit(1570129307.516:212): pid=10357 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/119/file0" dev="sda1" ino=17033 res=1 [ 180.892787][T10355] validate_nla: 6 callbacks suppressed [ 180.892793][T10355] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:47 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(0x0, 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:47 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:47 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) [ 181.041294][ T26] audit: type=1804 audit(1570129307.726:213): pid=10367 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/119/file0" dev="sda1" ino=17007 res=1 19:01:47 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f5608000300"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:47 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:47 executing program 1 (fault-call:1 fault-nth:7): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 181.098223][T10371] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:47 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 181.165487][T10380] FAULT_INJECTION: forcing a failure. [ 181.165487][T10380] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 181.178713][T10380] CPU: 0 PID: 10380 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 181.178720][T10380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.178724][T10380] Call Trace: [ 181.178740][T10380] dump_stack+0x1d8/0x2f8 [ 181.178754][T10380] should_fail+0x555/0x770 [ 181.178771][T10380] should_fail_alloc_page+0x55/0x60 [ 181.178779][T10380] prepare_alloc_pages+0x283/0x460 [ 181.178792][T10380] __alloc_pages_nodemask+0xb2/0x5d0 [ 181.178812][T10380] kmem_getpages+0x4d/0xa00 [ 181.178824][T10380] cache_grow_begin+0x7e/0x2c0 [ 181.178836][T10380] cache_alloc_refill+0x311/0x3f0 [ 181.178851][T10380] ? check_preemption_disabled+0xb7/0x2a0 [ 181.203118][ T26] audit: type=1804 audit(1570129307.836:214): pid=10374 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/120/file0" dev="sda1" ino=17038 res=1 [ 181.204373][T10380] __kmalloc+0x318/0x340 [ 181.204385][T10380] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 181.204402][T10380] tomoyo_realpath_from_path+0xdc/0x7c0 [ 181.204420][T10380] tomoyo_path_perm+0x192/0x850 [ 181.224382][T10380] tomoyo_path_truncate+0x1c/0x20 [ 181.224396][T10380] security_path_truncate+0xd5/0x150 [ 181.224409][T10380] do_sys_ftruncate+0x493/0x710 [ 181.224425][T10380] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 181.224436][T10380] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 181.224445][T10380] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 181.224454][T10380] ? do_syscall_64+0x1d/0x1c0 [ 181.224467][T10380] __x64_sys_ftruncate+0x60/0x70 [ 181.224477][T10380] do_syscall_64+0xf7/0x1c0 [ 181.224492][T10380] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.224502][T10380] RIP: 0033:0x4599f7 [ 181.224512][T10380] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:01:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 181.224518][T10380] RSP: 002b:00007faddc111a88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 181.268244][T10380] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 00000000004599f7 [ 181.268251][T10380] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000005 [ 181.268256][T10380] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 181.268261][T10380] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000005 [ 181.268266][T10380] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:48 executing program 1 (fault-call:1 fault-nth:8): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 181.287402][ T26] audit: type=1804 audit(1570129307.976:215): pid=10384 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/120/file0" dev="sda1" ino=17015 res=1 [ 181.295110][T10377] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 181.453689][T10393] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:48 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) 19:01:48 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 181.517800][T10396] FAULT_INJECTION: forcing a failure. [ 181.517800][T10396] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 181.533596][T10396] CPU: 1 PID: 10396 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 181.541497][T10396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.551546][T10396] Call Trace: [ 181.554836][T10396] dump_stack+0x1d8/0x2f8 [ 181.559172][T10396] should_fail+0x555/0x770 [ 181.563593][T10396] should_fail_alloc_page+0x55/0x60 [ 181.568790][T10396] prepare_alloc_pages+0x283/0x460 [ 181.573908][T10396] __alloc_pages_nodemask+0xb2/0x5d0 [ 181.579197][T10396] alloc_pages_vma+0x4f7/0xd50 [ 181.583970][T10396] shmem_alloc_and_acct_page+0x42c/0xbc0 [ 181.589616][T10396] shmem_getpage_gfp+0x128b/0x2c20 [ 181.594734][T10396] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 181.594754][T10396] shmem_write_begin+0xcb/0x1b0 [ 181.594770][T10396] generic_perform_write+0x25d/0x4e0 [ 181.594793][T10396] __generic_file_write_iter+0x24b/0x520 [ 181.594808][T10396] generic_file_write_iter+0x48e/0x630 [ 181.594828][T10396] __vfs_write+0x5a1/0x740 [ 181.604941][T10396] vfs_write+0x275/0x590 [ 181.604960][T10396] __x64_sys_pwrite64+0x162/0x1d0 [ 181.604977][T10396] do_syscall_64+0xf7/0x1c0 [ 181.604994][T10396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 181.605002][T10396] RIP: 0033:0x413977 [ 181.605013][T10396] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 181.661467][T10405] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 181.668763][T10396] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 181.668774][T10396] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000413977 [ 181.668780][T10396] RDX: 0000000000000048 RSI: 0000000020000140 RDI: 0000000000000005 [ 181.668786][T10396] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 181.668792][T10396] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000005 [ 181.668798][T10396] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 181.690522][ T26] audit: type=1804 audit(1570129308.226:216): pid=10404 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/121/file0" dev="sda1" ino=17007 res=1 19:01:48 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 181.718676][ T26] audit: type=1804 audit(1570129308.406:217): pid=10406 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/121/file0" dev="sda1" ino=17018 res=1 19:01:48 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) [ 181.836886][T10412] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:48 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r1, 0x0, 0x10003, 0x0) 19:01:48 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:48 executing program 1 (fault-call:1 fault-nth:9): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:48 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 182.019998][T10424] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 182.037800][T10430] FAULT_INJECTION: forcing a failure. [ 182.037800][T10430] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 182.052725][T10430] CPU: 1 PID: 10430 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 182.060630][T10430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.070672][T10430] Call Trace: [ 182.070691][T10430] dump_stack+0x1d8/0x2f8 [ 182.070706][T10430] should_fail+0x555/0x770 [ 182.070723][T10430] should_fail_alloc_page+0x55/0x60 [ 182.079266][T10430] prepare_alloc_pages+0x283/0x460 [ 182.079282][T10430] __alloc_pages_nodemask+0xb2/0x5d0 [ 182.079309][T10430] alloc_pages_vma+0x4f7/0xd50 [ 182.084648][T10429] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 182.088878][T10430] shmem_alloc_and_acct_page+0x42c/0xbc0 [ 182.088912][T10430] shmem_getpage_gfp+0x128b/0x2c20 [ 182.088938][T10430] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 182.099292][T10430] shmem_write_begin+0xcb/0x1b0 [ 182.099308][T10430] generic_perform_write+0x25d/0x4e0 [ 182.099332][T10430] __generic_file_write_iter+0x24b/0x520 [ 182.112213][T10430] generic_file_write_iter+0x48e/0x630 [ 182.112237][T10430] __vfs_write+0x5a1/0x740 [ 182.112259][T10430] vfs_write+0x275/0x590 [ 182.123039][T10430] __x64_sys_pwrite64+0x162/0x1d0 [ 182.123057][T10430] do_syscall_64+0xf7/0x1c0 19:01:48 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 182.123072][T10430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.123081][T10430] RIP: 0033:0x413977 [ 182.123091][T10430] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 182.123099][T10430] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 182.133183][T10430] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000413977 19:01:48 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) [ 182.133190][T10430] RDX: 0000000000000048 RSI: 0000000020000140 RDI: 0000000000000005 [ 182.133196][T10430] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 182.133202][T10430] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000005 [ 182.133208][T10430] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:49 executing program 1 (fault-call:1 fault-nth:10): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:49 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:49 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) [ 182.302576][T10443] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 182.322529][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 182.328382][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 182.453993][T10454] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 182.463196][T10452] FAULT_INJECTION: forcing a failure. [ 182.463196][T10452] name failslab, interval 1, probability 0, space 0, times 0 [ 182.508507][T10452] CPU: 0 PID: 10452 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 182.516432][T10452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.526483][T10452] Call Trace: [ 182.529766][T10452] dump_stack+0x1d8/0x2f8 [ 182.529783][T10452] should_fail+0x555/0x770 [ 182.529806][T10452] __should_failslab+0x11a/0x160 [ 182.543447][T10452] ? getname_flags+0xba/0x640 [ 182.543461][T10452] should_failslab+0x9/0x20 [ 182.543472][T10452] kmem_cache_alloc+0x56/0x2e0 [ 182.543482][T10452] ? check_preemption_disabled+0xb7/0x2a0 [ 182.543493][T10452] getname_flags+0xba/0x640 [ 182.543506][T10452] getname+0x19/0x20 [ 182.543516][T10452] do_sys_open+0x261/0x560 [ 182.543530][T10452] __x64_sys_open+0x87/0x90 [ 182.543541][T10452] do_syscall_64+0xf7/0x1c0 [ 182.543554][T10452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.543563][T10452] RIP: 0033:0x413911 [ 182.543573][T10452] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 182.543578][T10452] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 182.552726][T10452] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 [ 182.552732][T10452] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 182.552738][T10452] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 182.552743][T10452] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 182.552749][T10452] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:49 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r1, 0x0, 0x10003, 0x0) 19:01:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:49 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) 19:01:49 executing program 1 (fault-call:1 fault-nth:11): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:49 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:49 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 182.896159][T10474] FAULT_INJECTION: forcing a failure. [ 182.896159][T10474] name failslab, interval 1, probability 0, space 0, times 0 [ 182.921554][T10474] CPU: 0 PID: 10474 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 182.929472][T10474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 182.929478][T10474] Call Trace: [ 182.929495][T10474] dump_stack+0x1d8/0x2f8 [ 182.929512][T10474] should_fail+0x555/0x770 [ 182.929530][T10474] __should_failslab+0x11a/0x160 [ 182.929541][T10474] ? getname_flags+0xba/0x640 [ 182.929553][T10474] should_failslab+0x9/0x20 [ 182.929565][T10474] kmem_cache_alloc+0x56/0x2e0 [ 182.929575][T10474] ? check_preemption_disabled+0xb7/0x2a0 [ 182.929586][T10474] getname_flags+0xba/0x640 [ 182.929599][T10474] getname+0x19/0x20 [ 182.929608][T10474] do_sys_open+0x261/0x560 [ 182.929627][T10474] __x64_sys_open+0x87/0x90 [ 182.951647][T10474] do_syscall_64+0xf7/0x1c0 [ 182.961220][T10474] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 182.961230][T10474] RIP: 0033:0x413911 [ 182.961239][T10474] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 182.961247][T10474] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 182.997886][T10474] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 19:01:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x11, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:49 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, 0x0, 0x0) 19:01:49 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:49 executing program 1 (fault-call:1 fault-nth:12): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 183.027223][T10474] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 183.027230][T10474] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 183.027235][T10474] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 183.027240][T10474] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 183.179791][T10492] FAULT_INJECTION: forcing a failure. [ 183.179791][T10492] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 183.193022][T10492] CPU: 0 PID: 10492 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 183.193030][T10492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.193034][T10492] Call Trace: [ 183.193050][T10492] dump_stack+0x1d8/0x2f8 [ 183.193067][T10492] should_fail+0x555/0x770 [ 183.193086][T10492] should_fail_alloc_page+0x55/0x60 [ 183.193095][T10492] prepare_alloc_pages+0x283/0x460 [ 183.193109][T10492] __alloc_pages_nodemask+0xb2/0x5d0 [ 183.193129][T10492] kmem_getpages+0x4d/0xa00 [ 183.193143][T10492] cache_grow_begin+0x7e/0x2c0 [ 183.193157][T10492] cache_alloc_refill+0x311/0x3f0 [ 183.193168][T10492] ? check_preemption_disabled+0xb7/0x2a0 [ 183.193185][T10492] kmem_cache_alloc+0x2b9/0x2e0 [ 183.211105][T10492] ? __alloc_file+0x2c/0x390 [ 183.211120][T10492] __alloc_file+0x2c/0x390 [ 183.211134][T10492] alloc_empty_file+0xac/0x1b0 [ 183.211147][T10492] path_openat+0x9e/0x4420 [ 183.211158][T10492] ? __kasan_kmalloc+0x178/0x1b0 [ 183.211173][T10492] ? __lock_acquire+0xc75/0x1be0 [ 183.218753][T10492] ? __kasan_check_write+0x14/0x20 [ 183.218783][T10492] do_filp_open+0x192/0x3d0 [ 183.218799][T10492] ? _raw_spin_unlock+0x2c/0x50 [ 183.218824][T10492] do_sys_open+0x29f/0x560 [ 183.228379][T10492] __x64_sys_open+0x87/0x90 [ 183.228393][T10492] do_syscall_64+0xf7/0x1c0 [ 183.228407][T10492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.228416][T10492] RIP: 0033:0x413911 [ 183.228425][T10492] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 183.228433][T10492] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 183.238770][T10492] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 [ 183.238776][T10492] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 183.238780][T10492] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 183.238786][T10492] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 183.238792][T10492] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x12, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:50 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r1, 0x0, 0x10003, 0x0) 19:01:50 executing program 1 (fault-call:1 fault-nth:13): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x25, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:50 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:50 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, 0x0, 0x0) 19:01:50 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:50 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 183.735926][T10513] FAULT_INJECTION: forcing a failure. [ 183.735926][T10513] name failslab, interval 1, probability 0, space 0, times 0 19:01:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:50 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, 0x0, 0x0) 19:01:50 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 183.892951][T10513] CPU: 0 PID: 10513 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 183.900875][T10513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 183.910937][T10513] Call Trace: [ 183.910957][T10513] dump_stack+0x1d8/0x2f8 [ 183.910971][T10513] should_fail+0x555/0x770 [ 183.910988][T10513] __should_failslab+0x11a/0x160 [ 183.910998][T10513] ? __alloc_file+0x2c/0x390 [ 183.911009][T10513] should_failslab+0x9/0x20 [ 183.911020][T10513] kmem_cache_alloc+0x56/0x2e0 [ 183.911031][T10513] __alloc_file+0x2c/0x390 [ 183.911043][T10513] alloc_empty_file+0xac/0x1b0 [ 183.911053][T10513] path_openat+0x9e/0x4420 [ 183.911064][T10513] ? __kasan_kmalloc+0x178/0x1b0 [ 183.911082][T10513] ? __lock_acquire+0xc75/0x1be0 [ 183.918680][T10513] ? rcu_read_lock_sched_held+0x10b/0x170 [ 183.918717][T10513] do_filp_open+0x192/0x3d0 [ 183.928032][T10513] ? _raw_spin_unlock+0x2c/0x50 [ 183.928058][T10513] do_sys_open+0x29f/0x560 [ 183.928073][T10513] __x64_sys_open+0x87/0x90 [ 183.937110][T10513] do_syscall_64+0xf7/0x1c0 [ 183.937124][T10513] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 183.937132][T10513] RIP: 0033:0x413911 [ 183.937143][T10513] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 183.946266][T10513] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 183.946276][T10513] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 19:01:50 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:50 executing program 1 (fault-call:1 fault-nth:14): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 183.946281][T10513] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 183.946287][T10513] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 183.946292][T10513] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 183.946298][T10513] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 184.013068][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 184.032075][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 184.164182][T10539] FAULT_INJECTION: forcing a failure. [ 184.164182][T10539] name failslab, interval 1, probability 0, space 0, times 0 [ 184.189881][T10539] CPU: 0 PID: 10539 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 184.197800][T10539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.207845][T10539] Call Trace: [ 184.211137][T10539] dump_stack+0x1d8/0x2f8 [ 184.215460][T10539] should_fail+0x555/0x770 [ 184.215478][T10539] __should_failslab+0x11a/0x160 [ 184.215491][T10539] ? security_file_alloc+0x36/0x200 [ 184.215503][T10539] should_failslab+0x9/0x20 [ 184.215515][T10539] kmem_cache_alloc+0x56/0x2e0 [ 184.215528][T10539] security_file_alloc+0x36/0x200 [ 184.215540][T10539] __alloc_file+0xde/0x390 [ 184.215553][T10539] alloc_empty_file+0xac/0x1b0 [ 184.224878][T10539] path_openat+0x9e/0x4420 [ 184.224890][T10539] ? __kasan_kmalloc+0x178/0x1b0 [ 184.224905][T10539] ? __lock_acquire+0xc75/0x1be0 [ 184.267701][T10539] ? rcu_read_lock_sched_held+0x10b/0x170 [ 184.273456][T10539] do_filp_open+0x192/0x3d0 [ 184.277967][T10539] ? _raw_spin_unlock+0x2c/0x50 [ 184.282834][T10539] do_sys_open+0x29f/0x560 [ 184.287253][T10539] __x64_sys_open+0x87/0x90 [ 184.291756][T10539] do_syscall_64+0xf7/0x1c0 [ 184.296261][T10539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.302139][T10539] RIP: 0033:0x413911 [ 184.306008][T10539] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 184.325589][T10539] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 184.333987][T10539] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 [ 184.342002][T10539] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 184.349999][T10539] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 184.357949][T10539] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 184.365899][T10539] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3c, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:51 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:51 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:51 executing program 1 (fault-call:1 fault-nth:15): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 184.601384][T10549] FAULT_INJECTION: forcing a failure. [ 184.601384][T10549] name failslab, interval 1, probability 0, space 0, times 0 [ 184.615168][T10549] CPU: 1 PID: 10549 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 184.623078][T10549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.633142][T10549] Call Trace: [ 184.633168][T10549] dump_stack+0x1d8/0x2f8 [ 184.633183][T10549] should_fail+0x555/0x770 [ 184.633199][T10549] __should_failslab+0x11a/0x160 [ 184.633211][T10549] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 184.633223][T10549] should_failslab+0x9/0x20 [ 184.633233][T10549] __kmalloc+0x7a/0x340 [ 184.633242][T10549] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 184.633254][T10549] tomoyo_realpath_from_path+0xdc/0x7c0 [ 184.633275][T10549] tomoyo_check_open_permission+0x1ce/0x9d0 [ 184.633312][T10549] tomoyo_file_open+0x141/0x190 [ 184.645303][T10549] security_file_open+0x65/0x2f0 [ 184.645318][T10549] do_dentry_open+0x345/0xf80 [ 184.645339][T10549] vfs_open+0x73/0x80 [ 184.645350][T10549] path_openat+0x1397/0x4420 [ 184.645397][T10549] do_filp_open+0x192/0x3d0 [ 184.645429][T10549] do_sys_open+0x29f/0x560 [ 184.645445][T10549] __x64_sys_open+0x87/0x90 [ 184.645457][T10549] do_syscall_64+0xf7/0x1c0 [ 184.645469][T10549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 184.645477][T10549] RIP: 0033:0x413911 [ 184.645486][T10549] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 184.645491][T10549] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 184.645500][T10549] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 [ 184.645504][T10549] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 184.645509][T10549] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 184.645514][T10549] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 184.645519][T10549] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:51 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x44, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 184.689390][T10549] ERROR: Out of memory at tomoyo_realpath_from_path. [ 184.723956][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 184.723998][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:01:51 executing program 1 (fault-call:1 fault-nth:16): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:51 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:51 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x48, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 185.030975][T10570] FAULT_INJECTION: forcing a failure. [ 185.030975][T10570] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 185.044211][T10570] CPU: 1 PID: 10570 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 185.044219][T10570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.044223][T10570] Call Trace: [ 185.044241][T10570] dump_stack+0x1d8/0x2f8 [ 185.044257][T10570] should_fail+0x555/0x770 [ 185.044276][T10570] should_fail_alloc_page+0x55/0x60 [ 185.044284][T10570] prepare_alloc_pages+0x283/0x460 [ 185.044296][T10570] __alloc_pages_nodemask+0xb2/0x5d0 [ 185.069818][T10570] kmem_getpages+0x4d/0xa00 [ 185.079400][T10570] cache_grow_begin+0x7e/0x2c0 [ 185.079414][T10570] cache_alloc_refill+0x311/0x3f0 [ 185.079424][T10570] ? check_preemption_disabled+0xb7/0x2a0 [ 185.079439][T10570] __kmalloc+0x318/0x340 [ 185.089780][T10570] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 185.089795][T10570] tomoyo_realpath_from_path+0xdc/0x7c0 [ 185.089817][T10570] tomoyo_check_open_permission+0x1ce/0x9d0 [ 185.099061][T10570] tomoyo_file_open+0x141/0x190 [ 185.109762][T10570] security_file_open+0x65/0x2f0 [ 185.109777][T10570] do_dentry_open+0x345/0xf80 [ 185.109797][T10570] vfs_open+0x73/0x80 [ 185.140855][T10570] path_openat+0x1397/0x4420 [ 185.140907][T10570] do_filp_open+0x192/0x3d0 [ 185.149583][T10570] do_sys_open+0x29f/0x560 [ 185.149601][T10570] __x64_sys_open+0x87/0x90 [ 185.149614][T10570] do_syscall_64+0xf7/0x1c0 [ 185.158658][T10570] entry_SYSCALL_64_after_hwframe+0x49/0xbe 19:01:51 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 185.158668][T10570] RIP: 0033:0x413911 [ 185.158678][T10570] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 185.158684][T10570] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 185.158693][T10570] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 [ 185.158702][T10570] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 185.167559][T10570] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 185.167566][T10570] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 185.167572][T10570] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 185.270504][ T26] kauditd_printk_skb: 16 callbacks suppressed 19:01:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4a, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 185.270513][ T26] audit: type=1804 audit(1570129311.956:234): pid=10580 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/131/file0" dev="sda1" ino=17049 res=1 19:01:52 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:52 executing program 1 (fault-call:1 fault-nth:17): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:52 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) 19:01:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 185.519816][ T26] audit: type=1804 audit(1570129312.206:235): pid=10597 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/132/file0" dev="sda1" ino=16801 res=1 [ 185.549161][T10599] FAULT_INJECTION: forcing a failure. [ 185.549161][T10599] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 185.562416][T10599] CPU: 0 PID: 10599 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 185.570299][T10599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.580341][T10599] Call Trace: [ 185.580361][T10599] dump_stack+0x1d8/0x2f8 [ 185.580376][T10599] should_fail+0x555/0x770 [ 185.580394][T10599] should_fail_alloc_page+0x55/0x60 [ 185.580403][T10599] prepare_alloc_pages+0x283/0x460 [ 185.580416][T10599] __alloc_pages_nodemask+0xb2/0x5d0 [ 185.588015][T10599] kmem_getpages+0x4d/0xa00 [ 185.588030][T10599] cache_grow_begin+0x7e/0x2c0 [ 185.588045][T10599] cache_alloc_refill+0x311/0x3f0 [ 185.588055][T10599] ? check_preemption_disabled+0xb7/0x2a0 [ 185.588070][T10599] __kmalloc+0x318/0x340 [ 185.597632][T10599] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 185.597647][T10599] tomoyo_realpath_from_path+0xdc/0x7c0 [ 185.597669][T10599] tomoyo_check_open_permission+0x1ce/0x9d0 [ 185.597705][T10599] tomoyo_file_open+0x141/0x190 [ 185.608051][T10599] security_file_open+0x65/0x2f0 [ 185.608066][T10599] do_dentry_open+0x345/0xf80 [ 185.608088][T10599] vfs_open+0x73/0x80 [ 185.608100][T10599] path_openat+0x1397/0x4420 [ 185.608147][T10599] do_filp_open+0x192/0x3d0 [ 185.617353][T10599] do_sys_open+0x29f/0x560 [ 185.617371][T10599] __x64_sys_open+0x87/0x90 [ 185.617385][T10599] do_syscall_64+0xf7/0x1c0 [ 185.617400][T10599] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 185.628088][T10599] RIP: 0033:0x413911 19:01:52 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) 19:01:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 185.628098][T10599] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 185.628104][T10599] RSP: 002b:00007faddc111a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 185.628115][T10599] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413911 [ 185.628121][T10599] RDX: 00007faddc111b0a RSI: 0000000000000002 RDI: 00007faddc111b00 [ 185.628127][T10599] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 185.628133][T10599] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000005 [ 185.628139][T10599] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:52 executing program 1 (fault-call:1 fault-nth:18): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:52 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 185.829974][ T26] audit: type=1804 audit(1570129312.516:236): pid=10609 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/133/file0" dev="sda1" ino=16801 res=1 19:01:52 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) 19:01:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x68, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 185.951182][T10618] FAULT_INJECTION: forcing a failure. [ 185.951182][T10618] name failslab, interval 1, probability 0, space 0, times 0 [ 185.964155][T10619] validate_nla: 23 callbacks suppressed [ 185.964162][T10619] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 185.999908][ T26] audit: type=1804 audit(1570129312.686:237): pid=10623 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/134/file0" dev="sda1" ino=16801 res=1 [ 186.004039][T10618] CPU: 1 PID: 10618 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 186.031623][T10618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.041683][T10618] Call Trace: [ 186.044980][T10618] dump_stack+0x1d8/0x2f8 [ 186.049311][T10618] should_fail+0x555/0x770 [ 186.049329][T10618] __should_failslab+0x11a/0x160 [ 186.049345][T10618] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 186.058669][T10618] should_failslab+0x9/0x20 [ 186.058681][T10618] __kmalloc+0x7a/0x340 [ 186.058692][T10618] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 186.058706][T10618] tomoyo_realpath_from_path+0xdc/0x7c0 [ 186.068904][T10618] tomoyo_path_number_perm+0x166/0x640 [ 186.068940][T10618] ? smack_file_ioctl+0x226/0x2e0 [ 186.078762][T10618] ? __fget+0x3f1/0x510 [ 186.078778][T10618] tomoyo_file_ioctl+0x23/0x30 [ 186.078790][T10618] security_file_ioctl+0x6d/0xd0 [ 186.078803][T10618] __x64_sys_ioctl+0xa3/0x120 [ 186.078815][T10618] do_syscall_64+0xf7/0x1c0 [ 186.078830][T10618] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.084498][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 186.089813][T10618] RIP: 0033:0x459897 [ 186.094883][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 186.098941][T10618] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.113262][T10618] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.113272][T10618] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 186.113279][T10618] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 186.113285][T10618] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 186.113291][T10618] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 19:01:52 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 186.113297][T10618] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 186.119335][T10618] ERROR: Out of memory at tomoyo_realpath_from_path. [ 186.224792][T10631] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:53 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x11, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x74, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:53 executing program 1 (fault-call:1 fault-nth:19): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:53 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) [ 186.412479][T10640] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 186.435173][T10645] FAULT_INJECTION: forcing a failure. [ 186.435173][T10645] name failslab, interval 1, probability 0, space 0, times 0 [ 186.448199][T10645] CPU: 1 PID: 10645 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 186.452306][ T26] audit: type=1804 audit(1570129313.136:238): pid=10648 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/135/file0" dev="sda1" ino=17057 res=1 [ 186.456090][T10645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 186.456094][T10645] Call Trace: [ 186.456111][T10645] dump_stack+0x1d8/0x2f8 [ 186.456126][T10645] should_fail+0x555/0x770 [ 186.456144][T10645] __should_failslab+0x11a/0x160 [ 186.456157][T10645] ? __kernfs_new_node+0x97/0x6b0 [ 186.456170][T10645] should_failslab+0x9/0x20 [ 186.456182][T10645] kmem_cache_alloc+0x56/0x2e0 [ 186.456194][T10645] __kernfs_new_node+0x97/0x6b0 [ 186.456208][T10645] ? __kasan_check_write+0x14/0x20 [ 186.456218][T10645] ? __mutex_unlock_slowpath+0x13c/0x5b0 [ 186.456233][T10645] kernfs_new_node+0x97/0x170 [ 186.456249][T10645] __kernfs_create_file+0x4a/0x2f0 [ 186.456261][T10645] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 186.456279][T10645] internal_create_group+0x4be/0xd80 [ 186.482441][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 186.490117][T10645] sysfs_create_group+0x1f/0x30 [ 186.493439][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 186.497672][T10645] loop_set_fd+0xcb2/0x1180 [ 186.497694][T10645] lo_ioctl+0xd5/0x2200 [ 186.497703][T10645] ? __kasan_slab_free+0x12a/0x1e0 [ 186.497713][T10645] ? kasan_slab_free+0xe/0x10 [ 186.512043][T10645] ? kfree+0x115/0x200 [ 186.512055][T10645] ? tomoyo_path_number_perm+0x4e1/0x640 [ 186.512063][T10645] ? tomoyo_file_ioctl+0x23/0x30 [ 186.512074][T10645] ? security_file_ioctl+0x6d/0xd0 [ 186.512083][T10645] ? __x64_sys_ioctl+0xa3/0x120 [ 186.512091][T10645] ? do_syscall_64+0xf7/0x1c0 [ 186.512108][T10645] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.521343][T10645] ? debug_check_no_obj_freed+0x505/0x5b0 [ 186.521372][T10645] ? rcu_lock_release+0x9/0x30 [ 186.521390][T10645] ? rcu_lock_release+0x9/0x30 [ 186.531310][T10645] ? lo_release+0x1f0/0x1f0 [ 186.541580][T10645] blkdev_ioctl+0x807/0x2980 [ 186.541596][T10645] ? tomoyo_path_number_perm+0x53e/0x640 [ 186.541627][T10645] block_ioctl+0xbd/0x100 [ 186.557313][T10645] ? blkdev_iopoll+0x100/0x100 [ 186.557327][T10645] do_vfs_ioctl+0x744/0x1730 [ 186.557336][T10645] ? __fget+0x3f1/0x510 [ 186.557353][T10645] ? tomoyo_file_ioctl+0x23/0x30 [ 186.557364][T10645] ? security_file_ioctl+0xa1/0xd0 [ 186.557376][T10645] __x64_sys_ioctl+0xe3/0x120 [ 186.573599][T10645] do_syscall_64+0xf7/0x1c0 [ 186.573615][T10645] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 186.573625][T10645] RIP: 0033:0x459897 [ 186.573635][T10645] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 186.573640][T10645] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 186.573650][T10645] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 186.573655][T10645] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 186.573660][T10645] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 19:01:53 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) 19:01:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x12, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 186.573666][T10645] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 186.573672][T10645] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 186.777156][T10643] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:53 executing program 1 (fault-call:1 fault-nth:20): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 186.898308][ T26] audit: type=1804 audit(1570129313.586:239): pid=10655 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/136/file0" dev="sda1" ino=16993 res=1 [ 186.919814][T10663] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 186.945927][T10660] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 186.960026][T10666] FAULT_INJECTION: forcing a failure. [ 186.960026][T10666] name failslab, interval 1, probability 0, space 0, times 0 19:01:53 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) [ 186.991278][T10666] CPU: 1 PID: 10666 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 186.999194][T10666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.009244][T10666] Call Trace: [ 187.012541][T10666] dump_stack+0x1d8/0x2f8 [ 187.016874][T10666] should_fail+0x555/0x770 [ 187.021276][T10666] __should_failslab+0x11a/0x160 [ 187.026205][T10666] ? tomoyo_encode2+0x273/0x5a0 [ 187.031052][T10666] should_failslab+0x9/0x20 [ 187.035552][T10666] __kmalloc+0x7a/0x340 [ 187.039700][T10666] tomoyo_encode2+0x273/0x5a0 [ 187.044366][T10666] tomoyo_realpath_from_path+0x769/0x7c0 [ 187.044386][T10666] tomoyo_path_number_perm+0x166/0x640 [ 187.044422][T10666] ? smack_file_ioctl+0x226/0x2e0 [ 187.055467][T10666] ? __fget+0x3f1/0x510 [ 187.055482][T10666] tomoyo_file_ioctl+0x23/0x30 [ 187.055494][T10666] security_file_ioctl+0x6d/0xd0 [ 187.055507][T10666] __x64_sys_ioctl+0xa3/0x120 [ 187.055521][T10666] do_syscall_64+0xf7/0x1c0 [ 187.055536][T10666] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.055545][T10666] RIP: 0033:0x459897 [ 187.055556][T10666] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.055561][T10666] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 187.055574][T10666] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 187.129160][T10666] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 19:01:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8e, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:53 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x19, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 187.130137][ T26] audit: type=1804 audit(1570129313.816:240): pid=10670 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/137/file0" dev="sda1" ino=16993 res=1 [ 187.137122][T10666] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 187.137129][T10666] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 187.137135][T10666] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 187.148007][T10666] ERROR: Out of memory at tomoyo_realpath_from_path. [ 187.187532][T10673] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 187.210779][T10674] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:53 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:53 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, 0x0, 0x0) 19:01:53 executing program 4: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f5608000300"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x25, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x96, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:54 executing program 1 (fault-call:1 fault-nth:21): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 187.399030][T10693] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 187.416716][ T26] audit: type=1804 audit(1570129314.106:241): pid=10688 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/138/file0" dev="sda1" ino=17056 res=1 [ 187.448106][T10695] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 187.457927][T10697] FAULT_INJECTION: forcing a failure. [ 187.457927][T10697] name failslab, interval 1, probability 0, space 0, times 0 [ 187.477861][T10697] CPU: 1 PID: 10697 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 187.485856][T10697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.485861][T10697] Call Trace: [ 187.485880][T10697] dump_stack+0x1d8/0x2f8 [ 187.485895][T10697] should_fail+0x555/0x770 [ 187.485912][T10697] __should_failslab+0x11a/0x160 [ 187.485925][T10697] ? loop_set_fd+0x1180/0x1180 [ 187.485935][T10697] should_failslab+0x9/0x20 [ 187.485947][T10697] kmem_cache_alloc_trace+0x5d/0x2f0 [ 187.485956][T10697] ? __kthread_create_on_node+0xb2/0x3b0 [ 187.485967][T10697] ? loop_set_fd+0x1180/0x1180 [ 187.485976][T10697] __kthread_create_on_node+0xb2/0x3b0 [ 187.485994][T10697] ? loop_set_fd+0x1180/0x1180 [ 187.503636][T10697] kthread_create_on_node+0x72/0xa0 [ 187.503647][T10697] ? lockdep_init_map+0x2a/0x680 [ 187.503661][T10697] ? __kthread_init_worker+0x5a/0xe0 [ 187.503674][T10697] loop_set_fd+0x6a8/0x1180 [ 187.503687][T10697] ? check_preemption_disabled+0xb7/0x2a0 [ 187.503698][T10697] ? tomoyo_path_number_perm+0x4e1/0x640 [ 187.503713][T10697] lo_ioctl+0xd5/0x2200 [ 187.503722][T10697] ? __kasan_slab_free+0x12a/0x1e0 [ 187.503732][T10697] ? kasan_slab_free+0xe/0x10 [ 187.593130][T10697] ? kfree+0x115/0x200 [ 187.597191][T10697] ? tomoyo_path_number_perm+0x4e1/0x640 [ 187.602806][T10697] ? tomoyo_file_ioctl+0x23/0x30 [ 187.607718][T10697] ? security_file_ioctl+0x6d/0xd0 [ 187.612808][T10697] ? __x64_sys_ioctl+0xa3/0x120 [ 187.617644][T10697] ? do_syscall_64+0xf7/0x1c0 [ 187.622297][T10697] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.628342][T10697] ? debug_check_no_obj_freed+0x505/0x5b0 [ 187.634060][T10697] ? rcu_lock_release+0x9/0x30 [ 187.638820][T10697] ? rcu_lock_release+0x9/0x30 [ 187.643562][T10697] ? lo_release+0x1f0/0x1f0 [ 187.648039][T10697] blkdev_ioctl+0x807/0x2980 [ 187.652618][T10697] ? tomoyo_path_number_perm+0x53e/0x640 [ 187.658297][T10697] block_ioctl+0xbd/0x100 [ 187.662771][T10697] ? blkdev_iopoll+0x100/0x100 [ 187.667525][T10697] do_vfs_ioctl+0x744/0x1730 [ 187.672093][T10697] ? __fget+0x3f1/0x510 [ 187.676238][T10697] ? tomoyo_file_ioctl+0x23/0x30 [ 187.681176][T10697] ? security_file_ioctl+0xa1/0xd0 [ 187.686297][T10697] __x64_sys_ioctl+0xe3/0x120 [ 187.690953][T10697] do_syscall_64+0xf7/0x1c0 [ 187.695449][T10697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 187.701331][T10697] RIP: 0033:0x459897 [ 187.705204][T10697] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 187.724827][T10697] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 187.733218][T10697] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 187.741176][T10697] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 19:01:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x105, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:54 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, 0x0, 0x0) [ 187.749146][T10697] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 187.757102][T10697] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 187.765060][T10697] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:54 executing program 1 (fault-call:1 fault-nth:22): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:54 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x172, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 187.897025][ T26] audit: type=1804 audit(1570129314.586:242): pid=10707 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/139/file0" dev="sda1" ino=16801 res=1 [ 187.948848][T10709] FAULT_INJECTION: forcing a failure. [ 187.948848][T10709] name failslab, interval 1, probability 0, space 0, times 0 [ 187.961871][T10709] CPU: 0 PID: 10709 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 187.969763][T10709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 187.979808][T10709] Call Trace: [ 187.979826][T10709] dump_stack+0x1d8/0x2f8 [ 187.979839][T10709] should_fail+0x555/0x770 [ 187.979858][T10709] __should_failslab+0x11a/0x160 [ 187.987446][T10709] ? __kernfs_new_node+0x97/0x6b0 [ 187.987460][T10709] should_failslab+0x9/0x20 [ 187.987472][T10709] kmem_cache_alloc+0x56/0x2e0 [ 187.987486][T10709] __kernfs_new_node+0x97/0x6b0 [ 187.987502][T10709] ? mutex_unlock+0xd/0x10 [ 187.987511][T10709] ? kernfs_activate+0x4c7/0x4e0 [ 187.987526][T10709] kernfs_new_node+0x97/0x170 [ 187.996848][T10709] __kernfs_create_file+0x4a/0x2f0 [ 187.996862][T10709] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 187.996882][T10709] internal_create_group+0x4be/0xd80 [ 187.996907][T10709] sysfs_create_group+0x1f/0x30 [ 187.996920][T10709] loop_set_fd+0xcb2/0x1180 [ 187.996941][T10709] lo_ioctl+0xd5/0x2200 [ 187.996952][T10709] ? __kasan_slab_free+0x12a/0x1e0 [ 188.006440][T10709] ? kasan_slab_free+0xe/0x10 [ 188.006450][T10709] ? kfree+0x115/0x200 [ 188.006461][T10709] ? tomoyo_path_number_perm+0x4e1/0x640 [ 188.006469][T10709] ? tomoyo_file_ioctl+0x23/0x30 [ 188.006480][T10709] ? security_file_ioctl+0x6d/0xd0 [ 188.006493][T10709] ? __x64_sys_ioctl+0xa3/0x120 [ 188.006502][T10709] ? do_syscall_64+0xf7/0x1c0 [ 188.006513][T10709] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.006528][T10709] ? debug_check_no_obj_freed+0x505/0x5b0 [ 188.006552][T10709] ? rcu_lock_release+0x9/0x30 [ 188.016115][T10709] ? rcu_lock_release+0x9/0x30 [ 188.016128][T10709] ? lo_release+0x1f0/0x1f0 [ 188.016139][T10709] blkdev_ioctl+0x807/0x2980 [ 188.016153][T10709] ? tomoyo_path_number_perm+0x53e/0x640 [ 188.016185][T10709] block_ioctl+0xbd/0x100 [ 188.016194][T10709] ? blkdev_iopoll+0x100/0x100 [ 188.016206][T10709] do_vfs_ioctl+0x744/0x1730 [ 188.016218][T10709] ? __fget+0x3f1/0x510 [ 188.025525][T10709] ? tomoyo_file_ioctl+0x23/0x30 [ 188.025537][T10709] ? security_file_ioctl+0xa1/0xd0 [ 188.025552][T10709] __x64_sys_ioctl+0xe3/0x120 [ 188.025568][T10709] do_syscall_64+0xf7/0x1c0 [ 188.025583][T10709] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.025593][T10709] RIP: 0033:0x459897 19:01:54 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:54 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x48, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 188.025604][T10709] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.025609][T10709] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 188.025623][T10709] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 188.035353][T10709] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 188.035359][T10709] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 188.035364][T10709] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 19:01:54 executing program 4 (fault-call:11 fault-nth:0): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:54 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, 0x0, 0x0) [ 188.035370][T10709] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:55 executing program 0 (fault-call:14 fault-nth:0): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 188.273735][ T26] audit: type=1804 audit(1570129314.966:243): pid=10725 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/140/file0" dev="sda1" ino=17059 res=1 19:01:55 executing program 1 (fault-call:1 fault-nth:23): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:01:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1a4, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:55 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 188.392131][T10726] FAULT_INJECTION: forcing a failure. [ 188.392131][T10726] name failslab, interval 1, probability 0, space 0, times 0 [ 188.453453][T10726] CPU: 1 PID: 10726 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 188.461374][T10726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.471423][T10726] Call Trace: [ 188.474721][T10726] dump_stack+0x1d8/0x2f8 [ 188.479057][T10726] should_fail+0x555/0x770 [ 188.483483][T10726] __should_failslab+0x11a/0x160 [ 188.487123][T10734] FAULT_INJECTION: forcing a failure. [ 188.487123][T10734] name failslab, interval 1, probability 0, space 0, times 0 [ 188.488416][T10726] ? kmalloc_array+0x2f/0x50 [ 188.488429][T10726] should_failslab+0x9/0x20 [ 188.488445][T10726] __kmalloc+0x7a/0x340 [ 188.488463][T10726] kmalloc_array+0x2f/0x50 [ 188.518624][T10726] rw_copy_check_uvector+0x96/0x360 [ 188.523819][T10726] import_iovec+0x8c/0x2a0 [ 188.528229][T10726] ? __fdget_pos+0x243/0x2e0 [ 188.532810][T10726] do_writev+0x156/0x490 [ 188.537047][T10726] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 188.543104][T10726] ? prepare_exit_to_usermode+0x1f7/0x580 [ 188.548817][T10726] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 188.554527][T10726] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 188.559982][T10726] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 188.562490][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 188.565691][T10726] ? do_syscall_64+0x1d/0x1c0 [ 188.571427][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 188.576043][T10726] __x64_sys_writev+0x7d/0x90 [ 188.576055][T10726] do_syscall_64+0xf7/0x1c0 [ 188.576069][T10726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.576078][T10726] RIP: 0033:0x459a29 [ 188.576089][T10726] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.620250][T10726] RSP: 002b:00007f616a752c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 188.628656][T10726] RAX: ffffffffffffffda RBX: 00007f616a752c90 RCX: 0000000000459a29 [ 188.636621][T10726] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 [ 188.644587][T10726] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 188.652552][T10726] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f616a7536d4 [ 188.660510][T10726] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000008 [ 188.668489][T10734] CPU: 0 PID: 10734 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 188.673332][T10739] FAULT_INJECTION: forcing a failure. [ 188.673332][T10739] name failslab, interval 1, probability 0, space 0, times 0 [ 188.676377][T10734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.676382][T10734] Call Trace: [ 188.676399][T10734] dump_stack+0x1d8/0x2f8 [ 188.676413][T10734] should_fail+0x555/0x770 [ 188.676428][T10734] __should_failslab+0x11a/0x160 [ 188.715911][T10734] ? kmalloc_array+0x2f/0x50 [ 188.720502][T10734] should_failslab+0x9/0x20 [ 188.724993][T10734] __kmalloc+0x7a/0x340 [ 188.729151][T10734] kmalloc_array+0x2f/0x50 [ 188.733657][T10734] rw_copy_check_uvector+0x96/0x360 [ 188.738852][T10734] import_iovec+0x8c/0x2a0 [ 188.743274][T10734] ? __fdget_pos+0x243/0x2e0 [ 188.747871][T10734] do_writev+0x156/0x490 [ 188.752112][T10734] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 188.758165][T10734] ? prepare_exit_to_usermode+0x1f7/0x580 [ 188.763876][T10734] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 188.769582][T10734] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 188.775024][T10734] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 188.780730][T10734] ? do_syscall_64+0x1d/0x1c0 [ 188.785396][T10734] __x64_sys_writev+0x7d/0x90 [ 188.790064][T10734] do_syscall_64+0xf7/0x1c0 [ 188.794559][T10734] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 188.800435][T10734] RIP: 0033:0x459a29 [ 188.804316][T10734] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 188.823901][T10734] RSP: 002b:00007f5501682c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 188.832299][T10734] RAX: ffffffffffffffda RBX: 00007f5501682c90 RCX: 0000000000459a29 [ 188.840257][T10734] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 19:01:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 188.848229][T10734] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 188.856185][T10734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55016836d4 [ 188.864142][T10734] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000009 [ 188.872120][T10739] CPU: 1 PID: 10739 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 188.880009][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.882466][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 188.890046][T10739] Call Trace: [ 188.890065][T10739] dump_stack+0x1d8/0x2f8 [ 188.890080][T10739] should_fail+0x555/0x770 [ 188.890097][T10739] __should_failslab+0x11a/0x160 [ 188.890110][T10739] ? __kernfs_new_node+0x97/0x6b0 [ 188.895876][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 188.899073][T10739] should_failslab+0x9/0x20 [ 188.927892][T10739] kmem_cache_alloc+0x56/0x2e0 [ 188.932778][T10739] __kernfs_new_node+0x97/0x6b0 [ 188.937633][T10739] ? mutex_unlock+0xd/0x10 [ 188.942071][T10739] ? kernfs_activate+0x4c7/0x4e0 [ 188.947006][T10739] kernfs_new_node+0x97/0x170 [ 188.951674][T10739] __kernfs_create_file+0x4a/0x2f0 [ 188.956762][T10739] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 188.962122][T10739] internal_create_group+0x4be/0xd80 [ 188.967391][T10739] sysfs_create_group+0x1f/0x30 [ 188.972226][T10739] loop_set_fd+0xcb2/0x1180 [ 188.976717][T10739] lo_ioctl+0xd5/0x2200 [ 188.980862][T10739] ? __kasan_slab_free+0x12a/0x1e0 [ 188.985954][T10739] ? kasan_slab_free+0xe/0x10 [ 188.990621][T10739] ? kfree+0x115/0x200 [ 188.994669][T10739] ? tomoyo_path_number_perm+0x4e1/0x640 [ 189.000289][T10739] ? tomoyo_file_ioctl+0x23/0x30 19:01:55 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 189.005217][T10739] ? security_file_ioctl+0x6d/0xd0 [ 189.010324][T10739] ? __x64_sys_ioctl+0xa3/0x120 [ 189.015166][T10739] ? do_syscall_64+0xf7/0x1c0 [ 189.019841][T10739] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.025901][T10739] ? debug_check_no_obj_freed+0x505/0x5b0 [ 189.031618][T10739] ? rcu_lock_release+0x9/0x30 [ 189.036361][T10739] ? rcu_lock_release+0x9/0x30 [ 189.041102][T10739] ? lo_release+0x1f0/0x1f0 [ 189.045594][T10739] blkdev_ioctl+0x807/0x2980 [ 189.050188][T10739] ? tomoyo_path_number_perm+0x53e/0x640 [ 189.055811][T10739] block_ioctl+0xbd/0x100 [ 189.060118][T10739] ? blkdev_iopoll+0x100/0x100 [ 189.064868][T10739] do_vfs_ioctl+0x744/0x1730 [ 189.069440][T10739] ? __fget+0x3f1/0x510 [ 189.073586][T10739] ? tomoyo_file_ioctl+0x23/0x30 [ 189.078521][T10739] ? security_file_ioctl+0xa1/0xd0 [ 189.083619][T10739] __x64_sys_ioctl+0xe3/0x120 [ 189.088284][T10739] do_syscall_64+0xf7/0x1c0 [ 189.092773][T10739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.098661][T10739] RIP: 0033:0x459897 [ 189.102538][T10739] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.122128][T10739] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.130528][T10739] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 189.138485][T10739] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 189.146431][T10739] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 19:01:55 executing program 4 (fault-call:11 fault-nth:1): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:55 executing program 0 (fault-call:14 fault-nth:1): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 189.154387][T10739] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 189.162349][T10739] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 189.300815][T10753] FAULT_INJECTION: forcing a failure. [ 189.300815][T10753] name failslab, interval 1, probability 0, space 0, times 0 [ 189.315103][T10754] FAULT_INJECTION: forcing a failure. [ 189.315103][T10754] name failslab, interval 1, probability 0, space 0, times 0 [ 189.338805][T10753] CPU: 0 PID: 10753 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 189.347678][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.357734][T10753] Call Trace: [ 189.361026][T10753] dump_stack+0x1d8/0x2f8 [ 189.365362][T10753] should_fail+0x555/0x770 [ 189.369791][T10753] __should_failslab+0x11a/0x160 [ 189.374722][T10753] ? __blockdev_direct_IO+0x306/0x4380 [ 189.380174][T10753] should_failslab+0x9/0x20 [ 189.384673][T10753] kmem_cache_alloc+0x56/0x2e0 [ 189.389432][T10753] __blockdev_direct_IO+0x306/0x4380 [ 189.394708][T10753] ? __ext4_get_inode_loc+0x43e/0xe10 [ 189.400078][T10753] ? __lock_acquire+0xc75/0x1be0 [ 189.405013][T10753] ? ext4_dio_get_block_unwritten_async+0x2a0/0x2a0 [ 189.411591][T10753] ? ext4_get_block_unwritten+0x40/0x40 [ 189.417121][T10753] ? ext4_direct_IO+0x9f0/0x1480 [ 189.422101][T10753] ? ext4_get_block_unwritten+0x40/0x40 [ 189.427693][T10753] ext4_direct_IO+0xc96/0x1480 [ 189.432466][T10753] generic_file_direct_write+0x22e/0x440 [ 189.438094][T10753] __generic_file_write_iter+0x2af/0x520 [ 189.443712][T10753] ? down_write_trylock+0x13d/0x290 [ 189.448897][T10753] ? generic_write_checks+0x3c5/0x470 [ 189.454272][T10753] ext4_file_write_iter+0xd36/0x15b0 [ 189.459578][T10753] do_iter_readv_writev+0x651/0x8e0 [ 189.464776][T10753] do_iter_write+0x180/0x590 [ 189.469360][T10753] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 189.474900][T10753] do_writev+0x239/0x490 [ 189.479140][T10753] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 189.485237][T10753] ? prepare_exit_to_usermode+0x1f7/0x580 [ 189.490947][T10753] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 189.496663][T10753] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 189.502108][T10753] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 189.507812][T10753] ? do_syscall_64+0x1d/0x1c0 [ 189.512481][T10753] __x64_sys_writev+0x7d/0x90 [ 189.517145][T10753] do_syscall_64+0xf7/0x1c0 [ 189.521638][T10753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.527515][T10753] RIP: 0033:0x459a29 [ 189.531397][T10753] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.551001][T10753] RSP: 002b:00007f616a752c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 189.559396][T10753] RAX: ffffffffffffffda RBX: 00007f616a752c90 RCX: 0000000000459a29 [ 189.567351][T10753] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 [ 189.575311][T10753] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 189.583273][T10753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f616a7536d4 [ 189.591229][T10753] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000008 19:01:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x36a, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:56 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x60, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:56 executing program 1 (fault-call:1 fault-nth:24): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 189.599278][T10754] CPU: 1 PID: 10754 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 189.607166][T10754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.607192][T10754] Call Trace: [ 189.607208][T10754] dump_stack+0x1d8/0x2f8 [ 189.607222][T10754] should_fail+0x555/0x770 [ 189.607238][T10754] __should_failslab+0x11a/0x160 [ 189.607251][T10754] ? __blockdev_direct_IO+0x306/0x4380 [ 189.607263][T10754] should_failslab+0x9/0x20 [ 189.607274][T10754] kmem_cache_alloc+0x56/0x2e0 [ 189.607288][T10754] __blockdev_direct_IO+0x306/0x4380 [ 189.607300][T10754] ? rcu_read_lock_sched_held+0x10b/0x170 [ 189.607317][T10754] ? __lock_acquire+0xc75/0x1be0 [ 189.607332][T10754] ? ext4_dio_get_block_unwritten_async+0x2a0/0x2a0 [ 189.607345][T10754] ? ext4_get_block_unwritten+0x40/0x40 [ 189.634302][T10754] ? ext4_direct_IO+0x9f0/0x1480 [ 189.634339][T10754] ? ext4_get_block_unwritten+0x40/0x40 [ 189.634348][T10754] ext4_direct_IO+0xc96/0x1480 [ 189.634371][T10754] generic_file_direct_write+0x22e/0x440 [ 189.634386][T10754] __generic_file_write_iter+0x2af/0x520 [ 189.634395][T10754] ? down_write_trylock+0x13d/0x290 [ 189.634405][T10754] ? generic_write_checks+0x3c5/0x470 [ 189.644335][T10754] ext4_file_write_iter+0xd36/0x15b0 [ 189.644361][T10754] do_iter_readv_writev+0x651/0x8e0 [ 189.644382][T10754] do_iter_write+0x180/0x590 [ 189.644394][T10754] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 189.654400][T10754] do_writev+0x239/0x490 [ 189.654421][T10754] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 189.654435][T10754] ? prepare_exit_to_usermode+0x1f7/0x580 [ 189.654446][T10754] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 189.654456][T10754] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 189.654465][T10754] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 189.654474][T10754] ? do_syscall_64+0x1d/0x1c0 [ 189.654486][T10754] __x64_sys_writev+0x7d/0x90 [ 189.654497][T10754] do_syscall_64+0xf7/0x1c0 [ 189.672376][T10754] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.672385][T10754] RIP: 0033:0x459a29 [ 189.672395][T10754] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.672401][T10754] RSP: 002b:00007f5501682c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 189.672410][T10754] RAX: ffffffffffffffda RBX: 00007f5501682c90 RCX: 0000000000459a29 [ 189.672416][T10754] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 [ 189.672422][T10754] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 189.672427][T10754] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55016836d4 [ 189.672432][T10754] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000009 [ 189.724971][T10765] FAULT_INJECTION: forcing a failure. [ 189.724971][T10765] name failslab, interval 1, probability 0, space 0, times 0 [ 189.790156][T10765] CPU: 1 PID: 10765 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 189.820723][T10765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.820729][T10765] Call Trace: [ 189.820751][T10765] dump_stack+0x1d8/0x2f8 19:01:56 executing program 0 (fault-call:14 fault-nth:2): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 189.820767][T10765] should_fail+0x555/0x770 [ 189.820785][T10765] __should_failslab+0x11a/0x160 [ 189.820796][T10765] ? __kernfs_new_node+0x97/0x6b0 [ 189.820808][T10765] should_failslab+0x9/0x20 [ 189.820823][T10765] kmem_cache_alloc+0x56/0x2e0 [ 189.873456][T10765] __kernfs_new_node+0x97/0x6b0 [ 189.873473][T10765] ? mutex_unlock+0xd/0x10 [ 189.873483][T10765] ? kernfs_activate+0x4c7/0x4e0 [ 189.873499][T10765] kernfs_new_node+0x97/0x170 [ 189.873514][T10765] __kernfs_create_file+0x4a/0x2f0 [ 189.873529][T10765] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 189.873548][T10765] internal_create_group+0x4be/0xd80 [ 189.873568][T10765] sysfs_create_group+0x1f/0x30 [ 189.873580][T10765] loop_set_fd+0xcb2/0x1180 [ 189.873600][T10765] lo_ioctl+0xd5/0x2200 [ 189.873609][T10765] ? __kasan_slab_free+0x12a/0x1e0 [ 189.873616][T10765] ? kasan_slab_free+0xe/0x10 [ 189.873626][T10765] ? kfree+0x115/0x200 [ 189.873636][T10765] ? tomoyo_path_number_perm+0x4e1/0x640 [ 189.873645][T10765] ? tomoyo_file_ioctl+0x23/0x30 [ 189.873654][T10765] ? security_file_ioctl+0x6d/0xd0 [ 189.873662][T10765] ? __x64_sys_ioctl+0xa3/0x120 [ 189.873675][T10765] ? do_syscall_64+0xf7/0x1c0 [ 189.891585][T10765] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.891602][T10765] ? debug_check_no_obj_freed+0x505/0x5b0 [ 189.891631][T10765] ? rcu_lock_release+0x9/0x30 [ 189.891650][T10765] ? rcu_lock_release+0x9/0x30 [ 189.891663][T10765] ? lo_release+0x1f0/0x1f0 [ 189.891676][T10765] blkdev_ioctl+0x807/0x2980 [ 189.899260][T10765] ? tomoyo_path_number_perm+0x53e/0x640 [ 189.899295][T10765] block_ioctl+0xbd/0x100 19:01:56 executing program 4 (fault-call:11 fault-nth:2): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:56 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 189.899304][T10765] ? blkdev_iopoll+0x100/0x100 [ 189.899317][T10765] do_vfs_ioctl+0x744/0x1730 [ 189.899327][T10765] ? __fget+0x3f1/0x510 [ 189.899343][T10765] ? tomoyo_file_ioctl+0x23/0x30 [ 189.899356][T10765] ? security_file_ioctl+0xa1/0xd0 [ 189.899369][T10765] __x64_sys_ioctl+0xe3/0x120 [ 189.913683][T10765] do_syscall_64+0xf7/0x1c0 [ 189.913699][T10765] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 189.913709][T10765] RIP: 0033:0x459897 [ 189.913718][T10765] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.913724][T10765] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.913734][T10765] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 189.913740][T10765] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 189.913751][T10765] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 189.913757][T10765] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 189.913763][T10765] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 190.137468][T10779] FAULT_INJECTION: forcing a failure. [ 190.137468][T10779] name failslab, interval 1, probability 0, space 0, times 0 [ 190.176970][T10779] CPU: 0 PID: 10779 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 190.184870][T10779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.194914][T10779] Call Trace: [ 190.194934][T10779] dump_stack+0x1d8/0x2f8 [ 190.194949][T10779] should_fail+0x555/0x770 [ 190.194965][T10779] __should_failslab+0x11a/0x160 [ 190.194981][T10779] ? ext4_mb_new_blocks+0x2ac/0x2cc0 [ 190.200608][T10778] FAULT_INJECTION: forcing a failure. [ 190.200608][T10778] name failslab, interval 1, probability 0, space 0, times 0 [ 190.202567][T10779] should_failslab+0x9/0x20 [ 190.202581][T10779] kmem_cache_alloc+0x56/0x2e0 [ 190.202594][T10779] ext4_mb_new_blocks+0x2ac/0x2cc0 [ 190.202611][T10779] ? __kasan_check_read+0x11/0x20 [ 190.202637][T10779] ? ext4_inode_to_goal_block+0x27b/0x3b0 [ 190.212030][T10779] ext4_ind_map_blocks+0x10ce/0x2b50 [ 190.212064][T10779] ? ext4_map_blocks+0x820/0x1e30 [ 190.265182][T10779] ? __kasan_check_write+0x14/0x20 [ 190.270290][T10779] ext4_map_blocks+0x88e/0x1e30 [ 190.275144][T10779] _ext4_get_block+0x196/0x5c0 [ 190.279894][T10779] ? ext4_journal_check_start+0x179/0x200 [ 190.285616][T10779] ext4_get_block_trans+0x3ac/0x500 [ 190.290820][T10779] ext4_dio_get_block+0x7f/0xb0 [ 190.295665][T10779] ? ext4_get_block_unwritten+0x40/0x40 [ 190.301204][T10779] __blockdev_direct_IO+0x14cd/0x4380 [ 190.306609][T10779] ? ext4_get_block_unwritten+0x40/0x40 [ 190.312154][T10779] ? ext4_get_block_unwritten+0x40/0x40 [ 190.317685][T10779] ext4_direct_IO+0xc96/0x1480 [ 190.322450][T10779] generic_file_direct_write+0x22e/0x440 [ 190.328074][T10779] __generic_file_write_iter+0x2af/0x520 [ 190.333691][T10779] ? down_write_trylock+0x13d/0x290 [ 190.338875][T10779] ? generic_write_checks+0x3c5/0x470 [ 190.344239][T10779] ext4_file_write_iter+0xd36/0x15b0 [ 190.349538][T10779] do_iter_readv_writev+0x651/0x8e0 [ 190.354731][T10779] do_iter_write+0x180/0x590 [ 190.359316][T10779] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 190.364855][T10779] do_writev+0x239/0x490 [ 190.369186][T10779] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 190.375239][T10779] ? prepare_exit_to_usermode+0x1f7/0x580 [ 190.380956][T10779] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 190.386661][T10779] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 190.392122][T10779] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 190.397834][T10779] ? do_syscall_64+0x1d/0x1c0 [ 190.402607][T10779] __x64_sys_writev+0x7d/0x90 [ 190.407277][T10779] do_syscall_64+0xf7/0x1c0 [ 190.411787][T10779] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.417668][T10779] RIP: 0033:0x459a29 [ 190.421667][T10779] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.441269][T10779] RSP: 002b:00007f5501661c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 190.449673][T10779] RAX: ffffffffffffffda RBX: 00007f5501661c90 RCX: 0000000000459a29 [ 190.457631][T10779] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 [ 190.465592][T10779] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 190.473550][T10779] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55016626d4 [ 190.481506][T10779] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000009 [ 190.489485][T10778] CPU: 1 PID: 10778 Comm: syz-executor.4 Not tainted 5.4.0-rc1+ #0 [ 190.489741][ C0] protocol 88fb is buggy, dev hsr_slave_0 19:01:57 executing program 1 (fault-call:1 fault-nth:25): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 190.497378][T10778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.497382][T10778] Call Trace: [ 190.497400][T10778] dump_stack+0x1d8/0x2f8 [ 190.497419][T10778] should_fail+0x555/0x770 [ 190.503177][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 190.513151][T10778] __should_failslab+0x11a/0x160 [ 190.513163][T10778] ? kcalloc+0x2f/0x50 [ 190.513177][T10778] should_failslab+0x9/0x20 [ 190.539923][T10778] __kmalloc+0x7a/0x340 [ 190.539935][T10778] ? rcu_read_lock_sched_held+0x10b/0x170 [ 190.539951][T10778] kcalloc+0x2f/0x50 [ 190.539962][T10778] ext4_ext_remove_space+0x595/0x5ba0 [ 190.539981][T10778] ? __es_remove_extent+0xae3/0x2190 [ 190.558205][T10778] ? ext4_es_remove_extent+0xb7/0x150 [ 190.558225][T10778] ? ext4_es_remove_extent+0xb7/0x150 [ 190.558252][T10778] ext4_ext_truncate+0x190/0x1d0 [ 190.579579][T10778] ext4_truncate+0xac1/0xf70 [ 190.579605][T10778] ext4_direct_IO+0xe97/0x1480 [ 190.589114][T10778] generic_file_direct_write+0x22e/0x440 [ 190.589134][T10778] __generic_file_write_iter+0x2af/0x520 19:01:57 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x372, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 190.589143][T10778] ? down_write_trylock+0x13d/0x290 [ 190.589151][T10778] ? generic_write_checks+0x3c5/0x470 [ 190.589166][T10778] ext4_file_write_iter+0xd36/0x15b0 [ 190.599539][T10778] do_iter_readv_writev+0x651/0x8e0 [ 190.599562][T10778] do_iter_write+0x180/0x590 [ 190.599575][T10778] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 190.599589][T10778] do_writev+0x239/0x490 [ 190.610382][T10778] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 190.610396][T10778] ? prepare_exit_to_usermode+0x1f7/0x580 [ 190.610408][T10778] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 190.610419][T10778] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 190.610428][T10778] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 190.610441][T10778] ? do_syscall_64+0x1d/0x1c0 [ 190.646614][T10778] __x64_sys_writev+0x7d/0x90 [ 190.646628][T10778] do_syscall_64+0xf7/0x1c0 [ 190.646644][T10778] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.646653][T10778] RIP: 0033:0x459a29 [ 190.646663][T10778] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.646669][T10778] RSP: 002b:00007f616a731c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 190.646679][T10778] RAX: ffffffffffffffda RBX: 00007f616a731c90 RCX: 0000000000459a29 [ 190.646685][T10778] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 [ 190.646691][T10778] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 190.646696][T10778] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f616a7326d4 [ 190.646700][T10778] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000008 [ 190.713350][T10789] FAULT_INJECTION: forcing a failure. [ 190.713350][T10789] name failslab, interval 1, probability 0, space 0, times 0 [ 190.729947][T10789] CPU: 0 PID: 10789 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 190.745474][T10789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.745478][T10789] Call Trace: [ 190.745495][T10789] dump_stack+0x1d8/0x2f8 [ 190.745510][T10789] should_fail+0x555/0x770 [ 190.745528][T10789] __should_failslab+0x11a/0x160 [ 190.745542][T10789] should_failslab+0x9/0x20 [ 190.745553][T10789] kmem_cache_alloc_trace+0x5d/0x2f0 [ 190.745562][T10789] ? kobject_uevent_env+0x2cd/0x1260 [ 190.745574][T10789] ? dev_uevent_filter+0xb0/0xb0 [ 190.745584][T10789] kobject_uevent_env+0x2cd/0x1260 [ 190.745604][T10789] kobject_uevent+0x1f/0x30 [ 190.745616][T10789] loop_set_fd+0xd21/0x1180 [ 190.745640][T10789] lo_ioctl+0xd5/0x2200 [ 190.745647][T10789] ? __kasan_slab_free+0x12a/0x1e0 [ 190.745654][T10789] ? kasan_slab_free+0xe/0x10 [ 190.745661][T10789] ? kfree+0x115/0x200 [ 190.745671][T10789] ? tomoyo_path_number_perm+0x4e1/0x640 [ 190.745679][T10789] ? tomoyo_file_ioctl+0x23/0x30 [ 190.745689][T10789] ? security_file_ioctl+0x6d/0xd0 [ 190.745699][T10789] ? __x64_sys_ioctl+0xa3/0x120 [ 190.745707][T10789] ? do_syscall_64+0xf7/0x1c0 [ 190.745720][T10789] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.761976][T10789] ? debug_check_no_obj_freed+0x505/0x5b0 [ 190.762004][T10789] ? rcu_lock_release+0x9/0x30 19:01:57 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 190.762023][T10789] ? rcu_lock_release+0x9/0x30 [ 190.762036][T10789] ? lo_release+0x1f0/0x1f0 [ 190.762047][T10789] blkdev_ioctl+0x807/0x2980 [ 190.762062][T10789] ? tomoyo_path_number_perm+0x53e/0x640 [ 190.782580][T10789] block_ioctl+0xbd/0x100 [ 190.782590][T10789] ? blkdev_iopoll+0x100/0x100 [ 190.782603][T10789] do_vfs_ioctl+0x744/0x1730 [ 190.782612][T10789] ? __fget+0x3f1/0x510 [ 190.782628][T10789] ? tomoyo_file_ioctl+0x23/0x30 [ 190.782639][T10789] ? security_file_ioctl+0xa1/0xd0 [ 190.782652][T10789] __x64_sys_ioctl+0xe3/0x120 19:01:57 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x68, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 190.782665][T10789] do_syscall_64+0xf7/0x1c0 [ 190.795962][T10789] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 190.795972][T10789] RIP: 0033:0x459897 [ 190.795982][T10789] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 190.795988][T10789] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 190.795997][T10789] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 19:01:57 executing program 4 (fault-call:11 fault-nth:3): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:57 executing program 0 (fault-call:14 fault-nth:3): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 190.796003][T10789] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 190.796009][T10789] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 190.796015][T10789] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 190.796021][T10789] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 191.004315][T10794] validate_nla: 8 callbacks suppressed [ 191.004322][T10794] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:57 executing program 1 (fault-call:1 fault-nth:26): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 191.105199][T10799] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 191.148874][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 191.148883][ T26] audit: type=1804 audit(1570129317.836:250): pid=10809 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/144/file0" dev="sda1" ino=17063 res=1 [ 191.182315][ T26] audit: type=1804 audit(1570129317.866:251): pid=10807 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/133/file0" dev="sda1" ino=16545 res=1 [ 191.209183][T10810] FAULT_INJECTION: forcing a failure. [ 191.209183][T10810] name failslab, interval 1, probability 0, space 0, times 0 [ 191.222129][T10810] CPU: 1 PID: 10810 Comm: syz-executor.0 Not tainted 5.4.0-rc1+ #0 [ 191.230016][T10810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.240074][T10810] Call Trace: [ 191.240149][T10810] dump_stack+0x1d8/0x2f8 [ 191.240165][T10810] should_fail+0x555/0x770 [ 191.240182][T10810] __should_failslab+0x11a/0x160 [ 191.240196][T10810] ? __es_insert_extent+0x7ba/0x17c0 [ 191.247781][T10810] should_failslab+0x9/0x20 [ 191.247795][T10810] kmem_cache_alloc+0x56/0x2e0 [ 191.247808][T10810] __es_insert_extent+0x7ba/0x17c0 [ 191.262414][T10810] ? __kasan_check_write+0x14/0x20 [ 191.262426][T10810] ? do_raw_write_lock+0xf3/0x460 [ 191.262444][T10810] ext4_es_insert_extent+0x250/0x2ea0 [ 191.262453][T10810] ? ext4_map_blocks+0x820/0x1e30 [ 191.262468][T10810] ? __kasan_check_write+0x14/0x20 [ 191.262481][T10810] ext4_map_blocks+0xe1c/0x1e30 [ 191.262505][T10810] _ext4_get_block+0x196/0x5c0 [ 191.271721][T10810] ? ext4_journal_check_start+0x179/0x200 [ 191.271739][T10810] ext4_get_block_trans+0x3ac/0x500 [ 191.271757][T10810] ext4_dio_get_block+0x7f/0xb0 [ 191.271767][T10810] ? ext4_get_block_unwritten+0x40/0x40 [ 191.271780][T10810] __blockdev_direct_IO+0x14cd/0x4380 [ 191.281989][T10810] ? ext4_get_block_unwritten+0x40/0x40 [ 191.307249][T10810] ? ext4_get_block_unwritten+0x40/0x40 19:01:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3bc, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 191.333221][T10810] ext4_direct_IO+0xc96/0x1480 [ 191.333246][T10810] generic_file_direct_write+0x22e/0x440 [ 191.333264][T10810] __generic_file_write_iter+0x2af/0x520 [ 191.333273][T10810] ? down_write_trylock+0x13d/0x290 [ 191.333282][T10810] ? generic_write_checks+0x3c5/0x470 [ 191.333303][T10810] ext4_file_write_iter+0xd36/0x15b0 [ 191.333327][T10810] do_iter_readv_writev+0x651/0x8e0 [ 191.333347][T10810] do_iter_write+0x180/0x590 [ 191.333361][T10810] ? rcu_read_lock_any_held+0x13d/0x1a0 [ 191.333375][T10810] do_writev+0x239/0x490 [ 191.333393][T10810] ? fpregs_assert_state_consistent+0xb7/0xe0 [ 191.349901][T10810] ? prepare_exit_to_usermode+0x1f7/0x580 [ 191.349914][T10810] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 191.349925][T10810] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 191.349935][T10810] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 191.349945][T10810] ? do_syscall_64+0x1d/0x1c0 [ 191.349958][T10810] __x64_sys_writev+0x7d/0x90 [ 191.349972][T10810] do_syscall_64+0xf7/0x1c0 [ 191.360324][T10810] entry_SYSCALL_64_after_hwframe+0x49/0xbe 19:01:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 191.360334][T10810] RIP: 0033:0x459a29 [ 191.360344][T10810] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.360350][T10810] RSP: 002b:00007f5501661c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 191.360360][T10810] RAX: ffffffffffffffda RBX: 00007f5501661c90 RCX: 0000000000459a29 [ 191.360367][T10810] RDX: 0000000000000063 RSI: 00000000200003c0 RDI: 0000000000000007 [ 191.360373][T10810] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 191.360379][T10810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f55016626d4 [ 191.360384][T10810] R13: 00000000004c6f65 R14: 00000000004e1d28 R15: 0000000000000009 [ 191.392119][T10813] FAULT_INJECTION: forcing a failure. [ 191.392119][T10813] name failslab, interval 1, probability 0, space 0, times 0 [ 191.408293][T10813] CPU: 1 PID: 10813 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 191.419428][T10813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.419434][T10813] Call Trace: [ 191.419451][T10813] dump_stack+0x1d8/0x2f8 [ 191.419466][T10813] should_fail+0x555/0x770 [ 191.419483][T10813] __should_failslab+0x11a/0x160 [ 191.419498][T10813] should_failslab+0x9/0x20 [ 191.419509][T10813] kmem_cache_alloc_trace+0x5d/0x2f0 [ 191.419519][T10813] ? kobject_uevent_env+0x2cd/0x1260 [ 191.419530][T10813] ? dev_uevent_filter+0xb0/0xb0 [ 191.419544][T10813] kobject_uevent_env+0x2cd/0x1260 [ 191.430695][T10813] kobject_uevent+0x1f/0x30 19:01:58 executing program 0 (fault-call:14 fault-nth:4): getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:58 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 191.430707][T10813] loop_set_fd+0xd21/0x1180 [ 191.430731][T10813] lo_ioctl+0xd5/0x2200 [ 191.430740][T10813] ? __kasan_slab_free+0x12a/0x1e0 [ 191.430753][T10813] ? kasan_slab_free+0xe/0x10 [ 191.430763][T10813] ? kfree+0x115/0x200 [ 191.430773][T10813] ? tomoyo_path_number_perm+0x4e1/0x640 [ 191.430782][T10813] ? tomoyo_file_ioctl+0x23/0x30 [ 191.430792][T10813] ? security_file_ioctl+0x6d/0xd0 [ 191.430801][T10813] ? __x64_sys_ioctl+0xa3/0x120 [ 191.430810][T10813] ? do_syscall_64+0xf7/0x1c0 [ 191.430824][T10813] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.440132][T10813] ? debug_check_no_obj_freed+0x505/0x5b0 [ 191.500260][T10817] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 191.506213][T10813] ? rcu_lock_release+0x9/0x30 [ 191.506233][T10813] ? rcu_lock_release+0x9/0x30 [ 191.506246][T10813] ? lo_release+0x1f0/0x1f0 [ 191.506258][T10813] blkdev_ioctl+0x807/0x2980 [ 191.506273][T10813] ? tomoyo_path_number_perm+0x53e/0x640 [ 191.506303][T10813] block_ioctl+0xbd/0x100 [ 191.506312][T10813] ? blkdev_iopoll+0x100/0x100 [ 191.506325][T10813] do_vfs_ioctl+0x744/0x1730 [ 191.506333][T10813] ? __fget+0x3f1/0x510 [ 191.506349][T10813] ? tomoyo_file_ioctl+0x23/0x30 [ 191.522274][T10813] ? security_file_ioctl+0xa1/0xd0 [ 191.522289][T10813] __x64_sys_ioctl+0xe3/0x120 [ 191.522304][T10813] do_syscall_64+0xf7/0x1c0 [ 191.522319][T10813] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 191.522329][T10813] RIP: 0033:0x459897 [ 191.522339][T10813] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 191.522345][T10813] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 191.522355][T10813] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 191.522360][T10813] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 191.522366][T10813] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 191.522371][T10813] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 19:01:58 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:58 executing program 1 (fault-call:1 fault-nth:27): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 191.522376][T10813] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 191.693467][ T26] audit: type=1804 audit(1570129318.376:252): pid=10824 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/145/file0" dev="sda1" ino=16545 res=1 [ 191.865660][ T26] audit: type=1804 audit(1570129318.556:253): pid=10827 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/134/file0" dev="sda1" ino=16993 res=1 [ 191.914353][T10819] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 191.922751][ C1] net_ratelimit: 4 callbacks suppressed [ 191.922757][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 191.922807][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 191.922889][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 191.922929][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 191.923015][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 191.923068][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:01:58 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f2, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 191.969906][T10830] FAULT_INJECTION: forcing a failure. [ 191.969906][T10830] name failslab, interval 1, probability 0, space 0, times 0 19:01:58 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x74, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 192.021547][T10830] CPU: 0 PID: 10830 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 192.029478][T10830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.039521][T10830] Call Trace: [ 192.042799][T10830] dump_stack+0x1d8/0x2f8 [ 192.047120][T10830] should_fail+0x555/0x770 [ 192.051515][T10830] __should_failslab+0x11a/0x160 [ 192.056433][T10830] ? __kernfs_new_node+0x97/0x6b0 [ 192.061434][T10830] should_failslab+0x9/0x20 [ 192.065916][T10830] kmem_cache_alloc+0x56/0x2e0 [ 192.070660][T10830] __kernfs_new_node+0x97/0x6b0 [ 192.075487][T10830] ? mutex_unlock+0xd/0x10 [ 192.079874][T10830] ? kernfs_activate+0x4c7/0x4e0 [ 192.084791][T10830] kernfs_new_node+0x97/0x170 [ 192.089445][T10830] __kernfs_create_file+0x4a/0x2f0 [ 192.094542][T10830] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 192.100066][T10830] internal_create_group+0x4be/0xd80 [ 192.105337][T10830] sysfs_create_group+0x1f/0x30 [ 192.110161][T10830] loop_set_fd+0xcb2/0x1180 [ 192.114644][T10830] lo_ioctl+0xd5/0x2200 [ 192.118773][T10830] ? __kasan_slab_free+0x12a/0x1e0 [ 192.123891][T10830] ? kasan_slab_free+0xe/0x10 [ 192.128540][T10830] ? kfree+0x115/0x200 [ 192.132581][T10830] ? tomoyo_path_number_perm+0x4e1/0x640 [ 192.138184][T10830] ? tomoyo_file_ioctl+0x23/0x30 [ 192.143093][T10830] ? security_file_ioctl+0x6d/0xd0 [ 192.148173][T10830] ? __x64_sys_ioctl+0xa3/0x120 [ 192.152997][T10830] ? do_syscall_64+0xf7/0x1c0 [ 192.157645][T10830] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.163686][T10830] ? debug_check_no_obj_freed+0x505/0x5b0 [ 192.169387][T10830] ? rcu_lock_release+0x9/0x30 [ 192.174127][T10830] ? rcu_lock_release+0x9/0x30 [ 192.178874][T10830] ? lo_release+0x1f0/0x1f0 [ 192.183376][T10830] blkdev_ioctl+0x807/0x2980 [ 192.187941][T10830] ? tomoyo_path_number_perm+0x53e/0x640 [ 192.193558][T10830] block_ioctl+0xbd/0x100 [ 192.197868][T10830] ? blkdev_iopoll+0x100/0x100 [ 192.202612][T10830] do_vfs_ioctl+0x744/0x1730 [ 192.207173][T10830] ? __fget+0x3f1/0x510 [ 192.211303][T10830] ? tomoyo_file_ioctl+0x23/0x30 [ 192.216222][T10830] ? security_file_ioctl+0xa1/0xd0 [ 192.221306][T10830] __x64_sys_ioctl+0xe3/0x120 [ 192.226046][T10830] do_syscall_64+0xf7/0x1c0 [ 192.230542][T10830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.236425][T10830] RIP: 0033:0x459897 [ 192.240303][T10830] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 192.259882][T10830] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 19:01:59 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:59 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x8) [ 192.268276][T10830] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 192.276218][T10830] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 192.284187][T10830] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 192.292141][T10830] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 192.300095][T10830] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 192.366427][T10843] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 192.382212][ T26] audit: type=1804 audit(1570129319.066:254): pid=10844 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/135/file0" dev="sda1" ino=17060 res=1 19:01:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f5, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 192.476974][ T26] audit: type=1804 audit(1570129319.136:255): pid=10851 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/135/file0" dev="sda1" ino=17060 res=1 [ 192.501551][T10850] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:01:59 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:01:59 executing program 1 (fault-call:1 fault-nth:28): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 192.545379][ T26] audit: type=1804 audit(1570129319.216:256): pid=10852 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/146/file0" dev="sda1" ino=16545 res=1 [ 192.569457][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 192.575280][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 192.612728][T10856] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 192.666145][T10862] FAULT_INJECTION: forcing a failure. [ 192.666145][T10862] name failslab, interval 1, probability 0, space 0, times 0 [ 192.679369][T10862] CPU: 1 PID: 10862 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 192.687270][T10862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 192.697329][T10862] Call Trace: [ 192.700631][T10862] dump_stack+0x1d8/0x2f8 [ 192.704974][T10862] should_fail+0x555/0x770 19:01:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f8, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 192.706747][ T26] audit: type=1804 audit(1570129319.316:257): pid=10860 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/136/file0" dev="sda1" ino=17063 res=1 [ 192.709395][T10862] __should_failslab+0x11a/0x160 [ 192.709411][T10862] ? __kernfs_new_node+0x97/0x6b0 [ 192.709422][T10862] should_failslab+0x9/0x20 [ 192.709439][T10862] kmem_cache_alloc+0x56/0x2e0 [ 192.738553][ T26] audit: type=1804 audit(1570129319.336:258): pid=10863 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/136/file0" dev="sda1" ino=17063 res=1 [ 192.743147][T10862] __kernfs_new_node+0x97/0x6b0 [ 192.743166][T10862] ? mutex_unlock+0xd/0x10 [ 192.743175][T10862] ? kernfs_activate+0x4c7/0x4e0 [ 192.743188][T10862] kernfs_new_node+0x97/0x170 [ 192.743202][T10862] __kernfs_create_file+0x4a/0x2f0 [ 192.743214][T10862] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 192.743229][T10862] internal_create_group+0x4be/0xd80 [ 192.743250][T10862] sysfs_create_group+0x1f/0x30 [ 192.815531][T10862] loop_set_fd+0xcb2/0x1180 [ 192.820206][T10862] lo_ioctl+0xd5/0x2200 [ 192.824350][T10862] ? __kasan_slab_free+0x12a/0x1e0 [ 192.829438][T10862] ? kasan_slab_free+0xe/0x10 [ 192.834109][T10862] ? kfree+0x115/0x200 [ 192.838173][T10862] ? tomoyo_path_number_perm+0x4e1/0x640 [ 192.843787][T10862] ? tomoyo_file_ioctl+0x23/0x30 [ 192.848703][T10862] ? security_file_ioctl+0x6d/0xd0 [ 192.853806][T10862] ? __x64_sys_ioctl+0xa3/0x120 [ 192.858640][T10862] ? do_syscall_64+0xf7/0x1c0 [ 192.863304][T10862] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.869371][T10862] ? debug_check_no_obj_freed+0x505/0x5b0 [ 192.875096][T10862] ? rcu_lock_release+0x9/0x30 [ 192.879859][T10862] ? rcu_lock_release+0x9/0x30 [ 192.884616][T10862] ? lo_release+0x1f0/0x1f0 [ 192.889135][T10862] blkdev_ioctl+0x807/0x2980 [ 192.893722][T10862] ? tomoyo_path_number_perm+0x53e/0x640 [ 192.899373][T10862] block_ioctl+0xbd/0x100 [ 192.903681][T10862] ? blkdev_iopoll+0x100/0x100 [ 192.908422][T10862] do_vfs_ioctl+0x744/0x1730 [ 192.912993][T10862] ? __fget+0x3f1/0x510 [ 192.917145][T10862] ? tomoyo_file_ioctl+0x23/0x30 [ 192.922069][T10862] ? security_file_ioctl+0xa1/0xd0 [ 192.927157][T10862] __x64_sys_ioctl+0xe3/0x120 [ 192.931820][T10862] do_syscall_64+0xf7/0x1c0 [ 192.936321][T10862] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 192.942200][T10862] RIP: 0033:0x459897 [ 192.946073][T10862] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:01:59 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:01:59 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x8) [ 192.965803][T10862] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.974206][T10862] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 192.982169][T10862] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 192.990121][T10862] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 192.998078][T10862] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 193.006042][T10862] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:01:59 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:01:59 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 193.071862][T10868] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:01:59 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3fe, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:01:59 executing program 1 (fault-call:1 fault-nth:29): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 193.152740][T10879] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 193.175795][ T26] audit: type=1804 audit(1570129319.866:259): pid=10878 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/137/file0" dev="sda1" ino=17082 res=1 19:02:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x109, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 193.305305][T10891] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 193.315407][T10890] FAULT_INJECTION: forcing a failure. [ 193.315407][T10890] name failslab, interval 1, probability 0, space 0, times 0 [ 193.342713][T10890] CPU: 1 PID: 10890 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 19:02:00 executing program 0: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) [ 193.350634][T10890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.360730][T10890] Call Trace: [ 193.364005][T10890] dump_stack+0x1d8/0x2f8 [ 193.368316][T10890] should_fail+0x555/0x770 [ 193.372720][T10890] __should_failslab+0x11a/0x160 [ 193.377654][T10890] should_failslab+0x9/0x20 [ 193.382141][T10890] kmem_cache_alloc_node+0x65/0x280 [ 193.387316][T10890] ? __alloc_skb+0x9f/0x500 [ 193.391792][T10890] __alloc_skb+0x9f/0x500 [ 193.396101][T10890] alloc_uevent_skb+0x7f/0x230 [ 193.400841][T10890] kobject_uevent_env+0xcbb/0x1260 [ 193.405937][T10890] kobject_uevent+0x1f/0x30 [ 193.410417][T10890] loop_set_fd+0xd21/0x1180 [ 193.414902][T10890] lo_ioctl+0xd5/0x2200 [ 193.419029][T10890] ? __kasan_slab_free+0x12a/0x1e0 [ 193.424112][T10890] ? kasan_slab_free+0xe/0x10 [ 193.428821][T10890] ? kfree+0x115/0x200 [ 193.432927][T10890] ? tomoyo_path_number_perm+0x4e1/0x640 [ 193.438548][T10890] ? tomoyo_file_ioctl+0x23/0x30 [ 193.443478][T10890] ? security_file_ioctl+0x6d/0xd0 [ 193.448582][T10890] ? __x64_sys_ioctl+0xa3/0x120 [ 193.453417][T10890] ? do_syscall_64+0xf7/0x1c0 [ 193.458074][T10890] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.464183][T10890] ? debug_check_no_obj_freed+0x505/0x5b0 [ 193.469910][T10890] ? rcu_lock_release+0x9/0x30 [ 193.474659][T10890] ? rcu_lock_release+0x9/0x30 [ 193.479400][T10890] ? lo_release+0x1f0/0x1f0 [ 193.483880][T10890] blkdev_ioctl+0x807/0x2980 [ 193.488452][T10890] ? tomoyo_path_number_perm+0x53e/0x640 [ 193.494088][T10890] block_ioctl+0xbd/0x100 [ 193.498407][T10890] ? blkdev_iopoll+0x100/0x100 [ 193.503148][T10890] do_vfs_ioctl+0x744/0x1730 [ 193.507716][T10890] ? __fget+0x3f1/0x510 [ 193.511849][T10890] ? tomoyo_file_ioctl+0x23/0x30 [ 193.516761][T10890] ? security_file_ioctl+0xa1/0xd0 [ 193.521849][T10890] __x64_sys_ioctl+0xe3/0x120 [ 193.526574][T10890] do_syscall_64+0xf7/0x1c0 [ 193.531052][T10890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.536915][T10890] RIP: 0033:0x459897 [ 193.540783][T10890] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.560363][T10890] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.568747][T10890] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 193.576704][T10890] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 193.584662][T10890] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 193.592607][T10890] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 19:02:00 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) writev(r3, &(0x7f00000003c0), 0x63) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000000c0)={0x0, 0x7408, 0x3, [0x6, 0x1ff, 0x1000]}, &(0x7f0000000100)=0xe) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x600000, 0x60) [ 193.600552][T10890] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x500, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:00 executing program 1 (fault-call:1 fault-nth:30): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x117, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 193.815891][T10912] FAULT_INJECTION: forcing a failure. [ 193.815891][T10912] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 193.829127][T10912] CPU: 0 PID: 10912 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 193.837010][T10912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 193.847053][T10912] Call Trace: [ 193.850338][T10912] dump_stack+0x1d8/0x2f8 [ 193.854661][T10912] should_fail+0x555/0x770 [ 193.854681][T10912] should_fail_alloc_page+0x55/0x60 [ 193.854690][T10912] prepare_alloc_pages+0x283/0x460 [ 193.854703][T10912] __alloc_pages_nodemask+0xb2/0x5d0 [ 193.864297][T10912] kmem_getpages+0x4d/0xa00 [ 193.864310][T10912] cache_grow_begin+0x7e/0x2c0 [ 193.864324][T10912] cache_alloc_refill+0x311/0x3f0 [ 193.864335][T10912] ? check_preemption_disabled+0xb7/0x2a0 [ 193.864351][T10912] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 193.864365][T10912] ? kobject_uevent_env+0x2cd/0x1260 [ 193.874719][T10912] ? dev_uevent_filter+0xb0/0xb0 19:02:00 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x501, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 193.874732][T10912] kobject_uevent_env+0x2cd/0x1260 [ 193.874755][T10912] kobject_uevent+0x1f/0x30 [ 193.874767][T10912] loop_set_fd+0xd21/0x1180 [ 193.874789][T10912] lo_ioctl+0xd5/0x2200 [ 193.883997][T10912] ? __kasan_slab_free+0x12a/0x1e0 [ 193.884005][T10912] ? kasan_slab_free+0xe/0x10 [ 193.884015][T10912] ? kfree+0x115/0x200 [ 193.884026][T10912] ? tomoyo_path_number_perm+0x4e1/0x640 [ 193.884034][T10912] ? tomoyo_file_ioctl+0x23/0x30 [ 193.884042][T10912] ? security_file_ioctl+0x6d/0xd0 [ 193.884054][T10912] ? __x64_sys_ioctl+0xa3/0x120 [ 193.894735][T10912] ? do_syscall_64+0xf7/0x1c0 [ 193.894746][T10912] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.894761][T10912] ? debug_check_no_obj_freed+0x505/0x5b0 [ 193.894787][T10912] ? rcu_lock_release+0x9/0x30 [ 193.894804][T10912] ? rcu_lock_release+0x9/0x30 [ 193.905402][T10912] ? lo_release+0x1f0/0x1f0 [ 193.905412][T10912] blkdev_ioctl+0x807/0x2980 [ 193.905427][T10912] ? tomoyo_path_number_perm+0x53e/0x640 [ 193.905459][T10912] block_ioctl+0xbd/0x100 [ 193.905470][T10912] ? blkdev_iopoll+0x100/0x100 19:02:00 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:00 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x2010, r0, 0x0) mprotect(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000002) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0x75, 0x40000002, r3, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f00000000c0)=0x201f, 0x8) r5 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) [ 193.918519][T10912] do_vfs_ioctl+0x744/0x1730 [ 193.918528][T10912] ? __fget+0x3f1/0x510 [ 193.918544][T10912] ? tomoyo_file_ioctl+0x23/0x30 [ 193.918556][T10912] ? security_file_ioctl+0xa1/0xd0 [ 193.918576][T10912] __x64_sys_ioctl+0xe3/0x120 [ 193.927525][T10912] do_syscall_64+0xf7/0x1c0 [ 193.927540][T10912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 193.927549][T10912] RIP: 0033:0x459897 [ 193.927559][T10912] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 193.927564][T10912] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 193.936781][T10912] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 193.936787][T10912] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 193.936793][T10912] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 193.936798][T10912] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 193.936804][T10912] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:00 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x600, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:00 executing program 1 (fault-call:1 fault-nth:31): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x300, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:00 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x101000, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000089f90e6bdcdb98c9b410d2fe4a245d00000000004000000000000000000000000000000000000000005aec9334000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000851c9cf523748511fcf77346bd07a20100e335f5"], 0x78) r6 = inotify_add_watch(r5, &(0x7f0000000080)='./bus\x00', 0x8000000) inotify_rm_watch(r4, r6) ioctl$KDMKTONE(r3, 0x4b30, 0x69ba) 19:02:01 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x400000, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f0000000180)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r3, r4) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000540)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x38, 0x1}, [{0x0, 0x1, 0x0, 0x1000000}], "", [[], []]}, 0x278) r7 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r8 = fanotify_init(0x0, 0x0) fanotify_mark(r8, 0x75, 0x40000002, r7, 0x0) r9 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r9, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x1) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000100)='/dev/urandom\x00', 0x81000, 0x0) r11 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r11, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r10, 0x4, 0x6100) writev(r10, &(0x7f00000003c0), 0x63) [ 194.392937][T10945] FAULT_INJECTION: forcing a failure. [ 194.392937][T10945] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 194.406177][T10945] CPU: 0 PID: 10945 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 194.414058][T10945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.414063][T10945] Call Trace: [ 194.414081][T10945] dump_stack+0x1d8/0x2f8 [ 194.414096][T10945] should_fail+0x555/0x770 [ 194.414114][T10945] should_fail_alloc_page+0x55/0x60 [ 194.414122][T10945] prepare_alloc_pages+0x283/0x460 [ 194.414137][T10945] __alloc_pages_nodemask+0xb2/0x5d0 [ 194.427488][T10945] kmem_getpages+0x4d/0xa00 [ 194.427501][T10945] cache_grow_begin+0x7e/0x2c0 [ 194.427514][T10945] cache_alloc_refill+0x311/0x3f0 [ 194.436243][T10945] ? check_preemption_disabled+0xb7/0x2a0 [ 194.436260][T10945] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 194.436270][T10945] ? kobject_uevent_env+0x2cd/0x1260 [ 194.436281][T10945] ? dev_uevent_filter+0xb0/0xb0 [ 194.436292][T10945] kobject_uevent_env+0x2cd/0x1260 19:02:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x700, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 194.436314][T10945] kobject_uevent+0x1f/0x30 [ 194.436326][T10945] loop_set_fd+0xd21/0x1180 [ 194.436347][T10945] lo_ioctl+0xd5/0x2200 [ 194.446607][T10945] ? __kasan_slab_free+0x12a/0x1e0 [ 194.446614][T10945] ? kasan_slab_free+0xe/0x10 [ 194.446623][T10945] ? kfree+0x115/0x200 [ 194.446634][T10945] ? tomoyo_path_number_perm+0x4e1/0x640 [ 194.446641][T10945] ? tomoyo_file_ioctl+0x23/0x30 [ 194.446650][T10945] ? security_file_ioctl+0x6d/0xd0 [ 194.446660][T10945] ? __x64_sys_ioctl+0xa3/0x120 [ 194.446668][T10945] ? do_syscall_64+0xf7/0x1c0 [ 194.446682][T10945] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.461181][T10945] ? debug_check_no_obj_freed+0x505/0x5b0 [ 194.461212][T10945] ? rcu_lock_release+0x9/0x30 [ 194.461226][T10945] ? rcu_lock_release+0x9/0x30 [ 194.461238][T10945] ? lo_release+0x1f0/0x1f0 [ 194.461248][T10945] blkdev_ioctl+0x807/0x2980 [ 194.461260][T10945] ? tomoyo_path_number_perm+0x53e/0x640 [ 194.461287][T10945] block_ioctl+0xbd/0x100 [ 194.461296][T10945] ? blkdev_iopoll+0x100/0x100 [ 194.461308][T10945] do_vfs_ioctl+0x744/0x1730 [ 194.461316][T10945] ? __fget+0x3f1/0x510 [ 194.461329][T10945] ? tomoyo_file_ioctl+0x23/0x30 [ 194.461342][T10945] ? security_file_ioctl+0xa1/0xd0 [ 194.472044][T10945] __x64_sys_ioctl+0xe3/0x120 [ 194.472060][T10945] do_syscall_64+0xf7/0x1c0 [ 194.472075][T10945] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.472083][T10945] RIP: 0033:0x459897 [ 194.472093][T10945] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 194.472097][T10945] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.472107][T10945] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 194.472112][T10945] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 194.472118][T10945] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 194.472123][T10945] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 19:02:01 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff0000/0x2000)=nil, &(0x7f0000ff5000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000080)="c0bdfec661365eafa5153e66f90ea5", 0xf, r5}, 0x68) writev(r4, &(0x7f00000003c0), 0x63) [ 194.472129][T10945] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 194.642481][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 194.657406][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:01 executing program 1 (fault-call:1 fault-nth:32): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x500, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x900, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:01 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) r3 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0x75, 0x40000002, r3, 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x2}, [{}]}, 0x78) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000000000000000400000000200000000000000000038000000000000000000000000000000000000dfffffff0000000000000000000000000000000000000000002000000000000000000000000000000000000000000085e8c2c6d0a8de518941c4c41042fe78b94577fd9a10f52fc99600000000000000004080cf068304d507c8c052bc8037773ea2354f36b792c3fa2f2fbb87f38f24be5efd0249bb3e2148dad92d1970db98173b5fe942655b623df491f8113dcd18c5dcde617b3d53ddacf513e64e4fae3751f1d28cfedbac86708af2adb76426c162408f45f6"], 0x78) fanotify_mark(r2, 0x75, 0x40000002, r6, 0x0) ioctl$TIOCGWINSZ(r1, 0x5413, &(0x7f00000000c0)) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r9 = dup2(r7, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) r10 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r11 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r11, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r10, 0x4, 0x6100) writev(r10, &(0x7f00000003c0), 0x63) 19:02:01 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 194.833387][T10963] FAULT_INJECTION: forcing a failure. [ 194.833387][T10963] name failslab, interval 1, probability 0, space 0, times 0 [ 194.857937][T10963] CPU: 1 PID: 10963 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 194.865851][T10963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.875901][T10963] Call Trace: [ 194.879197][T10963] dump_stack+0x1d8/0x2f8 [ 194.883528][T10963] should_fail+0x555/0x770 [ 194.887950][T10963] __should_failslab+0x11a/0x160 [ 194.892889][T10963] should_failslab+0x9/0x20 [ 194.897385][T10963] kmem_cache_alloc_node+0x65/0x280 [ 194.902573][T10963] ? __alloc_skb+0x9f/0x500 [ 194.907067][T10963] __alloc_skb+0x9f/0x500 [ 194.911390][T10963] alloc_uevent_skb+0x7f/0x230 [ 194.916141][T10963] kobject_uevent_env+0xcbb/0x1260 [ 194.916213][T10963] kobject_uevent+0x1f/0x30 [ 194.925789][T10963] loop_set_fd+0xd21/0x1180 [ 194.930297][T10963] lo_ioctl+0xd5/0x2200 [ 194.934441][T10963] ? __kasan_slab_free+0x12a/0x1e0 [ 194.939524][T10963] ? kasan_slab_free+0xe/0x10 [ 194.944183][T10963] ? kfree+0x115/0x200 [ 194.948223][T10963] ? tomoyo_path_number_perm+0x4e1/0x640 [ 194.953830][T10963] ? tomoyo_file_ioctl+0x23/0x30 [ 194.958745][T10963] ? security_file_ioctl+0x6d/0xd0 [ 194.963835][T10963] ? __x64_sys_ioctl+0xa3/0x120 [ 194.968667][T10963] ? do_syscall_64+0xf7/0x1c0 [ 194.973314][T10963] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 194.979370][T10963] ? debug_check_no_obj_freed+0x505/0x5b0 [ 194.985100][T10963] ? rcu_lock_release+0x9/0x30 [ 194.989848][T10963] ? rcu_lock_release+0x9/0x30 [ 194.994592][T10963] ? lo_release+0x1f0/0x1f0 [ 194.999070][T10963] blkdev_ioctl+0x807/0x2980 [ 195.003637][T10963] ? tomoyo_path_number_perm+0x53e/0x640 [ 195.009263][T10963] block_ioctl+0xbd/0x100 [ 195.013568][T10963] ? blkdev_iopoll+0x100/0x100 [ 195.018307][T10963] do_vfs_ioctl+0x744/0x1730 [ 195.022890][T10963] ? __fget+0x3f1/0x510 [ 195.027026][T10963] ? tomoyo_file_ioctl+0x23/0x30 [ 195.031940][T10963] ? security_file_ioctl+0xa1/0xd0 [ 195.037026][T10963] __x64_sys_ioctl+0xe3/0x120 [ 195.041678][T10963] do_syscall_64+0xf7/0x1c0 [ 195.046165][T10963] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.052031][T10963] RIP: 0033:0x459897 [ 195.055903][T10963] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.075481][T10963] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.083877][T10963] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 195.091822][T10963] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 195.099775][T10963] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 195.107721][T10963] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 195.115676][T10963] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:01 executing program 1 (fault-call:1 fault-nth:33): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:01 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:01 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x600, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 195.286071][T10983] FAULT_INJECTION: forcing a failure. [ 195.286071][T10983] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 195.299324][T10983] CPU: 1 PID: 10983 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 195.299334][T10983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.299338][T10983] Call Trace: [ 195.299356][T10983] dump_stack+0x1d8/0x2f8 [ 195.299370][T10983] should_fail+0x555/0x770 [ 195.299385][T10983] should_fail_alloc_page+0x55/0x60 [ 195.299393][T10983] prepare_alloc_pages+0x283/0x460 [ 195.299410][T10983] __alloc_pages_nodemask+0xb2/0x5d0 [ 195.329360][T10983] ? lo_release+0x1f0/0x1f0 [ 195.329374][T10983] ? blkdev_ioctl+0x807/0x2980 [ 195.329391][T10983] kmem_getpages+0x4d/0xa00 [ 195.344921][T10983] cache_grow_begin+0x7e/0x2c0 [ 195.344937][T10983] cache_alloc_refill+0x311/0x3f0 [ 195.344947][T10983] ? check_preemption_disabled+0xb7/0x2a0 [ 195.344963][T10983] kmem_cache_alloc+0x2b9/0x2e0 [ 195.344971][T10983] ? getname_flags+0xba/0x640 [ 195.344986][T10983] getname_flags+0xba/0x640 [ 195.354225][T10983] do_mkdirat+0x3c/0x320 [ 195.354238][T10983] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 195.354254][T10983] ? do_syscall_64+0x1d/0x1c0 [ 195.354265][T10983] __x64_sys_mkdir+0x60/0x70 [ 195.354276][T10983] do_syscall_64+0xf7/0x1c0 [ 195.354290][T10983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.354301][T10983] RIP: 0033:0x458e47 [ 195.379072][T10983] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.392458][T10983] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 195.392470][T10983] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 195.392476][T10983] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 195.392482][T10983] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 19:02:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 195.392488][T10983] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 195.392494][T10983] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:02 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r3 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r3, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmsg(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)='+', 0x1}], 0x1}, 0xc100) recvmmsg(0xffffffffffffffff, &(0x7f0000004e00)=[{{0x0, 0x0, &(0x7f0000001000)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000e80)=""/5, 0x5}], 0x6}}], 0x1, 0x0, 0x0) writev(r3, &(0x7f0000000400)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xffcf}], 0x1) r4 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:02 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x2, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x2) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x700, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:02 executing program 1 (fault-call:1 fault-nth:34): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x900, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:02 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x10201, 0x5, 0x6000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) r6 = gettid() tkill(r6, 0x13) r7 = syz_open_procfs(r6, &(0x7f0000000340)='net/udp\x00') ioctl$VIDIOC_SUBDEV_G_SELECTION(r7, 0xc040563d, &(0x7f0000000380)={0x1, 0x0, 0x101, 0x7, {0x9, 0x0, 0x8, 0x2240}}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r9 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r10 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r10, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$DMA_BUF_IOCTL_SYNC(r10, 0x40086200, &(0x7f0000000180)=0x2) r11 = fanotify_init(0x0, 0x0) fanotify_mark(r11, 0x75, 0x40000002, r9, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r12, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) fsetxattr$trusted_overlay_nlink(r12, &(0x7f00000001c0)='trusted.overlay.nlink\x00', &(0x7f0000000300)={'U+', 0x14000000000000}, 0x28, 0x2) ioctl$DRM_IOCTL_GET_MAGIC(r9, 0x80046402, &(0x7f0000000100)=0x5) r13 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r13, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r8, 0x4, 0x6100) writev(r8, &(0x7f00000003c0), 0x63) [ 195.753841][T11017] FAULT_INJECTION: forcing a failure. [ 195.753841][T11017] name failslab, interval 1, probability 0, space 0, times 0 [ 195.785656][T11017] CPU: 1 PID: 11017 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 195.793593][T11017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 195.803681][T11017] Call Trace: [ 195.806972][T11017] dump_stack+0x1d8/0x2f8 [ 195.811303][T11017] should_fail+0x555/0x770 [ 195.815716][T11017] __should_failslab+0x11a/0x160 [ 195.820644][T11017] ? skb_clone+0x1cc/0x380 [ 195.825104][T11017] should_failslab+0x9/0x20 [ 195.829586][T11017] kmem_cache_alloc+0x56/0x2e0 [ 195.834329][T11017] skb_clone+0x1cc/0x380 [ 195.838555][T11017] netlink_broadcast_filtered+0x619/0x1080 [ 195.844382][T11017] netlink_broadcast+0x3a/0x50 [ 195.849135][T11017] kobject_uevent_env+0xcf0/0x1260 [ 195.854230][T11017] kobject_uevent+0x1f/0x30 [ 195.858709][T11017] loop_set_fd+0xd21/0x1180 [ 195.863261][T11017] lo_ioctl+0xd5/0x2200 [ 195.867440][T11017] ? _raw_spin_unlock_irq+0x69/0x80 [ 195.872663][T11017] ? finish_task_switch+0x24f/0x550 [ 195.877852][T11017] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 195.883298][T11017] ? retint_kernel+0x2b/0x2b [ 195.887874][T11017] ? trace_hardirqs_on_caller+0x74/0x80 [ 195.893394][T11017] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 195.898828][T11017] ? rcu_lock_release+0x9/0x30 [ 195.903571][T11017] ? rcu_lock_release+0x9/0x30 [ 195.908325][T11017] ? lo_release+0x1f0/0x1f0 [ 195.912809][T11017] blkdev_ioctl+0x807/0x2980 [ 195.917387][T11017] ? tomoyo_path_number_perm+0x53e/0x640 [ 195.923006][T11017] block_ioctl+0xbd/0x100 [ 195.927325][T11017] ? blkdev_iopoll+0x100/0x100 [ 195.932068][T11017] do_vfs_ioctl+0x744/0x1730 [ 195.936635][T11017] ? __fget+0x3f1/0x510 [ 195.940768][T11017] ? tomoyo_file_ioctl+0x23/0x30 [ 195.945680][T11017] ? security_file_ioctl+0xa1/0xd0 [ 195.950769][T11017] __x64_sys_ioctl+0xe3/0x120 [ 195.955422][T11017] do_syscall_64+0xf7/0x1c0 [ 195.959901][T11017] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 195.965769][T11017] RIP: 0033:0x459897 [ 195.969651][T11017] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 195.989232][T11017] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.997627][T11017] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459897 [ 196.005573][T11017] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006 [ 196.013520][T11017] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 196.021465][T11017] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 196.029412][T11017] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:02 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:02 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0x75, 0x40000002, r3, 0x0) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000080)=0x1) r5 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) [ 196.081456][T11027] validate_nla: 12 callbacks suppressed [ 196.081462][T11027] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 196.117126][T11024] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:02 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:02 executing program 1 (fault-call:1 fault-nth:35): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 196.157153][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 196.157162][ T26] audit: type=1804 audit(1570129322.846:286): pid=11033 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/143/file0" dev="sda1" ino=17097 res=1 19:02:02 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x901, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 196.208899][T11036] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 196.221352][ T26] audit: type=1804 audit(1570129322.846:287): pid=11030 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/143/file0" dev="sda1" ino=17097 res=1 [ 196.256279][T11038] FAULT_INJECTION: forcing a failure. [ 196.256279][T11038] name failslab, interval 1, probability 0, space 0, times 0 [ 196.270128][T11038] CPU: 0 PID: 11038 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 196.278027][T11038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.288075][T11038] Call Trace: [ 196.291394][T11038] dump_stack+0x1d8/0x2f8 [ 196.295734][T11038] should_fail+0x555/0x770 [ 196.300161][T11038] __should_failslab+0x11a/0x160 [ 196.305090][T11038] ? getname_flags+0xba/0x640 [ 196.305104][T11038] should_failslab+0x9/0x20 [ 196.305116][T11038] kmem_cache_alloc+0x56/0x2e0 [ 196.305126][T11038] ? __kasan_check_write+0x14/0x20 [ 196.305138][T11038] getname_flags+0xba/0x640 [ 196.305151][T11038] do_mkdirat+0x3c/0x320 [ 196.314289][T11038] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 196.314301][T11038] ? do_syscall_64+0x1d/0x1c0 [ 196.314314][T11038] __x64_sys_mkdir+0x60/0x70 [ 196.314325][T11038] do_syscall_64+0xf7/0x1c0 [ 196.314340][T11038] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.314349][T11038] RIP: 0033:0x458e47 [ 196.314359][T11038] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.314367][T11038] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 196.324196][T11038] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 196.324202][T11038] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 19:02:03 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req3={0xfffffffc, 0x2, 0x78, 0xfffffff9, 0x2dd, 0x5, 0x81}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x80) getsockopt$TIPC_SRC_DROPPABLE(r5, 0x10f, 0x80, &(0x7f00000004c0), &(0x7f0000000640)=0x4) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 196.324207][T11038] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 196.324213][T11038] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 196.324219][T11038] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 196.439964][T11042] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:03 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:03 executing program 1 (fault-call:1 fault-nth:36): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 196.490128][ T26] audit: type=1804 audit(1570129323.176:288): pid=11045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/144/file0" dev="sda1" ino=17097 res=1 [ 196.517030][T11047] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 196.551829][ T26] audit: type=1804 audit(1570129323.226:289): pid=11045 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/144/file0" dev="sda1" ino=17097 res=1 [ 196.577207][T11050] FAULT_INJECTION: forcing a failure. [ 196.577207][T11050] name failslab, interval 1, probability 0, space 0, times 0 [ 196.595407][T11052] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 196.603576][ T26] audit: type=1804 audit(1570129323.286:290): pid=11053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/144/file0" dev="sda1" ino=17097 res=1 [ 196.637527][T11050] CPU: 1 PID: 11050 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 196.645442][T11050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.645461][T11050] Call Trace: [ 196.645478][T11050] dump_stack+0x1d8/0x2f8 [ 196.645496][T11050] should_fail+0x555/0x770 [ 196.658822][T11050] __should_failslab+0x11a/0x160 [ 196.658835][T11050] ? tomoyo_encode2+0x273/0x5a0 [ 196.658846][T11050] should_failslab+0x9/0x20 [ 196.658857][T11050] __kmalloc+0x7a/0x340 [ 196.658870][T11050] tomoyo_encode2+0x273/0x5a0 [ 196.667598][T11050] tomoyo_realpath_from_path+0x769/0x7c0 [ 196.667619][T11050] tomoyo_path_number_perm+0x166/0x640 19:02:03 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000080)='bic\x00', 0x4) 19:02:03 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 196.667652][T11050] ? rcu_read_lock_sched_held+0x10b/0x170 [ 196.677405][T11050] ? trace_kmem_cache_free+0xb2/0x110 [ 196.677421][T11050] tomoyo_path_mkdir+0x9c/0xc0 [ 196.677436][T11050] security_path_mkdir+0xed/0x170 [ 196.677449][T11050] do_mkdirat+0x15c/0x320 [ 196.677463][T11050] __x64_sys_mkdir+0x60/0x70 [ 196.686067][T11050] do_syscall_64+0xf7/0x1c0 [ 196.686082][T11050] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 196.686091][T11050] RIP: 0033:0x458e47 [ 196.686101][T11050] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 196.686107][T11050] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 196.686117][T11050] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 196.686123][T11050] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 196.686128][T11050] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 196.686134][T11050] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 196.686142][T11050] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 196.708233][ T26] audit: type=1804 audit(1570129323.286:291): pid=11053 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/144/file0" dev="sda1" ino=17097 res=1 [ 196.771681][T11050] ERROR: Out of memory at tomoyo_realpath_from_path. [ 196.848982][T11057] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 196.858358][ T26] audit: type=1804 audit(1570129323.546:292): pid=11056 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/145/file0" dev="sda1" ino=17092 res=1 [ 196.922241][ T26] audit: type=1804 audit(1570129323.606:293): pid=11059 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/145/file0" dev="sda1" ino=17092 res=1 [ 197.202494][ C0] net_ratelimit: 10 callbacks suppressed [ 197.202501][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 197.213951][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 198.242482][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 198.248350][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.254196][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 198.259998][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.265812][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 198.271612][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 198.802477][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 198.808311][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:05 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x8000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f00000000c0)={'TPROXY\x00'}, &(0x7f0000000100)=0x1e) 19:02:05 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:05 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf33, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:05 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) getsockname$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @bcast}, [@default, @default, @remote, @remote, @default, @default, @netrom, @null]}, &(0x7f0000000100)=0x48) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x101000, 0x0) setsockopt$bt_hci_HCI_FILTER(r1, 0x0, 0x2, &(0x7f00000001c0)={0x80000000, 0x5, 0xb2, 0x2}, 0x10) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:05 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:05 executing program 1 (fault-call:1 fault-nth:37): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 199.240145][T11064] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 199.255840][T11067] FAULT_INJECTION: forcing a failure. [ 199.255840][T11067] name failslab, interval 1, probability 0, space 0, times 0 [ 199.270588][ T26] audit: type=1804 audit(1570129325.966:294): pid=11073 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/146/file0" dev="sda1" ino=17121 res=1 [ 199.303343][T11067] CPU: 0 PID: 11067 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 199.311268][T11067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.321325][T11067] Call Trace: [ 199.324621][T11067] dump_stack+0x1d8/0x2f8 [ 199.328959][T11067] should_fail+0x555/0x770 [ 199.333397][T11067] __should_failslab+0x11a/0x160 [ 199.333429][T11067] ? __d_alloc+0x2d/0x6e0 [ 199.333442][T11067] should_failslab+0x9/0x20 [ 199.333454][T11067] kmem_cache_alloc+0x56/0x2e0 [ 199.333466][T11067] __d_alloc+0x2d/0x6e0 [ 199.333479][T11067] d_alloc+0x4e/0x1d0 [ 199.342722][T11067] __lookup_hash+0xe5/0x290 [ 199.342736][T11067] filename_create+0x14f/0x670 [ 199.342748][T11067] ? getname_flags+0x214/0x640 [ 199.342761][T11067] do_mkdirat+0x5a/0x320 [ 199.342775][T11067] __x64_sys_mkdir+0x60/0x70 [ 199.342788][T11067] do_syscall_64+0xf7/0x1c0 [ 199.352031][T11067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.352041][T11067] RIP: 0033:0x458e47 [ 199.352053][T11067] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.369389][T11067] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 199.369401][T11067] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 199.369406][T11067] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 199.369411][T11067] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 199.369415][T11067] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 199.369421][T11067] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 199.373973][ T26] audit: type=1804 audit(1570129325.996:295): pid=11074 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/154/file0" dev="sda1" ino=17122 res=1 [ 199.494357][T11071] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:06 executing program 1 (fault-call:1 fault-nth:38): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1100, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 199.618357][T11084] FAULT_INJECTION: forcing a failure. [ 199.618357][T11084] name failslab, interval 1, probability 0, space 0, times 0 [ 199.631345][T11084] CPU: 1 PID: 11084 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 199.639251][T11084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 199.649570][T11084] Call Trace: [ 199.649592][T11084] dump_stack+0x1d8/0x2f8 [ 199.649609][T11084] should_fail+0x555/0x770 [ 199.649627][T11084] __should_failslab+0x11a/0x160 [ 199.649641][T11084] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 199.649653][T11084] should_failslab+0x9/0x20 [ 199.649665][T11084] __kmalloc+0x7a/0x340 [ 199.649674][T11084] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 199.649687][T11084] tomoyo_realpath_from_path+0xdc/0x7c0 [ 199.649708][T11084] tomoyo_path_number_perm+0x166/0x640 [ 199.649747][T11084] ? rcu_read_lock_sched_held+0x10b/0x170 [ 199.649758][T11084] ? trace_kmem_cache_free+0xb2/0x110 [ 199.649772][T11084] tomoyo_path_mkdir+0x9c/0xc0 [ 199.649790][T11084] security_path_mkdir+0xed/0x170 [ 199.649805][T11084] do_mkdirat+0x15c/0x320 [ 199.649819][T11084] __x64_sys_mkdir+0x60/0x70 [ 199.649832][T11084] do_syscall_64+0xf7/0x1c0 [ 199.649845][T11084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 199.649861][T11084] RIP: 0033:0x458e47 [ 199.742652][T11084] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 199.762259][T11084] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 199.770680][T11084] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 199.778657][T11084] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 199.786623][T11084] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 199.794595][T11084] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 199.802563][T11084] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 199.815095][T11090] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1200, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:06 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000400)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @dev, 0x4}, {0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000000c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @ipv4={[], [], @dev}}, {0x2, 0x0, 0xfffffffffffffffd, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0xf000000, 0xfd000000]}}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x1, @mcast2, 0x7}, {0xa, 0x4e23, 0x7, @loopback, 0x7fff}, r5, 0x4}}, 0x48) r6 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000100)='./bus\x00', 0x20) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) 19:02:06 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r5 = fanotify_init(0x0, 0x0) r6 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x2, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r6, 0x6, 0x1, &(0x7f00000001c0), &(0x7f0000000280)=0xc) fanotify_mark(r5, 0x75, 0x40000002, r4, 0x0) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x7c, &(0x7f00000000c0)={r9}, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000080)={0xc7, 0x401, 0x6, 0xfffff204, r9}, &(0x7f00000000c0)=0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000100)={0x0, 0x2, 0x3, 0x200, r10}, 0x10) r11 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r11, 0x4, 0x6100) writev(r11, &(0x7f00000003c0), 0x63) [ 199.854754][T11084] ERROR: Out of memory at tomoyo_realpath_from_path. 19:02:06 executing program 1 (fault-call:1 fault-nth:39): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:06 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c460000cd768480e3c46eb0d3ac000000000000000000000000000000000000000000000000000040000000000000000000000000000006000000000000000000000000000000000000000000000000000000e1ff00"/120], 0x78) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000240)={{{@in=@initdev, @in=@broadcast}}, {{@in6=@mcast2}, 0x0, @in=@loopback}}, &(0x7f0000000080)=0xe8) r4 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:06 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)) splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:06 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:06 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r3, 0x4, 0x6100) r5 = syz_init_net_socket$ax25(0x3, 0x4, 0xce) writev(r5, &(0x7f0000000440)=[{&(0x7f0000001640)="0db165e13472f042af125c911831764925762812caed9d588f6f28939a049ee4dc8e6318b724b5e4852414992f6c55d4aa2e847d99d0811fae0d57c6de8715a30689f7fad797ffa0c0dfe2c42f4dfac40ea3e50603cbd4443ca6da795ac3b62ff5ad03b5c754ddbffcf6041f92787d42c83dbe18b42c2dc6ea1aa658342016a9fb23bb683d6c6ac73a4ef65191f9a15086b3726080a5f25ad79a8edc", 0x9c}, {&(0x7f0000000300)="6984a7fbf0b90a01b9cd44a7e1e0dacdf52210409bc561a5adee08a68922f3c875bbbe34dc40f17c941a2a3b8167cc6b4e3377201e7c4261858a9f75e7493cc356a8d2f922f39fa74d435ac98eef5e787d317e9ca86771d68b03d5601c869ee9ea14cd879da8b5bb8ee2c69e4c7279c10d9299c262c0", 0x76}, {&(0x7f0000000380)="a3229043f2db155d7886289dc5b3150b737a797dab50069ce4f1bdbf95d624b1ce43c5835d29a772926337c020766e176a5a34dd8521f590aff60cbe98ec7cf33cffe2eeabccc4ca2cc158a08e28ea99d38a7a90de7a63f275e8c9231baae7f98d", 0x61}, {&(0x7f0000000540)="b169702ae6ab581655b878ddbd6a35436d5e875546cc5e6763c863772f4390f3a8b71ac66a64b9980bf7013f4e81094a48071c9712fdb9093cfe2aa98a5ef38ca22c93710fcef02e82e8b257275ceeb06bfff46dbf4aa673f2076ccd7c0e5b13a1d8410e924609d6efc3b7544c08c099b62b1a74e11b88610a833b72b4320e973632ddb6e0d5e160a8f7908fe67df184dc2fea96e0166aa8942dc8ceacc0b2b26f79483334141d021a9cb2429fd1515981d7d157e2e99b82aecde86e62e4d8528a5693df72207d7a359fd2c3cd0832946bf647194d6fd68d690572df5f8e6bbc0c79bd024215d74130882e2c069990fb202116e94055d3238e2b817a08fb1e15957c5e4080d9008048d18e6d1da1d8ca13073e1b596a29f1e7d7d726eb143014ca82018dde3ec636ff626923561108bf41a37c2869506abd64e03b3ee529fa630dfe37124416b2805d1abe279f8f7e86041f6e5caecde7a45bafae9c72ceb522d081a9ef907bb3e3e05ccfa61c7260ed0c4228c7c205a7897be21d8feedbe4c2d92c949f1cdc0c416b0c3d08b75c13ef720327ffc72170a7c24da57f978c061378a4a5a65515f2ab9a11c2e3f8e8421a7edac87caa553399457b213de214b99a95442d7a29db0b8f22561b2cc82b73c7b102d4c45d0fc9e5eb0c2bd6992e25b93254e15be7d50c7f42259454a5fddbdd35cd86509b0477974051ead14e96dd83d6357e8f6f68f299d6a337f4f58278c9659c1842323d9996576c825db1e22535f4ba79d17f902b496856ee41801ff2b535c013b184ebfc5e227c56a6233800b38c056da9eac2f1f9e64f7a0ec960bad8dd71f0acfa0e3ace2a45134b653a3530f0754a550806e43d5cd48d6c07a811228158d6f0bbefe316ab43d4feeaac6509a52708932c7c9eb3817d216c10f7252dc9f6c3a79cd5e6483f96b6c767abe9b61b057536ceb750f39074a5ccdb853d71136c1265f1fb88e5b307df3ef254fbe3f2c0e85bc3b32b225dfcd06d45a2ae6fc6b0b90f95b13c16135ec8cf5fd6c3aafa8eb9b59a3f7071dc7c9b11538ab301e81debc172517ea1ac0bf3401557af4a577e00bb64b9079234f39389a3a0f05e5aa88d60780aeba166bf1199d9ced40320f87b8b63b0b8ce3529305066e377912c3bd4c740561d944fdb354dd0ebdcfe2ef3c255c65c2c2de751a85c40b43320d5a2eeadfebde57f2467c9830ae7754f543cb17186fb8e829fb9b230ed3d0549372f91a3bf31f8cb1433fa788037bddca582e6b52e8225e27915672a10f36ca7ac215071e397390293bcbb07950b5b322b010908be4f554462febd5656e631eed68a622304b55baba33f10179a90a80ef3bd5ca3e0a4de694182aefbb0524208251b88ab606a3da7057a8cbf492a64889c5a50d5eca1f2a82250677f2c73c535ad228d80d60be732be81fb329e5a9e2ba68ec340d765fc18b36feeec2957722e241ffaab1197534c0e5530759e5d3a86a38822b73c84990df882ebdac54d968505f4bdd99b2c95a4da61ffca7e8b9caae60d97bb9c4dd560bae430da4babc911ccb5435e593ef36d7ed123f6f31d370a5653325e16f056bb235c5cbe0583b1daeb6d7fe3ae1f91e5ee211763131273f903b0001133eb7b602102757b9873edf39cb8336aa12be1485fcfbc8a6310a6f8ac19ca3a33d4901f510dcb85674fe339a41bae0316f81d8089754923908c16226420df6a2ae8f2b87f31ab17c0acb32967caad1792c4ba8aac158198a7165ce72f2eafb427fe1dbe2426e79cb76e572e7e5f02ecaad2e9323fd817cf2a1529e13b23595b3726ff77a6644ed7b8dbccb298b8f3b53b5f4aaf1f92ade040243a65ef0d7abe5f3dbab048dec376184ccd01375d97b868799aac6bc0524bb088f79013bfaa58180b9e722075725354318d85c8d1cf090d1aef826bae244532faf62090cc71a81760d02860125ac796e47c92b2e4b3aa690292bd7a35f6358cd986d1d367f9e39367eec70f1f717d478ba4a035d87741675180cb3b564f466774721ce65f0df9c6ce58c89a072cfc3e97317b9b9bc7c8f71954b5871b91d56cdc9f3875558c34ffa57abd3a3ca6366196d54e51f5c49f9b22b407ec7aaa2c4f7e8859ab4e80db9ab8a7339f1440918b14bd08087f9f934b6001b17bdf2e7ca712a1832f8768c03c00164c30fc2e6eb55c03006b9d475e1193d2a2b7b67ce96760eabf6ff45cd4591ac98c32cd8e5e33832c608077b8db289de4bf2bd49e0ca17cd4695b873283595b21bdfdd3407ebe76bea5b3a03f8063003d5df41ba810adf35d33148b12a66e0932a2f15a9a4d9ca4291b408b7882406aacdf7d9188f824d16a201ad59bef2f020f8a3f660fbb83235f8cc69140940f290bc8280fe9f009e4358aaecc93138e3db13aaf6b319af130863ed12abd6637ba3bd799befe201976a188cfcdf9deb94ed47711e3da96581eb78ba6f5393b53908b68de52a0ba49d58fd9fe5107f88a1683d60961f542a03c712511dfb821077b0106035c9fa4a2320c6a22d2b9d367dc8053bf466595cc8b4b459edd8b7fb85a819fc27a20bffbcc7e67204a077147044c52d462ce3c951b89518a1c0cee9914a475a2b36636758f6a5c8e302ce0da465c08e61271557bf9ab52c85e74dd55438e609614a26b93e758f9c80dfc77a66277e3c143f260ec79a5f5ec07404e06b8b952349e3bdb72d60a1829ba49d7bffa1af5be4107a045f2d2a27db18d0469caaf7b4b91b1c0447ab3724b70e9599fae9c2b3e9b623e219669fd5c7dd6a02e7dbf1de8d3b16395e851170b42d2d4c708e29ceaf48595049608546c827862e04b0c4fac08196770dff08bf29fd8cda341589b8750cfe745ee75c5b176936e490ae1be2d59a85cb7125957841fd87fef5f439b0d2f58de3cd4aea805ea9ab1ecbc91086e501cd1726cc4c19a2b128a243317bcdb68b18155d01ad05de5e9a394fb0b38cc7e8f1dba1e74359f0af8a6a74048448ae345f14a329872dc2dc37841dbf7d7e8148f19671c7cdbda311fb1de6b90bf5dc48357c897e7c3970f6b0e0a79052e9a3d2c5ac1d73915e948dc9a68cf45eb1fc3fd6e5e9f368b90e1967275a4ba45ca5c4da91d195b2e29b034e65f8a87ac4e8b106f37021f67138bf14d59dd0b9047e7ac10317fc97d896f2444aa6120b07783214d08bf0391a283c5123f73e7602d72edaa666fb622290772a765f0d54cb6bcc39c8acf6bb71d3233e8f6ae0a81aa7140d9cb7b782391458a22abfb45902a5ef3998d3e502b824286103a2b37dd590b4f7154dd5c7d75ffc85300c133a3eb48e675f02af76ab7d467661bb09bf60e7b23fa56e5aa192164dd73b917d1149ac1c02f5a2c438614582cff21a8464ba02987e824579cbb4495012b54c22eb71e4eaa5ba5b3611ab966b0d80b5f0b52397d847e2347ff080d9e81b21256cbd991697ac1764a28c431f53775ae0d45e79f85f972fec8fbc5bbbcc270b8d1ada0573bb1c8a2c86c248d9e8d8a2aeeeb1ec1f0f7a3578ffbe874100298b0d1c0ccd33a47998ad774b685cabd2bfd64b3554fb25e932412d82c4cec5b850d5968a6a13513329c391133d4b70bdb72156c20dd677c08173e41b627068bd29693d9491c0daf626f3579d5a167e6b89f6b182d64dbc28982de555b6e55174d191dc722d1dfa054085c32c800ee61a99f0c10e0ab05af5754e0b5e9098fa10aa7734b2347de6368e8ccaa5c8fb5d3277e9bd5fe6d421e7841b383c8a6edd81c5f6544547bf807c3bcd3ffa2a5df47eee7e6ca9d073a201cc86974fc46cbf0d50b231ce7bbeaffda4f3e175ceef74115ae1e8f9757208634e0eb80c8cf2a9cdeb6f652cfcae47743a5973ad7f27e34034bb0a896b4e75519e41ea44755ac4f6cf6baae49e24548bf3b3f5293f7e01e0d11b6005b09ff950870c4ec5efe626526fa424fd2184c21bd335b9d680ee25ed02ac79f3302efde304cf7683be3099e6b66fac2baacedd7b30a37a555421954e5afa2232130c91de1e139b20344c6ac9019c01b8fb18529cb498670f8df336756c1017ef594bf8907c3be7f5cd07395c7997458c79c6fa23926bf97d21c3d7898b8b2f5f69587b72ee461f03ca119d77e22c32c005d61dcacb791de050a2cfd134797429e60cb6a5ba1195175a16e3247af1b89b5e5eeaf1047bfd32bd0ad310c85a7192a63dee555bffa5739c1cb6afb2c803229591850e16023719520fb29bd86fd42f2f851cc9c9a41527f6df4a988c57a67c7e45e43facc46395dad06855bcc020ce8c667c36c073a48603178923164dc8f91c483c10b5398881e5435d813344029ee5811bf1f852f205924d15216a2d767f76eb4b881f9b81bf5da7193c859521883aba3912f42061f1a6544b104b6706ef75b7762a8b956ef38ce02f1a9f4cd156b420f194dde21b3bce43bb875b02aa7202ba8f12541d5f15313db4f08dd0594362f1977b9776876bfd9a70f0e2b92fb110344ea27645d3692a487d277ea3bf190dc20eb5f8b0ded4c5a227a17300eb9147d011f72b8d3e251630317d154c0fc35bb954503f0fda8ddbb72b7d980d1cb6008c646ce226a56e6ee94f2e997027ea06c78919195e4ec1882f9188922cb51bdeb0015896f9ae3f75eb4e2916e8f176e01047b0b63414280289edb907ee8e9c7d3c54113aa1e973657738e414ff374e7b24bb8a1f7d4615749f0148e0a8610f3d3d05464b7c00713d759d49ec74b6e1cdec3cd9ca09dff71a229dd8a82089bfbc8f363cd6f959917fa8451c2bbb7cc78f7f080d26ca6b4ee9a3329ecec44a02db863cc4da87b89c29e420ce33c505daa0f0ad93d1ca911d55db147b6029fc0412407cc82f01dbdb8d82e8dbfb04fb42bdb2126cb6017607b585018ec3705cba21605eb34e5fb05cd80c2783b18af044ed30609e3313830b2c5f9cab146ad8798a55dce6cc388d0c41a330a708b75c760e8bff52a3012a7f800c51315adc302dc024824492373eaf744800c5f206569b289565bb6a2c00f856591fc92acf845fd5db014c2ca376d132d59aa613798124da5b81b010d02575902c26fbac1821dcd00032d19c56969815373ad9a8b4d7908459f6cefa6093f740781e19a182e12527b21be9ae3d9fbac772784a98c8ff062628c606a08b8f5cb908db5b59f4a4891fcb8fcd46bf5c4082473475d2c1533f83e7782527cc8d5ae93f159aebaa447cc5ec78bd3f6389feb47f179a1081a226ce5b6360f88103723fd8a3344301f460fa33dc9df21504f2e7e4afa0db94c710db23052c95599b8ea0839372966bfcf2ff6c52c4ab9238c438e1501a8b7dbe3b6b21c1746d43947aa6c2a4236038687caa5d2e6598866a54c7fd23cfd519e53defceda7b05611c04519be973d6eda79e6b4a8c9148a841273887d635152a92d0092a2b405c072142885e5332a3203f91a14ec873e6c63e845edf5ab06bc402289469295c2feb181eb7a6bfcd065dd0a65095a28db898a009e29ea125029309d1357f62c21db2559234b52b803917657c327a3a00b899fee4d3f1ece04a91432fbddb55af3a9cc4c0df8380151e43d0906c893db3a1283dcac07688f21f929c025902c642b71f5a94214247bfca9a315eb604983a6a4222731a74e4deefbfd973d00240f3685d63fea61a736e651597929707e7dfb45df5b572d141c7479c46ade39d00349f4caf8e9f4d5cb0347771c08bd7e9f086392f220d8f9eaf285b7b262eccb9e4771e8e2fd9d98be73031c416ae3e7228dab5cde400892faafec72284dedbd8cfa4cba37d7", 0x1000}, {&(0x7f00000001c0)="a9feda42d25e610e778d90372e5c9056be9ffa63e2da0a17b751135ce90b010a58cabf1c25d26bdbb935e9a8c56c", 0x2e}, {&(0x7f0000000400)="d4cf9094bc64ef5b105f0f6630267cbf496f2dfbd26cb939877d000000", 0x12d}, {&(0x7f0000001540)="9ba4c3fc7c43a4ad0de0f8f010aed88f87c6e233ff0ace1f5c124ea081a6d38d9e5e464fa63582814352f7e32ee902a84f0b7c3b474ec647056ca2216a99ce088b99057878c0b38b5e9aedb8bf5d04ec38448e94f6fdf97b2b49de645da80563fc8452b8a0f3d1f9c31a8def4886c2d718c090c8a5c5a3fa8294b640da6e77d31e6ae301bff48e27189bb5efaa0b3d1b12ccc6559fb6aac098c017604897a578c07429f39a36b178266446e67940bb616fbba21f121a08451ed8fec5ed6efbe585e291f4ef75a8e3b1d53aa4599ec6594526c508b5c1649f1ef65fdbbb47ff5cf71e9e18127a1b31caf62ec28404c439", 0xf0}], 0x7) lsetxattr$security_smack_transmute(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000180)='TRUE', 0x4, 0x1) [ 200.035235][T11104] FAULT_INJECTION: forcing a failure. [ 200.035235][T11104] name failslab, interval 1, probability 0, space 0, times 0 [ 200.088156][T11104] CPU: 1 PID: 11104 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 200.096104][T11104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.106148][T11104] Call Trace: [ 200.109524][T11104] dump_stack+0x1d8/0x2f8 [ 200.113863][T11104] should_fail+0x555/0x770 [ 200.118288][T11104] __should_failslab+0x11a/0x160 [ 200.123226][T11104] ? kcalloc+0x2f/0x50 [ 200.127293][T11104] should_failslab+0x9/0x20 [ 200.131781][T11104] __kmalloc+0x7a/0x340 [ 200.131797][T11104] kcalloc+0x2f/0x50 [ 200.131809][T11104] ext4_find_extent+0x216/0xaa0 [ 200.131822][T11104] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 200.131835][T11104] ext4_ext_map_blocks+0x170/0x7170 [ 200.131866][T11104] ? __kasan_check_write+0x14/0x20 [ 200.161346][T11104] ? __down_read+0x14b/0x360 [ 200.165946][T11104] ext4_map_blocks+0x424/0x1e30 [ 200.170804][T11104] ? __kasan_check_write+0x14/0x20 [ 200.175912][T11104] ext4_getblk+0xae/0x460 [ 200.180249][T11104] ext4_bread+0x4a/0x340 [ 200.184491][T11104] ext4_append+0x175/0x310 [ 200.188911][T11104] ext4_mkdir+0x7ad/0x1450 [ 200.193347][T11104] vfs_mkdir+0x43f/0x610 [ 200.197603][T11104] do_mkdirat+0x1d7/0x320 [ 200.201941][T11104] __x64_sys_mkdir+0x60/0x70 [ 200.206533][T11104] do_syscall_64+0xf7/0x1c0 [ 200.211039][T11104] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.216928][T11104] RIP: 0033:0x458e47 [ 200.220821][T11104] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.240421][T11104] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 200.248839][T11104] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 200.256808][T11104] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 200.264772][T11104] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 200.272736][T11104] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 200.280702][T11104] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:07 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0b") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:07 executing program 1 (fault-call:1 fault-nth:40): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:07 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x7, 0x100000001, 0x10000, 0x1, 0x400000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc0c31a98f46d816a) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7ac, 0x0, 0x0, 0xffffffffffffffcb, &(0x7f0000000280)="f96818a814663e0424c713d7571b81da0d8bafca20ae691d769486b3572bc66377a6b547d3a18a7aa0362dd79c0dd7fe0d7cd63f98d708b2d2940dcccb38de9d1bc5657809d426192192b6d27d3ac049e4ce6643c141"}, 0x335) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r4, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, &(0x7f0000000200)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000540)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x142}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r7, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x1, &(0x7f0000000240)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES64=r5, @ANYRESDEC=r1, @ANYRES16=r6, @ANYPTR, @ANYRES16=r7, @ANYPTR]], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x40f00, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r8, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) io_uring_setup(0x194, &(0x7f0000000180)={0x0, 0x0, 0x1, 0x1, 0x2e7}) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r9, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r10, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r11 = dup2(r0, r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r12, 0x4, 0x6100) writev(r12, &(0x7f00000003c0), 0x63) 19:02:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2500, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 200.548483][T11128] FAULT_INJECTION: forcing a failure. [ 200.548483][T11128] name failslab, interval 1, probability 0, space 0, times 0 [ 200.572658][T11128] CPU: 0 PID: 11128 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 200.580582][T11128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.590638][T11128] Call Trace: [ 200.593954][T11128] dump_stack+0x1d8/0x2f8 [ 200.593972][T11128] should_fail+0x555/0x770 [ 200.593991][T11128] __should_failslab+0x11a/0x160 [ 200.594004][T11128] ? tomoyo_encode2+0x273/0x5a0 [ 200.594020][T11128] should_failslab+0x9/0x20 [ 200.616985][T11128] __kmalloc+0x7a/0x340 [ 200.621144][T11128] tomoyo_encode2+0x273/0x5a0 [ 200.625824][T11128] tomoyo_realpath_from_path+0x769/0x7c0 [ 200.631460][T11128] tomoyo_path_number_perm+0x166/0x640 [ 200.636944][T11128] ? rcu_read_lock_sched_held+0x10b/0x170 [ 200.642662][T11128] ? trace_kmem_cache_free+0xb2/0x110 [ 200.648030][T11128] tomoyo_path_mkdir+0x9c/0xc0 [ 200.652792][T11128] security_path_mkdir+0xed/0x170 [ 200.657812][T11128] do_mkdirat+0x15c/0x320 [ 200.662144][T11128] __x64_sys_mkdir+0x60/0x70 [ 200.666728][T11128] do_syscall_64+0xf7/0x1c0 [ 200.671229][T11128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 200.677134][T11128] RIP: 0033:0x458e47 19:02:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf33, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 200.681021][T11128] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 200.700614][T11128] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 200.709014][T11128] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 200.716978][T11128] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 200.724941][T11128] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 200.732903][T11128] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 200.740866][T11128] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1100, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 200.851673][T11128] ERROR: Out of memory at tomoyo_realpath_from_path. 19:02:07 executing program 1 (fault-call:1 fault-nth:41): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:07 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x330f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1200, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 201.080512][T11145] FAULT_INJECTION: forcing a failure. [ 201.080512][T11145] name failslab, interval 1, probability 0, space 0, times 0 [ 201.093714][T11145] CPU: 0 PID: 11145 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 201.101615][T11145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.111679][T11145] Call Trace: [ 201.114979][T11145] dump_stack+0x1d8/0x2f8 [ 201.119315][T11145] should_fail+0x555/0x770 [ 201.123741][T11145] __should_failslab+0x11a/0x160 [ 201.128679][T11145] ? __es_insert_extent+0x7ba/0x17c0 [ 201.133963][T11145] should_failslab+0x9/0x20 [ 201.138473][T11145] kmem_cache_alloc+0x56/0x2e0 [ 201.143241][T11145] __es_insert_extent+0x7ba/0x17c0 [ 201.148370][T11145] ext4_es_insert_extent+0x250/0x2ea0 [ 201.153753][T11145] ext4_map_blocks+0xe1c/0x1e30 [ 201.158616][T11145] ? __kasan_check_write+0x14/0x20 [ 201.163734][T11145] ext4_getblk+0xae/0x460 [ 201.168074][T11145] ext4_bread+0x4a/0x340 [ 201.172322][T11145] ext4_append+0x175/0x310 [ 201.176738][T11145] ext4_mkdir+0x7ad/0x1450 [ 201.176764][T11145] vfs_mkdir+0x43f/0x610 [ 201.185392][T11145] do_mkdirat+0x1d7/0x320 [ 201.189725][T11145] __x64_sys_mkdir+0x60/0x70 [ 201.194310][T11145] do_syscall_64+0xf7/0x1c0 [ 201.194326][T11145] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.194336][T11145] RIP: 0033:0x458e47 [ 201.194347][T11145] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:02:07 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0b") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:07 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1701, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:07 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x0) writev(r4, &(0x7f00000003c0), 0x63) [ 201.204697][T11145] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 201.204707][T11145] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 201.204713][T11145] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 201.204718][T11145] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 201.204722][T11145] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 201.204728][T11145] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:08 executing program 1 (fault-call:1 fault-nth:42): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 201.344442][T11153] validate_nla: 12 callbacks suppressed [ 201.344449][T11153] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 201.388431][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 201.388440][ T26] audit: type=1804 audit(1570129328.076:308): pid=11156 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/150/file0" dev="sda1" ino=17041 res=1 [ 201.448690][T11161] FAULT_INJECTION: forcing a failure. [ 201.448690][T11161] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 201.461922][T11161] CPU: 0 PID: 11161 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 201.469823][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.479883][T11161] Call Trace: [ 201.483187][T11161] dump_stack+0x1d8/0x2f8 [ 201.487528][T11161] should_fail+0x555/0x770 [ 201.491961][T11161] should_fail_alloc_page+0x55/0x60 [ 201.497160][T11161] prepare_alloc_pages+0x283/0x460 [ 201.497175][T11161] __alloc_pages_nodemask+0xb2/0x5d0 [ 201.497190][T11161] ? tomoyo_path_number_perm+0x4e1/0x640 [ 201.497208][T11161] kmem_getpages+0x4d/0xa00 [ 201.517711][T11161] cache_grow_begin+0x7e/0x2c0 [ 201.522487][T11161] cache_alloc_refill+0x311/0x3f0 [ 201.527511][T11161] ? check_preemption_disabled+0xb7/0x2a0 [ 201.527532][T11161] kmem_cache_alloc+0x2b9/0x2e0 [ 201.527541][T11161] ? ext4_alloc_inode+0x1f/0x560 [ 201.527552][T11161] ? set_qf_name+0x3c0/0x3c0 [ 201.547599][T11161] ext4_alloc_inode+0x1f/0x560 [ 201.552367][T11161] ? set_qf_name+0x3c0/0x3c0 [ 201.556966][T11161] new_inode_pseudo+0x68/0x240 [ 201.556980][T11161] new_inode+0x28/0x1c0 [ 201.556992][T11161] ? trace_ext4_request_inode+0x28b/0x2d0 [ 201.557004][T11161] __ext4_new_inode+0x43d/0x5650 [ 201.577298][T11161] ? memset+0x31/0x40 [ 201.577322][T11161] ? smk_curacc+0xa3/0xe0 [ 201.577336][T11161] ext4_mkdir+0x3f5/0x1450 [ 201.590031][T11161] ? security_inode_permission+0xdd/0x120 [ 201.595759][T11161] vfs_mkdir+0x43f/0x610 [ 201.599996][T11161] do_mkdirat+0x1d7/0x320 [ 201.600013][T11161] __x64_sys_mkdir+0x60/0x70 [ 201.600026][T11161] do_syscall_64+0xf7/0x1c0 [ 201.600043][T11161] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 201.619295][T11161] RIP: 0033:0x458e47 [ 201.623194][T11161] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 201.642793][T11161] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 201.642803][T11161] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 201.642809][T11161] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 201.642815][T11161] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 201.642820][T11161] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 201.642826][T11161] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 201.715697][T11160] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 201.724093][ T26] audit: type=1804 audit(1570129328.406:309): pid=11163 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/150/file0" dev="sda1" ino=17041 res=1 19:02:08 executing program 1 (fault-call:1 fault-nth:43): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3c00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:08 executing program 4: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x191401, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dlm-control\x00', 0x200, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/audio\x00', 0x201, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r1, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x482d40, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000300)='./file0/file0\x00', 0x30) fcntl$setstatus(r5, 0x4, 0x6100) ioctl$KDGKBSENT(r5, 0x4b48, &(0x7f0000000080)={0xff, 0x4, 0x1ff}) writev(r5, &(0x7f00000003c0), 0x63) 19:02:08 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1900, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 201.849976][T11166] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 201.898108][T11167] FAULT_INJECTION: forcing a failure. [ 201.898108][T11167] name failslab, interval 1, probability 0, space 0, times 0 [ 201.930222][T11171] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 201.937146][T11167] CPU: 0 PID: 11167 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 201.946317][T11167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 201.956373][T11167] Call Trace: [ 201.959674][T11167] dump_stack+0x1d8/0x2f8 [ 201.964014][T11167] should_fail+0x555/0x770 [ 201.968439][T11167] __should_failslab+0x11a/0x160 [ 201.973380][T11167] ? kcalloc+0x2f/0x50 [ 201.973394][T11167] should_failslab+0x9/0x20 [ 201.973406][T11167] __kmalloc+0x7a/0x340 [ 201.973418][T11167] kcalloc+0x2f/0x50 [ 201.973428][T11167] ext4_find_extent+0x216/0xaa0 [ 201.973439][T11167] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 201.973452][T11167] ext4_ext_map_blocks+0x170/0x7170 [ 202.001157][T11167] ? trace_lock_acquire+0x159/0x1d0 [ 202.001180][T11167] ? __kasan_check_write+0x14/0x20 [ 202.016648][T11167] ext4_map_blocks+0x8f4/0x1e30 [ 202.021509][T11167] ? __kasan_check_write+0x14/0x20 [ 202.021525][T11167] ext4_getblk+0xae/0x460 [ 202.021544][T11167] ext4_bread+0x4a/0x340 [ 202.035230][T11167] ext4_append+0x175/0x310 [ 202.039660][T11167] ext4_mkdir+0x7ad/0x1450 [ 202.044105][T11167] vfs_mkdir+0x43f/0x610 [ 202.048355][T11167] do_mkdirat+0x1d7/0x320 [ 202.052683][T11167] __x64_sys_mkdir+0x60/0x70 [ 202.057268][T11167] do_syscall_64+0xf7/0x1c0 [ 202.057284][T11167] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.057299][T11167] RIP: 0033:0x458e47 [ 202.071565][T11167] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:02:08 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0b") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 202.091169][T11167] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 202.091181][T11167] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 202.091187][T11167] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 202.091192][T11167] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 202.091198][T11167] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 202.091203][T11167] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 202.198664][T11177] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:08 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:09 executing program 4: r0 = creat(&(0x7f0000000280)='./bus/file0\x00', 0x82) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x48000032, r0, 0x0) ioctl$KVM_GET_XCRS(r0, 0x8188aea6, &(0x7f0000000080)={0x9, 0x401, [{0x200, 0x0, 0x2}, {0x1, 0x0, 0x5}, {0xffffffff, 0x0, 0x800000000000}, {0x8, 0x0, 0x6}, {0x1, 0x0, 0x4}, {0x6, 0x0, 0x8001}, {0x9, 0x0, 0x4}, {0x7fff, 0x0, 0x9}, {0x3, 0x0, 0x8}]}) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$TIOCSISO7816(r3, 0xc0285443, &(0x7f00000001c0)={0x2, 0x2, 0x1, 0x7a23805c, 0x7}) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x0, 0x7fffffff}, 0x1c) r4 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r5 = fanotify_init(0x0, 0x0) fanotify_mark(r5, 0x75, 0x40000002, r4, 0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r4, 0x80045400, &(0x7f0000000180)) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0xa81e5c88ec4d7ad0, 0x10, r2, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r8 = dup2(r6, r7) r9 = perf_event_open(&(0x7f0000000300)={0x3, 0x70, 0xed, 0x40, 0x4, 0x0, 0x0, 0x5000000000000000, 0x20, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1ff, 0x1, @perf_config_ext={0x2, 0x8}, 0x1, 0xfffffffffffff001, 0x3, 0x9, 0x9d, 0x2e3, 0x6}, 0xffffffffffffffff, 0xa, 0xffffffffffffffff, 0x1) r10 = socket$inet(0x2, 0x4, 0x81) fcntl$dupfd(r9, 0x605, r10) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r11 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r11, 0x4, 0x6100) writev(r11, &(0x7f00000003c0), 0x63) [ 202.324074][T11180] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 202.402522][ C1] net_ratelimit: 14 callbacks suppressed [ 202.402529][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 202.414041][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 202.419870][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 202.425673][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 202.431486][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 202.437279][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:02:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4400, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 202.443335][ T26] audit: type=1804 audit(1570129329.096:310): pid=11182 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/152/file0" dev="sda1" ino=17134 res=1 19:02:09 executing program 1 (fault-call:1 fault-nth:44): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 202.533620][T11187] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 202.570677][ T26] audit: type=1804 audit(1570129329.256:311): pid=11182 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/152/file0" dev="sda1" ino=17134 res=1 [ 202.606420][T11189] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 202.617533][T11193] FAULT_INJECTION: forcing a failure. [ 202.617533][T11193] name failslab, interval 1, probability 0, space 0, times 0 [ 202.645253][T11193] CPU: 0 PID: 11193 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 202.653168][T11193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 202.663213][T11193] Call Trace: [ 202.663236][T11193] dump_stack+0x1d8/0x2f8 [ 202.663253][T11193] should_fail+0x555/0x770 [ 202.663273][T11193] __should_failslab+0x11a/0x160 [ 202.663288][T11193] ? kcalloc+0x2f/0x50 [ 202.663302][T11193] should_failslab+0x9/0x20 [ 202.663314][T11193] __kmalloc+0x7a/0x340 [ 202.663327][T11193] kcalloc+0x2f/0x50 [ 202.696772][T11193] ext4_find_extent+0x216/0xaa0 [ 202.701629][T11193] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 202.707966][T11193] ext4_ext_map_blocks+0x170/0x7170 [ 202.713190][T11193] ? __kasan_check_write+0x14/0x20 [ 202.713202][T11193] ? __down_read+0x14b/0x360 [ 202.713218][T11193] ext4_map_blocks+0x424/0x1e30 [ 202.713236][T11193] ? __kasan_check_write+0x14/0x20 [ 202.733007][T11193] ext4_getblk+0xae/0x460 [ 202.737346][T11193] ext4_bread+0x4a/0x340 [ 202.741600][T11193] ext4_append+0x175/0x310 [ 202.746030][T11193] ext4_mkdir+0x7ad/0x1450 [ 202.750461][T11193] vfs_mkdir+0x43f/0x610 [ 202.754714][T11193] do_mkdirat+0x1d7/0x320 [ 202.759043][T11193] __x64_sys_mkdir+0x60/0x70 [ 202.759058][T11193] do_syscall_64+0xf7/0x1c0 [ 202.759073][T11193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 202.759085][T11193] RIP: 0033:0x458e47 [ 202.777921][T11193] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 202.797513][T11193] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 202.797522][T11193] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 202.797527][T11193] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 202.797532][T11193] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 202.797537][T11193] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 202.797543][T11193] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:09 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x7, 0x1}, 0xfffffffffffffe7d) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4788, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 202.916037][T11197] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:09 executing program 1 (fault-call:1 fault-nth:45): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:09 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2500, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 203.020121][ T26] audit: type=1804 audit(1570129329.706:312): pid=11200 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/153/file0" dev="sda1" ino=17130 res=1 [ 203.089909][ T26] audit: type=1804 audit(1570129329.776:313): pid=11205 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/153/file0" dev="sda1" ino=17130 res=1 [ 203.127914][T11208] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4800, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:09 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) renameat2(r5, &(0x7f0000000180)='./file0/file0\x00', r6, &(0x7f00000001c0)='./file0/file0\x00', 0x1) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(0xffffffffffffffff, 0xc0a85322, &(0x7f0000000080)) 19:02:09 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 203.220260][T11209] FAULT_INJECTION: forcing a failure. [ 203.220260][T11209] name failslab, interval 1, probability 0, space 0, times 0 [ 203.286130][ T26] audit: type=1804 audit(1570129329.976:314): pid=11215 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/154/file0" dev="sda1" ino=17130 res=1 [ 203.310321][T11209] CPU: 0 PID: 11209 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 203.318232][T11209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.328285][T11209] Call Trace: [ 203.331575][T11209] dump_stack+0x1d8/0x2f8 [ 203.335903][T11209] should_fail+0x555/0x770 [ 203.340319][T11209] __should_failslab+0x11a/0x160 [ 203.345256][T11209] ? kcalloc+0x2f/0x50 [ 203.349318][T11209] should_failslab+0x9/0x20 [ 203.353814][T11209] __kmalloc+0x7a/0x340 [ 203.357994][T11209] kcalloc+0x2f/0x50 [ 203.361883][T11209] ext4_find_extent+0x216/0xaa0 [ 203.366728][T11209] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 203.373053][T11209] ext4_ext_map_blocks+0x170/0x7170 [ 203.378260][T11209] ? trace_lock_acquire+0x159/0x1d0 [ 203.383467][T11209] ? __kasan_check_write+0x14/0x20 [ 203.388574][T11209] ext4_map_blocks+0x8f4/0x1e30 [ 203.393426][T11209] ? __kasan_check_write+0x14/0x20 [ 203.398549][T11209] ext4_getblk+0xae/0x460 [ 203.402898][T11209] ext4_bread+0x4a/0x340 [ 203.407144][T11209] ext4_append+0x175/0x310 [ 203.411557][T11209] ext4_mkdir+0x7ad/0x1450 [ 203.415987][T11209] vfs_mkdir+0x43f/0x610 [ 203.420238][T11209] do_mkdirat+0x1d7/0x320 [ 203.424564][T11209] __x64_sys_mkdir+0x60/0x70 [ 203.429149][T11209] do_syscall_64+0xf7/0x1c0 [ 203.433648][T11209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.439533][T11209] RIP: 0033:0x458e47 [ 203.443420][T11209] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 203.463041][T11209] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 203.471451][T11209] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 203.479412][T11209] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 203.487378][T11209] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 203.495345][T11209] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 203.503397][T11209] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 203.511688][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 203.517493][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4888, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:10 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0xc, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r7 = fanotify_init(0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x2, 0x0) r8 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r8, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) fanotify_mark(r7, 0xf2, 0x8000002, r8, 0x0) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r9, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) fcntl$setlease(r9, 0x400, 0x0) r10 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r11 = ioctl$LOOP_CTL_GET_FREE(r10, 0x4c82) ioctl$LOOP_CTL_REMOVE(r10, 0x4c81, r11) ioctl$LOOP_CTL_ADD(r6, 0x4c80, r11) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x10) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) write$evdev(r5, &(0x7f0000000300)=[{{r12, r13/1000+30000}, 0x8, 0x8, 0x3}], 0x18) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000340)) [ 203.539280][ T26] audit: type=1804 audit(1570129330.226:315): pid=11217 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/154/file0" dev="sda1" ino=17130 res=1 19:02:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x330f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:10 executing program 1 (fault-call:1 fault-nth:46): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 203.601616][ T26] audit: type=1804 audit(1570129330.286:316): pid=11222 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/157/file0" dev="sda1" ino=17108 res=1 19:02:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4a00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 203.677120][ T26] audit: type=1804 audit(1570129330.366:317): pid=11222 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/157/file0" dev="sda1" ino=17108 res=1 [ 203.703270][T11228] FAULT_INJECTION: forcing a failure. [ 203.703270][T11228] name failslab, interval 1, probability 0, space 0, times 0 [ 203.715997][T11228] CPU: 0 PID: 11228 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 203.723878][T11228] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.723884][T11228] Call Trace: [ 203.723902][T11228] dump_stack+0x1d8/0x2f8 [ 203.723916][T11228] should_fail+0x555/0x770 [ 203.723935][T11228] __should_failslab+0x11a/0x160 [ 203.741566][T11228] ? __es_insert_extent+0x7ba/0x17c0 [ 203.741579][T11228] should_failslab+0x9/0x20 [ 203.741593][T11228] kmem_cache_alloc+0x56/0x2e0 [ 203.765401][T11228] __es_insert_extent+0x7ba/0x17c0 [ 203.770511][T11228] ? __kasan_check_write+0x14/0x20 [ 203.775617][T11228] ? do_raw_write_lock+0xf3/0x460 [ 203.780641][T11228] ext4_es_insert_extent+0x250/0x2ea0 [ 203.786022][T11228] ext4_ext_map_blocks+0x1806/0x7170 [ 203.791330][T11228] ? __down_read+0x14b/0x360 [ 203.795917][T11228] ext4_map_blocks+0x424/0x1e30 [ 203.800753][T11228] ? __kasan_check_write+0x14/0x20 [ 203.805847][T11228] ext4_getblk+0xae/0x460 [ 203.810162][T11228] ext4_bread+0x4a/0x340 [ 203.814384][T11228] ext4_append+0x175/0x310 [ 203.818779][T11228] ext4_mkdir+0x7ad/0x1450 [ 203.823182][T11228] vfs_mkdir+0x43f/0x610 [ 203.827404][T11228] do_mkdirat+0x1d7/0x320 [ 203.831710][T11228] __x64_sys_mkdir+0x60/0x70 [ 203.836277][T11228] do_syscall_64+0xf7/0x1c0 [ 203.840758][T11228] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 203.846626][T11228] RIP: 0033:0x458e47 [ 203.850498][T11228] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 19:02:10 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) fsetxattr$security_smack_transmute(r6, &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000180)='TRUE', 0x4, 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r7, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) connect$x25(r1, &(0x7f00000000c0)={0x9, @null=' \x00'}, 0x12) 19:02:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 203.870077][T11228] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 203.878464][T11228] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 203.886411][T11228] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 203.894356][T11228] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 203.902304][T11228] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 203.910341][T11228] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:10 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:10 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./bus\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$PIO_FONTX(r6, 0x4b6c, &(0x7f00000000c0)="3331138c694b6e35f4c2b63ddc9afb6423d0cbbfbeb39a59c46e958474c1bd105ff961d7d1fa797f88b907d31fa2f8c25a257fb7201bce864393a3b888a800d1bc1b6ae10d24aa13bcc6b80a5f0daa3345795bb13e2c58874e3d28ffded95a34ed8a691262b845b5d52a67aa27214572be54") 19:02:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:10 executing program 1 (fault-call:1 fault-nth:47): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:10 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5865, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:10 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x8080, 0x100) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x10000, 0x0) fcntl$setstatus(r5, 0x4, 0x800) writev(r4, &(0x7f00000003c0), 0x63) 19:02:10 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4788, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 204.310642][T11257] FAULT_INJECTION: forcing a failure. [ 204.310642][T11257] name failslab, interval 1, probability 0, space 0, times 0 [ 204.350181][T11257] CPU: 0 PID: 11257 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 204.358103][T11257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.358108][T11257] Call Trace: [ 204.358125][T11257] dump_stack+0x1d8/0x2f8 [ 204.358141][T11257] should_fail+0x555/0x770 [ 204.358161][T11257] __should_failslab+0x11a/0x160 [ 204.358172][T11257] ? ext4_mb_new_blocks+0x2ac/0x2cc0 [ 204.358184][T11257] should_failslab+0x9/0x20 [ 204.358196][T11257] kmem_cache_alloc+0x56/0x2e0 [ 204.358208][T11257] ext4_mb_new_blocks+0x2ac/0x2cc0 [ 204.358218][T11257] ? trace_kmalloc+0xcd/0x130 [ 204.358231][T11257] ? kcalloc+0x2f/0x50 [ 204.358239][T11257] ? __kmalloc+0x26c/0x340 [ 204.358247][T11257] ? kcalloc+0x2f/0x50 [ 204.358261][T11257] ? ext4_ext_search_right+0x4cb/0x940 [ 204.358270][T11257] ? ext4_find_extent+0x8e0/0xaa0 [ 204.358282][T11257] ? ext4_inode_to_goal_block+0x27b/0x3b0 [ 204.358293][T11257] ext4_ext_map_blocks+0x4b8c/0x7170 [ 204.358331][T11257] ext4_map_blocks+0x8f4/0x1e30 [ 204.405029][T11257] ? __kasan_check_write+0x14/0x20 [ 204.405046][T11257] ext4_getblk+0xae/0x460 [ 204.405061][T11257] ext4_bread+0x4a/0x340 [ 204.413785][T11257] ext4_append+0x175/0x310 [ 204.413802][T11257] ext4_mkdir+0x7ad/0x1450 [ 204.413829][T11257] vfs_mkdir+0x43f/0x610 [ 204.413844][T11257] do_mkdirat+0x1d7/0x320 [ 204.413859][T11257] __x64_sys_mkdir+0x60/0x70 [ 204.443786][T11257] do_syscall_64+0xf7/0x1c0 [ 204.443802][T11257] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 204.443811][T11257] RIP: 0033:0x458e47 [ 204.443820][T11257] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 204.443825][T11257] RSP: 002b:00007faddc0f0a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 204.443834][T11257] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 204.443842][T11257] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 204.542757][T11257] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 204.550719][T11257] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 204.558679][T11257] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000003 19:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6558, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4800, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:11 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:11 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) write$capi20_data(r1, &(0x7f0000000240)={{0x10, 0x472, 0x0, 0x81, 0x1, 0x3f}, 0xf5, "6bd107c588ce0f895960d2099f11f1d6097ebbdc34b35db699a6f3baa3008dbb60ee8dbc341c42cc1fd62ec96f2070a8f4d98f06042c7359f5faaa6b0f99c6c9d8e885c82b16d0b0d8d17c51801a19ee328a39f02f2b18d152d81f891497e17b43f7c27862619b5bd3580e1bb9efc6b911ab8a020c6607fa7c2936f806b64776f7e8615620af9010485b98c8cf236116a083f53e3bf6a26be5e4b662d826a1424a8c664617e01313a2c5334dcad556039c76886c0dd94f824226d7df4b50682ef4d74043e2381bb3bf64b8c2528e25a2defea354fdc5502a28bcf5d5626c53964dd18d6b7fa9cd6a77c0b5babd433473a6aa3a9111"}, 0x107) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:11 executing program 1 (fault-call:1 fault-nth:48): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:11 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x2, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) r5 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) r6 = add_key(&(0x7f0000000180)='pkcs7_test\x00', &(0x7f00000001c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r7, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r8 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r9 = fanotify_init(0x0, 0x0) fanotify_mark(r9, 0x75, 0x40000002, r8, 0x0) r10 = accept$inet(r8, 0x0, &(0x7f0000000d00)) setsockopt$inet_MCAST_MSFILTER(r10, 0x0, 0x30, &(0x7f0000000cc0)=ANY=[@ANYRESDEC=r7], 0x1) keyctl$unlink(0x9, r5, r6) writev(r4, &(0x7f00000003c0), 0x63) r11 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r11, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) sendmsg(r11, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000240)="98589faf7fd38cb51616bcc4f82d3df1bc2febd0f25272bf6782e743fabcc604c0ee365cad1c0625bc765927121f16fbab9ce5549ebebc70afcea1a4a667691574bea9db90eab4dca8f67baa969478edbe12f04add76a1a0663437ad081563112c208e66251727f23b01b87c221860294eb1847afacd0a7a28631d6daf823f69811c5e5765455ff496aac55c3f146ec01ed88c2012475f2dc5f663bbde18195d1f6cc4e05734c68d30dbf80c21018f4a804549898a63", 0xb6}, {&(0x7f0000000300)="eb8ad6e547e6d207091187b58829219f6b008bbb90ffc04775a774597a3164915f704c97a385916b6efa36127b5a04aa8811baf881ab44ce79e2adb8ec06ac8171b1958df1a4e513e61b7ec2d27d5cc1570ce2366a13653f74e3a87c42d42eb9ab1a5c0466cb03e1e1c7c905e958a03bd1190e6758e99e66ef3eaac88eea63edad2fce906c9c95f340", 0x89}, {&(0x7f00000003c0)="e44cb065a7b9955029ee35d14bcf199541da30d7e008b90ad23e201d6f3eee3bfdffe1525fed4373a48e2eb86c68c06dc9939051ef0d", 0x36}, {&(0x7f0000000400)="91b429632a7fd09c245e7153d478c45fced904a4f35aee4a1a70e28ec2c2dea42db5589efed27fa25773591ac3e774db531af5e95a52c8ce00c506c4161cf749fe1c", 0x42}, {&(0x7f0000000480)="3a5c040741e2eddbdbbd8d4d6ee3ddfa5a1c1037df1db0e93e36b93a4733c3dff1035c7ae19db3138d626f11e3b8", 0x2e}], 0x5, &(0x7f00000005c0)=ANY=[@ANYBLOB="f00000000000000000000000050000001bf442c6c684cd4c543ee40ed9aa02fcb7668acfdeec896a5d7d5998ca782b4b31deff7f472af268e93bfa370c00a69f12deb313cbdab3a2ce922127ce5186b06faba27da7ecf2feefb93b19f4bb32adde59ef9ce46fafa8bfea63f6e4767f35df878e71fb4eed21f7f04693a400e747c4fa50083f3040adbc666339a2e8ff3aa84f1cefc816dc73ee5006aa171f13dd3e3c500fb7c83e8c0cd32c13f77ae02e758d61ad7f8444a227c2675e3858565791ebc749e8dc482143bda791c7ccfcd8ec7f3a834f7f69efc03c01bf40393457734dcd086e2907667e000000000000004800000000000000da07e204030000005f9f7b04ce89e20c2853a57a5820c0e3f138638a3fd7016ff2a67ccd31507daff34ed31f17c756727247c4237b9b6b84a49b3a8c5051e7d5"], 0x138}, 0x20000011) 19:02:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4888, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6800, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6a03, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 204.911706][T11279] FAULT_INJECTION: forcing a failure. [ 204.911706][T11279] name failslab, interval 1, probability 0, space 0, times 0 19:02:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 204.981136][T11279] CPU: 1 PID: 11279 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 204.989053][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.999105][T11279] Call Trace: [ 205.002418][T11279] dump_stack+0x1d8/0x2f8 [ 205.006752][T11279] should_fail+0x555/0x770 [ 205.011167][T11279] __should_failslab+0x11a/0x160 [ 205.016104][T11279] ? kzalloc+0x1f/0x40 [ 205.016190][T11279] should_failslab+0x9/0x20 [ 205.016200][T11279] __kmalloc+0x7a/0x340 [ 205.016213][T11279] kzalloc+0x1f/0x40 [ 205.016223][T11279] smk_parse_smack+0x197/0x230 [ 205.016234][T11279] smk_import_entry+0x27/0x590 [ 205.016252][T11279] smack_d_instantiate+0x78f/0xd70 [ 205.024797][T11279] ? lockdep_init_map+0x2a/0x680 [ 205.024813][T11279] security_d_instantiate+0xa5/0x100 [ 205.024826][T11279] d_instantiate_new+0x65/0x120 [ 205.024841][T11279] ext4_mkdir+0xfa9/0x1450 [ 205.024871][T11279] vfs_mkdir+0x43f/0x610 [ 205.024887][T11279] do_mkdirat+0x1d7/0x320 [ 205.024902][T11279] __x64_sys_mkdir+0x60/0x70 [ 205.024915][T11279] do_syscall_64+0xf7/0x1c0 [ 205.024933][T11279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.037774][T11279] RIP: 0033:0x458e47 [ 205.037784][T11279] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.037790][T11279] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 205.037800][T11279] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 19:02:11 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) times(&(0x7f0000000100)) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r2, &(0x7f0000001540)="6d647a13c72a9188c03b4cc4e53824f30630da267c14a51d4a16567221b4e1aa04034e29685e233f6644dba34f3fbf45c4182bb3c3b036d8faf11d2e40b2859cf65a6366554a1eb3411b3df48148d5bf1fc1d3d862a244ff383eaf5ce335509d5d3104e44c7383a8acc7fcad736545375e0b8a423d480cf973205d0dfd78c122e578df677f2f74b660617338171a29dbd3b1fdf09427800f681dcb3f8df93dedd40da8a2f14c4a865056cbc5579254fcb134d257909ee52597de4c3895f1fba03eeddceb8e950dd40e07a60b8ed2a466b204da7173ff1286c123aa16a0bbb4b4f62727fb2335745e1c7426b6f0c94fc5a428848b938e3cfe50e7ecfc4eaa0b4d2db6bc661e78cea5ffa669cc9038dfc510c915b93f20b1e0c5e83b2b9e3f6c117e6f433cdfc1ca7a48b2c07e9466279fff155e5e9df1e00871bc88ff3b8473fb8c613d3d0815f546403ca796d27a3107a581d7249ac05b4f1137860efc47d1a3cea91a34ab6c4255f00f472d18bf6a04fa13cbaad7071784356727eb3b2f9a617a2b2b617007b82c691c15379c047ded963f6ed911ea3e0e7c2a3a5cbee04540ac848acf6ce5a89b29565055787e296905a55f81c27b61e268cb9ac287cff5b5970d082b66ac58d5eb51eff8c298fd61a738690622869bc31b85ff8e6ce5f353f7c24d360a3bce35e7d7c42d0cdef7ab56620d0bb2850e9b005fbeb31c36e130d9b8ca49bfe059115554836285bbb7e49daff8e33dfec31f0d2e9a400dd31a18e1c3897a710173400568c73acff33d3161a898ff32b42436cddf00910bffe6d06c698c1e1458af243de4623339cd96bfd6e65c0af9f14ee3a5adbf354252109e6b1f949f4f2c491c8b5efb6c46203bd7d4a9cf9749508a8d6c478168e2f96a6f07483d3309fb467dc9110b772afa755f7aa5deee12a7e0b21d874b55e922a17447f9a5c323309e7f29b91fbca593a065027f5dec72b1e5e1d9d8b3338bc91b869a098aacf545230da964790d28cd0754c1224f457372a5ccf6495eec7083bbe3da87a0e835973cfc248fbd16a996c0c605f4b3e15e8a4b3753b217522649cccbb8ff05fe58fd0c5ef1cb24164670329265ab105be8a505f1efa18c1953805bf5d1799b87784ad3d126b4392913b139cd1cbb34fc7983883463b07e68f683a7335989a3bc34a61340abf495f15b5bc58bf9f0f51fad5056000b2ae0b1dd441bc375934c7a82c8964e8a0e7a4f6e2217206880d8d3bf010c0e05c78a9aacb331b94717e5ae5913cbd2402cc515cf0998698465a7da24e903b73a521047fc9ef602c0b7e3e70307ed20efc51d1dcf1a2947f51f1e40847e7fb0b6b0c81b0376376e0e1cb40859b407d6f02106cbf2f5cd159966b461b30cca5975d14fb43cc22f817fec84c04d2c9f0fe90b80faf1ed7151224860b2d373a5b8265fec7bf7eed66d4b8fc31fc70726748da3088fd050b3d1711880c779badf752a8b8eace53c26caa06dd77708407af142de994fb151e2032e3b80bd0d130eef562543a50f0605308f6af23e3848b9700b28dd8b47ed2efe95669555414241139f69a8b1273c8c9effc43ab4000661ab548f8c656c9429b8736e76897946e7a47c254f8723893af8e4f1fa49d532411277cd01598de9e59361e01717637d4a99b141bed015b6d905d31184bb33d30d409b9d854a14925dcde81cc1ddd852eb93ceaefb606fe0b9946689be6d6dcd9b0b0fb21c0f3b3e4e0b17deb4fd58e342731d718ae8c45d64d55ed799bd5dfa8a936a80497aafb221a9275eda96672ddebd973460691c9262b84bc80c83e272f3ce72451b910f9754d8eda87c35d1ace8004d41d79358ecd64edbfbc5760c9dc788daa499b67aed90e7edf0b34beaae0d703aa0cb0ad36c34bc8ace24b5554910337e143cec3bcfcd0b25434b50c9837f0c22237b04d513b9e7fd9a64ee534ea133dfc480ee225acff14a5420235905f8514de0a8e0e6c88afa320ef5efd44d180d58b54f62395c5657b418ee73cd5e66a5c3f535f7dd341d3e1c059c4bbe77bef58d4732192bda41d3f6c830320b8ad3196b7c4e628e2f56d360349744a56fa175a148fe6982870122153f5d7d6e7adca1d2994cc8c26df79522fd8c0d1024b683a0e28759f25dc6e93b05b1bda660b1c4e67ac74518a6b4e1600b45de9e554dcd82b451308446da57d7690991026222aa7e3b611e07460662f5a1b0d5ead882d921540cc988260170b48f5d7982d7f63c5a2959d678aa6e10d372b0007789bdf67cba9bbdf844be5705ea81f729fa0236926a9034db123c199be9631257f0f80db02ab24c5488e52bff7e61dda832c3ccbf6d71662a4825705f21cb2864d4f73a30e6305a32c8cbb935b2cc0303e23c6f339b5b5e693e8de6c2a65727bb86ce72cda1807ce50c33b2a4b15bde8e008b5e5f35f95a56b7788597317d31396d3627a8f8e2bbf7b7e8ca41d7be118b8c131d9af1cf21f2bd80e513108933b0b08d536ed4f3d9b1a70059753915f08a5abd68c45eb39c0fcc629afac0c0e591b4a14d616bc5dbd875739cfe22e81e3089e81b7c7e14c1113edb41e196d6765e9e6d315c9a4a9d5d55511e40a99e09b92d4b9f4bab3dd127edfb5f474d4dba730d6b60bda3a408889a53956eae09182d5646552bdd24b8505afd091f126e63691cc8747caefb9fcb2feb2ac1171f34be40f0464e87be0a382bd6c027c4f46e7a70bb9d705824eb53bb2f1260136cb5d6714431dafcf103c7678556885a68214c1315ba837088972d374ab3290df721ab3b92f19549a555909ff3304d08a0ae2c30346b23df241bb526a9c2dab754d63731bf830850d8c88382b21ad937c6935ea39a6cd3e953097e481535fd0283569116555049a4cbd00ecee61d5f1285d468494f4baff777df77519f59632bf2cc6f64cd0ccaafce530b2f48d4d095678d8dd2ff8a637ae797481260f0803e1345f13b3f40cba9620d0a54eb741ccdb7ae2d6fb0eb82d2052f2eeed73765f90bf31b25d151db84e9bcaf3c7bb4a1b48ca76e7b23c9097d0da9fe2ab1d57229a371c58cc647b0decc03e6d291e0cb71ed090c4119129a5b514731399b8a50843d774671ad15c7c92e9d95c1cb03851014e43f9468c0ec76b9e94785be8b400951911c4f4aa82513a463aa6a50e59d8c204f11a348421b4795fade75caf3aeafe648e1f0fcf4d994454f63da9609e4a5dfb8aa2e6bef6a38ab0b914f3be8cda63aca759a12ce082f47bd480c2ed7dc55293fdc5f8923f1ca20b0dc41818acebbf014d4f3a7af80a852ce97efd6368ae05c2b3aa58c7604ac6bc60bf3f98aab8fa6f21aa1ef9a7b339bda54c9f774000a71c4f57e8ead14be8314b50bae61ae31be4209ead77549356f15fb9188d1f725de9da8bd7332bda060c13223d87ad789d2bd315796a0471e3e1ee7d96b926b499f011032be23e1fa7b295937f0d28a697ba63657e064bdd72c78352d99e3d89d3fb184b1d16ab86bd2b737e9573ab18e29423a85e9939d102e0943448edd9daf6cbbade4c4c75621b37092959412fdbcc0df8f01ea96cada52cd26b436f1b8a31d61b89c8d6c4dfd80980a92edf61c505bb629ef5f46eb5b3b727216a5c34236c887dd8b54963e90c675f592bf58e5d376d47a6f501f6c9720b150d072ce936e691d44095eca8ea5c307f440b2b0eddeb6935cf92895c7dd74ef48be0ed2c172220596b40ec384cf3d1a2369fef576846103db4bcfd851df8e92e39b280d733305268b5935866dc114e6669aebebfde9f24e0275ca3de28bf46cf07bf7a90f3e17608f31e1fa1b2fb5873148caecd17f8f913c4f7389cc4408857e44ac0c9f4218a815e7426236c2075b660c64fedce4915bd65603adeea12881f3b39ef8ee3d3598bd5d4ff310abb92d33f41a010640213148742b74a52324994224766084eac5cc20a91485f11b218407c13f8776f61b64d265b155367c9a165ad695720731349a4b92b04bbca54483f730a1e6cc94c7e4d627337aa9e3f471e046775ce405238778c2b26c670292fe261ac3217e79b74b0d41fd375fd4f427e28b4a9656cd9661c2c8e993cd72e9053f83a6dc78fc3d989fa98217f3cc8d85265241da4a9fc43e62646ec1a272906bd36426f7c86448da1a3308b62fbf90abd63dd075cb59152df38eebcfe94e520060e905a338b63131027fcb5d2eb60a0a5028bccbf643438510cbfd87474f59be902ca55a3e5e842193ec5c8c97a6d802edeedd5b24bb8139194a89c04e4f625aa4cb2d7582c1fa67ef54fe97114fcaa1079f87854ba642316406970d6f204c7dd133f700c9ff91fc23000dd15d1e9356b1a1a51825b5a7a015a4cf69c00833d2ffb110460031736f2035254d5cebae87c8860e3e96395075c99bee8a9b5d53870675587418a4e4b38962597c46bacfb8b35d0c7cc59bdb6fe79bae4b35df6dfeb9cf8167e7b184c050210ed5ee09e45b1ce547e91240831a23f43fc1a7b9418217e6aa26adc0743fadb383db59c324e13b4633b96632818de479fd975bf3c784ec88edbe5382ed71271c23b2ad5e3d9abe6ebcc7165bbbc8e610424f2c6bd12d734f1d325057461ed0dfa44f67d6e13c59b93a198e4484107bc973c94eac8c3e9dd8d9da45170984afe3876b4c42bb53d69c753db399228998d14e19c6c7d6fbe9d28b5904da387f81d890645277a6cbc27d409643e2a7a6e3666344946479f962159f82fdb6117ef61852be0be98a26859daaff8436c930cc6f2836f91619e27ce287157fb86a98e9f40f93adbff696ac7cd5dc5fde70055c9de84a97673ed77af2e48272e0ffaed598f0e4c7d0f5c7d54f4289981c4ccf52006dcb7a338ddc8cbdcb137dda255a42576ee9a49c2b22c88f438e2cd148ec02601feaddebc14afbff68b1331d7d8ecee2b15c6c501aaa10361f448beae3af3a10aff12596647c1e654b35c353f35b716927351bb9f0f780b52968d21496a9833ea147c2f842b5a080b0037dd61f9f43837fa289de57627b6e4da5345a44fd129bb271ba9e431b3ddc3faef3e5cb2409632e7dd0d0d12724a69d819c485f484a7e5fd8b3ab3637f868d77ff5c7043b9340f2fbea6c6667e84071c43e7ff02ac87fd9a00e6e442ff2b2132cc17e9db884cb063a85c4b720810468d2bcc1e9cf9f81027eb4fa3dc7caa37d9fdbf0db9306696f45692abeef79200b09381a801553a502b1ecfaa2f579e59642ba0b8b6c04784ecab629bb55629bfc624cce4feef530e20a46f823319820035c331084d14f5bdc66a4ada475a7077c2d4d0e8d652a7c2de63cd94fd379929d06f60fab34d148e59efa09f28061654e5e76476d174fb02bcfef5d3c08dd2bdbd7284654445c071afa0ae6d97efcd4391636ff630318411bdb95516343eb692ca12722cc6b1a364e60cff739018af9a35609afadb2354bb25be9a1fe457642d9eed9e3662f28efcec7ae95e790f0338165c379d77f04070a41a777ab043fc21bb6db4703a00d50eb25e3c9c11acb68efc6c6e308358ad3e4cd015bbfa1f20c5d6cadf5406ba72fe554f65ac5ff440b3ac0828397bffa69ae03a9e224200518a208c04999772ea5640d9a7621279324e41a78843c58dc2cae48e0cf0b3838eab07b1ab76639e304c48fc93c8fcfad6efc633aa315e06f37a674cee3841f688c8aef0d4dbd63fd1a60f5b632a12423bc1b352242dffd343f1360d188e57e3e2d79cc389ba1af6fbe99cf6b1a80049721ba07a8713356a47cf1f7e6cc31d57e64856d34b38e32e5c99e872caffb737a0aaeb88cea6eca3690c0f04b8810a136ff3ce2191a0384a9941fffda26728d6750112045163bc0c1a5c426e5fef60b16e3ac92081198b851b49ed382e447908ef9b40c3d8bea070799ff2c91be681c8a2f8887be2affed65997010490c6176dde088b17362f60745727cdea513daa650a599153dc123e367330c97f08d3ca0bd6d3c048705bae5837989070459722b0ed85316371b4ade7c0f9f8cd2fd3f7395c2098e62100800cb4def59271b09b9fed641aeafe3758309ca898ddd48193b90c69a878996e051c8e0c88f4c18259b7ded182c4382b281e396a48a41d8ddfa91d37cc218b8af13b0da617b8375", &(0x7f0000000240)=""/210, 0xb7b050736c4bfb08}, 0xfffffffffffffdab) writev(r4, &(0x7f00000003c0), 0x63) [ 205.037807][T11279] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 205.037812][T11279] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 205.037818][T11279] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 205.037824][T11279] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 205.042812][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 205.042866][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:11 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5865, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:11 executing program 1 (fault-call:1 fault-nth:49): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:11 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 205.321371][T11300] FAULT_INJECTION: forcing a failure. [ 205.321371][T11300] name failslab, interval 1, probability 0, space 0, times 0 [ 205.381248][T11300] CPU: 1 PID: 11300 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 205.389182][T11300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.399237][T11300] Call Trace: [ 205.402532][T11300] dump_stack+0x1d8/0x2f8 [ 205.406877][T11300] should_fail+0x555/0x770 [ 205.411304][T11300] __should_failslab+0x11a/0x160 [ 205.416243][T11300] ? ext4_mb_new_blocks+0x2ac/0x2cc0 [ 205.421535][T11300] should_failslab+0x9/0x20 [ 205.426047][T11300] kmem_cache_alloc+0x56/0x2e0 [ 205.430814][T11300] ext4_mb_new_blocks+0x2ac/0x2cc0 [ 205.435917][T11300] ? trace_kmalloc+0xcd/0x130 [ 205.440590][T11300] ? kcalloc+0x2f/0x50 [ 205.444652][T11300] ? __kmalloc+0x26c/0x340 [ 205.449058][T11300] ? kcalloc+0x2f/0x50 [ 205.453127][T11300] ? ext4_ext_search_right+0x4cb/0x940 [ 205.458581][T11300] ? ext4_find_extent+0x8e0/0xaa0 [ 205.463810][T11300] ? ext4_inode_to_goal_block+0x27b/0x3b0 [ 205.469531][T11300] ext4_ext_map_blocks+0x4b8c/0x7170 [ 205.474855][T11300] ext4_map_blocks+0x8f4/0x1e30 [ 205.479710][T11300] ? __kasan_check_write+0x14/0x20 [ 205.484827][T11300] ext4_getblk+0xae/0x460 [ 205.489156][T11300] ext4_bread+0x4a/0x340 [ 205.493401][T11300] ext4_append+0x175/0x310 [ 205.497819][T11300] ext4_mkdir+0x7ad/0x1450 [ 205.502251][T11300] vfs_mkdir+0x43f/0x610 [ 205.506501][T11300] do_mkdirat+0x1d7/0x320 [ 205.510830][T11300] __x64_sys_mkdir+0x60/0x70 [ 205.515434][T11300] do_syscall_64+0xf7/0x1c0 [ 205.519943][T11300] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.525842][T11300] RIP: 0033:0x458e47 [ 205.529730][T11300] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.549333][T11300] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 205.557740][T11300] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 205.565706][T11300] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 205.573668][T11300] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 205.581629][T11300] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 205.589597][T11300] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:12 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b00") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:12 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$EVIOCGID(r2, 0x80084502, &(0x7f0000000080)=""/2) r3 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0x75, 0x40000002, r3, 0x0) ioctl$DRM_IOCTL_SET_MASTER(r3, 0x641e) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r1, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r8 = fanotify_init(0x0, 0x0) r9 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r10 = fanotify_init(0x0, 0x0) fanotify_mark(r10, 0x75, 0x40000002, r9, 0x0) ioctl$SNDRV_TIMER_IOCTL_START(r9, 0x54a0) fanotify_mark(r8, 0x75, 0x40000002, r7, 0x0) write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f0000000180)={0x30, 0x5, 0x0, {0x0, 0x2, 0x0, 0xa435}}, 0x30) r11 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r11, 0x4, 0x6100) r12 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x400080, 0x0) ioctl$RTC_PLL_SET(r12, 0x40207012, &(0x7f0000000100)={0x80000001, 0x8b46, 0x7, 0xfffff7d7, 0x7, 0xfff, 0x7}) writev(r11, &(0x7f00000003c0), 0x63) 19:02:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:12 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x0, 0x10004, 0x1, 0x0, 0xffff}, 0xfffffffffffffd4e) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$UI_END_FF_UPLOAD(r1, 0x406855c9, &(0x7f0000000280)={0x7, 0x1, {0x54, 0x1, 0x985, {0xa8, 0x40}, {0x8da, 0x6}, @rumble={0xb6e0, 0x1000}}, {0x57, 0xca6f, 0xff, {0x4, 0x54be}, {0x45b3, 0xf22c}, @rumble={0x8, 0x4}}}) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100)='/dev/audio\x00', 0x84800, 0x0) ioctl$sock_inet_tcp_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000240)) r5 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r8, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) close(r8) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7201, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:12 executing program 1 (fault-call:1 fault-nth:50): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6558, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7203, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 205.814024][T11314] FAULT_INJECTION: forcing a failure. [ 205.814024][T11314] name failslab, interval 1, probability 0, space 0, times 0 [ 205.870950][T11314] CPU: 0 PID: 11314 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 205.878873][T11314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.878880][T11314] Call Trace: [ 205.878898][T11314] dump_stack+0x1d8/0x2f8 [ 205.878914][T11314] should_fail+0x555/0x770 [ 205.878932][T11314] __should_failslab+0x11a/0x160 [ 205.878947][T11314] should_failslab+0x9/0x20 [ 205.878959][T11314] kmem_cache_alloc_trace+0x5d/0x2f0 [ 205.878972][T11314] ? smack_d_instantiate+0x732/0xd70 [ 205.901972][T11314] smack_d_instantiate+0x732/0xd70 [ 205.901992][T11314] ? lockdep_init_map+0x2a/0x680 [ 205.902007][T11314] security_d_instantiate+0xa5/0x100 [ 205.902020][T11314] d_instantiate_new+0x65/0x120 [ 205.902037][T11314] ext4_mkdir+0xfa9/0x1450 [ 205.911456][T11314] vfs_mkdir+0x43f/0x610 [ 205.911475][T11314] do_mkdirat+0x1d7/0x320 [ 205.911492][T11314] __x64_sys_mkdir+0x60/0x70 [ 205.911503][T11314] do_syscall_64+0xf7/0x1c0 [ 205.911517][T11314] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 205.922562][T11314] RIP: 0033:0x458e47 [ 205.922572][T11314] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 205.922578][T11314] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 205.922589][T11314] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 205.922595][T11314] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 19:02:12 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) lseek(r6, 0x0, 0x2) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000100)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 205.922602][T11314] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 205.922608][T11314] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 205.922614][T11314] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:12 executing program 1 (fault-call:1 fault-nth:51): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7400, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6800, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 206.203155][T11333] FAULT_INJECTION: forcing a failure. [ 206.203155][T11333] name failslab, interval 1, probability 0, space 0, times 0 [ 206.215878][T11333] CPU: 1 PID: 11333 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 206.223768][T11333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.233825][T11333] Call Trace: [ 206.237113][T11333] dump_stack+0x1d8/0x2f8 [ 206.241434][T11333] should_fail+0x555/0x770 [ 206.245845][T11333] __should_failslab+0x11a/0x160 [ 206.245859][T11333] ? __es_insert_extent+0x7ba/0x17c0 [ 206.245870][T11333] should_failslab+0x9/0x20 [ 206.245881][T11333] kmem_cache_alloc+0x56/0x2e0 [ 206.245894][T11333] __es_insert_extent+0x7ba/0x17c0 [ 206.245920][T11333] ext4_es_insert_extent+0x250/0x2ea0 [ 206.245945][T11333] ext4_map_blocks+0xe1c/0x1e30 [ 206.245963][T11333] ? __kasan_check_write+0x14/0x20 [ 206.285786][T11333] ext4_getblk+0xae/0x460 [ 206.290118][T11333] ext4_bread+0x4a/0x340 [ 206.290134][T11333] ext4_append+0x175/0x310 [ 206.290151][T11333] ext4_mkdir+0x7ad/0x1450 [ 206.290181][T11333] vfs_mkdir+0x43f/0x610 [ 206.290196][T11333] do_mkdirat+0x1d7/0x320 [ 206.311785][T11333] __x64_sys_mkdir+0x60/0x70 [ 206.316377][T11333] do_syscall_64+0xf7/0x1c0 [ 206.320885][T11333] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.326777][T11333] RIP: 0033:0x458e47 [ 206.330658][T11333] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.330664][T11333] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 206.330674][T11333] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 206.330680][T11333] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 206.330686][T11333] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 206.330692][T11333] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 206.330698][T11333] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 206.412299][T11338] validate_nla: 25 callbacks suppressed [ 206.412305][T11338] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:13 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b00") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) 19:02:13 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fgetxattr(r2, &(0x7f00000000c0)=@random={'os2.', '\x00'}, &(0x7f0000000100)=""/44, 0x2c) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r6 = gettid() tkill(r6, 0x13) ptrace$setopts(0x8409, r6, 0x7, 0x43) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:13 executing program 1 (fault-call:1 fault-nth:52): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 206.659218][T11347] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 206.677542][ T26] kauditd_printk_skb: 22 callbacks suppressed [ 206.677552][ T26] audit: type=1804 audit(1570129333.366:340): pid=11346 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/163/file0" dev="sda1" ino=17127 res=1 [ 206.679281][T11349] FAULT_INJECTION: forcing a failure. [ 206.679281][T11349] name failslab, interval 1, probability 0, space 0, times 0 [ 206.729842][T11349] CPU: 0 PID: 11349 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 206.737749][T11349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.737754][T11349] Call Trace: [ 206.737770][T11349] dump_stack+0x1d8/0x2f8 [ 206.737784][T11349] should_fail+0x555/0x770 [ 206.737801][T11349] __should_failslab+0x11a/0x160 [ 206.737811][T11349] ? kzalloc+0x1f/0x40 [ 206.737820][T11349] should_failslab+0x9/0x20 [ 206.737834][T11349] __kmalloc+0x7a/0x340 [ 206.777464][T11349] kzalloc+0x1f/0x40 [ 206.781358][T11349] smk_parse_smack+0x197/0x230 [ 206.786114][T11349] smk_import_entry+0x27/0x590 [ 206.790880][T11349] smack_d_instantiate+0x78f/0xd70 [ 206.795996][T11349] ? lockdep_init_map+0x2a/0x680 [ 206.800936][T11349] security_d_instantiate+0xa5/0x100 [ 206.806218][T11349] d_instantiate_new+0x65/0x120 [ 206.811069][T11349] ext4_mkdir+0xfa9/0x1450 [ 206.815507][T11349] vfs_mkdir+0x43f/0x610 [ 206.819755][T11349] do_mkdirat+0x1d7/0x320 [ 206.824094][T11349] __x64_sys_mkdir+0x60/0x70 [ 206.828676][T11349] do_syscall_64+0xf7/0x1c0 [ 206.828693][T11349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 206.828703][T11349] RIP: 0033:0x458e47 [ 206.842937][T11349] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 206.862542][T11349] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 206.870941][T11349] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 206.870948][T11349] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 [ 206.870954][T11349] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 206.870960][T11349] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 206.870966][T11349] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:13 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8100, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 206.935266][T11348] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:13 executing program 1 (fault-call:1 fault-nth:53): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:13 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7400, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 207.052910][T11360] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 207.074739][T11362] FAULT_INJECTION: forcing a failure. [ 207.074739][T11362] name failslab, interval 1, probability 0, space 0, times 0 [ 207.075029][T11364] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 207.112550][T11362] CPU: 1 PID: 11362 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 207.120460][T11362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.130513][T11362] Call Trace: [ 207.133803][T11362] dump_stack+0x1d8/0x2f8 [ 207.138143][T11362] should_fail+0x555/0x770 [ 207.142570][T11362] __should_failslab+0x11a/0x160 [ 207.147512][T11362] should_failslab+0x9/0x20 [ 207.152033][T11362] kmem_cache_alloc_trace+0x5d/0x2f0 [ 207.157320][T11362] ? smack_d_instantiate+0x732/0xd70 [ 207.162864][T11362] smack_d_instantiate+0x732/0xd70 [ 207.167975][T11362] ? lockdep_init_map+0x2a/0x680 [ 207.172910][T11362] security_d_instantiate+0xa5/0x100 [ 207.178200][T11362] d_instantiate_new+0x65/0x120 [ 207.183049][T11362] ext4_mkdir+0xfa9/0x1450 [ 207.187472][T11362] vfs_mkdir+0x43f/0x610 [ 207.191713][T11362] do_mkdirat+0x1d7/0x320 [ 207.196040][T11362] __x64_sys_mkdir+0x60/0x70 [ 207.200623][T11362] do_syscall_64+0xf7/0x1c0 [ 207.205127][T11362] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.211011][T11362] RIP: 0033:0x458e47 [ 207.214899][T11362] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 cd c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad c3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 207.234504][T11362] RSP: 002b:00007faddc111a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 207.242912][T11362] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e47 [ 207.250876][T11362] RDX: 0000000000000005 RSI: 00000000000001ff RDI: 0000000020000100 19:02:14 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8847, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 207.258841][T11362] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 207.266805][T11362] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000005 [ 207.274769][T11362] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:14 executing program 1 (fault-call:1 fault-nth:54): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 207.353641][T11366] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 207.373803][T11368] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:14 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8100, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:14 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b00") splice(r0, 0x0, r2, 0x0, 0x10003, 0x0) [ 207.509462][T11372] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 207.529027][T11371] FAULT_INJECTION: forcing a failure. [ 207.529027][T11371] name failslab, interval 1, probability 0, space 0, times 0 [ 207.593997][T11371] CPU: 1 PID: 11371 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 207.601922][T11371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.611972][T11371] Call Trace: [ 207.615268][T11371] dump_stack+0x1d8/0x2f8 [ 207.619598][T11371] should_fail+0x555/0x770 [ 207.624015][T11371] __should_failslab+0x11a/0x160 [ 207.628954][T11371] ? ksys_mount+0x38/0x100 [ 207.633370][T11371] should_failslab+0x9/0x20 [ 207.637869][T11371] __kmalloc_track_caller+0x79/0x340 [ 207.643149][T11371] strndup_user+0x76/0x130 [ 207.647552][T11371] ksys_mount+0x38/0x100 [ 207.651789][T11371] __x64_sys_mount+0xbf/0xd0 [ 207.656376][T11371] do_syscall_64+0xf7/0x1c0 [ 207.660874][T11371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 207.666766][T11371] RIP: 0033:0x45c47a [ 207.670909][T11371] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 207.682446][ C0] net_ratelimit: 6 callbacks suppressed [ 207.682452][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 207.690499][T11371] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 207.690509][T11371] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 207.690516][T11371] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 207.690522][T11371] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 207.690528][T11371] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 207.690534][T11371] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 207.718310][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 208.722529][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 208.728344][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 208.734171][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 208.739924][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 208.745754][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 208.751495][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 209.202470][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 209.208317][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8847, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8848, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:16 executing program 1 (fault-call:1 fault-nth:55): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:16 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10003, 0x0) 19:02:16 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x402080, 0x0) ioctl$TUNSETSNDBUF(r1, 0x400454d4, &(0x7f00000000c0)=0xfffff5f9) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000100)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_AGP_ACQUIRE(r2, 0x6430) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) mknod(&(0x7f00000002c0)='./file0\x00', 0x400, 0x1) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000e0c0000fdffffffffffffff40000000000000006b010000000000000100000000003800000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/2168], 0x878) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f0000000180)={0x6, r6}) r7 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r8 = fanotify_init(0x0, 0x0) fanotify_mark(r8, 0x75, 0x40000002, r7, 0x0) ioctl$BLKBSZGET(r7, 0x80081270, &(0x7f00000001c0)) pidfd_send_signal(r6, 0x9, &(0x7f0000000240)={0xb, 0x200, 0x5}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r9 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r9, 0x4, 0x6100) writev(r9, &(0x7f00000003c0), 0x63) 19:02:16 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$inet_tcp_buf(r1, 0x6, 0xa2e7fcf42df048c4, &(0x7f00000000c0)="155d57f11ba42bef098dd843d3f375aac9110de1fc5336ecbef10e", 0x1b) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) [ 209.782282][T11385] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 209.803290][ T26] audit: type=1804 audit(1570129336.496:341): pid=11387 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/159/file0" dev="sda1" ino=17167 res=1 [ 209.804217][T11384] FAULT_INJECTION: forcing a failure. [ 209.804217][T11384] name failslab, interval 1, probability 0, space 0, times 0 [ 209.854003][T11384] CPU: 0 PID: 11384 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 209.861930][T11384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.872172][T11384] Call Trace: [ 209.872195][T11384] dump_stack+0x1d8/0x2f8 [ 209.872210][T11384] should_fail+0x555/0x770 [ 209.872227][T11384] __should_failslab+0x11a/0x160 [ 209.872237][T11384] ? ksys_mount+0x38/0x100 [ 209.872253][T11384] should_failslab+0x9/0x20 [ 209.893564][T11384] __kmalloc_track_caller+0x79/0x340 [ 209.893585][T11384] strndup_user+0x76/0x130 [ 209.893595][T11384] ksys_mount+0x38/0x100 [ 209.893605][T11384] __x64_sys_mount+0xbf/0xd0 [ 209.893619][T11384] do_syscall_64+0xf7/0x1c0 [ 209.893636][T11384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 209.903386][T11384] RIP: 0033:0x45c47a [ 209.903398][T11384] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 209.903402][T11384] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 209.903411][T11384] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 209.903416][T11384] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 209.903422][T11384] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 209.903428][T11384] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 209.903433][T11384] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 209.979393][ T26] audit: type=1804 audit(1570129336.656:342): pid=11393 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/164/file0" dev="sda1" ino=17170 res=1 19:02:16 executing program 1 (fault-call:1 fault-nth:56): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 210.071645][T11380] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:16 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8848, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:16 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8e00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 210.125148][ T26] audit: type=1804 audit(1570129336.816:343): pid=11394 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/159/file0" dev="sda1" ino=17167 res=1 19:02:16 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(0xffffffffffffffff, 0xc0096616, &(0x7f0000000080)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 210.190535][ T26] audit: type=1804 audit(1570129336.846:344): pid=11398 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/159/file0" dev="sda1" ino=17167 res=1 [ 210.214643][ T26] audit: type=1804 audit(1570129336.846:345): pid=11399 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/164/file0" dev="sda1" ino=17170 res=1 19:02:16 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) r6 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r7 = fanotify_init(0x0, 0x0) fanotify_mark(r7, 0x75, 0x40000002, r6, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=@newqdisc={0x24, 0x24, 0x507, 0x0, 0x0, {0x0, r11, {}, {0x3}}}, 0x24}}, 0x0) bind$can_raw(r6, &(0x7f00000000c0)={0x1d, r11}, 0x10) writev(r4, &(0x7f00000003c0), 0x63) [ 210.255332][T11401] FAULT_INJECTION: forcing a failure. [ 210.255332][T11401] name failslab, interval 1, probability 0, space 0, times 0 19:02:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9600, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 210.306250][ T26] audit: type=1804 audit(1570129336.996:346): pid=11406 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/160/file0" dev="sda1" ino=17168 res=1 [ 210.354465][T11401] CPU: 0 PID: 11401 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 210.362403][T11401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.371725][ T26] audit: type=1804 audit(1570129337.036:347): pid=11409 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/165/file0" dev="sda1" ino=17161 res=1 [ 210.372453][T11401] Call Trace: [ 210.372475][T11401] dump_stack+0x1d8/0x2f8 [ 210.372492][T11401] should_fail+0x555/0x770 [ 210.372510][T11401] __should_failslab+0x11a/0x160 [ 210.372520][T11401] ? getname_kernel+0x59/0x2f0 [ 210.372534][T11401] should_failslab+0x9/0x20 [ 210.372546][T11401] kmem_cache_alloc+0x56/0x2e0 [ 210.372559][T11401] getname_kernel+0x59/0x2f0 [ 210.413384][T11401] kern_path+0x1f/0x40 [ 210.413401][T11401] tomoyo_mount_permission+0x7f1/0xa30 [ 210.413442][T11401] tomoyo_sb_mount+0x35/0x40 [ 210.413455][T11401] security_sb_mount+0x84/0xe0 19:02:17 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req={0x7, 0x60bf, 0x0, 0x80}, 0x10) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) [ 210.413469][T11401] do_mount+0x10a/0x2510 [ 210.413481][T11401] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 210.413496][T11401] ? copy_mount_options+0x5f/0x3c0 [ 210.422735][T11401] ? copy_mount_options+0x308/0x3c0 [ 210.422748][T11401] ksys_mount+0xcc/0x100 [ 210.422759][T11401] __x64_sys_mount+0xbf/0xd0 [ 210.422774][T11401] do_syscall_64+0xf7/0x1c0 [ 210.422790][T11401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.422800][T11401] RIP: 0033:0x45c47a [ 210.422812][T11401] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 210.432124][T11401] RSP: 002b:00007faddc0f0a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 210.441608][T11401] RAX: ffffffffffffffda RBX: 00007faddc0f0b40 RCX: 000000000045c47a [ 210.441615][T11401] RDX: 00007faddc0f0ae0 RSI: 0000000020000100 RDI: 00007faddc0f0b00 [ 210.441620][T11401] RBP: 0000000000000001 R08: 00007faddc0f0b40 R09: 00007faddc0f0ae0 [ 210.441625][T11401] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 210.441631][T11401] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 210.459576][ T26] audit: type=1804 audit(1570129337.036:348): pid=11410 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/160/file0" dev="sda1" ino=17168 res=1 19:02:17 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10003, 0x0) [ 210.599364][ T26] audit: type=1804 audit(1570129337.286:349): pid=11418 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/161/file0" dev="sda1" ino=17168 res=1 19:02:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff0f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:17 executing program 1 (fault-call:1 fault-nth:57): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:17 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x118) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa401, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:17 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000140)={0x0, @adiantum}) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req3={0x1f, 0x7, 0x100, 0x8, 0x5, 0x1, 0x8}, 0x1c) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f00000000c0)='./bus/file0\x00', 0xe6ee005c5bc2e08b, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r6, 0x84, 0x7c, &(0x7f00000000c0)={r8}, 0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000180)={r8, @in6={{0xa, 0x4e24, 0xfffffffb, @mcast2, 0x8}}, 0x1a, 0x3, 0xffffffc0, 0xa96, 0x686da12a5407ab67}, &(0x7f0000000240)=0x98) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000300)={r9, 0x6}, &(0x7f0000000340)=0xc) fcntl$setstatus(r4, 0x4, 0x6100) r10 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r10, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$DRM_IOCTL_SET_MASTER(r10, 0x641e) writev(r4, &(0x7f00000003c0), 0x63) [ 210.821844][T11432] FAULT_INJECTION: forcing a failure. [ 210.821844][T11432] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 210.835079][T11432] CPU: 0 PID: 11432 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 210.842997][T11432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.853069][T11432] Call Trace: [ 210.853089][T11432] dump_stack+0x1d8/0x2f8 [ 210.853107][T11432] should_fail+0x555/0x770 [ 210.853129][T11432] should_fail_alloc_page+0x55/0x60 19:02:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xbc03, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff7f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 210.853139][T11432] prepare_alloc_pages+0x283/0x460 [ 210.853159][T11432] __alloc_pages_nodemask+0xb2/0x5d0 [ 210.853171][T11432] ? __kasan_kmalloc+0x178/0x1b0 [ 210.865169][T11432] kmem_getpages+0x4d/0xa00 [ 210.865185][T11432] cache_grow_begin+0x7e/0x2c0 [ 210.865199][T11432] cache_alloc_refill+0x311/0x3f0 [ 210.865212][T11432] ? check_preemption_disabled+0xb7/0x2a0 [ 210.865231][T11432] kmem_cache_alloc+0x2b9/0x2e0 [ 210.865240][T11432] ? getname_flags+0xba/0x640 [ 210.865251][T11432] getname_flags+0xba/0x640 [ 210.865263][T11432] user_path_at_empty+0x2d/0x50 [ 210.865273][T11432] do_mount+0xd7/0x2510 [ 210.865284][T11432] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 210.865296][T11432] ? copy_mount_options+0x5f/0x3c0 [ 210.885756][T11432] ? __kasan_check_read+0x11/0x20 [ 210.885770][T11432] ? copy_mount_options+0x308/0x3c0 [ 210.885783][T11432] ksys_mount+0xcc/0x100 [ 210.885795][T11432] __x64_sys_mount+0xbf/0xd0 [ 210.885808][T11432] do_syscall_64+0xf7/0x1c0 [ 210.885821][T11432] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 210.885830][T11432] RIP: 0033:0x45c47a [ 210.885840][T11432] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 210.885844][T11432] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 210.885853][T11432] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 210.885858][T11432] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 210.885864][T11432] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 210.885869][T11432] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 210.885874][T11432] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:17 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffe, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:17 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000090000000000000000000085000024dbe0a90ca1fa8f73aa1f9cf89f55d73237c3ad9f1609f9d339dc61dad0d0088e85795ee15dfcfd32bec1c84bd2bec4e42d88c2293c0b1abd8290d24d0a0c99588cdf23afb898a3f92c50e7437b8988e36a7bb5b8abebfdd255c68f5cd7aab445070ee89878dfd5fa2dda5079c1feb8572d65ff34bca3a4de5e593101582eb54153160f71cd7c2871efeebe00"/175], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x4, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) ioctl$FIDEDUPERANGE(r2, 0xc0189436, &(0x7f00000001c0)={0x7fffffff, 0x80000001, 0x1, 0x0, 0x0, [{r3, 0x0, 0x8}]}) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r1, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) keyctl$search(0xa, 0x0, &(0x7f0000000100)='cifs.idmap\x00', &(0x7f0000000180)={'syz', 0x3}, 0xffffffffffffffff) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) r8 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dsp\x00', 0x428000, 0x0) ioctl$TCSETAW(r9, 0x5407, &(0x7f0000000340)={0x1ff, 0x9, 0x3, 0x0, 0x7, 0x3, 0xa6, 0x1, 0x4558, 0x7f}) write$binfmt_elf64(r8, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f00000000c0)={'bond_slave_0\x00', @remote}) writev(r6, &(0x7f00000003c0), 0x63) 19:02:17 executing program 1 (fault-call:1 fault-nth:58): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:17 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf203, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 211.183015][T11448] FAULT_INJECTION: forcing a failure. [ 211.183015][T11448] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 211.196248][T11448] CPU: 1 PID: 11448 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 211.196256][T11448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.196261][T11448] Call Trace: [ 211.196278][T11448] dump_stack+0x1d8/0x2f8 [ 211.196293][T11448] should_fail+0x555/0x770 [ 211.196310][T11448] should_fail_alloc_page+0x55/0x60 [ 211.196322][T11448] prepare_alloc_pages+0x283/0x460 [ 211.214269][T11448] __alloc_pages_nodemask+0xb2/0x5d0 [ 211.214292][T11448] kmem_getpages+0x4d/0xa00 [ 211.214304][T11448] cache_grow_begin+0x7e/0x2c0 [ 211.214317][T11448] cache_alloc_refill+0x311/0x3f0 [ 211.214328][T11448] ? check_preemption_disabled+0xb7/0x2a0 [ 211.214344][T11448] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 211.221922][T11448] ? copy_mount_options+0x5f/0x3c0 [ 211.221937][T11448] copy_mount_options+0x5f/0x3c0 [ 211.221949][T11448] ksys_mount+0xa0/0x100 [ 211.221960][T11448] __x64_sys_mount+0xbf/0xd0 [ 211.221974][T11448] do_syscall_64+0xf7/0x1c0 [ 211.231536][T11448] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.231545][T11448] RIP: 0033:0x45c47a [ 211.231556][T11448] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 211.231561][T11448] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 211.231570][T11448] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 211.231576][T11448] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 211.231585][T11448] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 211.241940][T11448] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 211.241946][T11448] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x34000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:18 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000000100), 0x4) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'bond0\x00', &(0x7f0000000080)=@ethtool_eee={0x45, 0x400, 0x0, 0x7f, 0xa5, 0x8, 0x4, 0x7fff, [0x6, 0x51e8aae]}}) writev(r4, &(0x7f00000003c0), 0x63) 19:02:18 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x10003, 0x0) 19:02:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf503, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:18 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000180)=0x18) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x4fffd, 0x100000001, 0x10000, 0x64fe, 0xffffffff, 0x9}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='.ds\x00', 0xf0206, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x18, 0x2, 0x9, 0x800000001, 0x0, 0x0, {}, [@nested={0x4, 0x2}]}, 0x18}}, 0x0) writev(r4, &(0x7f00000003c0), 0x63) 19:02:18 executing program 1 (fault-call:1 fault-nth:59): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 211.543951][T11457] validate_nla: 10 callbacks suppressed [ 211.543958][T11457] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 211.559646][T11463] FAULT_INJECTION: forcing a failure. [ 211.559646][T11463] name failslab, interval 1, probability 0, space 0, times 0 [ 211.578058][T11465] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 211.592441][T11463] CPU: 0 PID: 11463 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 211.600355][T11463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.610408][T11463] Call Trace: [ 211.613702][T11463] dump_stack+0x1d8/0x2f8 [ 211.618029][T11463] should_fail+0x555/0x770 [ 211.622444][T11463] __should_failslab+0x11a/0x160 [ 211.627379][T11463] ? ksys_mount+0x38/0x100 [ 211.631791][T11463] should_failslab+0x9/0x20 [ 211.636286][T11463] __kmalloc_track_caller+0x79/0x340 19:02:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf803, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 211.636306][T11463] strndup_user+0x76/0x130 [ 211.636317][T11463] ksys_mount+0x38/0x100 [ 211.650200][T11463] __x64_sys_mount+0xbf/0xd0 [ 211.650217][T11463] do_syscall_64+0xf7/0x1c0 [ 211.650232][T11463] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.650242][T11463] RIP: 0033:0x45c47a [ 211.650250][T11463] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 211.650259][T11463] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 211.669061][T11463] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 211.669068][T11463] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 211.669074][T11463] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 211.669080][T11463] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 211.669087][T11463] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:18 executing program 1 (fault-call:1 fault-nth:60): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 211.748940][T11473] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 211.763846][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 211.763855][ T26] audit: type=1804 audit(1570129338.456:358): pid=11470 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/168/file0" dev="sda1" ino=17181 res=1 19:02:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3ffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 211.800384][ T26] audit: type=1804 audit(1570129338.486:359): pid=11467 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/163/file0" dev="sda1" ino=17182 res=1 [ 211.857961][T11477] FAULT_INJECTION: forcing a failure. [ 211.857961][T11477] name failslab, interval 1, probability 0, space 0, times 0 [ 211.876065][T11477] CPU: 1 PID: 11477 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 211.883978][T11477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.894024][T11477] Call Trace: [ 211.897316][T11477] dump_stack+0x1d8/0x2f8 [ 211.901649][T11477] should_fail+0x555/0x770 [ 211.906069][T11477] __should_failslab+0x11a/0x160 [ 211.910996][T11477] ? tomoyo_encode2+0x273/0x5a0 [ 211.915843][T11477] should_failslab+0x9/0x20 [ 211.920338][T11477] __kmalloc+0x7a/0x340 [ 211.924482][T11477] tomoyo_encode2+0x273/0x5a0 [ 211.924497][T11477] tomoyo_realpath_from_path+0x769/0x7c0 [ 211.924517][T11477] tomoyo_mount_permission+0x294/0xa30 [ 211.924531][T11477] ? filename_lookup+0x4b0/0x690 [ 211.945160][T11477] ? kmem_cache_free+0xd8/0xf0 [ 211.949936][T11477] tomoyo_sb_mount+0x35/0x40 [ 211.954525][T11477] security_sb_mount+0x84/0xe0 [ 211.959280][T11477] do_mount+0x10a/0x2510 [ 211.963514][T11477] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 211.969046][T11477] ? copy_mount_options+0x5f/0x3c0 [ 211.974150][T11477] ? copy_mount_options+0x308/0x3c0 [ 211.979337][T11477] ksys_mount+0xcc/0x100 [ 211.983572][T11477] __x64_sys_mount+0xbf/0xd0 [ 211.988157][T11477] do_syscall_64+0xf7/0x1c0 [ 211.992658][T11477] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.998539][T11477] RIP: 0033:0x45c47a [ 212.002425][T11477] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 212.022019][T11477] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 212.030417][T11477] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 212.038378][T11477] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 212.046337][T11477] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 19:02:18 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x5, 0x80000) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000180)={0x7f, 0xc, 0x4, 0x2040008, {r2, r3/1000+30000}, {0x1, 0x0, 0xd7, 0x3f, 0xe6, 0x40, "ffff02ec"}, 0x8, 0x3, @fd=0xffffffffffffffff, 0x4}) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x11011, r4, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r8, 0x4, 0x6100) writev(r8, &(0x7f00000003c0), 0x63) ioctl$UI_GET_VERSION(r8, 0x8004552d, &(0x7f0000000240)) 19:02:18 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r4, 0xc040564a, &(0x7f0000000080)={0x978, 0x0, 0x6001, 0x80000000, 0x5, 0x8, 0x2, 0x3}) [ 212.055163][T11477] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 212.063126][T11477] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 212.073841][T11480] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 212.078141][T11477] ERROR: Out of memory at tomoyo_realpath_from_path. 19:02:18 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfe03, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:18 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x40000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 212.149580][ T26] audit: type=1804 audit(1570129338.836:360): pid=11482 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/169/file0" dev="sda1" ino=17044 res=1 19:02:18 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 212.226595][T11488] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 212.246243][T11489] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 212.276351][ T26] audit: type=1804 audit(1570129338.966:361): pid=11493 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/170/bus" dev="sda1" ino=17165 res=1 [ 212.332153][ T26] audit: type=1804 audit(1570129338.986:362): pid=11491 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/170/bus" dev="sda1" ino=17165 res=1 19:02:19 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10003, 0x0) 19:02:19 executing program 1 (fault-call:1 fault-nth:61): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:19 executing program 4: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000080)=[r2], 0x1) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r3, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) 19:02:19 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x2a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f00000000c0)="6f5496ec782ef6777a6eb34005a285afe28a1db095bacc91fddee45879e526852979de9819a92d65acf68302ab04d9a6442608747e6e2b2d810bf630bf0f2e925147c0c0db34ec86adeaac5807864b41e0a5157abf24e48f9fdf78936215b4303f5c3d3caa2e43d9e5f33e7e19ad0ae115c2da6b", 0x74) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) r8 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r7, 0x84, 0x7c, &(0x7f00000000c0)={r9}, 0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000140)=@assoc_id=r9, &(0x7f00000001c0)=0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000240)={r10, @in={{0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x30, 0x9}, 0x1e1) r11 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r11, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 212.469120][T11504] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 212.484726][T11498] FAULT_INJECTION: forcing a failure. [ 212.484726][T11498] name failslab, interval 1, probability 0, space 0, times 0 [ 212.522507][T11498] CPU: 0 PID: 11498 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 212.530429][T11498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.540486][T11498] Call Trace: [ 212.543781][T11498] dump_stack+0x1d8/0x2f8 [ 212.548108][T11498] should_fail+0x555/0x770 [ 212.548127][T11498] __should_failslab+0x11a/0x160 [ 212.557455][T11498] should_failslab+0x9/0x20 [ 212.557469][T11498] kmem_cache_alloc_trace+0x5d/0x2f0 [ 212.557479][T11498] ? alloc_fs_context+0x65/0x640 [ 212.557492][T11498] alloc_fs_context+0x65/0x640 [ 212.557505][T11498] ? _raw_read_unlock+0x2c/0x50 [ 212.557518][T11498] ? get_fs_type+0x47f/0x500 [ 212.572181][T11498] fs_context_for_mount+0x24/0x30 [ 212.572193][T11498] do_mount+0x10a7/0x2510 [ 212.572212][T11498] ? copy_mount_options+0x308/0x3c0 [ 212.572225][T11498] ksys_mount+0xcc/0x100 [ 212.572237][T11498] __x64_sys_mount+0xbf/0xd0 [ 212.572251][T11498] do_syscall_64+0xf7/0x1c0 [ 212.581829][T11498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.581840][T11498] RIP: 0033:0x45c47a [ 212.581849][T11498] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 212.581855][T11498] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 212.581865][T11498] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 212.581871][T11498] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 19:02:19 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000240)=@req3={0x5, 0x1, 0x8, 0xa0000000, 0x4, 0x5, 0xffffffff}, 0x14) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r4, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x5, 0x10, &(0x7f0000002540)=ANY=[@ANYPTR64=&(0x7f0000002640)=ANY=[@ANYRESHEX, @ANYPTR64=&(0x7f00000004c0)=ANY=[@ANYRESHEX=r3], @ANYPTR=&(0x7f0000002600)=ANY=[@ANYRESOCT, @ANYRESOCT], @ANYRESOCT=r4, @ANYRES32]], &(0x7f0000000480)='GPL\x00', 0x4, 0x1000, &(0x7f0000001540)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0xffffff61) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f00000003c0)={0xff, 0x101, 0x7ff, 'queue0\x00'}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r7 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r9 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x140, 0x0) sendto$unix(r9, &(0x7f0000000280)="f878e9785da120f159cdadcaab18e416fad0d9dac3dd0e8d6e093e6f5082c6363123dd0960c6866c0646f253bff0dd399557e7f61021b6c2bbf5cf99b11994f4509cd2144b9f6280eeabc7d9eb698e112c38f4", 0x53, 0x800, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) r10 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r10, 0x40086602, &(0x7f0000000040)) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) fcntl$setstatus(r8, 0x4, 0x100) writev(r8, &(0x7f00000003c0), 0x63) [ 212.581877][T11498] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 212.581883][T11498] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 212.581887][T11498] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 212.697045][ T26] audit: type=1804 audit(1570129339.386:363): pid=11502 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/165/file0" dev="sda1" ino=16529 res=1 [ 212.741776][T11508] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:19 executing program 1 (fault-call:1 fault-nth:62): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x200000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 212.781069][ T26] audit: type=1804 audit(1570129339.466:364): pid=11516 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/172/file0" dev="sda1" ino=17188 res=1 19:02:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff0f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 212.849276][T11519] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 212.882498][ C1] net_ratelimit: 4 callbacks suppressed [ 212.882505][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 212.888152][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 212.899831][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 212.905637][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 212.905719][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 212.912328][T11522] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 212.917184][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:02:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x400300, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 212.937598][ T26] audit: type=1804 audit(1570129339.626:365): pid=11509 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/165/file0" dev="sda1" ino=16529 res=1 [ 212.977170][T11520] FAULT_INJECTION: forcing a failure. [ 212.977170][T11520] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 212.990393][T11520] CPU: 1 PID: 11520 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 19:02:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff7f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 212.998273][T11520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.008327][T11520] Call Trace: [ 213.011622][T11520] dump_stack+0x1d8/0x2f8 [ 213.015953][T11520] should_fail+0x555/0x770 [ 213.015972][T11520] should_fail_alloc_page+0x55/0x60 [ 213.015981][T11520] prepare_alloc_pages+0x283/0x460 [ 213.015995][T11520] __alloc_pages_nodemask+0xb2/0x5d0 [ 213.030689][T11520] kmem_getpages+0x4d/0xa00 [ 213.030705][T11520] cache_grow_begin+0x7e/0x2c0 [ 213.030720][T11520] cache_alloc_refill+0x311/0x3f0 [ 213.030731][T11520] ? check_preemption_disabled+0xb7/0x2a0 [ 213.030752][T11520] __kmalloc+0x318/0x340 [ 213.045253][T11520] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 213.045270][T11520] tomoyo_realpath_from_path+0xdc/0x7c0 [ 213.045292][T11520] tomoyo_mount_permission+0x294/0xa30 [ 213.045309][T11520] ? filename_lookup+0x4b0/0x690 [ 213.045327][T11520] ? kmem_cache_free+0xd8/0xf0 [ 213.045354][T11520] tomoyo_sb_mount+0x35/0x40 [ 213.056045][T11520] security_sb_mount+0x84/0xe0 [ 213.056062][T11520] do_mount+0x10a/0x2510 [ 213.056075][T11520] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 213.056086][T11520] ? copy_mount_options+0x5f/0x3c0 [ 213.056100][T11520] ? copy_mount_options+0x308/0x3c0 [ 213.056112][T11520] ksys_mount+0xcc/0x100 [ 213.071551][T11520] __x64_sys_mount+0xbf/0xd0 [ 213.071567][T11520] do_syscall_64+0xf7/0x1c0 [ 213.071583][T11520] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.071593][T11520] RIP: 0033:0x45c47a [ 213.071602][T11520] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 213.071608][T11520] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 213.071622][T11520] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 213.081997][T11520] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 213.082003][T11520] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 213.082009][T11520] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 213.082015][T11520] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffe, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f0000000180), 0x2) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) sendto$inet6(r6, &(0x7f0000000080)="2f1236cf3486e511c76a933ca6b48d1c60b4b1f653e0bebddaf959eed41004235523554d33257d52de7954928fafdb41618113edd1847d9da801b64f3ec8d76491f4946470de2821df71e3bc9e22d679aacbe32dc438030457c08c7e2441284d93d5c45ee186c0ccc1f206af2c56eb2b5cfca5f6ae7b67", 0x77, 0x0, &(0x7f0000000100)={0xa, 0x4, 0x6, @loopback}, 0x1c) 19:02:20 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10003, 0x0) 19:02:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 1 (fault-call:1 fault-nth:63): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:20 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x4000010, r1, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={0xffffffffffffffff}, 0x111, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000100)=0x1, r5, 0x0, 0x1, 0x4}}, 0x20) r6 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) [ 213.365792][ T26] audit: type=1804 audit(1570129340.056:366): pid=11537 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/166/file0" dev="sda1" ino=16516 res=1 19:02:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3ffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 213.447780][ T26] audit: type=1804 audit(1570129340.096:367): pid=11545 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/166/file0" dev="sda1" ino=16516 res=1 [ 213.479449][T11542] FAULT_INJECTION: forcing a failure. [ 213.479449][T11542] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 213.492661][T11542] CPU: 1 PID: 11542 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 213.500535][T11542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.500541][T11542] Call Trace: [ 213.500559][T11542] dump_stack+0x1d8/0x2f8 [ 213.500575][T11542] should_fail+0x555/0x770 [ 213.522598][T11542] should_fail_alloc_page+0x55/0x60 [ 213.522609][T11542] prepare_alloc_pages+0x283/0x460 [ 213.522622][T11542] __alloc_pages_nodemask+0xb2/0x5d0 [ 213.522642][T11542] kmem_getpages+0x4d/0xa00 [ 213.522654][T11542] cache_grow_begin+0x7e/0x2c0 [ 213.522668][T11542] cache_alloc_refill+0x311/0x3f0 [ 213.522680][T11542] ? check_preemption_disabled+0xb7/0x2a0 [ 213.522696][T11542] __kmalloc+0x318/0x340 [ 213.522706][T11542] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 213.522719][T11542] tomoyo_realpath_from_path+0xdc/0x7c0 [ 213.522740][T11542] tomoyo_mount_permission+0x923/0xa30 [ 213.522762][T11542] ? kmem_cache_free+0xd8/0xf0 [ 213.533058][T11542] tomoyo_sb_mount+0x35/0x40 [ 213.533073][T11542] security_sb_mount+0x84/0xe0 [ 213.533089][T11542] do_mount+0x10a/0x2510 19:02:20 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) socket$packet(0x11, 0x3, 0x300) r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x4051011, r2, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) [ 213.533101][T11542] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 213.533114][T11542] ? copy_mount_options+0x5f/0x3c0 [ 213.547616][T11542] ? copy_mount_options+0x308/0x3c0 [ 213.547631][T11542] ksys_mount+0xcc/0x100 [ 213.547643][T11542] __x64_sys_mount+0xbf/0xd0 [ 213.547658][T11542] do_syscall_64+0xf7/0x1c0 [ 213.558361][T11542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.558371][T11542] RIP: 0033:0x45c47a [ 213.558380][T11542] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 213.558386][T11542] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 213.568480][T11542] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 213.568487][T11542] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 213.568492][T11542] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 213.568499][T11542] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 213.568504][T11542] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 213.574198][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 213.574246][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:20 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f00000000c0)={0x0, 0x2}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x5, 0xfffc, 0x1, 0x8d, 0xffff, 0x3, 0x8, 0xeb, r2}, 0x20) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:20 executing program 1 (fault-call:1 fault-nth:64): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x40000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) timer_create(0x2, &(0x7f00000000c0)={0x0, 0x30, 0x0, @thr={&(0x7f0000000280)="6fcf7ed267a92a0be4394e1b0459f9357440d280bd48078d16eea3be4da61eedd0a4ada036ebf5438f97215c78b591241dc635d2e9186a087f0f2cac16266d9fb486b10c630dd44cf250834de5a33d0449e3068beac4d96bda7e10e385ce978162223a297cc7d8616b802242bec9c0e4bc9bfe94e0fe8e7acc78b5e0e8474832e0c4c5414acf792c85d6774ea76143f1a88f75bd827ad8deaed167a52ac36864812a1668cf8643785993ca2eb6e79bc55584", &(0x7f0000000540)="6c80cade7eb2fc5a915d994e03fa8ccc7ea8927c493f643dab4d63579a576d7b65635386d23693221a39668e59cf33e73292c5ce5dc0f399daa376dc2c8fcea5f2961ebec6a7884e5be64c8f0d581e6bfb6d464604876ed67c46ebd2eb70b6a8b77b408f911a0cfca405789394f68a1b2e26740f6dfa945771a96271f015afb6e438695189d3419caa2a2ce3ca059c4551d86d68a4f5ad3203a63c9e41b583790753272f8a8adedcefd4ed92e5a9241ba16f8215de1c4bea45293cd430ee4d77cfe009c4966c65bcea2ff52383f4cec41b6b8d59ce493a4497cb01c97f3a6a5a1619ec58bfce6d2ab0eb445d1d2395701e9e61509ee783cc4b9523bbe4f6ae3fcfa686d3b5c976c2b173b1e05e8b44d0bb64fd531665661f51cfa9fb8659f0fa1938afae00f2faa7c1f6035946b1f4abc6394f56a4fc0a588462b3b2a523a3353ad83b83b36d6f2ad4df6331ba4547dafdcbaef2a7ca55f96583d5123edc6c55ae3a3b44fe6fdb8bb20acd558eff0a9f4ca53da9bc481631ed452ae2c097385edf005ed7f58971b8c77ae3779a6195bb37fbadc6b3debd0f33143348738864f6762f71e7bc1f460302b5160b1c141c2da41337607ea68e37d525482e6565666d222f8671b89d69f20932f9e182d124396c136fa0e6f2e51b4d0e4dbb5956dee62e23eb9d857b6061b13680877b8c9e772e630b3cdc0db41067b4342764a80e5a4a8a79df61816d5264cdf845f60d727617301206f5f8883f82952f4ddef26b425f36317509f64ead6883b06dc0c7a3bf7345bd86254e995beab29e92ce03336e83a5e820bd4927cec1e8e3ddc80ef22a79b332cf4de12456c59934e77f919bb35bc7a92da5a325e656fed2d80ccaa9ebfe41b6858463ad86d9156168acfb7b70029f2b10df506b306a54d484b2f47e6bf0a5cfbc97e9224b5b3d5710076906885155b9746e3b2c18f580a341a092f46063bc75756f2af6c34aee88027bd3bcd4a8e4a2c97b8aa2323d4eb9dd24ef809494963ff36b4df4da9c6ba4e9f631880971d664f874288e8f457af217c0f59c2fbf9b8c8f9233ad6308edd4c13cfe06a5cb559295c6bae9a4e5554619d189c4b0cacda057fcad6cb27ba1a228344484425620f5a8725bb4726f77b9b241acb787adec8f00bf433ae579694d30a82a22bad95f9e7d54927849462f10bcb56474520de5f6860841167363e4a3c8d3774dc1d10086e798c4a3d6c977799372c3615718591bbf930bc276b6fff95832fdc4c223adefb6787e0a6f7cdc6fa819a0a641aa51f5cf0ce9a9f0931d0679a7562ab8432c2882290614f72abe6e11564e440453ff48603ec434919ccb92e11e0de7a39a9f0174e54ab5a8cd1743160186720979e68d5e1292bb9078683179745d4e6095f26d357cdd06bc557fe23e4b8bedbf051f9c17d63137c2a379c266a025eb125e308348aed936b0191ef9f1d6592caab802b6103c55f2bfc92d83ab7f37f7e6df503e59f466a075e5758225fa597df155c6c1db9b57760281bc3312081f93e6ab9889147b1fa4ec1cf9f1c8bc46a2501de49c7a8a09a3e0fe7a577565c4bfbedd86c5570875937b405b2a9ad546ed65f1e3067ce02003266cf8c45886de05c08d4acf25b6e1b92bfa666cb920d5bc3708e133140512d9f5211b6e3dac4d0f2ae69372b21934b76ad876fbce889a80a36c75fb76644e5dda905fa6eda2f1029fccfd2ded0464ab8a906ea39eabc7f9e6e4512485d892d18ebe2f7ff0117df675a8a5f66dae7dc326e44cece36ef2c83f0564ae051f9f2962f9ac90e9a752133f15bf940b52034a2d4247bb63f994854fcfd3a6f272a49c819ea12175c4932ed58f5acb329bdf88300e820aa89bffcc8b7d1f43aaa6e9413ce1895f78578263efc7b9be350429e7bb7c73d4f308a44e538137281b472883acdaf1bb2ec7c2eb6da6af7a633574ae8835449428fe29748a8b7ddec10475280e1ce3845fde5a894486e78c79d79492729e25ab06053d66b3ad1c4a8e68f1c63295479715e442909597a65e88a77d5c1f2532d824a2219f1d0fdd1a7af330a71b4e7c3ecf45d55b51a3f25d933a082426520af219b104481bf9e8bdc0f9c7da618a89c6d59b708a1c93d3079c04e3014e6a2dd79991b8bea1c79e740357576e5644ebc6943998ab0c6b2ee7d80c3396542167bde638eb56673f5d20d2d08795e6f8d429d971e1381feed1488c3d284d6a98e2b722fb379ca8bb1cb9ddc4566f01983ffc7f05e960617deb54c087ada596bcc4c8aa044442680f64d195663cec8b353fda7419f4b7ad83057fd6f57ed89dcbd3e29187f36da4705cc0b6b8273378b6b9ef1360f50f54dbcad6d227a4eb0e849f097eb85b4bdf0a47c327d14d96142fd138b4269923114c3630c6ae0ddde22c860f545b8693ad7a3321e9924a5d5a9a7ca73de862e07da3d43423f086ace87778161416333b4d34aa6f3db33e2e901f166278f8b6c5d666c80d73a1b2f2d5c8f743e7ab58a793fec7e80caeddd82369d96b84e6a0e2a53439518e380ec146cc3fb94e2eba3b178266a44b27690d27b3c75560d83b8b22646c4b24377b1225549c73d5a16ac71c711356201e0eb70b9918d2c9a0f2ac454db28a675b877d544d85236b71ce2865c52cf07460b00f9e424cad70fd18845727a36f2499b1692ed2f0a2d3099f4387812af7f27b91ff763fec49a724b5c9fcff3b8f5b95415842fbc0618b132c808c741f747dbc68e1cc98e31860011c4a1399c97cc751b809138703c5415975eca549745278ee31bab7d3e8b4d61747f4395df496565d40d3939e2fa4a6665dec6cfb829639981995c9ccfbd7f56f9f77c134c12446d246b1ccb6ca1d68b65e6972f2b156766567e5871c600c282a3bee3e3a5c4f8f8a0afdfe5641fd0ea586bef2824eb445bedf2a10c30b0fff248a0bdf0adff9df534b8f5f31a5e006642156840b212c44eb11dc9caf1b710e452b875aef78af5b03205d213871b163815f9373e3c2b6e1bfc9ddc13f14195d031dda9393ad05fca7f70430060033e65b537fc3b547763fab2e976203fcca13b441bf3258c9b6351ac9fc9859f70f45dec15e8519b81953b20542f082f8406774738dfe77c9dffc2a62ff9d91608e1ca543845a776a5fe3033d433e526178de3511226faac94b47f7c7ce868bb67a3cca84eb64961eab4f7d91b8894c8e43049b76b1c836d155bede84271a68d57a9051bb7f8209f7e8f693695ae09def7f4301d970b5a923770483434a120d2cb467aebde968725b45e2dae864987afd7fe570860362c7b771a5cc6bc8a189da20253360d7408a791dad1d82dcae76941ed8bd2af7bc4d1895cdf7dde7a594f3031c66ecbf8522d7855e38dc43c7fba4f698046404c7ac3450eef08110aa01f96248173f345cfa38f92c65b51eb8f75c600c21e776e32f006badbbbe54ecfe76d16b7e7b5e3045afe9d544d1d496b12bc0af378a06ab37a32074da2f599076a563b1359dd9532b683d40ad390041ea3ed18b35299babfde78ef8946d6c162ff534827e7998a39aa2bbc7d9f73e0d72d45d9ef29380eaa025794191d5d3b34aae1957301c0325e7ab4f1127bf51bffd81357cac9bce184b85bf39af9c7ce2e46330d9b9ed7eb92afb9c66363efa1dfac202cbafa3f7465d09b1a322ad7b03c71fa4e6425df2fee45df10abe6134949d61cf8fc5ab220c01afc0eff4ce4e927994fcd437279cea6da38efa35dc650305a01b2d58552bf9e17267106936da9908f8b29b1ec2578716607a0fce1a91d4b511f986d2221e3f3bf4174d78f515505ed863c52e786c81055c4456bf985a03087084169705d64da9f50aedf5a1f30d07638f420ecbfde96eee84df3eb8f199a4900366ce0f316d003165e537b16a07421d252cdfb4ec50f3732739262cd06f12f909e8c43dabf06d50d7d690d590970482193b5f50199aa3b9792c47d3c656ab8a158ecbbe1b7beec7a87a73265ce2208c9ddac031f54582aa69c377f3dbcf445d4265eadc5d29837543932d05c486d474fecd509a078d6409592f34db37c8910b23405df42529d0391bcf8ee67c9c6918f1204a442d2b04eaa553594fafec82f9d8fdada7dd450de5a8123d7fee722fb908caeb41bd9e55275441f8cdce549788de222121241e3f8706467a96bb1aaed5372ce6a963a9b959a134cf55a48ce47cb120ef2535b99a9a293c34a63deef70b8deb03568af8252e5342c93968eeb1fdfb93a61393aa1ebedd74604f62f39206d81aa5036c2ba5fa5ecb9a55696263a22a461455981c515e20e2f87b19cee6e3648764226df19f57261ba8656c41c2c53251c666fc513dc32e535ca0633dfb0e3c4b2ba41147e32b0755b374684621f118d3035cdcf32d11a3fe31e3090bc479e0c0de827ff7cb3f3c1c8b6b13375b3113f161d185a7b2de4aea05088e8176ab62545d601a0cd41f4b428ee0a67a1e9e949ebc185c79b1c32355f0d632944fb2d291eb2c610741a94bdf50389de9353285b76de2881ba807ca76ef73d195733c6e21801420097c3092c4a8ae2b597b7e64fcd708b56459794996031ee81e20e150e8488c0fa35d28945f1999a9438f1239e5412e506c6a8c3fbc78a4d371e763991a56fe9ba90b98ceac8ff12318048b8daa3dc443a81fbc47d7c0b0a5c83ac76858bf80d79d7895b5df7a527f213f6bf9fc8c3a7016e6a9441bbd9c7373a45207401dc4506a3fc2a26d0c4d3907cdfe750b5a5c12127849113e061e7baa64461ef787f0accf66544bca2b01531c04cd62a4fd8972ed48a316cdf21b0318b9756d72427a6b28612b0a91bdcc5e3a0c8c392d1378dc08d37c99be69ebc2c606bb7955cfb25edf241a869a48cca576f19117bc6d4856e47d843d78e414be715d3400d552756fec240137fe51263b63a1977ccb15a53df04297ff21aa244b94716d9eaf410534b94efecda2e6b30b6a17f8dffe9025d11d88053ad1df080cd9fd98dd2427fecda594bfce378a46f96bf9c586bb3c7b1cda3111df49424a0cd2ee3bb87454a06dfc01c1f1172c643d8a44ebe7587ef4397137a2d2ea85b841762ccc56fd52173296453aec0e54258b2471a0e5ae54b06e6e291d3703bc6e40cc0ea5191a0ec787b70cd614ab947080df4d8e8d334d200dfd2e8636434544d039006954c6c76b7b11446ebfbe325f5cc6ddebc733d93ecba9ec907f66322109594948d764d224c0bf34dbd24d33d132e3b81e8e7db1aca58bf0c719b77e52d769f0d151f63eed3f2223b9a1c8e4f74c1aa3702562a6d71d22cb6eeb3c06e0a8b20e03ecd92c2fb212108dda8e01509e6933060b5bc79e7ee57d7254bd7818475a1ce98aca2bf12d13c6d4e58a0a7cf1420c824f4b06af1a75ad5e36bdab5cdc6da768e606cf5c84980bc3d687f86ea387505238907d0a05c6764a58f53514825e6b95d430e48e98969acc02eb842ffbd18865b2972ba3839d2385f765b2289673880bba3cacef5a7a07f7c9c6f5e08745579b5056de516fa77453add45c3938baa6b5e64cb325bd8593e466b095c4650fa4fa65e100388261bb898a7c5ba5d20118e52ce4f729a80b6b8ffd8cb46c29d758be5332c1e43638094519d96baf7b962ad716166d5e7c0ce03b9144b9d16edc3652764f80b1da87c5398794e3e70f058f10e367dc12007f4ed500a909651bb43f4731ff520838868faa4c437ac317a425ac5bdb0e267ea200040d9c891e8f39ec34a6f71282d6aa97034cc99fc9ee4e760d58a1c0759c3e76e45d87e4e7bf7e052334fcac0d4dc7"}}, &(0x7f0000000100)=0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timer_settime(r5, 0x1, &(0x7f00000001c0)={{0x0, 0x1c9c380}, {r6, r7+30000000}}, &(0x7f0000000340)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r8 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r9 = fanotify_init(0x0, 0x0) fanotify_mark(r9, 0x75, 0x40000002, r8, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000080)='bbr\x00', 0x4) [ 213.899798][T11565] FAULT_INJECTION: forcing a failure. [ 213.899798][T11565] name failslab, interval 1, probability 0, space 0, times 0 [ 213.922458][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 213.928248][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 213.972431][T11565] CPU: 0 PID: 11565 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 213.980443][T11565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.990495][T11565] Call Trace: [ 213.993793][T11565] dump_stack+0x1d8/0x2f8 [ 213.998125][T11565] should_fail+0x555/0x770 [ 214.002546][T11565] __should_failslab+0x11a/0x160 [ 214.007477][T11565] ? tomoyo_encode2+0x273/0x5a0 [ 214.007491][T11565] should_failslab+0x9/0x20 [ 214.007503][T11565] __kmalloc+0x7a/0x340 [ 214.007518][T11565] tomoyo_encode2+0x273/0x5a0 [ 214.007533][T11565] tomoyo_realpath_from_path+0x769/0x7c0 [ 214.007555][T11565] tomoyo_mount_permission+0x294/0xa30 [ 214.016878][T11565] ? filename_lookup+0x4b0/0x690 [ 214.016899][T11565] ? kmem_cache_free+0xd8/0xf0 [ 214.016931][T11565] tomoyo_sb_mount+0x35/0x40 [ 214.016944][T11565] security_sb_mount+0x84/0xe0 [ 214.016958][T11565] do_mount+0x10a/0x2510 [ 214.059985][T11565] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 214.065529][T11565] ? copy_mount_options+0x5f/0x3c0 [ 214.070641][T11565] ? copy_mount_options+0x308/0x3c0 [ 214.075835][T11565] ksys_mount+0xcc/0x100 [ 214.080072][T11565] __x64_sys_mount+0xbf/0xd0 [ 214.084656][T11565] do_syscall_64+0xf7/0x1c0 [ 214.089157][T11565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.095037][T11565] RIP: 0033:0x45c47a [ 214.098924][T11565] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 214.118525][T11565] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 214.126933][T11565] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 214.134895][T11565] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 214.142853][T11565] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 214.150817][T11565] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 214.158783][T11565] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 214.166956][T11565] ERROR: Out of memory at tomoyo_realpath_from_path. 19:02:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x59424, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.controllers\x00', 0x0, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x20}) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x4080, 0x0) ioctl$PPPIOCGNPMODE(r8, 0xc008744c, &(0x7f00000001c0)={0x38f6c64fd46814dd, 0x3}) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000300)=0xfff) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) r9 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r9, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000e6cbd562ce550b3504eb440000000038000000000000000000000000000000000000000000000075ddff00"/131], 0x78) ioctl$sock_inet_SIOCSIFADDR(r9, 0x8916, &(0x7f0000000240)={'team_slave_0\x00', {0x2, 0x4e20, @broadcast}}) writev(r6, &(0x7f00000003c0), 0x63) 19:02:20 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x410440, 0x0) writev(r4, &(0x7f00000003c0), 0x63) 19:02:20 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10003, 0x0) 19:02:20 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:20 executing program 1 (fault-call:1 fault-nth:65): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 214.325235][T11590] FAULT_INJECTION: forcing a failure. [ 214.325235][T11590] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 214.338448][T11590] CPU: 1 PID: 11590 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 214.338455][T11590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 214.338460][T11590] Call Trace: [ 214.338476][T11590] dump_stack+0x1d8/0x2f8 [ 214.338490][T11590] should_fail+0x555/0x770 [ 214.368389][T11590] should_fail_alloc_page+0x55/0x60 [ 214.368399][T11590] prepare_alloc_pages+0x283/0x460 [ 214.368414][T11590] __alloc_pages_nodemask+0xb2/0x5d0 [ 214.368436][T11590] kmem_getpages+0x4d/0xa00 [ 214.388457][T11590] cache_grow_begin+0x7e/0x2c0 [ 214.393220][T11590] cache_alloc_refill+0x311/0x3f0 [ 214.398239][T11590] ? check_preemption_disabled+0xb7/0x2a0 [ 214.404101][T11590] kmem_cache_alloc+0x2b9/0x2e0 [ 214.408953][T11590] ? getname_kernel+0x59/0x2f0 [ 214.413721][T11590] getname_kernel+0x59/0x2f0 [ 214.418309][T11590] kern_path+0x1f/0x40 [ 214.422374][T11590] tomoyo_mount_permission+0x7f1/0xa30 [ 214.427847][T11590] ? kmem_cache_free+0xd8/0xf0 [ 214.432746][T11590] tomoyo_sb_mount+0x35/0x40 [ 214.437339][T11590] security_sb_mount+0x84/0xe0 [ 214.442102][T11590] do_mount+0x10a/0x2510 [ 214.446338][T11590] ? copy_mount_options+0x278/0x3c0 [ 214.451530][T11590] ? copy_mount_options+0x25e/0x3c0 [ 214.456725][T11590] ? copy_mount_options+0x26b/0x3c0 [ 214.461934][T11590] ? copy_mount_options+0x308/0x3c0 [ 214.467134][T11590] ksys_mount+0xcc/0x100 [ 214.471376][T11590] __x64_sys_mount+0xbf/0xd0 [ 214.475963][T11590] do_syscall_64+0xf7/0x1c0 [ 214.480464][T11590] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 214.486348][T11590] RIP: 0033:0x45c47a [ 214.490234][T11590] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 214.509833][T11590] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 214.518239][T11590] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a 19:02:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x200000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$sock_TIOCINQ(r1, 0x541b, &(0x7f00000000c0)) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:21 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$inet_sctp_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f0000000080)={0x2}, 0x1) r4 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) [ 214.526204][T11590] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 214.534166][T11590] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 214.542126][T11590] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 214.550090][T11590] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 0: r0 = syz_open_dev$adsp(&(0x7f00000001c0)='/dev/adsp#\x00', 0x2, 0x82200) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000a00000/0x600000)=nil, 0x600000}, 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x22118100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, 0x0, 0x1, 0x70bd26, 0x25dfdbfe, {}, [@NBD_ATTR_TIMEOUT={0xc, 0x4, 0x8}, @NBD_ATTR_TIMEOUT={0x135, 0x4, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0xe08bcb329cdad957) r3 = socket$packet(0x11, 0x3, 0x300) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x40, 0x0) write$capi20(r4, &(0x7f0000000100)={0x10, 0x40, 0x82, 0x9868799bbc02f1d8, 0xfffc, 0x2}, 0x10) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r3, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f00000003c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xffffffffffffffff}) creat(&(0x7f0000000140)='./file0\x00', 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000180)) accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) r9 = syz_open_dev$admmidi(&(0x7f0000000340)='/dev/admmidi#\x00', 0xfff, 0x40000) ioctl$EVIOCGEFFECTS(r9, 0x80044584, &(0x7f0000000380)=""/29) fcntl$setstatus(r8, 0x4, 0x6100) writev(r8, &(0x7f00000003c0), 0x63) 19:02:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 19:02:21 executing program 1 (fault-call:1 fault-nth:66): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x101, 0x1000) ioctl$SIOCAX25OPTRT(r5, 0x89e7, &(0x7f0000000100)={@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x2, 0x20}) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:21 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r6 = accept4$llc(r5, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000100)=0x10, 0x180000) getsockopt$llc_int(r6, 0x10c, 0x7, &(0x7f0000000180), &(0x7f00000001c0)=0x4) r7 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r8 = fanotify_init(0x0, 0x0) fanotify_mark(r8, 0x75, 0x40000002, r7, 0x0) r9 = openat$null(0xffffffffffffff9c, &(0x7f0000000200)='/dev/null\x00', 0x80000, 0x0) fcntl$getflags(r9, 0x3) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r7, 0x111, 0x1, 0xfffff001, 0x4) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r10, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) ioctl(r10, 0x9, &(0x7f0000000540)="42f1944008ab1b4c2f61475595836a5684ec7dca39fe56a18386f28d22820e62303d008aba956697bd41525e81c0c3318b69569c03ffc0bfa4987bb1154f741977343e3d3a1eba475d070fec11c99923e1ea99f533601454732173d2b24f41d6360c32a0fba9862d2e72443a00f0f06ba33cd050743921b8d1db8917ee686c1ac5ae56abe1b517e3a0b2f630410faf37cae7d6d1050c9b07ddcbb7c567e0deecfaa5b015a8b2e7dd8e93bf88f3a3798255d2c69e61bf0d670a64e54dbd426b38fe1b558228d6145fa19f4a0f89b955aea29ef157225064e95bea4af637388fa71ca14d9878e256dc2b14c71908491ce228ae3807edb57249f5de2c2cf704803ec9ca2f68a60020278ddea0db7397ccaa3a6a8c63dce9722aa23008b4c45a14909590a86ff2cb578dbd27d8783a8aae841bc487573fc5603abf6a606b2db1d86cb8b82192cf32f3cb2cb4725bbcf0fc2739a22b93b6d943cbd350d05a2cc7774fb2e86bb83ab2a253af7b7a15d9559381c6294d23f8e4c1729ec64dd734a29d845832840c4c24c941fc92a3dfa7434adc6ed1bdaa4f513df0442a3d2df6a5cee662858a2554ce7a33ce1b19791a6e62aec402fd611e7ea159cdf4f51ccf3d1e5fde46e9698bd4c4ff1b4759a12422ad1deb9769459da481be536c14274b6aedb25679811548c2c18f2e9b91b7c7c3790cdf42e263a7d27c58bfd6b0e70e93e2a0ab8cfeed1732eeac3a9bc86aacea5db692a6f0a7540f7e709a3416ce84fbe1afc238f89e4582c2f9ed85497ed03e8599b5123b3b6c43f359ff4360c5f7fd4c18f0f8d1078458886084489e066ce42528bb29f088124a389bc8a31730ef5b6b3e18cee3333ed226732d1ba666de961dfb3b2fb3a4b6905426d9a2099c97e8b8c4bfc6b407b85e7b7eb3f125ce98f7d429eeaecf870b0ce36dda7844b82e1b5cc110ad0ff8c80a999af753164ef68fc8b0d1fc7bbe856922ee5441edcbc85b4599bbf6a2f90aa5abcfcb112ff60cc0a8c19cae965da3ac8d96dba55f480a913c73cb41424afbb58722704a9c5636fba1b7992c4b8722e4c99f5ae561f997a6af73b28f588a158eaf0aeb7f5ea38a87163772712a60ad259af8101fe985ac18225cd2e828187d686f2010e543a088d9aa844eb48f1aefa96b1ee4377c80b660e6a23b02aab41dc2201e6dc75d680e14e074c62900bfbdf7a17d3fb175950aed23eef3eb9297883271c67a687f8bc8bc06a6a8a531c01cb1fcc8a335cf6bc1f327b38ce39ea5700e1e124db21a4326466dd388461ef4cd19983ae9145c528070648de110419ebaffd710224cd300a92b4296643c40c5d10cd56cebc8ae42166ddf7a993cb4b57127bcd26acf57c7215cdd0bc2081a9bddcc174a9619e96399aa4500f420bae2826cee8a297e84068b546dab4589ec929c38a5cc4cad7893fb05e2033d2451a0559d1798bb745f7b68f9557375b0f07709b6e77dffe19b2ee0a9e7f47e5cdbb6347224b64069c10da75a360df43b2dc6bdfe26c28c240c8f0a758c01fecfcad8dcb1399aba76ef44432f6cc5e41d6652869a1adff51eae6bfcf1b48b00c41617f2aca3db19071b217f68a3b595e392e6a607a30cfa90370387a96bc9dea1447642deabea4eecb3a0a9468cdcc5c81f0ae964671d56ad781240725e5ecc5a4ea24c567a1d83871ac836a59920b6d29853e9f39aa0b43a7cc35b146a5b64486f7f98f77f0388912e8dd933691aa94ce16b46c54d9674736befb0da209cd27710d2f9584bcb3bbbe7825b6dd333afc4a7c5ef66d9c8026d36b322e8167e585481b59c35d39d2063fb6e23c4b5b300b8e2d709788b6cdaa84027d7ae92106a18a9fa1cb486b38f2ed7a8ef896b83a314ba7e62c108ff5b9fb2cb9fe4cd014f3786297b4521960c297b428aac2d262d4a57ecbca650937f1b6f86eaf3a31f543ca87be036a4055e54c239f2132927fc2b24c33d8da4b3fb028cc83aa2c5759dbefb104f1527b3f13e31c0dd312db97d6dbb3320aefd8f21ca6d6a008fe9c7df707c3dcd0983d5e4b316862620e72487cc190b9aedd4b9cff81c25b65a948c0b496921855ab9150833c5448062bb130195088b3194c0233858fcef8000e6f6fe48f2517964d79b498eb792351dada9e3f06bdeec929334df970e67f3c0fab544f06362c4c776fc14d66edfde657f7aba991a53c172a2be65cea611dc023e4eefb46e53ffc64af53b31706183b4b9551984b387c734ff1dcc79927052348960a35df73ceb504b327de0a63e1f0c8f128a3bc9226220116e4384bc76486cb06a4a7feaad89d43e0b07de97d880406719d044b4b132c8b3a4e6fa83a3e2da07a783d7e159356143e41dbc10342270afb9b1cb84b90f75d8b4d8fdce3c3669332c89484598e45948b705100eb09a6d54cde445c202d7e7e978f4931e1378daace8e99ee40bb73dc9edc0ea199c8d590f296f9e2f10292967b4a540374deeeb2b99b4450c4b6adc7f0e0fecf8a6360dddacbe1e53dbb5e1812d48c1a0f805947b7a033193b73466b016bbfa60450d8de0b187dc444c555f672a36919acaf448c1e3c22918b24b41762b50945c7f45461de89bd11fb4194c5cbe69a721203ca4518ccc2a57addf12ff3ad8b3fbeedd266839244b23e7a3c5184e9fb493c827368ae7660cf0665835be31d13ff3df3afd20b0232d56f426154018b447066e861351d232793fd065b97b42d3bea2722c4e5daabc3d56441a3e609f84d087af18f071fef037f400fe300ce4de534058e8638f6076e135013e35edc8d27597f9a43e8da90a8dc1a3397ced48ccb6cc1126a202a8130e6221985cf1c4f04db2543e52cface86bae7f2650dc58f3d700147f1ca5a90670792df9686ca0d97c57f9351fd4bc1c3a5b20e538b666e05f48c619ecb903461c3c2da508207f0ed81f169fa119ecfaf1fec9a70f74705efcd61a2cb05bc279cbb549470b64ae834c83dc802c3c1b318d229918f0e8a54d2039573ee94d347c380944407246dfd2e61befaed8dbac2988ade8ae19c12d250e94712ea6b14480805fb2d9fbf423007751d0e2794c0f64918155ba700a7c4a25a98a233f686b57e500060564d647bb662ef5a7b6af0008b47a41946670de7f2a0ea7bca702fc3aba5a5621109e50699bca88c598cdd9e0618ebfd57c41f4a66a4d18390c575deebe3ef46bec21d3425059afeb2d49857ff5679882dc410f800081d4c4ee0c80786d24bef5fe05b556c113367db2482ff14c085d87421f72b1e72df2668aedb902de3d3308ceb1aaf9ff72c0a1c5d4a3a22b28f46a6ef5e16a2875ad70aecb898a2a0127f30ec41ab19549c4065749100885162026c61a749b7bf2bae95dd8fa398469d87a9a1e3066ed183eebb96350650fef3dabf18901d9322b287c8f8963896dd403471644f7bfbfd889baf089746e9933aaf34f2644b75cf79616ff62e7e184459aa2172f74246c45e52e75cc3595ae93e019049faffbb7540c1c0fefd44c2c9b1d06adb4109213f335de478f69092b20b38cdf41708f5c7b0586e648f1073655b4d41695f63cadd9d32b8bde89d72e8fa4ade62ff491e5c286fd48d806c3d53982d6e37cc5df08b09ac436edfdb76c6d23ee01e3e309971afb9a0c12be10264d4792740af2e749e1d230f434f746c38176b0f5177e61c6109862a36de8b1044dc1505c33e52e1c7cb4003f5bb3f539a92878d067b7f1b2aac8e1ac00508081b310889367f3f1f27428dabe1af43595a54f113100ff90afb3312aa5bdaa6da23d9546cb7198d9f949cbca967b835487377c12bc86a3f495da053915b3033f24e37ab657fda9913b3877c2531b9375031e5e8b8abd7d945dc383cf7ca9486d9ef3d4535fe4719517a603e4f8bc195cf9144a37c8dbd91e278421dc8f8c0fea68ddfaae800241e8e02c5d7fd3f5ad82888c1025df93e01be537fc1394f6356fd7359408832eeb5ac0db693cac49e1bb3e17cde847c1fcefeeb06d41c73328b712c38e338d524c7ed31fe09468e6f2209ee523c3d468b15c34611bde875122b685b7ed63d1c959ceba75fcc6ac29eddd189dcf9d926bb4e6b0f141a20cbfd3201af79e277d85bd7804e8277a29dbf29c88df3a52a70519db1ee4dbb3c7781cd373c9ad1ec2dbfafe026f55f7ff4860d59597a7033cacdbc14fa6b979951f06ad56af2a8bd7d637383d5ae05c8225bb8956440940d0cc992584f622d59b4e5518dfdc98f8aabb246aad9caf3d33cc0f585ddc9ec5dc61bda4c13f23926e5b458631fd5c607cbf9a99f7b03f126503fba91d13d149d5c5ba9ee077435ce1bbd732c7232f275553b74c60cb6672dfc98ce403b84e99a83229a2afcdf7792b80950d565c1d7b9d57540fe3248eb4d0313c53d8c54f6d75fee2a9f9d9a6c6dd59ed297553ba3a59caa55e36088da6bc112850452965d493c55a3f904072459eb3edc3169a73b31a574bbc974ab677900977408e3de6a00a618f54920083348de8ec18eacf72ae5c9aec63bdf114cfe7bfbfdf54ea79a335403dc00f9bd2f964e7f9652356e8043721dbf73d03a6f9d5481540577e27fbf28ec8e9e3053c8d5dd3a63d3c66cd9da8c4bd8b99add0e1ef8f84eabe2fedc9f9a94cd31edfc754fbdd39b295f3226a36743bb6ee8c09b90df2afcdbead1019e720b33073fce955c569421f8c97c928477f56f5d7583a96787530da5025aebae4d2e8150fe49ae21b28372bd7d70bad7d1ac84049b2b2f03544dd8f22a094e55676767b9405001d41e01ba531d274d070b7e6c2d6575879bc8adb75b6857899cd39e58a96331c219df1810085da32e9027e201b1afa7d1f8e7f6e2cdae482bb7516473a6d048c7eabb8c18a031c7174f357df63747394eb1a7f088bfe0d9346170df621c5d8cf9c200a754497424e4a6c8f0ef7350c627f2352c51202f2f47a70eb088ce97fa6b3b8a8692f38f6a6a480af07cdd20a8065694f6f2e1c76b874a2c19fdb707560985a0b62f7b36b4dafa5f3a74f4273d6c69c5bb3cf493df75e1711368a5da7069ed913a0067ce939e7f01e58f18b54586c7b81f2986396d89af4e0a4daebf92dd5e5cd8d10b7e91e5876083c96b2be22cdaf2b819508769ce80e3bbf8a806c44204b7bcb0e8c7e0111a5f1106d2cd31766203c8939b8021b49952a55c63a19b43a3493bda399e6acceec85854656fda5fbeb2ad684b8d373da1b2c21cfe81274a8a0248dc488f8602012c9252a5efbb95dafe70b994f538ae672d500d93c1a39714407a97edeb848ed10bc6c2c2a527f8cae495abb6efc16e110c7ce9f38a85100321016dbac76a60ed2bca89fd7a0f736bc30e9f76d1e97b0060f049acd553e0d4e55685afe8e25140f8e245dcd8545485719ebb7e22d0f83efe2b4b7ea156d3bae96c0d62631412e80f209748d03a0dbe7ee53f785a3e42b75b8083cf6c7e1b63f21be2efe3033805eb16b3e87bbdb1c6569b84b3fa4b21702c2db5b7579131eabe9dd16882ae0d25d49f2ad178a265112fb4889bc9d98e831592183691528dccf635b16d1822b63c8eb1f2c1e74b02caf656e0ec947a091a0d59a952bf0e0c0242255ad5bc381f0f4e46d6a819a02aaed7db3af651ddeb6978845b92f5f19fa3dca8d3d6bc323fa9d5898d7309594f5fc1f7d5f0357521527f647026046731c7e3049e095a0e5195f31e2e99ab6c8e080a03df1c02f311b2519f615a4631ea2ee7dbbed14de938a08e572780d6240598d57e1666892d43d2206b0e9359c226552cd5e82f930787b12fedae9c34c94908e73a8") writev(r4, &(0x7f00000003c0), 0x63) 19:02:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:21 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 215.115979][T11623] FAULT_INJECTION: forcing a failure. [ 215.115979][T11623] name failslab, interval 1, probability 0, space 0, times 0 [ 215.157527][T11623] CPU: 0 PID: 11623 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 215.165444][T11623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.165449][T11623] Call Trace: [ 215.165466][T11623] dump_stack+0x1d8/0x2f8 [ 215.165480][T11623] should_fail+0x555/0x770 [ 215.165496][T11623] __should_failslab+0x11a/0x160 [ 215.192428][T11623] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 215.192442][T11623] should_failslab+0x9/0x20 [ 215.192454][T11623] __kmalloc+0x7a/0x340 [ 215.192463][T11623] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 215.192474][T11623] tomoyo_realpath_from_path+0xdc/0x7c0 [ 215.192494][T11623] tomoyo_mount_permission+0x923/0xa30 [ 215.192517][T11623] ? kmem_cache_free+0xd8/0xf0 [ 215.192544][T11623] tomoyo_sb_mount+0x35/0x40 [ 215.192557][T11623] security_sb_mount+0x84/0xe0 [ 215.206878][T11623] do_mount+0x10a/0x2510 [ 215.219053][T11623] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 215.219063][T11623] ? copy_mount_options+0x5f/0x3c0 [ 215.219078][T11623] ? copy_mount_options+0x308/0x3c0 [ 215.219091][T11623] ksys_mount+0xcc/0x100 [ 215.219106][T11623] __x64_sys_mount+0xbf/0xd0 [ 215.267395][T11623] do_syscall_64+0xf7/0x1c0 [ 215.271887][T11623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.277757][T11623] RIP: 0033:0x45c47a [ 215.281632][T11623] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 19:02:22 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000000c0)=0x0) waitid(0x1b636bbd7295c760, r1, &(0x7f0000000180), 0x40000000, &(0x7f0000000240)) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r3, r4) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c00"/32], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) write(r5, &(0x7f0000000100)="f27b86f5", 0x4) r6 = creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) fanotify_mark(0xffffffffffffffff, 0x2f, 0x40001002, r6, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x7) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x4) ioctl$RNDADDENTROPY(r2, 0x40085203, &(0x7f0000000540)=ANY=[@ANYBLOB="0700000008000000000000001d28112c91a8c5276a809c97ff8a39f4f4c7c88ad32f253de05cd3618002a8b367ab4d75d5d0fa9ba44e9565eac78708642394788ef51720fd3b7b203e958711294c05308ab36e370b0d47860c06d2517c1feb17f2393bd4462b14e3c5190b66827f9a38e66f1bc002f3b5d524e93d73dae5ff505c6254a8a8b65dbecc3d131277a3b988ed48ab62783e5420ca86ddacbabe296ae4ce92810eaaed533ea7d6cc01c9288b1ffbc760d9d14686a6e49c5514444a0baf756644b2a900000000000000000000000000000009b358ae90cbd7619c37f4a86437bf9e9abbf7484e0886f861f88610daffc5e3cbbe0e18764b07732b7602e65de21f3c5a01eda57a2ea4637efcf4f23441f9f665cafa08286d5866c0fb26fedbff1738cd80193b38aa029e0f88ae913d4de31aab00f327efdc3cfc9c60aa5ec651b610000000005b2b2f70e56a2fc2a9a7bda737c9b7d5b7a1787c0f3c1ef1825ef896bc290659ef45731306252c"]) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) [ 215.301225][T11623] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 215.309618][T11623] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 215.317568][T11623] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 215.325530][T11623] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 215.333481][T11623] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 215.341430][T11623] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9010000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.upper\x00', &(0x7f0000000240)={0x0, 0xfb, 0xdc, 0x3, 0x6, "05af50dba5b7a5d542fe8ddcb3e85435", "616cb78d54580aa9111ecf4c40af795fb926547f89f7e493d34f551d29ff65b201c473f58488068a4aadd7c282a35dc2fcbfaca91c20436cc60b254c4996f93c7525f7e7a0179add6b4d544dbe8feba5b75d24f8ab8f2cb36eeed7c6ba4e25b88b402e662e84a8a7f6718d46c53a36c703463f870db825f21fd2f0e5cfc888bac31645b0263e9aac3c9d0005425e4754b401b4097a01458001cafc0e5e68040e65c5ea204f44e44a4455115dc1cd8afa160a419fc4056009bfaf9346d4856036d5c01fb080e5f9"}, 0xdc, 0x4cc423b548d5088f) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 215.550979][T11623] ERROR: Out of memory at tomoyo_realpath_from_path. 19:02:22 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 19:02:22 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) syz_open_dev$radio(&(0x7f0000000300)='/dev/radio#\x00', 0x1, 0x2) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x85) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000000)="900f19836b9dc01c0f7d8978048534bfb088e772ceef8c4624a69fad136e1b13eeec114e", 0x24}, {&(0x7f0000000180)="c393434b5f79ec4b7387b23c4fb2f4ab988ec8300aeabb6e361aad5fb716404d082144789067a72ceafad7d66f06b20c054e282e086f8631d152a83b955b1050f2f7fbb99a54ff8904150ef5dbb41597215e3b31f3", 0x55}, {&(0x7f0000000240)="315916bed1b9c09a93e8e9d61fc7ee4f07494fe8a9b38a8fa7a1359489871e20d8040f282290ea5a201944847a07027a9cde228e95db45d9ef649cba683ae18b12e47e63d478ec3f523118fe4ce960e7870e39dcf19acfb33bcbe60cbde37114618c2b4b0b22c7ac8153a3dea7f37264349ffa19d8876aed571891f07663f10def99cfda79342329ea83ea22c53a", 0x8e}], 0x3) 19:02:22 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000080)='./file0\x00', 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x20000, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x5010000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 1 (fault-call:1 fault-nth:67): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 215.985512][T11655] FAULT_INJECTION: forcing a failure. [ 215.985512][T11655] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 215.998758][T11655] CPU: 1 PID: 11655 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 216.006630][T11655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.006636][T11655] Call Trace: [ 216.006654][T11655] dump_stack+0x1d8/0x2f8 [ 216.006668][T11655] should_fail+0x555/0x770 [ 216.006685][T11655] should_fail_alloc_page+0x55/0x60 [ 216.006698][T11655] prepare_alloc_pages+0x283/0x460 [ 216.039013][T11655] __alloc_pages_nodemask+0xb2/0x5d0 [ 216.044314][T11655] kmem_getpages+0x4d/0xa00 [ 216.048817][T11655] cache_grow_begin+0x7e/0x2c0 [ 216.053577][T11655] cache_alloc_refill+0x311/0x3f0 [ 216.058593][T11655] ? check_preemption_disabled+0xb7/0x2a0 [ 216.064313][T11655] kmem_cache_alloc+0x2b9/0x2e0 [ 216.069159][T11655] ? getname_kernel+0x59/0x2f0 [ 216.073930][T11655] getname_kernel+0x59/0x2f0 [ 216.078536][T11655] kern_path+0x1f/0x40 [ 216.082604][T11655] tomoyo_mount_permission+0x7f1/0xa30 [ 216.088072][T11655] ? kmem_cache_free+0xd8/0xf0 [ 216.092844][T11655] tomoyo_sb_mount+0x35/0x40 [ 216.097430][T11655] security_sb_mount+0x84/0xe0 [ 216.102203][T11655] do_mount+0x10a/0x2510 [ 216.106444][T11655] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 216.111979][T11655] ? copy_mount_options+0x5f/0x3c0 [ 216.117176][T11655] ? copy_mount_options+0x308/0x3c0 [ 216.122384][T11655] ksys_mount+0xcc/0x100 [ 216.126629][T11655] __x64_sys_mount+0xbf/0xd0 [ 216.131220][T11655] do_syscall_64+0xf7/0x1c0 [ 216.135721][T11655] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 216.141604][T11655] RIP: 0033:0x45c47a [ 216.145491][T11655] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 216.165083][T11655] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 216.173487][T11655] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a 19:02:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 216.181462][T11655] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 216.189422][T11655] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 216.197384][T11655] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 216.205347][T11655] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:22 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_KVMCLOCK_CTRL(0xffffffffffffffff, 0xaead) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:23 executing program 5: pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x1a2, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0200002f00050300000000fcfe65ff08005f560800030014"], 0x1}, 0x1, 0xffffff7f0e000000}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 19:02:23 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0xfffffffd, 0x10000, 0x1, 0x0, 0xef}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r4, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) write$apparmor_exec(r4, &(0x7f0000000340)=ANY=[@ANYBLOB='6tack {seuser!!mime_type&^\x00'], 0x22) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r7, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, 0x40) r8 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/autofs\x00', 0x0, 0x0) r9 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r8, &(0x7f0000000800)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x84020000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000b40)={0x3d6, r9, 0x194, 0x70bd2a, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004014}, 0x20000090) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r7, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xf1b5f72e8580ec5e}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r9, 0x800, 0x70bd2c, 0x25dfdbfb, {{}, 0x0, 0x5, 0x0, {0x14, 0x19, {0x200, 0x80, 0x5, 0x5}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9, 0x0, 0x0, 0x33, &(0x7f0000000000), &(0x7f00000003c0)="408a088c255d2b466e983538f94aaecff36fb274b25f1af76dc6dd288cebd6057e75414bca5e7ae4a90966f2dfb7fe17b7a7e0"}, 0x40) pread64(0xffffffffffffffff, &(0x7f0000000380)=""/16, 0x10, 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) r10 = semget$private(0x0, 0x7, 0x0) semop(r10, &(0x7f0000000240)=[{0x1, 0x6}, {0x0, 0x0, 0x1800}, {0x1, 0xfffffffffffffff8}], 0x3) semop(r10, &(0x7f0000000240), 0x2) semctl$SEM_INFO(r10, 0x4, 0x13, &(0x7f00000000c0)=""/93) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:23 executing program 1 (fault-call:1 fault-nth:68): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:23 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000000)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) umount2(&(0x7f00000002c0)='./file0\x00', 0x0) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) [ 216.816431][T11687] validate_nla: 31 callbacks suppressed [ 216.816437][T11687] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 216.839152][ T26] kauditd_printk_skb: 29 callbacks suppressed [ 216.839161][ T26] audit: type=1804 audit(1570129343.526:397): pid=11684 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/181/file0" dev="sda1" ino=16945 res=1 [ 216.881817][T11689] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 216.901368][T11693] FAULT_INJECTION: forcing a failure. [ 216.901368][T11693] name failslab, interval 1, probability 0, space 0, times 0 [ 216.925374][T11693] CPU: 1 PID: 11693 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 216.933278][T11693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.933284][T11693] Call Trace: [ 216.933302][T11693] dump_stack+0x1d8/0x2f8 [ 216.933317][T11693] should_fail+0x555/0x770 [ 216.933333][T11693] __should_failslab+0x11a/0x160 [ 216.933346][T11693] ? btrfs_mount+0x83/0x18e0 [ 216.933357][T11693] should_failslab+0x9/0x20 [ 216.933369][T11693] __kmalloc_track_caller+0x79/0x340 [ 216.933379][T11693] ? __fs_reclaim_release+0x4/0x20 [ 216.933392][T11693] kstrdup+0x34/0x70 [ 216.933403][T11693] btrfs_mount+0x83/0x18e0 [ 216.933421][T11693] ? check_preemption_disabled+0x47/0x2a0 [ 216.933438][T11693] ? vfs_parse_fs_string+0x13b/0x1a0 [ 216.946754][T11693] ? cap_capable+0x250/0x290 [ 216.946768][T11693] ? safesetid_security_capable+0x89/0xf0 [ 216.946782][T11693] legacy_get_tree+0xf9/0x1a0 [ 217.013986][T11693] ? btrfs_resize_thread_pool+0x290/0x290 [ 217.019698][T11693] vfs_get_tree+0x8b/0x2a0 [ 217.024107][T11693] do_mount+0x16c0/0x2510 [ 217.028429][T11693] ? copy_mount_options+0x278/0x3c0 [ 217.033624][T11693] ? audit_tree_destroy_watch+0x20/0x20 [ 217.039167][T11693] ? copy_mount_options+0x308/0x3c0 [ 217.044360][T11693] ksys_mount+0xcc/0x100 [ 217.048598][T11693] __x64_sys_mount+0xbf/0xd0 [ 217.053181][T11693] do_syscall_64+0xf7/0x1c0 [ 217.057683][T11693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.063564][T11693] RIP: 0033:0x45c47a [ 217.067450][T11693] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 217.087044][T11693] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 217.095442][T11693] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 217.103402][T11693] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 217.111360][T11693] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 19:02:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 217.119321][T11693] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 217.127282][T11693] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 217.145517][T11699] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:23 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 217.157442][ T26] audit: type=1804 audit(1570129343.846:398): pid=11697 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/181/file0" dev="sda1" ino=16945 res=1 19:02:23 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:23 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c4600000000000000000000000000000000000000000000000000000000400000000000000000000000000000000053d8000000000000000100"/108], 0x78) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000100)=0x1, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x7, 0x80) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:23 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x202800, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1000000, 0x10, r1, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) r5 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r6 = fanotify_init(0x0, 0x0) fanotify_mark(r6, 0x75, 0x40000002, r5, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)={0x38, r8, 0x1, 0x0, 0x0, {0x9}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x6}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}]}, 0x38}}, 0x0) sendmsg$TIPC_NL_MON_PEER_GET(r5, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x228, r8, 0x600, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x7}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x6}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x800}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7d}]}, @TIPC_NLA_MEDIA={0xbc, 0x5, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x70000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x49f}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x44}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xec}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff8}]}]}, @TIPC_NLA_BEARER={0xe8, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfff}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20cc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x40}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc9d1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff9}]}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6cc4}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @broadcast}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'batadv0\x00'}}]}, @TIPC_NLA_MEDIA={0x14, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x228}, 0x1, 0x0, 0x0, 0x4000}, 0x10000454) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r9 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r9, 0x4, 0x6100) writev(r9, &(0x7f00000003c0), 0x63) 19:02:24 executing program 1 (fault-call:1 fault-nth:69): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 217.273839][T11703] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 217.315200][T11705] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 217.343374][ T26] audit: type=1804 audit(1570129344.036:399): pid=11708 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/176/file0" dev="sda1" ino=17194 res=1 [ 217.399522][T11711] FAULT_INJECTION: forcing a failure. [ 217.399522][T11711] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 217.412753][T11711] CPU: 1 PID: 11711 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 217.420619][T11711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 217.430664][T11711] Call Trace: [ 217.430859][ T26] audit: type=1804 audit(1570129344.086:400): pid=11713 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/182/file0" dev="sda1" ino=16690 res=1 [ 217.433970][T11711] dump_stack+0x1d8/0x2f8 [ 217.433986][T11711] should_fail+0x555/0x770 [ 217.434006][T11711] should_fail_alloc_page+0x55/0x60 [ 217.434015][T11711] prepare_alloc_pages+0x283/0x460 [ 217.434032][T11711] __alloc_pages_nodemask+0xb2/0x5d0 [ 217.482903][T11711] kmem_getpages+0x4d/0xa00 [ 217.487383][T11711] cache_grow_begin+0x7e/0x2c0 [ 217.492189][T11711] cache_alloc_refill+0x311/0x3f0 [ 217.497187][T11711] ? check_preemption_disabled+0xb7/0x2a0 [ 217.502903][T11711] __kmalloc+0x318/0x340 [ 217.507115][T11711] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 217.512810][T11711] tomoyo_realpath_from_path+0xdc/0x7c0 [ 217.518335][T11711] tomoyo_mount_permission+0x923/0xa30 [ 217.523781][T11711] ? kmem_cache_free+0xd8/0xf0 [ 217.528536][T11711] tomoyo_sb_mount+0x35/0x40 [ 217.533164][T11711] security_sb_mount+0x84/0xe0 [ 217.537904][T11711] do_mount+0x10a/0x2510 [ 217.542136][T11711] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 217.547668][T11711] ? copy_mount_options+0x5f/0x3c0 [ 217.552760][T11711] ? copy_mount_options+0x308/0x3c0 [ 217.557932][T11711] ksys_mount+0xcc/0x100 [ 217.562153][T11711] __x64_sys_mount+0xbf/0xd0 [ 217.566721][T11711] do_syscall_64+0xf7/0x1c0 [ 217.571203][T11711] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 217.577071][T11711] RIP: 0033:0x45c47a [ 217.580947][T11711] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 217.600537][T11711] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 217.608938][T11711] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 217.616889][T11711] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 217.624837][T11711] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 217.632786][T11711] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 217.640759][T11711] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xb000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:24 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x10000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:24 executing program 5: memfd_create(&(0x7f0000003380)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>\x9b\x94a\xac\xf8R?\x1c\xe2\xb5!\xfa\xcb\xd4\xb6\xe1_\xb4d>\xf6\xb7h\xb9Uql\b0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x7c, &(0x7f00000000c0)={r6}, 0x8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f00000000c0)={r6, 0x2}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000240)={r7, 0x9d, "a071f60e3b1ca947abf0d771a2db70e4dcc5133e6750afe158accaa0167d0dbcb31f35c5325e3079f30bdafbb2ebd0fd853ad5abf67501d63ecc6065c3eaaa89d231efaf38a7cfbcf7dd9e84d92d40ba5cc4db1f231d9f66a91b3f9699e5975ab53a472d0f9b765859291b33ad6e7b9b31dfc58f4584992c0c811d1662b4f1db5c94ab7afb88fb8db9d26b63392e4b826cf3288ee21ed6c806119cf3f1"}, &(0x7f0000000180)=0xa5) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r8 = creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) r9 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r9, &(0x7f0000000380)=ANY=[@ANYBLOB="7f454c460000000002000000000000d00000000033af40e65730937c9c940000000000003f00000000004000000000000000000000000000380000000000000000648485725f4ae46000000000000000000000000000000000000000000000007900"/130], 0x78) r10 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r11 = fanotify_init(0x0, 0x0) fanotify_mark(r11, 0x75, 0x40000002, r10, 0x0) fanotify_mark(r10, 0x1, 0x1828, 0xffffffffffffffff, 0x0) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r12, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0xb, 0xffffffffffffffff, 0x8, 0x0, 0xc1, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r13, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r14 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r14, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) io_uring_register$IORING_REGISTER_FILES(r8, 0x2, &(0x7f0000000340)=[r12, r13, r14], 0x3) r15 = socket$inet6_tcp(0xa, 0x1, 0x0) r16 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r17 = dup2(r15, r16) ioctl$PERF_EVENT_IOC_ENABLE(r17, 0x8912, 0x400200) r18 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r18, 0x4, 0x6100) writev(r18, &(0x7f00000003c0), 0x63) [ 217.873139][T11728] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 217.944049][T11739] FAULT_INJECTION: forcing a failure. [ 217.944049][T11739] name failslab, interval 1, probability 0, space 0, times 0 [ 217.977527][ T26] audit: type=1804 audit(1570129344.666:402): pid=11741 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/183/file0" dev="sda1" ino=17185 res=1 [ 218.013781][T11735] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 218.021764][T11739] CPU: 0 PID: 11739 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 218.029834][T11739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.029840][T11739] Call Trace: [ 218.029858][T11739] dump_stack+0x1d8/0x2f8 [ 218.029878][T11739] should_fail+0x555/0x770 [ 218.052067][T11739] __should_failslab+0x11a/0x160 [ 218.057012][T11739] should_failslab+0x9/0x20 [ 218.057025][T11739] kmem_cache_alloc_trace+0x5d/0x2f0 [ 218.057034][T11739] ? legacy_init_fs_context+0x51/0xc0 [ 218.057048][T11739] legacy_init_fs_context+0x51/0xc0 [ 218.072161][T11739] alloc_fs_context+0x53a/0x640 [ 218.072180][T11739] fs_context_for_mount+0x24/0x30 [ 218.072194][T11739] do_mount+0x10a7/0x2510 [ 218.087219][T11739] ? copy_mount_options+0x308/0x3c0 [ 218.087232][T11739] ksys_mount+0xcc/0x100 [ 218.087245][T11739] __x64_sys_mount+0xbf/0xd0 [ 218.105528][T11739] do_syscall_64+0xf7/0x1c0 [ 218.105544][T11739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.105555][T11739] RIP: 0033:0x45c47a [ 218.115914][T11739] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 19:02:24 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xd000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 218.115920][T11739] RSP: 002b:00007faddc0f0a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 218.115929][T11739] RAX: ffffffffffffffda RBX: 00007faddc0f0b40 RCX: 000000000045c47a [ 218.115934][T11739] RDX: 00007faddc0f0ae0 RSI: 0000000020000100 RDI: 00007faddc0f0b00 [ 218.115939][T11739] RBP: 0000000000000001 R08: 00007faddc0f0b40 R09: 00007faddc0f0ae0 [ 218.115945][T11739] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 218.115950][T11739] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000003 [ 218.207027][ T26] audit: type=1804 audit(1570129344.896:403): pid=11744 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/183/file0" dev="sda1" ino=17185 res=1 [ 218.242459][ C0] net_ratelimit: 10 callbacks suppressed [ 218.242466][ C0] protocol 88fb is buggy, dev hsr_slave_0 19:02:24 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_emit_ethernet(0x3a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60d8652b00002c00fe8000000000000089000d00000000aafe8000000000000000000000000000aa00000000a0239f88b77b50549a12e05c9e9bafd9d2c3ed0d9e49a10263cd9690e292f2fe9c89019bc79fbf83a73c6ae7320004ff58d4f049b74fec5e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="0000000090780000"], 0x0) [ 218.254007][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:25 executing program 1 (fault-call:1 fault-nth:71): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 218.293198][T11748] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:25 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xd) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) perf_event_open$cgroup(&(0x7f0000000180)={0xe, 0x70, 0x7, 0x1, 0x9, 0x7, 0x0, 0x7f, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f00000000c0), 0xc}, 0x8, 0x1f, 0xd9, 0x4, 0x0, 0xf1da, 0x7}, 0xffffffffffffffff, 0x1, r6, 0x4) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x12000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 218.324419][ T26] audit: type=1804 audit(1570129344.966:404): pid=11734 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/177/file0" dev="sda1" ino=17195 res=1 19:02:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xe000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:25 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x71fe136792f61872, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000100)='/dev/vcs#\x00', 0x0, 0xdd6bc43300e261c5) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r4 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) fcntl$setstatus(r6, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) write(r4, &(0x7f0000000240)="36d59637df7c3bb17ad1e9bcdea04b1f3d92133fdd1bc5fb4120e36d9b21674278e1db630fd0c44e38ea4cb6f03f1154373c7cdf69ac8a078d1916852c3de276feb3a83bbc07df55fd06d28f47e0a0fea1ef9247659f4d1c84d2e918042881b78b75520c4b2d49f4c9fd2bcfdf5d1c3ef0c0fba55c09c64a7d558c26e46efabc86bb3a789cd3c9647eca19e0da336d0b5223d3ef2c3f7a5a109989940d06253bcc0fd1a21778a23249547be2ef9dba0944264298f92ef95d12d9e34b70119d846cc2305581", 0xc5) 19:02:25 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000200)='./bus\x00', 0x0) syncfs(r0) [ 218.444428][ T26] audit: type=1804 audit(1570129345.136:405): pid=11760 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/178/file0" dev="sda1" ino=17200 res=1 [ 218.474117][T11756] FAULT_INJECTION: forcing a failure. [ 218.474117][T11756] name failslab, interval 1, probability 0, space 0, times 0 [ 218.506351][T11756] CPU: 1 PID: 11756 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 218.514254][T11756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.524290][T11756] Call Trace: [ 218.527566][T11756] dump_stack+0x1d8/0x2f8 [ 218.531877][T11756] should_fail+0x555/0x770 [ 218.536276][T11756] __should_failslab+0x11a/0x160 [ 218.541195][T11756] should_failslab+0x9/0x20 [ 218.545704][T11756] kmem_cache_alloc_trace+0x5d/0x2f0 [ 218.550966][T11756] ? legacy_init_fs_context+0x51/0xc0 [ 218.556316][T11756] legacy_init_fs_context+0x51/0xc0 [ 218.561493][T11756] alloc_fs_context+0x53a/0x640 [ 218.566328][T11756] fs_context_for_mount+0x24/0x30 [ 218.571329][T11756] do_mount+0x10a7/0x2510 [ 218.575637][T11756] ? copy_mount_options+0x278/0x3c0 [ 218.580811][T11756] ? copy_mount_options+0x25e/0x3c0 [ 218.585987][T11756] ? copy_mount_options+0x26b/0x3c0 [ 218.591161][T11756] ? copy_mount_options+0x308/0x3c0 [ 218.596333][T11756] ksys_mount+0xcc/0x100 [ 218.600553][T11756] __x64_sys_mount+0xbf/0xd0 [ 218.605121][T11756] do_syscall_64+0xf7/0x1c0 [ 218.609607][T11756] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 218.615473][T11756] RIP: 0033:0x45c47a [ 218.619345][T11756] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 218.638924][T11756] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 218.647308][T11756] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 218.655428][T11756] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 218.663372][T11756] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 218.671318][T11756] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 218.679264][T11756] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x17010000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 218.721566][ T26] audit: type=1804 audit(1570129345.166:406): pid=11761 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/184/file0" dev="sda1" ino=17206 res=1 19:02:25 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1, 0x931}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x10000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:25 executing program 1 (fault-call:1 fault-nth:72): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:25 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x19000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:25 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000200)=@nfc, 0x80, &(0x7f0000000000)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x8004000000000000}, 0x0) r0 = socket$kcm(0xa, 0x2, 0x11) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [0xe803, 0x0, 0x2a0, 0x2e9c000000000000]}, 0xd}, 0x80, &(0x7f0000000340), 0x2b, &(0x7f0000000180)}, 0x0) [ 218.911398][T11777] FAULT_INJECTION: forcing a failure. [ 218.911398][T11777] name failslab, interval 1, probability 0, space 0, times 0 [ 218.924508][T11777] CPU: 0 PID: 11777 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 218.932405][T11777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 218.942463][T11777] Call Trace: [ 218.945754][T11777] dump_stack+0x1d8/0x2f8 [ 218.950073][T11777] should_fail+0x555/0x770 [ 218.954480][T11777] __should_failslab+0x11a/0x160 [ 218.959407][T11777] should_failslab+0x9/0x20 [ 218.963903][T11777] kmem_cache_alloc_trace+0x5d/0x2f0 [ 218.969174][T11777] ? legacy_init_fs_context+0x51/0xc0 [ 218.974522][T11777] legacy_init_fs_context+0x51/0xc0 [ 218.979707][T11777] alloc_fs_context+0x53a/0x640 [ 218.984542][T11777] fs_context_for_mount+0x24/0x30 [ 218.989544][T11777] do_mount+0x10a7/0x2510 [ 218.993850][T11777] ? copy_mount_options+0x278/0x3c0 [ 218.999020][T11777] ? copy_mount_options+0x25e/0x3c0 [ 219.004196][T11777] ? __sanitizer_cov_trace_pc+0x31/0x50 [ 219.009730][T11777] ? copy_mount_options+0x308/0x3c0 [ 219.014903][T11777] ksys_mount+0xcc/0x100 [ 219.019135][T11777] __x64_sys_mount+0xbf/0xd0 [ 219.023707][T11777] do_syscall_64+0xf7/0x1c0 [ 219.028186][T11777] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.034055][T11777] RIP: 0033:0x45c47a [ 219.037924][T11777] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 19:02:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x11000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 219.057506][T11777] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 219.065888][T11777] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 219.073921][T11777] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 219.082737][T11777] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 219.090690][T11777] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 219.098637][T11777] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:25 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) r2 = socket$inet(0x2, 0x200000002, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000640)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000580)="88c46dad8602ce51e45ab79bf66a580ad41cfe0ba4add3ec15b7797999e152c13a0226cef391d45500abdb3b22d46b210414a28dfe5da1ac5df003467c5810647171e7cac2756d427e280135748d05fe820b9b8e104f7489434dac8d7c6ce9526445ac5701c334c233835fbe6c269305667efc962926b25b1d04e5adff7b5a817ff534a7dcfe96125da4b2bf841f5cce304d8219d456b620d435f59d987cc2fd9e830d42f49864f3f616a4679683b2489809", 0xb2, r2}, 0x68) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f00000001c0)={0x800, {{0xa, 0x0, 0x0, @empty, 0x7}}}, 0x88) fchdir(r1) dup3(0xffffffffffffffff, r0, 0x80000) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000080)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(0x0, 0x4) pselect6(0x40, &(0x7f00000006c0)={0x1ff, 0x7, 0x3, 0x6, 0x2, 0xdd59, 0x6, 0xffffffff}, &(0x7f0000000400)={0x6, 0x0, 0xfffffffffffffff9, 0x1, 0x8, 0x3, 0x0, 0x1ff}, &(0x7f0000000440)={0x40, 0x1200000, 0x556, 0x47, 0xfff, 0x1, 0x6, 0x1}, &(0x7f0000000480), &(0x7f0000000540)={&(0x7f0000000500)={0x1ff}, 0x8}) 19:02:25 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x12000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 219.202463][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 219.208263][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 219.214098][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 219.219839][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 219.225650][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 219.231391][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:02:26 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') getdents64(r1, 0x0, 0x0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000080)=0x5, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1f000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x1f000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:26 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) r2 = socket$inet(0x2, 0x200000002, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000640)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000580)="88c46dad8602ce51e45ab79bf66a580ad41cfe0ba4add3ec15b7797999e152c13a0226cef391d45500abdb3b22d46b210414a28dfe5da1ac5df003467c5810647171e7cac2756d427e280135748d05fe820b9b8e104f7489434dac8d7c6ce9526445ac5701c334c233835fbe6c269305667efc962926b25b1d04e5adff7b5a817ff534a7dcfe96125da4b2bf841f5cce304d8219d456b620d435f59d987cc2fd9e830d42f49864f3f616a4679683b2489809", 0xb2, r2}, 0x68) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f00000001c0)={0x800, {{0xa, 0x0, 0x0, @empty, 0x7}}}, 0x88) fchdir(r1) dup3(0xffffffffffffffff, r0, 0x80000) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000080)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(0x0, 0x4) pselect6(0x40, &(0x7f00000006c0)={0x1ff, 0x7, 0x3, 0x6, 0x2, 0xdd59, 0x6, 0xffffffff}, &(0x7f0000000400)={0x6, 0x0, 0xfffffffffffffff9, 0x1, 0x8, 0x3, 0x0, 0x1ff}, &(0x7f0000000440)={0x40, 0x1200000, 0x556, 0x47, 0xfff, 0x1, 0x6, 0x1}, &(0x7f0000000480), &(0x7f0000000540)={&(0x7f0000000500)={0x1ff}, 0x8}) 19:02:26 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x40) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) r7 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r8 = fanotify_init(0x0, 0x0) fanotify_mark(r8, 0x75, 0x40000002, r7, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) io_setup(0x3, &(0x7f00000001c0)=0x0) io_submit(r10, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x2, 0x0, 0x0, 0x1000800000000001, 0x0, r9, 0x0, 0x12f}]) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r12 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000003a00)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c00000095000000000000001d8b8a5b97a24f0bf7e11ebc31d3a22d71b13988f48534fcb2613c4c0c29d5f905ca3da3f0b76bb26c4dd7e1b4c32aff406e99782d5d616d6ddf"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r12, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r13 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r13, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r14 = userfaultfd(0x0) r15 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r15, &(0x7f0000003a80)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "c1db27d84aaf7033b34649f4f24fad"}, 0x87) r16 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b7070000010000004870000000000000bc700000000000009500000000000000"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746'}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r16, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000780)={r17}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000025c0)={0x0, r1, 0x0, 0x2, &(0x7f0000002580)='#\x00', r17}, 0x30) r19 = syz_open_dev$sndpcmc(&(0x7f0000002700)='/dev/snd/pcmC#D#c\x00', 0x5, 0x20000) r20 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r20, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r21 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r22 = fanotify_init(0x0, 0x0) fanotify_mark(r22, 0x75, 0x40000002, r21, 0x0) r23 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r23, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r24 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r24, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) io_submit(r10, 0xa, &(0x7f0000003980)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x6, 0x4, 0xffffffffffffffff, &(0x7f0000000540)="51934c1d564d3be2fcffbaf2aed58f4572ed646ad35fd429738d095ca1839a656400806c92c949bccf317a555f93276d9b043805acaf1e7303a107618ac0fb09d3bc4552a27e0ee706a2de64806266b9144161733e1bb989a8bdb0e607a550aecd0136f96d68453261a76ba7eae01aec3eeda3545c8411eae18976c47b671a28e899d5fadc27648785aa83fb85ea53c1355990c4bca90f83727390c855d6036165adbac9ec1a4026e1b990e9b5d96a10ad060bbecbf4269c5d653db129e731a152e75e74043490feef508abd16ee750419e90008b00987d83022b10a410cbb85cfcdf5a35863056138410e5fae2b3dec5465921e92614203de8526380f1949fe4928a4585804c99f545bd0c70bd7682d920b20424e195ed0785bbf3be60b686b75f6d48da543fa3c9282d84772402defe8ea178ae88076b03183320d37002164f1696ec58b7f37d8077640fcfcdab8095b504fb0cc209119fbd5c58ada059f049e6c4fc8bd2f380fd89c002d606cfe0a5d3cb1f85a9c69f5efc24a22eae2e9b6e5d73d69be3b4065942fad70789aaa1e20652b9bb59a55bacde252c036e5af1957f09835d3682918c1f058f0b4d6fc1b1e8262650b40f31753ece9f950da1bed0fdf5bd9ad3cfdd4f9f6c9db43fcc42b51a361b392225f6cce2af0c8ebeb43ee57de39d138366a8375629283aeb00e4ee66527854332445b6afed656fd7ae97b9d2dc53c3d524d5901b51303860317d080a44c2a78d5dbec6956ce41748749aeff68d915856c4272dbcddb1b0bf19ba702b1698beb9cac03921f0d47e71f8252a3414a3fad42e07d5e23531ae9ca1f49929ad7ebd40f2a4ec4e99ee0ce70f9099da86da6fe08038e18b6c8735f694b11f103d623279158ab9de2f9a2b1fbd2620adda944c2a35838276918aab6125084ba1edcea18dcae44069c90373073a37ddb65b7ce1ac3825b5dab46d3239c9fc35ab963d7518df1d1d571d760950485c91d557ccfce517255bebf94d4da6ac659dbb334b75dbe27df5d6fbb45425d24acc5279d3ddbf7aae517512675b33eac7947e7a3f57a48baddf6052be859b21274fba12e139f83582615fbe88c2f678a9682a9ec903063efaabf3e663deab8a56ab8de19515f09d4ca3cf413e42fea8b6298ff718a1f0d4573958dd81c28c7776a75f755c2eff1fee545a17fbc72250cd7b7365fdca1ef46bf02855b633432c8687137f22ff09eae7ea994b0a9b8379e8b15bdeabcbf5dd97be9d7f1af7fc8d4c008c6907b6722cdea2e75296be3dfeaba4d226892c538548abc5a764faad87641ee29e3686950b5b6ba47988d12e87dffcd2a1684eeacdd7e31223620d9c3a03e30aa812006899cca6ed69f37cc930fe206cf4ed66c3746621709e17eb6c421ac31191cf3f39e23bb0e0bdf34dfed7c4511f1c352d830b177c76a125c5b63580369e01c775ea4617bcd4ff5dfbf55ce31f65d073a54939aab12fef538664a559976de839acc2e37e8a1891aa939aee3f60e1991ac73be76a2f52dbdfecf72d8e241d1d0aac08a90bad5271086cd36155ecf9c7c98f4334d69e31bf77d365ba0a9057d729c2fee4947741688e2664c03490dbe616b05cb8a18d477d5243001e59df4efd3702802cfb448c4f3fda01a6fd67272527c181326600a3cbc118b65318efb976215d4a5b5b2ad0f756019c92109dcc614b878939e799f582766fd0cf21ba83bd0148cf13af534f996958a24d4924106cea9b25e353aad687851329ef519bfb0131079c5706ecb2fb398900649dbca0e0334d0a2e22a589f4210a7836a58aac9bfdd165a8c0e230d3d35f9fa26b2bccdb76d044f7636eda4af8be3441feb87732dd68bc7e8596aa7d3d0a32da4314cab95e058f30d95585cce5d075e5aa91eab576da31ea48ef41ba2703d7bec20c9e5c64bf27b6787bf00106939dfaa1000feb01c1b4c5a6264cca726e5c1f22353f10da3ff1e990886db53729a0bb7bb28260fc075da96c70ce85c040fbc647d9d6579f37d6d75644121e11bc41884e4cec734416d16f86b018af82e36973de9c45a7403051a64b8380973aa92e2329340cff504562612480e5001df9d9b9708d892f89072666d24cd26a8155e5ee5dd59d28235cb804964afd7d35b301d58423c2742d849cd4f2dc8427e5d7007483804ae766d8585599c71f02c55f925833882c04dad89f3d8bd31592e16f89a38565d3eeebdf7a11ae40d8ddc7c1ef22626bad5499a0dd22900624c258995c4d9d54a699e897e7caf1ca03890ae4a84a36c9ae1fe2f9d54966bf80678fdd3957f5600e65c25ef53f635d6b5e0cfbf0811a16e073805b0b6f76d615a040e713b5b6901d68bd9d237073a92a0858c217e02c5d5bad2837feb7c8bf4cae62c77e89ea64e6e0f3a7d0d284b8c51a7ae52d97653814b602875bb7fdc86f8072f8ad740426637f7a3f14e62d9cec1ebd9f6962b3f51a23afbd0e13fe6c0e37532e083398cf7ac022192411ab6e9c023492fce35584fab4e9b48f1e053a06be85ec161ab54da9e3d177eff80fc3c3ea29827911024fe1966ee0023fef8f599572a61ec402b7353d5da9fc4e90db7c7efb83bcd2d7a5d2be8a01b2ddbc74d86de0f1a140ce6d7cee6c35f7e41f52f15e4b690de9fa4e34e9d6e2b60a707bbe3483832b4dc4e3659be148a2963b979363c72f7fa483c23b7536074658ae3d98640c314dff398149cddc4cc98106214342aa83b166ca81497b7e4cddfcd5f9660fd8ceb7c2720712c2776a2237971a7963a24a76408688b15b902b5e595e74c9dbbe18efdea765131677c75cf1de4a82e1fedf07cfa943373dbf7c28b57e8b4213486e5ae5153666163afd566a84cce1ce884ee4500d6f2719f808f07a65cd7cadbe861b4b3032083edbcb2415de2dd989a1ef6ff4a70ae4ea14332e3b8b905b0e8357a592451f4f41ebd15126c0c49f778f4c5f9f519be6ce347410ce9b6335fdd4d1720aa864ce060b42064918a9e20e20e2c7357480e19a73091aeab0938ae7355bed916a4525abb23f384fd19f8e739425eb6ec5f0e8407480862e69413a74c350c3051a57b12754b018f4a9770b6025fb63b05ae6d5e36eb96f69872af3abebf6c15ebb711b22035617dfb6e97270f47108ee8c2016f5bc4cb388f72781f940eb927ba084ee83aa955ac1a6b9c2c6d7ae99f9e587e8a3617326c3c7f3ead3d90284be5fb6abf4dad2fc9c5e98839ae5504e873270d39e5e39b52f29c16b548606c8deb4f4401ab1d8eb75333ae7f782ec2d808344f80ac6378321ee4dbe5c725f53741b0a8a6f2939194bc867af18adfcba69976f42eefee9e54f92cf0be295978ff85ecc6c18d76895bc2d27657a90c1c4d78fa319b7ba9a601b832f6877fa370d8c732e74c31252f12abe848db469ae6cefe14bdb949bb46f27df2b24f119b2f9ee160b2e45fa60df1709d5b0360880339aaaed164b29078dc56971d4fc51d73c222dc7d54219569d7ebc88894f04e9e0cb9cf05af214c960884b752e06042fceddc1f1cc084e5ed2ef108a8b4928c080164dec0a248af0fdf90f4f2dcf08159dd38b3f55b4e03b043cf51b4695579a695f3fa9221a31a8dfc295c4a86c699d12c08e55335b0870715c3993350d9f0c574f57765fe036102239e9fd06960062bac4e5966b6fc21329616c712fbd2b8a1f0cb7524839db41ee97c71a8af776f8d1dfa00d857dec45547a0c849d942189f78d5775e66411c7e30b89a9d523f0bc1cf51987d1e582eeb03e496ca90a576a3bb497680888f6308e8cbb0983010c1f40b20f208db765eceb2fec6e92b44d79424b8a0cc962ca0b3f6a7a3fd385178a8aec0f78f3218d3f50a67f5b8ff5df290cb0b31f62484b24414e12477fce9ae27b4b00c2ac0d214d194227d9e8b23bef8e94ceba323088d48d4c205aff5ea9fbc59a7dff035ed4a3e5a7700aaf53ca6bc5f8ba6112b47e5f949b57f8b7228c28e924c05adb3570597896ac1835aced728baef0a54aff97bbf96873bb8c85e93187f7d4460a0a7590d1c8f3bcc3de349a6c905cde49dce2f8e6f155575508bfb0487ec35357130cc7ee4d305aa57047b580145083abd3a7a1747e3b67e9139afa68ac819790a83cfd3d1646619158001e3c903a0192a82d0600ae7c07c92b59bade46cf11c731c21f7c56f46a12210dc678e821421f8ca15b3c8dfef841384bcd61a107e61590db6fc76c91efba6456dc521a8f1930bdcbed5ae3c5d7d38a3cecb57fdf27d274ab4c5effd2affbd97d07d26c96ec5737c19074e87d5ccb026525cda4affd002ca167eb8721e08107dedd867087943a3c6662795f295507012b069df3b08fa33c1b0bde5123e137cc1c7ce486252b4ceffee0e1c40bca1e39ccbc404d90bcbd895e6a9b19e2ff04a5467957c5e3ee6a950b7399d108118bcbf3d26de7dfa2932a07f725ec0c9becac93290f8827f56d88cbec9a7401d8b71f1d6a861e6983dea45428fdae017075782ff249c022d177d6b86f2717134d0791cabae32236956154bb56677d1fabb4f4b578c785a9074ba283b0a743617f518929efa618f5b6cffbd1f5c539028c8c72c2335ab926fe4a3768be7b41066703ab2073c16ba2610eb39c7c2b94407ed22af468914ce7e7b0d8a539c90a0955a107f8cdc9e18d24a3bd24bcc051570001187bb76157a1796fca27e0c265c6f575988269b995f97ac5b77bc708e8bab95ae63a37b7510312d7ee606c59f0a893bfd2be97b7f548c1386e3d1823099df48c5a294b411f07c2fd466ddbb6cb74e25dbe911c03d5b4f73d4f38e11b09ebb7654637c9cb2858e2670189ac828dd4c3ce78c58c5dcfd2f32adde23473368c4775a481990976b3b48366605d8161699df65eb9a7ea2e063cebfd678a381ad3e72b3c3c375b3ff07062544da247ccd464a464a4fdf78ad8f01a586a71fdd79e16ffa94ea9f3f69ca19a779d467400a0eba0277d2aefdc50b796872495d4b1b2a7cf03c95d03fb6d35092bc9ad2a979c09aa3be5c2bf506ebf1972e82180bd741b86bede61a5eb339ca14518513abf59a8485cd5ed58793dc71a3b39ef4d54457169dc74d47448af2a2881a4c6aaceb08e3397c2efa78678d597732abf6c3c90947d2cda90f45ed1a008f9fea1f0905668f6f17fe6fff10c07ff9eae5962d8abf5ea3c8c278c8b69ff23a3a1b240346ee2c8904cd5bd8ba7fc2e821d580db66f1c8fdae5ba1282fb1fd329cec4087f00aa813250d1e6aa23714dd1d0fb6774607e433cd8016dde0c70c1e761016b403c5fa32f1e9a2f2ae283aa7a4b638e5468b111479da4761f704688d63504e5ffb055260d03c4b86d8a6b55ee909af475711663c019b6eb12bdd89e4ee65bbce80eba3989beac7f3a90de89c472211a3a3340fe5fb4bd486857ba51ad239f64f23cd5a4a09e748aab91f398834add8a4d3bd62b0a8020a67f6787fe72e9a53053bb592c8a40363026a9bdddc50dc06aeb4d92b93800542c9f7e39ae3cace3c96582419c65ea94727173756d2db6bef357a0677172a8d14ea16a7bd2277f60bf39de219e7c9645cd86062fb6af6aba9b0aedb9c8f2c7f426b09e8fda8efe7758a64a1eff3e62adaf6b44238e0031e1cda6639cf4aa8d91e0ee7d10b7abbd87c6ec56ce2ce458dbe722c549c00ad88c0b46f7a1a5eae8d9b2781d59852416dde163282739e6d3fb744902ab246b1ab83b723725f9b7961d3b7c221dd1b63c11fc5e0377752d6803e4f14f99c605d92e7680df29f665c119dc7fab0322c766c9fdeeaee7b5934dac3821687", 0x1000, 0x6ac9, 0x0, 0x0, r4}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x1, r11, &(0x7f0000001540)="004dd4eb64c4a1f2197fe3fbe89e3b25a74c9763e06047ae92bdf2f713ed599bc24d3e2b4c5821aa4fa6c0a7278f76716336e0628ad27fcd4de10912d293add7a9958cde45a7951ef9166cc8cf73cbf3433304551fa8d1cc1abd6e953aac7dde495f3b7c784187a81c9c92f809ed363a94b6e22bf79d8039c77f6de90730c110a928987599b4baf9f5d31230a3f4d2226de699b8b832c40fbafd861f7b442ed7858ca028aec7e22e1b9b4bf7a215092db215d3a5f70d3079d4b8d1ce14117fcdc4d0cc6f8230443dc92560dc9c6ce8e3392256457db5a394ec0abbc3e1d2b455c154552eb7a60aabe6c3b2c2f0235b2e970f3246b1a8ceef54f3e25ee430c0635cfebc79ae149450fe7b0b4569e4dd370ee0f0af43326cc4c50f4ac4016d7f61d6daaf3eacf682a50707be14b4eef1e2d321ad20ed906b5573685e1d27004520b4af03fa815f9f2c7a9a2538b5cfe1d040d6cfbd5c729d8b8602b6f7dcf2784bc02d9f2a5a233828ad680705faecce2bc01023b656f511f03a3af8c870e0c8f50f03e150e3af9f0d76c04748515ad36c46851d02d0df7521bce8de1d7ff3ebc5f4ab774f2ed034ea7ece61ec5924c41573367946ca9fb01ce3b7e2b6d99ec066db26798568e7ff6d75c07f20435a4a2b49fcf90c11cc4e215d24dca631c8b9787ff60e9440eb72a9bdc57f1f3f2f076bb0ccea27ca23cdab86d088876752ed7dcfa3585f174224a39f6a845b6a28b05f1b3ec0860a09eb49f404d793cca3ae4d6a91c43090a5cac58b3089593fbd16ed1ede05ba551828a96921d07f2150059e9f9669eae34bb9dbc9eadd5286e9a7636c6f9856573dc18e3ba58e59363ae4e21e15c23382fe65b60b69fe9e961817209857907f8ba1d1cae59f5f1bf353889079ff3c700e789f6197fbe12058e6522c2cf0666c22637cedef7fd319dbfe317c01d26362aa66fd6e3828b1ad904be62ff9f90196f8ff9c4ea8ec649b99d7020d75afb2f2885248cdb876b0eca40fd8541cbd527022e820c6ece3a98751046af454e27192c0ccc543f56f54809b04eb275e18aec6c605fa2ca744e4fb636e078cf851f598eeac51e947d2c82b9d7180a093a3484f6c48bcf95b7038996ceaf6752fe7ae42b74f47b46f54e17300b486e86fc1d741e63439b6cf47f46b2bf412d742740dbd6160c30f6d1ce4c0a37c7e9daed1dc1a93b13a0dceac49c182464d036229e9476beb8ec00947eaf83d1471f2c20ec40665eec22ac6552dff0c1579edfb47953d760d47d9d2a4b31409e4365cb2271f290079cd13caf51809209d0607dc2feae7cbc28ff68815b788e9bdcf7253d090bfd447f28471ee1f8da00997a75c98235bba302849b6aff25e886803c31e996508e79a438207b13e20cd6d05e758fd0e3520c2f69787332bfbe12470b17a72e4427135ed812cd48cd47487cadfd2d568dc97fbf079fb08313e1f28847bc37198bf389fc935a12a89a2c95dd75bc60c28b0376cb531badb917bf3b7163f7129f3c00e0571a4d94cfb123cb92d06de7e55182c58def77b4f66339a335fc3a42c9bd7e02f0c49e0f5a44c1390fa4e400731f45db855da775307b4ea33a6684122aff451563582c5e0dbb79bec61dc84863f55ab2fb34d5a4fae6dbc220397cc0002eb559fb7b1faa224d4640f83d5f21c110275b95497fea7479ff3c7007376758642258d50cb9c176eeec3cd9fed87150313bd3afefded6f8db6a5b72a2fffed18aefd8cfa0ee816cbe6b210f87dc25a09748187fbda7ee9d197071f9931d7be6931999dafe5165a4d07f913a07184ddd48fa96fa426a9dd821d205ab6c3d9d46c60dc3449986660a4ca162235f92a75632112806c81ab51162db1a1b2f419187d4b995833a1156362e27f5eab6b21e3bbb48cd34966132ecc971627e08b1f8d451c1e2785863b604ac9a2a1bf571599c489843218541ba82042bd94308df289569e3c19b1b14ab0ec739fe0a8d550f0646643980ba4d7a654db6c22d4d19d5bc8258ae4e583944fbada61cffa450cdabd634b18ae24cddf63c751e2ad31a7cf37a5b4afc723434769cae641cb629c60bcf22db44e5913860fac0235c062fc4c1c69017f64c4531b6e99cb1ea52577952a8ebb4465cdb29c2ad5cbe96daba4e1840aee4e9ac6d097f3f2340e267661c2a635f3289437facee337c4c985f342149da9d69bf31514c96b2226b702135cfc302790047e004859bf2c3219e55493907e4bbb55037333ea72e39ab7890af2274e9e0d90efbad5405f4407ef0f26dd06262dea7955753aa002401ee107b3618769dd170ea0818e6c9e6af1261d82c8ad59fc284d67ba7ea44aeaa094eff69a1a3a8e0af24b6b8cdc2be02ab51f1afe44b0736bb43de4f0d3b990949928b350f373f47e68db61d3fb82550dc0939e71a7b19e9258618f1a722b77574b31ee38d8c3945d098a3f774bfc53fd8caa0d844c540d486237133aee3eab98641144e93ba1c799b5cdbf1402882bbcceb6712679807f2d73f6606fd7708ee44ebe5fc8b6e3f9c442e5986d1836e6b935819debe804cbc343f4304f68bda60464b60d0946275be4d599e184a27f10d950e7010074ab2db38b126717133f713d2b97a8af9d04ffd2b730825c0581790333e961c85c58e73bbd75061522475858a7619303b295cf9d8ea0fe53bdbd239bd5a5e088cee7461161a707e13236b58c271f47f82cce6c7d95cf120c95d1fc8c5289080f1866d4e63d9460cfefbfaa3fd62141febaf83c46b51b5112bd6ad0b8752547409510921b03ef17c11ec525f7cd17a838363136d0abac7c373bb4e80b87d923788f7600ae0fbad5ef63be9b33a661fafde9b298a654070eba8fc9aacd6d36afa0b1612bab7e38620ecfdce9fab613c34be3ddcc97dc97c33fd29ec2719280662fff5b97a88b6629e0d6e21c2785981efea7da327f129d07b75e15c0dbc5c6b25925af29db4899ecfcf33b4b2f7e765e962a0367721858c50341e80a5aaad73b8933a7f24e6d7d01194ff7b5872aa94a236e924c10d0f570d4f9590c21de9ba3a8a15c6c6b90a3b5c8bedfe4da9de801ddb8f5774a9062ef60a05f69cf727cb3d8777789c2810803fd7e796bb3155d7b305db77364d6f869a12e34c69a4efcfe4724e8e2b69b2b56f215fd88b1c02986ceaa7227a0bc857d836088b64b1450e05592325a8438652b208225547dfb7e733eb31e81f2fa7a47b11a44e95153c0603fad5c1e4de438f7e273205e44f52086a314a5df9487df0c5d9124eaaa8e55856bfd817024f96bb1366a4af60da380b93ff294b9a133cbdd74dd29e0a8d2921d6b52b52394b626d7f5f50aad24ed09afeefbed48dea907adef841ef719e6f09cd716aa31da6878c79c74cfcd5919099ff16d2c6c353306eb195036b1eb09c79533283a568f050044d9929f5e70d8eba5ead0fd40410471285748cfb835c19ee97688e5a8025df77903a0129c95661a2b50dd764941f20365087ef87c9f9d7625d78945f231dadc0d8ce9878d6efce200b1ddf38571569a7e13af39995e56a1b155b6f0848948c366b0ba1515de6b5c490c23ffb0ef534b72c0f27eb1a606048e8ca48705bf875a4a3670c583c07294be1a38e9a3d468364bb54c43d8d4693d601cb3a6c1e3839ea02a22b61bb8c1368dbb9c33521cd075a3ecea52557de6c6f949b6f343c85c08ba4133785d860acc8f061deb5c779cc5e067bf9fd71a5b9ca9614f2699c7170b167dcc6e18ae2da93c80b5e2420e712cb79a3b364160da80399f4d05d5f89c5ce6c2fc6c5e368328c53c0d5aba682d0cb7a3ee527b24378b45cb99fad889dbf16e1b9394fe37ab20341479ef57c15a23fbbaecab6c466ca1a45ef8cfc4b7bef31cb5ff3380a649e89a946ad555c3264ab106e6f5a96b09a08ba20d4a5e15150b633df293133646587e694a2d3b14eb3824070f23e4885b1e34c083adc131f85648f0395d32c7038134ec4318ecdbb7f0fc786b3760d2bd71dce3031a9f3fffbf2861b2d5f599fdf00c0b8fda467d68012201b3d9013008a28c20eef7b88a81fc9625123fcf51fc5a05ac6737e63d42a3b9d5861ccab0476a0b3c633c3841b094a754871ee3cd3be140be062ebb20a72369a7a1b618a703b214390125073b79236221e43144e4e094bf2c3306a608c379d0c3ecdc1530c8a09318f230ef718e0402acad9c76692ee77a40b8e2d8819189e0f33a8bade52748f84bbeabcac03a22c06f8aba0486500b93118a6405f8bdaa0d6cecb11f896ede1bc3cfc0645bc36b2343a645668157af8a5c9f4e8b63873e62ac0cabc8d5d430ce074ef330990c643bc419abb94ba3866e1137cdefb4345d5fc6e9b6fccf3e2959bd31364ac6b8c47de5fff8a55cb5bd22b9d6888cf6da7ed2d79a4c334b3aae45c2fb14638f41ceb1dc16c9b86c8c51aeb01f9ee70bd6f4bc89a4c4e6d6558be6aa336cf66d988cd92a9a09dd3d44068544260610a177fc49f49860f24d0b9cfef364c8113fbe484d8c5dbd6fdadd916eb16d5441d8b11d104d743aaf2aabdadd761f76cf02107dbb043c496320fd57a7b1034fa88b366f6cc24c85b6d206d848c96751a9ef8da706ac615339db8f63c8ad2d01b93becf1bdfba6cb1ade0789aae1165f5da155a36d09d94be7a2b2341a291e892891677b0e129522699d0d9c7a245677d76755f559f5400be274f5094448f7a6b58abc071f286f86f225ec47e467e1fb84aea751135ffa695d45b7d9bec39287f970116acb64dba863affc40603003359ea1013dbbc56bae827aa3b81790f036284fc765d5c100fb51138ac012325de0cfdf621ee4f6e6d78be958897729c22048ae5e94054461fadc9aae20e9885ec6460f609f5dfcc98df9ef3d17a78dceab457a40e04901655eed777d69b15ca925dfc3d44842228c448bab84b08645ad06b312a5c953412107faaa8a09940bed3b90581fdec3f3e02f53f2b446964ff823715013f74ea8637afa3c8da49dcad2353c335e4e13a22ceaaffb72c6b5dee8bc67201b266759e6ef7bb043454c0d5a0dfbb7966a27bcae0c8b978487dd33062ef969f036e99480eef00abced5403f3c166efad7c77a9e2740c423180586ecce7f44158b5beff1019f2cb24d39c8e84f7e2bddb34ad72a9412aba5e879cff7f8f9925df64eac871348457aa72c0668420d035b3032aef6db946f599f9d249ff4c94043dc2e4cdace3a6c913b147a9600de60173dc79053c07579158d1dac011ebbc208d3377f848fcd9339d83daa3a2323a8748f2bd5fca1ecb79c92b19d0fa9031b5b790d1e7e6721ae0376b5bbab2a4734b9f7ff4ed4bfe443fb1104dba11fddc075468d35c53d27c5e8eb239fa170a6230986183ac65d255d7cdfb550a1e140dee506f9c88dcdb145bd5503dd554b7bf779ed62aa4a3490f7908ebf7505d02993126032c744165df916fcc504584af1e8710f7e34be7bac9806e859a8204acfd52e16a771d75fc5313ccdc626fce298849e5c5be984af8bca5ff3efcba17ac894a38ea47439413de3757d9abf37657f6ee1b39592bd354a97961efbab70d39ab8c3cd22b9a755fde333c7e60b34483fa3c555021df3609295ea2d275d931597df76b3e4055aea0b654d2b802def6af8dbd5e49f9e2a6ca777cecb513cadacb8101ed1eb3bd5a1c31553adb5d77b1ca6f94d39c87b8be725c726aae951edafa52d2dfa4c456e82799f35f9b99ac81570d3da7b2649ce94cc1ba76364007a55d84a211e162e90b534ad2417f58ff30fdd7e137929128cc6887990b5b95", 0x1000, 0x4, 0x0, 0x1}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x8, 0x2, r5, &(0x7f0000000280)="945793d7051c4968f600327e5e9f46c5e1f657240b4f6db741df5ca1f40ca40725f8c6da81ba4a2b3549a46f4c1fa487c6a9ffeb4c4c56c8126320b560a6f5501fab63bf350cb12270c0e72504cdda19c45e6567b5f3ae7973285808b37c0e0f81a110b395ed2c9a39c553f1145032f829d54d323f60fad11316592c19b0ea96d85b15db6fb8826d90d56c2248116a172a2221eeac1c97ebaa003405180d2077a111cb", 0xa3, 0x3}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x6, 0xe1b7, r12, &(0x7f0000000340)="c39315f7d9c5dd5ce6a5b417b2609cf61c0ea205dae747f99b59f27739660dd95c32bf4471891d987d49b8696d01ef543e463af90e031378f9a36ccca970cc2f8e020c5c0808ae19bc9a6e7dbcb1583ec31d875e540ef95ede67ffec5cab66106cd2921251bf0defc129c7e0396971d2f110009d7497db24d1003a671138e3", 0x7f, 0x7, 0x0, 0x2, r5}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x1, 0x0, r8, &(0x7f00000003c0)="4d51baa25d18177523f1897f17c107d900169c3e2dd0b66e538a7c35998b", 0x1e, 0x3, 0x0, 0x4, r13}, &(0x7f0000002540)={0x0, 0x0, 0x0, 0x8, 0x0, r14, &(0x7f0000000440)="9c251173958c497c84d132f0d1ab094fe6d74a641b112f0c849fb04a2d06c71a5590713d3e5d4d88678138c48f0b3198fa060f6db3884c506301ae300e88f0ab387f9f012e03121fd0abf2a329f8ea60eb6e5d626fd9c1cb4c183eb2d2fc0d3c5b0d5c8be1564495a655d55324ee38819a1d88f911303904d0b1c938072925e770b45e38dfd76eeaf9befd5df8ec0673d3becff0df4ccbaa0fefaf2601a56cc7b1f632e35c430dbfd3a2306695d0b239fa8f6b1882c0c2", 0xb7, 0x10000, 0x0, 0x2, r15}, &(0x7f0000002740)={0x0, 0x0, 0x0, 0x5, 0xfe00, r18, &(0x7f0000002600)="ab80cb45920f2e0c4df5152b0554a1bff17ae087cad115ed7b1158a779d8a4f7df402cc07b63778d54d708051269e55361812ede1505b0b2949a33bf5b58c4ba544e3cd9ecaa566d77de9ca225580a8c10159af12b14683d75662b5b32e8a4fcbe1003f9b83f61bdda5b2696d068480109bbd7d052b9dd37fa8cd7d09a12d84581b31ebb88c6952bd5a3f197ac4204c38e9bcfb88ca1929506603be7e92b609250e0437fda7363f6807855f6ab8af27a54ea9c515f6fb3d2e15469462ff4dd85690e818cd230e29aad57ada56da6ffb85e67882d19d485189329a9d4", 0xdc, 0x3f, 0x0, 0x1, r19}, &(0x7f0000002800)={0x0, 0x0, 0x0, 0x1, 0x80, r20, &(0x7f0000002780)="b33710aceb5fc680eff019c6b7402a7b0019adc5d80eaea21ec0feb15924b106f54f90fbc5795a702d4d4f8c0faef466858bdb67777d1b58027df6329282e2110a89de12f3365d55dc0baa685f74aef64138ac19bb9973b8d842f962a14a558809a232f03e665dc9db2df8d0", 0x6c, 0x6, 0x0, 0x1, r21}, &(0x7f0000003840)={0x0, 0x0, 0x0, 0x3, 0x2, r23, &(0x7f0000002840)="9343ca510a59a0eb64cf20b1928563da2684d1002cdc46e13322307b89c37b4a7633eedee6c65dda13945bf99a352b2de513fc6c7b4833419c3a12e348187a2cc8c5ac24a87ff7a1fcebe440912d3c13d76b6e529d30265c410eaf5d07e2ba083aba8b04a190cebc4e0131bd668777f35971473c442f78f835a15686569e84bc8cc743a0b132d3efc48413e438f12ad1a81162bf207a7f6481d56b9458c6294ecdea233ddc4b38b19a435cce497bbe5f523c609ddf881988c4f8615c3cbc3b9e389594f51c07776926d5bfc2f193e4f916fff9eb8a0a844f049c0b987d6323a413fb416a3066029955e5d5dc4321e3a598c9c9ee4340337d085b752f9f88425722cd54dc7c050c5ab533c0589b97c81d386e630f14fae24041cb4633b7f28fff3c1cf12c946e2fcf3cfb60f793d57b76dabf797be4a01cab33548b22a96a58e7d8523dd848948308f925cf283526b481999b499a85bbf7c02a9e62bdd809abe93e38b410a13d2e738a11a0dda09cc74aa34fef2b14f97267afad672c43004db941ec708dfe2302e3621ff9cbd7bdcb25e723a7f6a8c87e07874843dd415f3feea7ceaa87daab62939f488e67f309635812bdd9ef4dd6dc7e1332e8b93c89b36f5ab2b5f8cbfd497935b12eaad023fc8ea5ed778f8ba0f45e931168232d9bf7c2c5a0283755d9741fe0afd81532edad7dbd4d03855e8ce7d4db19d75bddb048dc1fa0b6fb148d5eb6ef9622d4fc2db61e02f686cf40c4b53299fc01ed3d3cfa11363f4ea6106652622163ffc2ed54492bb46419ff46b0027e1b15ef9d7d6f226214af147763197d25fb86a124ca2eb8cc11cb2eaec6c67bd215bca64a5b8dfe47c464ed54f325a75b904a4ff4433ce3d26d1039e1ece71e6295ba8d2aa11ce73e7d922dd6f171d485fb0aa702616e2e33cc3d58ebd532659e1d750241e352ea93ea94485075a06a7af36c88d50a7d72175a162147b80108a3a14fa6954aad129d139ec17b801c922a7f44ef4e41b47d0de0a1eef92743f57e1a8c37854954df8855e98d29c25e90b8e3a6f5a014586ca0d3275f49b1d53df5f44c4430db5c3b7b68e18adfd1963d821738e720d69c109a19803d95842d1622ae50f25e9138cbeeb496eba3d7b82edb0758bff38022351110302ad8b194b657ff2dfc7c2510f85d26f5ce4a6648495764f0f232be6115ba2cde9d58b79797868170b540ac0c85da9965a8abb3d2203105d51542e223ab37b62774024fd666e827d67d07e7d23c20ee5f3ccd4f1cb75b5ef6b120001c92c2fdf70d12770e1d08da872c516cba5506860a15a07f593a5ec3ec9d386798d3832f342ecd0c6c609419552a61dfb666b14f0e26c384e67492b5422c463211f7b5ed02c9d574f38342d8e771324e8f6dbefa502eed1c2927589e14570f43147ac7acfde036f140651701278337005347146f7daf3af51468dc3d82b337393eb54e3842d1d7b6ae1551b5fff124aa8a0c6a4dce780893cda74cd4ddfbc2828dc671db2b267744cb17c1ed6f7bec8e78e4fab1396780b125b39607d7422f69d38eb5aa2a7b2cd64e1c24713b4ccfe3063d345ae2d9b2e5164d861ca345b26d632b87d12035e8706905ba2d07c3537edc34e17605ce8469a139884c26986b5b30fdf085075e827d519ad2714d932f90227fa671126e712cf433198e7babf67f258767d2b4b8db67fb2c501a6a37f9c666df97e81d8822f3b4c8f0de684a6d9ec288d4c188f013aba3490a4d426ccd621a4f75471ad8bb4749797e4c7fead3a17cc23afb523b041f81c844cda1553b612da8655cf44e56d65bbb588389fc8eb4726aa12a91c5673cfeb80a2be318fde44bdbc8edf9bd51f348d99596a54e33d92898ec0b3cc79f4c884cc2d80c63441762161c5b6954e8d5d483fa68e2109045fb18b82211831955ef1aa8e24b081e8ca54ef797340a4dc313d0345c595c226cf3a156b497785ee0fb39fcd70f02d6ea3951df1ebdc40ca09f440d12ecfb4475b3ed4512a1de80191ff938b649a2be7b538d24e65352c4cbc7a9fec363805290a5dcab850f6a2508c37ab58a44bb5803050020cc7a606cae872d322630ac191c719e96bf5c1fd7f8599cefc65c6f313fdae37634fd55402f62ffa700ff626ceaf5dc4d6c552d4fc96451530579d1578ef683494410f3bb5e5adf8c316bd9bdd335b1d8998ac25ac336f0d4adadebdc441b24bab050544a4eb1916d4c582a4b0edb01c9cab7cf3244768bb17c07d79cc247e6923d3a29e4c974e1ead6301ca6589129c31a3b9f46283bec8421ec1a10e38c0f8836d14b782dbecb582b9682425c41f48739680bc0fbd96586334e7e06ad785eef252da00b2b87470ed9d2d28463b1ab2d0a443408d7b761327c8ed98abc5aae9f7e792190a6cdb60010f8790c910a09374f62802813e8ec1b390f336459ceda378e5ec2503c564a9759cff629bb2e8cd1410163d0d5b3415a39e9832bf55153149b8ee1887931e2e9155fc8ca613dcb687e9280d391ca3570f5932ff28f6a9b4e5fdac75944fd7ddfceb170507c155d55fdfdec5ab78aaafaf668649f24b3cc99f522acb50f8b27cf3cf71b899fcdefe542a064ffee97bbdfafb9268d655e5149e3a373177bbdf5d83166db79198582e1e5783f496692b9ae8b2c6c7ed301f786b8689176a2e3946f0e1e7ace834e2e3919fb388876e6c8f73c4393678e3809e281f7baff09d46efb2b8181572f46656a2beccded94774a201b3c16e9e67ace06965f2c0add5bb1c9158d1e1e85d513d0b10192777fc075984b191705b2e001a06b59af443ce31c49749532a057fb258fcf07bca24b755222a75ba5e1630d0dab8f060e036f1ac05447352df9dee39665b67a0efaa8726a9832b81e431dee62b2bcd0574c9b3bc8f8d475e6c0976b16205eca00d01dbfb307248a0a73557c362acf5d699ae2e4bcd02ba3828011c24a8cf614faa50fab7bee2cac285a64824324e398e19462ed3fbbde1225108242acbd9f11f33c7ccc10fb5102bd69709ccec7f2d8349da3451eea1964ea3fb384d991107ac355ad92b8421dfafabfeaa709df8a6d4587390754154f678fa2438f01d4995029fe769586eb02031e449f15d8a2a454d196617562205037e36f7b103de84236a55545c9e0d3b52f9e02ab955d49a1fd7ac0364b19a12ece5b7447a7683a09771aab1da16a5098f29cdf18b5ea4abc6f13e82a93832cf479e009930e3a18f0c30ee5bbd04c3de220bfe9548d8315dfd80ab4c75e737a91abc4b04d2725b1143cf96a348856020707d93f8e71a2a47f201a3c2667560cd71ab3c5a2e24e772c322e3f4d243ef6b9aecf78d265d7e61ad79d74d6f295914ef4778a9830ebc1b6646c735e975d344f0e04b47a1d910c97666a373afaacdfacc2533a7ecdf1ccc4de33eb284e4015537e040ef3801eceb4bd30d2e0d562f5393884998dda8d4c80ef6d331ef4e703ce75f4f50194d9e5770c68a5bc6b6db852dd7c38ca21f7be1be49e37281a24ed4dbcb5b6707396f550d3ac4839d939eff130fe2251dacf7644da85f1a7fe4256e5c236e9ac5089e932c37624808c9d95d21a4acb257e1f1537895da76074b39e690b63c6836114d0771dcdeb416d9961ca013f45bf675d3416724f8a753df7bf93a8b176904ec7900ac481364e51d1cb9839a7313ab40072ac3cc366b17989fd687cfc16d2b08edd7d3a369d590d78862ce7a8ad5c68ca8d6029d245e6418ac8496c379578fae2a7920eb007ae268f32aa35ce9c20913eefd6983687f7ed01d069b636a9b6b4f8c1292e7915d0e41f6bb8d5ff16d13d0c14e3ae63407e5cc38ea16293e81bd0fe71e46183d0215eb0c515f4867637ad5178f66b49e472cd67bfbb1047ecd498e9ea974f81427d47053e5237fc683b4904a77014295adbf11b56e9ebf0e8ca5ab959e48a61bef9fb1492bd74647979ae25233a5cc2ecb906779f98f15eeae1fe20c46a0820bf1dc29504d64c7bded7c14956061d7213b521404f916903ebda1db0ff32903385d58fdf258eef1cf81df889d008256f9ed8b9a16abe3419c0e724febde2bf25edfa35a57e7748868f240dc87ea18c20f26da64b5ba6ebd1fc3bdf7da9656bde9aa45abc1b740e1c85bc9dabf7e48c79e48f0529973983755d0ec336be10f1d45def4efad8eb1c7cd88b042c24f3576dc63a0fdbd91a884ed17ba92427ec8022393213ee118219ec2b180692b5d650d4e1677f9200d41aa90194c9b9e9de61a384de1eac14810f4ac5bac664adc8ca3baa90bd5c59bc5746f0e95a18b865a1e7092f3de6558f6d847dc357a63a4952be80b3e0ffe307b16a650d53949d2fa2017e5826bfca7d1529280cd8bd3ba9083f49da41b0e2c18b03ec526eb69a2ab366abedee1031808f8b54c5a994f5dab781da8417e5c4e8c4d9c949a7e1bc947e49ef2a754e748408003f3e073a36463f668562aed40e8ada0f0af139dd409b6f78615f0708155ce63190639814941cb5f554d79b1950c32585acd4832eb6bb65c2c83561d0c1d1e1b5af110f35e2fbd35886d6794c6255e7334f881ae2aa5f2af5c7d4b39508c0c235aa3a46368451bec6097bbddb377dbaae6525fbae25c486588308f7b13c36a2b7c992d3b8908115e89a72e0ef15cbb7b8017ab3878edb42e00c8fb029152ebb6e172ef56ffb67c8e16566f2cc88b82256a04ec1c98b9bcc22e0de64a515d78e28a1135fcb8b087987744cbfe57adac402fec1f5c2548b2b4abc90df80021abef43e36561527af530d419d0945fa1d707755af7f0379803b767bd699aaa3394c3d53776eca1c18566b02f6a215e765e3f2e13e5fcca43e66fe8448f8b2aa5b05b9e6cb3a90e45e0e822d83a057997f5fd10bae149846254f3bcae3b6c1a73fe01da3a55e5436db2b049b81d7cc8ef6eba29cd410cc17a120c152bc7bf7c3abdc77585c51988337801c636d1f0e3cf391bf7189b7f09cef2f586a6337d84f469a406a03d1f292b13e6be888318febc0abffc68dc891c8825672d7e86cb9da3247904406a6d87be649091a1b6a89439d7c8ce9c0521d5b7c8a02147954044fa1a54e6fa7e0779fdc70ae8a5f71647a30818fbd6bcd49aaecabfd6593f8d3678a258abcc426a38b1ec7d5db7aec383c5a60aedd994e0f7ac8965d3d7f845ed468a1ee3aad55ba4ccb3fbc295bd57cb255a3b24ba60c0bfabe1ad5c328b56d93fc8e0cfebafb9a75ac7db0d9c6f8da74355ef20b5582d5ba98c4ba6f1c94d2d7280ab497b5430a72fea72ac0e2c97ba96b18a9674a871ae9b5241b2f10d04b5197f62ae0a30e46135708a62401908a829ebae668923a9234f2afe17c6b76356b22252223099e4c0c51e58430057c879c75cb4714ee3187aef87406a14959f360cd755b11d5c3aa8d9cdadd495135cf0fc26697195ee85037a6db10ddcdb0724906d327c630f7d66e1a42937dd1558c82094f0a736b55063b2634f3b68110ad9a1ce74a2290235dcbbfd5467045820e9e1f422704704cb47fceffd3648ba30167f7c878dcd308497643aafcc4304b0d17f7bf423cfc77e15618ee1f9b8e01ea53407d45c5ab71971373458e21820e304858ff8ccef47d4f26a0f73940b946faf5322a9d28626aa9840ea6065779618fef48a05f6317b8bc8bae742200598c6db4f6a96c21d514a3333f202712d226b7b0348ad868406fb3847a568cee1cb43ae68857a1b1a3221ef04275dd651dc20fb4cbf330d037a2e5725c8cb068e7c724c67d936eec73436862dafc0f887815e8e94c6f123021a2da4c", 0x1000, 0x0, 0x0, 0x1, r4}, &(0x7f0000003940)={0x0, 0x0, 0x0, 0x0, 0x101, r24, &(0x7f0000003880)="29cf931824afa62c391c26a452dd5699ddd5068ae8db9b1bf7076b350cdefcc84906a55ed28170bb9d337ddc3b2f4d9090ae3107478490074c091e77dacc45303ac0b028c55ec21417a803d3b48bd0fc9520779c33d1520c29dc00e997a57d1541623e604e1d686328abefd570cb1c4c33a4afb19445f102f4d049cfd8d2214f77bdf3ec593573ea9edd989bae4cfe3c2289be051eb257bcba594579fb3cd37513554a353f8254a77f7647842283efc142276ad381f4c0f523dde66bbb1b14", 0xbf, 0x12, 0x0, 0x1}]) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r7, 0x111, 0x3, 0x1, 0x4) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x368) 19:02:26 executing program 1 (fault-call:1 fault-nth:73): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x20000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 219.673856][T11803] FAULT_INJECTION: forcing a failure. [ 219.673856][T11803] name failslab, interval 1, probability 0, space 0, times 0 [ 219.686614][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 219.686661][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 219.745389][T11803] CPU: 1 PID: 11803 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 219.753317][T11803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.763369][T11803] Call Trace: [ 219.766653][T11803] dump_stack+0x1d8/0x2f8 [ 219.770967][T11803] should_fail+0x555/0x770 [ 219.775377][T11803] __should_failslab+0x11a/0x160 [ 219.780296][T11803] should_failslab+0x9/0x20 [ 219.784780][T11803] kmem_cache_alloc_trace+0x5d/0x2f0 [ 219.790040][T11803] ? alloc_fs_context+0x65/0x640 [ 219.794953][T11803] alloc_fs_context+0x65/0x640 [ 219.799694][T11803] ? kfree+0x194/0x200 [ 219.803741][T11803] fs_context_for_mount+0x24/0x30 [ 219.808740][T11803] vfs_kern_mount+0x2c/0x160 [ 219.813307][T11803] btrfs_mount+0x34f/0x18e0 [ 219.817789][T11803] ? check_preemption_disabled+0x47/0x2a0 [ 219.823494][T11803] ? vfs_parse_fs_string+0x13b/0x1a0 [ 219.828757][T11803] ? cap_capable+0x250/0x290 [ 219.833324][T11803] ? safesetid_security_capable+0x89/0xf0 [ 219.839019][T11803] legacy_get_tree+0xf9/0x1a0 [ 219.843668][T11803] ? btrfs_resize_thread_pool+0x290/0x290 [ 219.849375][T11803] vfs_get_tree+0x8b/0x2a0 [ 219.853768][T11803] do_mount+0x16c0/0x2510 [ 219.858075][T11803] ? copy_mount_options+0x308/0x3c0 [ 219.863248][T11803] ksys_mount+0xcc/0x100 [ 219.867473][T11803] __x64_sys_mount+0xbf/0xd0 [ 219.872040][T11803] do_syscall_64+0xf7/0x1c0 [ 219.876528][T11803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 219.882395][T11803] RIP: 0033:0x45c47a [ 219.886268][T11803] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 219.905848][T11803] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 219.914247][T11803] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 219.922279][T11803] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 219.930229][T11803] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 219.938177][T11803] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 19:02:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x20000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) dup2(r1, r0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) [ 219.946122][T11803] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x25000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x24940500, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:26 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) dup2(r1, r0) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlinkat(0x0, 0xffffffffffffffff, 0x0) 19:02:26 executing program 1 (fault-call:1 fault-nth:74): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:26 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f0000000100)=0x1f) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0xfffe, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) time(&(0x7f00000001c0)) syncfs(r2) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) r7 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r8 = creat(&(0x7f00000003c0)='./file0\x00', 0x20) r9 = fanotify_init(0x0, 0x0) fanotify_mark(r9, 0x75, 0x40000002, r8, 0x0) r10 = socket$inet6_sctp(0xa, 0x5, 0x84) r11 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r11, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r10, 0x84, 0x7c, &(0x7f0000000280)=ANY=[@ANYRES32=r12, @ANYBLOB="ab5f546e0f922896ca3c8f5bc32d8678c24b607a3d21eb42ad418efcfd2c94995dbe01e740f8d6ce96d34355bfb891d9bb8eece8483e8679538be61c3e487e35897427fcef45348f340188b355b08588082f372a3339fdc769b378feed9f49085dd56a472e75d0af69199520ef194ca0d854c322365854eeaddfe1049a50fa75f7b453d33ee4db6f8cd2937af7144fb589781d8f7a05408331a6f17f03f6e67b38d80723795e234f39a4f6ac0be882aab05a850019e2d8a53941992e29c31e9f2dca6049e9b3b75536889e6254d18a84274acbcc21191f631bf6dc2356380d2464049a635cfb10d58c00ccd130b5b6de3521b4a38ed34048d0edbbe7ce9c"], 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r8, 0x84, 0x7b, &(0x7f0000000180)={r12, 0x9}, 0x8) r13 = fanotify_init(0x0, 0x0) fanotify_mark(r13, 0x75, 0x1002, r7, 0x0) getsockopt$inet6_mtu(r7, 0x29, 0x17, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 19:02:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x25000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:26 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 220.231123][T11832] FAULT_INJECTION: forcing a failure. [ 220.231123][T11832] name failslab, interval 1, probability 0, space 0, times 0 [ 220.283321][T11832] CPU: 0 PID: 11832 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 220.291240][T11832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.291246][T11832] Call Trace: [ 220.291263][T11832] dump_stack+0x1d8/0x2f8 [ 220.291280][T11832] should_fail+0x555/0x770 [ 220.313411][T11832] __should_failslab+0x11a/0x160 [ 220.318348][T11832] should_failslab+0x9/0x20 [ 220.322859][T11832] kmem_cache_alloc_trace+0x5d/0x2f0 [ 220.328141][T11832] ? alloc_fs_context+0x65/0x640 [ 220.333077][T11832] alloc_fs_context+0x65/0x640 [ 220.337838][T11832] ? kfree+0x194/0x200 [ 220.341895][T11832] fs_context_for_mount+0x24/0x30 [ 220.341908][T11832] vfs_kern_mount+0x2c/0x160 [ 220.341920][T11832] btrfs_mount+0x34f/0x18e0 [ 220.341938][T11832] ? check_preemption_disabled+0x47/0x2a0 [ 220.361723][T11832] ? vfs_parse_fs_string+0x13b/0x1a0 [ 220.366995][T11832] ? cap_capable+0x250/0x290 [ 220.371585][T11832] ? safesetid_security_capable+0x89/0xf0 [ 220.377302][T11832] legacy_get_tree+0xf9/0x1a0 [ 220.382005][T11832] ? btrfs_resize_thread_pool+0x290/0x290 [ 220.387716][T11832] vfs_get_tree+0x8b/0x2a0 [ 220.392130][T11832] do_mount+0x16c0/0x2510 [ 220.396459][T11832] ? copy_mount_options+0x308/0x3c0 [ 220.401647][T11832] ksys_mount+0xcc/0x100 [ 220.405885][T11832] __x64_sys_mount+0xbf/0xd0 [ 220.410477][T11832] do_syscall_64+0xf7/0x1c0 [ 220.414980][T11832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.420858][T11832] RIP: 0033:0x45c47a [ 220.424740][T11832] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 220.444341][T11832] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 220.452752][T11832] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 220.460734][T11832] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 220.468710][T11832] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 220.476675][T11832] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 220.484649][T11832] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:27 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r6 = openat$null(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/null\x00', 0x2, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(r6, 0x114, 0x7, &(0x7f0000000540)={@isdn={0x22, 0x40, 0x9, 0x8, 0x7f}, {&(0x7f0000000400)=""/147, 0x93}, &(0x7f00000004c0), 0x8}, 0xa0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:27 executing program 1 (fault-call:1 fault-nth:75): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:27 executing program 5: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f0000000180), 0x2) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) sendto$inet6(r6, &(0x7f0000000080)="2f1236cf3486e511c76a933ca6b48d1c60b4b1f653e0bebddaf959eed41004235523554d33257d52de7954928fafdb41618113edd1847d9da801b64f3ec8d76491f4946470de2821df71e3bc9e22d679aacbe32dc438030457c08c7e2441284d93d5c45ee186c0ccc1f206af2c56eb2b5cfca5f6ae7b67", 0x77, 0x0, &(0x7f0000000100)={0xa, 0x4, 0x6, @loopback}, 0x1c) 19:02:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x2f000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:27 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000240)="d6c2b03f428bb8903f52a03a9fd41c22e58530c2d0cf0729c6be0cc9ab2fcfd8ab6f3da75f242ea37489e033b8cd66fd432cccba42a081bb08fb10168ed9c559bbdd05b1daa9301a7b21093347d12e4b240e7c8c90958e3fd4250ce96c68fce8ac41faa8e7571514c2fff9d482bdab12950d91f06e3d31cef75c2dd040182b634c7796d8a83d86ffaa5cf92001a2ea21ceff0400ce20ef58b6be292d626d4e3b2fdc1ac91de4b26bffb7ee85e3545374ad4f315b2bb03e4a97654753d6039dc34bf4b8bc8f73844bd25f9a6a", 0xcc}, {&(0x7f0000000080)="03038c6d469fe1ff01ba4369088ed460ee4046d978dc", 0x4}, {&(0x7f0000000340)="78b238c9892039b4c6918050e21847b3fb8aa3d82480c1b7d183a6a1666795499f82c3d3266a7c04554beaac2f87c048c541db5490505aa52a14bc5af60accce937a370bb64b78d83581d984d5d4f4dd0d8d200022d1c3288dbc27edc08e415a10cc1d466ee2c873399ce2a002d41e27cfcff447182340bb1db78974a1e04b18b7f2b487eeacec2e8e9ec1fe9fced24eedca227332a50ce4b78bba9cd9f0e8e2287c5d47b218bd64a4e6a5c09cc7ddb4ca0ba5e2d4b8f820aa6c6158d259a517a2818a4a", 0xc4}, {&(0x7f0000000640)="6a320c0071012a091770991a4a80f329df747a206211e28e736b4b09d526174c6eb006db8759ce0534267fcf35c11bee2cd3cb63545630ea051ec47f32741598e967a1abd86e4b4f00a4a1717862638868adbee4336b91a413d02e3e395e544a36bca6c6503add24fd1d75a1636eddc3a81c2ada39839a77c622720b832e06cd561e28b3855b78d43d7861062bb0d2b44b579e23faf5ba39ab3e90f2e83000e7b7e146da50fc8fda3738dfb440433eaf9f35e9dc242cbb655e797009931c344525404e7a5943a80a12d7c3bc60b6be8498", 0xd1}], 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000180)={0x2, &(0x7f0000000100)=[{0x4, 0x20, 0x0, 0xff}, {0xff, 0x3b, 0xff}]}, 0x10) 19:02:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x330f0000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 220.795528][T11849] FAULT_INJECTION: forcing a failure. [ 220.795528][T11849] name failslab, interval 1, probability 0, space 0, times 0 [ 220.835465][T11849] CPU: 0 PID: 11849 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 220.843392][T11849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 220.853445][T11849] Call Trace: [ 220.856734][T11849] dump_stack+0x1d8/0x2f8 [ 220.861064][T11849] should_fail+0x555/0x770 [ 220.865477][T11849] __should_failslab+0x11a/0x160 [ 220.865493][T11849] should_failslab+0x9/0x20 [ 220.865506][T11849] kmem_cache_alloc_trace+0x5d/0x2f0 [ 220.865514][T11849] ? alloc_fs_context+0x65/0x640 [ 220.865528][T11849] alloc_fs_context+0x65/0x640 [ 220.865540][T11849] ? kfree+0x194/0x200 19:02:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 220.865554][T11849] fs_context_for_mount+0x24/0x30 [ 220.865566][T11849] vfs_kern_mount+0x2c/0x160 [ 220.865579][T11849] btrfs_mount+0x34f/0x18e0 [ 220.885194][T11849] ? check_preemption_disabled+0x47/0x2a0 [ 220.885213][T11849] ? vfs_parse_fs_string+0x13b/0x1a0 [ 220.885222][T11849] ? cap_capable+0x250/0x290 [ 220.885235][T11849] ? safesetid_security_capable+0x89/0xf0 [ 220.885247][T11849] legacy_get_tree+0xf9/0x1a0 [ 220.885257][T11849] ? btrfs_resize_thread_pool+0x290/0x290 [ 220.885269][T11849] vfs_get_tree+0x8b/0x2a0 [ 220.885280][T11849] do_mount+0x16c0/0x2510 [ 220.885296][T11849] ? copy_mount_options+0x308/0x3c0 [ 220.894085][T11849] ksys_mount+0xcc/0x100 [ 220.894098][T11849] __x64_sys_mount+0xbf/0xd0 [ 220.894113][T11849] do_syscall_64+0xf7/0x1c0 [ 220.894127][T11849] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 220.894137][T11849] RIP: 0033:0x45c47a [ 220.894146][T11849] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 220.894151][T11849] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 220.894162][T11849] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 220.894168][T11849] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 220.894174][T11849] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 220.894179][T11849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 220.894185][T11849] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:27 executing program 1 (fault-call:1 fault-nth:76): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x330f0000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:27 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x46d00) writev(r4, &(0x7f00000003c0), 0x63) 19:02:27 executing program 5: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x7, 0x100000001, 0x10000, 0x1, 0x400000}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0xc0c31a98f46d816a) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7ac, 0x0, 0x0, 0xffffffffffffffcb, &(0x7f0000000280)="f96818a814663e0424c713d7571b81da0d8bafca20ae691d769486b3572bc66377a6b547d3a18a7aa0362dd79c0dd7fe0d7cd63f98d708b2d2940dcccb38de9d1bc5657809d426192192b6d27d3ac049e4ce6643c141"}, 0x335) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r4, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x0, &(0x7f0000000200)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f0000000540)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x142}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r7, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x1, &(0x7f0000000240)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYRES64=r5, @ANYRESDEC=r1, @ANYRES16=r6, @ANYPTR, @ANYRES16=r7, @ANYPTR]], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x40f00, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r8, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) io_uring_setup(0x194, &(0x7f0000000180)={0x0, 0x0, 0x1, 0x1, 0x2e7}) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r9, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r10, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r11 = dup2(r0, r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r12, 0x4, 0x6100) writev(r12, &(0x7f00000003c0), 0x63) 19:02:27 executing program 4: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) openat(r0, &(0x7f0000000080)='./file0\x00', 0x400000, 0x114) r2 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r3 = fanotify_init(0x0, 0x0) fanotify_mark(r3, 0x75, 0x40000002, r2, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ff8000/0x2000)=nil, 0x2000}, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r4, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r7 = dup2(r5, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r8, 0x4, 0x6100) writev(r8, &(0x7f00000003c0), 0x63) 19:02:27 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x40000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:27 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3a000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 221.234984][T11864] FAULT_INJECTION: forcing a failure. [ 221.234984][T11864] name failslab, interval 1, probability 0, space 0, times 0 [ 221.283239][T11864] CPU: 0 PID: 11864 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 221.291161][T11864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.291167][T11864] Call Trace: [ 221.291183][T11864] dump_stack+0x1d8/0x2f8 [ 221.291197][T11864] should_fail+0x555/0x770 [ 221.313239][T11864] __should_failslab+0x11a/0x160 [ 221.318184][T11864] ? vfs_parse_fs_string+0xed/0x1a0 [ 221.323379][T11864] should_failslab+0x9/0x20 [ 221.327869][T11864] __kmalloc_track_caller+0x79/0x340 [ 221.333145][T11864] kmemdup_nul+0x2a/0xa0 [ 221.333156][T11864] vfs_parse_fs_string+0xed/0x1a0 [ 221.333172][T11864] do_mount+0x11b8/0x2510 [ 221.333189][T11864] ? copy_mount_options+0x308/0x3c0 [ 221.333202][T11864] ksys_mount+0xcc/0x100 [ 221.356314][T11864] __x64_sys_mount+0xbf/0xd0 [ 221.360904][T11864] do_syscall_64+0xf7/0x1c0 [ 221.365408][T11864] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.371282][T11864] RIP: 0033:0x45c47a [ 221.371293][T11864] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 221.371298][T11864] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 221.371308][T11864] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 221.371317][T11864] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 221.394795][T11864] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 221.394802][T11864] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 221.394807][T11864] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:28 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) r6 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x100, 0x0) ioctl$USBDEVFS_REAPURBNDELAY(r6, 0x4008550d, &(0x7f0000000100)) writev(r4, &(0x7f00000003c0), 0x63) 19:02:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3c000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:28 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$FUSE_DEV_IOC_CLONE(r0, 0x8004e500, &(0x7f0000000240)=r1) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r3, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="250000000300000000000000000000000600000000000000040000000000000047504c0000fb99c0b1a235a6fe74ea37448095bc7b71da36ca9cdd96ddde90f204a79d67321f32cbca43e00b899bc3c11c79a1e263150615688db20207abe29c42ad1c0dfe1496b267bc991cd2532f3f1e312f28f4aefabeffd467e4af6f999901e010c188957e1e424c0320b8331b46eb2300"/156], 0x25) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r5, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9, 0x0, 0x0, 0x0, &(0x7f0000000100)}, 0x40) r7 = dup2(r4, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r8, 0x4, 0x6100) writev(r8, &(0x7f00000003c0), 0x63) 19:02:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x3f000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:28 executing program 1 (fault-call:1 fault-nth:77): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x48000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:28 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r1, r2) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r4 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r4, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x5) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:28 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 221.811458][T11897] FAULT_INJECTION: forcing a failure. [ 221.811458][T11897] name failslab, interval 1, probability 0, space 0, times 0 [ 221.837538][T11897] CPU: 0 PID: 11897 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 221.841867][T11902] validate_nla: 26 callbacks suppressed [ 221.841872][T11902] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 221.845452][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 221.845467][T11897] Call Trace: [ 221.845487][T11897] dump_stack+0x1d8/0x2f8 [ 221.845502][T11897] should_fail+0x555/0x770 [ 221.845519][T11897] __should_failslab+0x11a/0x160 [ 221.845533][T11897] should_failslab+0x9/0x20 [ 221.845546][T11897] kmem_cache_alloc_node+0x65/0x280 [ 221.845558][T11897] ? create_task_io_context+0x32/0x3e0 [ 221.845573][T11897] create_task_io_context+0x32/0x3e0 [ 221.845581][T11897] ? generic_make_request_checks+0x14f1/0x1a60 [ 221.845593][T11897] generic_make_request_checks+0x1501/0x1a60 [ 221.845611][T11897] ? rcu_lock_release+0xd/0x30 [ 221.845623][T11897] generic_make_request+0x33/0x980 [ 221.845635][T11897] ? rcu_lock_release+0xd/0x30 [ 221.845649][T11897] submit_bio+0x26b/0x540 [ 221.845659][T11897] ? guard_bio_eod+0x2a0/0x640 [ 221.845672][T11897] submit_bh_wbc+0x619/0x700 [ 221.845690][T11897] block_read_full_page+0x9de/0xbd0 [ 221.845707][T11897] ? blkdev_direct_IO+0xd0/0xd0 [ 221.854310][ T26] kauditd_printk_skb: 24 callbacks suppressed [ 221.854317][ T26] audit: type=1804 audit(1570129348.546:431): pid=11899 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/190/file0" dev="sda1" ino=16802 res=1 [ 221.859379][T11897] ? lru_cache_add+0x2db/0x3b0 [ 221.859397][T11897] ? add_to_page_cache_lru+0x2d4/0x4a0 [ 221.859411][T11897] blkdev_readpage+0x1c/0x20 [ 221.877029][T11897] do_read_cache_page+0x798/0xcb0 [ 221.877046][T11897] read_cache_page_gfp+0x29/0x30 19:02:28 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) 19:02:28 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x40000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 221.877058][T11897] btrfs_scan_one_device+0x16a/0x450 [ 221.877070][T11897] ? trace_hardirqs_on+0x74/0x80 [ 221.877083][T11897] btrfs_mount_root+0x4af/0x1040 [ 221.877103][T11897] ? trace_kfree+0xb2/0x110 [ 221.877117][T11897] legacy_get_tree+0xf9/0x1a0 [ 221.877125][T11897] ? btrfs_control_open+0x40/0x40 [ 221.877137][T11897] vfs_get_tree+0x8b/0x2a0 [ 221.877152][T11897] vfs_kern_mount+0xc2/0x160 [ 221.886479][T11897] btrfs_mount+0x34f/0x18e0 [ 221.886499][T11897] ? check_preemption_disabled+0x47/0x2a0 19:02:28 executing program 4: r0 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x9d, 0x80000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000180)={0xffffffffffffffff}, 0x2, 0xabbcbb51945a87ab}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000240)={0x1, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_rose_SIOCRSCLRRT(r2, 0x89e4) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r3, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) r8 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r9 = fanotify_init(0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(0xffffffffffffffff, 0xc0406619, &(0x7f00000002c0)={{0x2, 0x0, @descriptor="7a8c9915a91e2732"}}) fanotify_mark(r9, 0x75, 0x40000002, r8, 0x0) ioctl$KVM_SET_ONE_REG(r8, 0x4010aeac, &(0x7f0000000280)={0x100000000, 0x9a}) r10 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r11 = fanotify_init(0x0, 0x0) fanotify_mark(r11, 0x75, 0x40000002, r10, 0x0) r12 = accept4(r10, &(0x7f0000000300)=@ethernet={0x0, @dev}, &(0x7f0000000380)=0x80, 0x80000) r13 = gettid() tkill(r13, 0x13) r14 = geteuid() r15 = getgid() r16 = gettid() tkill(r16, 0x13) r17 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r17, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r18) stat(&(0x7f0000000780)='./bus\x00', &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r20 = accept$unix(0xffffffffffffffff, &(0x7f0000000840), &(0x7f00000008c0)=0x6e) r21 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r21, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r22 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000940)={&(0x7f0000000900)='./file0\x00', 0x0, 0x8}, 0x10) r23 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r23, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r24 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r24, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r25 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000980)='/dev/nullb0\x00', 0x189001, 0x0) sendmsg$unix(r12, &(0x7f0000000a40)={&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000000540)="64371a808ea401760911338a230f907f4fc8de5ddeb68251eb89afe8f79e555050fc44822d9086fab7ba238074edefb5fc12c5f36e5b34254e0843ff08f38c499d1df813d790a92d32618dca1e736dea1ffdf49626113fa9c765b23805a4ba04ebadcb763ac5bf4d132a5c454979e74ba4b4d25f99f6a77ec6e511c2a03cf0e271c02180e91495d025c194f15cfffb379518f2eea438c369d1e6126bac25d41f88901d1eabe69b978192cac0af6fc0ff03916e6a54333216d181ff60da9d6a63670eb480", 0xc4}, {&(0x7f0000000440)="d88ccc98c8a6f93fa57f72f36d5046bf6075c6d5ef0634bde3105c7ff7b66cc5d5a623178b77078fcfb1c75c24597eabf949753c95ce326de90a95816ca88d19e935c48e7846791854ff45fffcdf0acd21e6d520d0efa5a14cc7e01d33bff7e2ec8a160754202183424d8b8151479c32e9ad229e37790ed05755316dcc9fe661fcf069dbd5fce894570ff95b1f5b54fca6eb830c7373ac6b342e949bb185abb6fea4e7e250e623a1e138", 0xaa}, {&(0x7f0000000640)="ea27a5c168643e6300773e4b6214472f2dcf42927813e4cc5a306bd6fc37fbfd3dee36fdd01c5a46d0592a4283e220cc37e48f667657464b9eba687a959bd7c9758ee7799be32ca490cded0aae39e04b6afe4daeab2575be7c83187091e979e37d068f156c7629e55658e1e7442078b4f57685e2ef998f14f1fce7dc72059029c5f07e6ed45d92e2ed5c19cf1fbe43e0a024d0ce87bac3dd32a9b2583845eb927b3fb379828923e2ad417bcc8c89ab4d990538268b7e519e2b2cfb03fde3b242708e50438c15e856d14ba3", 0xcb}], 0x3, &(0x7f00000009c0)=[@cred={{0x1c, 0x1, 0x2, {r13, r14, r15}}}, @cred={{0x1c, 0x1, 0x2, {r16, r18, r19}}}, @rights={{0x20, 0x1, 0x1, [r20, r21, r4, r22]}}, @rights={{0x1c, 0x1, 0x1, [r23, r24, r25]}}], 0x80, 0x4044840}, 0x40) writev(r7, &(0x7f00000003c0), 0x63) [ 221.886517][T11897] ? vfs_parse_fs_string+0x13b/0x1a0 [ 221.886526][T11897] ? cap_capable+0x250/0x290 [ 221.886538][T11897] ? safesetid_security_capable+0x89/0xf0 [ 221.886552][T11897] legacy_get_tree+0xf9/0x1a0 [ 221.886560][T11897] ? btrfs_resize_thread_pool+0x290/0x290 [ 221.886572][T11897] vfs_get_tree+0x8b/0x2a0 [ 221.886583][T11897] do_mount+0x16c0/0x2510 [ 221.886596][T11897] ? copy_mount_options+0x278/0x3c0 [ 221.896244][T11897] ? copy_mount_options+0x25e/0x3c0 [ 221.896257][T11897] ? copy_mount_options+0x26b/0x3c0 [ 221.896269][T11897] ? copy_mount_options+0x308/0x3c0 [ 221.896281][T11897] ksys_mount+0xcc/0x100 [ 221.896294][T11897] __x64_sys_mount+0xbf/0xd0 [ 221.896308][T11897] do_syscall_64+0xf7/0x1c0 [ 221.896323][T11897] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 221.896333][T11897] RIP: 0033:0x45c47a [ 221.896342][T11897] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 221.896347][T11897] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 221.896360][T11897] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 221.907059][T11897] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 221.907066][T11897] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 221.907072][T11897] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 221.907078][T11897] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 222.097271][ T26] audit: type=1804 audit(1570129348.786:432): pid=11903 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/190/file0" dev="sda1" ino=16802 res=1 [ 222.139856][ T26] audit: type=1804 audit(1570129348.816:433): pid=11907 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/107/file0" dev="sda1" ino=16817 res=1 19:02:28 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) r6 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x95a, 0x4000) ioctl$VIDIOC_S_AUDIO(r6, 0x40345622, &(0x7f0000000100)={0x8, "d3f3669eb3ae65e7bc5d00f602500021540c608f0ecbf8aafca570954afc9054", 0x1, 0x1}) writev(r4, &(0x7f00000003c0), 0x63) [ 222.262937][ T26] audit: type=1804 audit(1570129348.826:434): pid=11911 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/184/file0" dev="sda1" ino=17121 res=1 19:02:29 executing program 1 (fault-call:1 fault-nth:78): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x44000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 222.308301][T11906] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x60000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:29 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) [ 222.398505][ T26] audit: type=1804 audit(1570129349.086:435): pid=11915 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/191/file0" dev="sda1" ino=16658 res=1 [ 222.398688][T11920] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 222.438520][T11921] FAULT_INJECTION: forcing a failure. [ 222.438520][T11921] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 222.451725][T11921] CPU: 0 PID: 11921 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 222.451732][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.451736][T11921] Call Trace: [ 222.451754][T11921] dump_stack+0x1d8/0x2f8 [ 222.451770][T11921] should_fail+0x555/0x770 [ 222.451790][T11921] should_fail_alloc_page+0x55/0x60 [ 222.451799][T11921] prepare_alloc_pages+0x283/0x460 [ 222.451813][T11921] __alloc_pages_nodemask+0xb2/0x5d0 [ 222.451837][T11921] kmem_getpages+0x4d/0xa00 [ 222.451850][T11921] cache_grow_begin+0x7e/0x2c0 [ 222.451863][T11921] cache_alloc_refill+0x311/0x3f0 [ 222.451873][T11921] ? check_preemption_disabled+0xb7/0x2a0 [ 222.451886][T11921] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 222.451894][T11921] ? btrfs_mount_root+0x12c/0x1040 [ 222.451906][T11921] btrfs_mount_root+0x12c/0x1040 [ 222.451920][T11921] ? vfs_parse_fs_string+0x13b/0x1a0 [ 222.451930][T11921] ? rcu_read_lock_sched_held+0x10b/0x170 [ 222.451940][T11921] ? trace_kfree+0xb2/0x110 [ 222.451956][T11921] legacy_get_tree+0xf9/0x1a0 [ 222.469886][T11921] ? btrfs_control_open+0x40/0x40 [ 222.469901][T11921] vfs_get_tree+0x8b/0x2a0 [ 222.469914][T11921] vfs_kern_mount+0xc2/0x160 [ 222.469924][T11921] btrfs_mount+0x34f/0x18e0 [ 222.469942][T11921] ? check_preemption_disabled+0x47/0x2a0 [ 222.469957][T11921] ? vfs_parse_fs_string+0x13b/0x1a0 [ 222.469967][T11921] ? cap_capable+0x250/0x290 [ 222.469979][T11921] ? safesetid_security_capable+0x89/0xf0 [ 222.469992][T11921] legacy_get_tree+0xf9/0x1a0 [ 222.469999][T11921] ? btrfs_resize_thread_pool+0x290/0x290 [ 222.470011][T11921] vfs_get_tree+0x8b/0x2a0 [ 222.607051][T11921] do_mount+0x16c0/0x2510 [ 222.611360][T11921] ? copy_mount_options+0x308/0x3c0 [ 222.616532][T11921] ksys_mount+0xcc/0x100 [ 222.620754][T11921] __x64_sys_mount+0xbf/0xd0 [ 222.625325][T11921] do_syscall_64+0xf7/0x1c0 [ 222.629805][T11921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 222.635683][T11921] RIP: 0033:0x45c47a [ 222.639585][T11921] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 222.659166][T11921] RSP: 002b:00007faddc0f0a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 222.668504][T11921] RAX: ffffffffffffffda RBX: 00007faddc0f0b40 RCX: 000000000045c47a [ 222.676452][T11921] RDX: 00007faddc0f0ae0 RSI: 0000000020000100 RDI: 00007faddc0f0b00 [ 222.684399][T11921] RBP: 0000000000000001 R08: 00007faddc0f0b40 R09: 00007faddc0f0ae0 19:02:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x48000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 222.692349][T11921] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 222.700301][T11921] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 222.718529][T11923] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:29 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x65580000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:29 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 222.769589][ T26] audit: type=1804 audit(1570129349.456:436): pid=11926 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/108/file0" dev="sda1" ino=17212 res=1 19:02:29 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) 19:02:29 executing program 1 (fault-call:1 fault-nth:79): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 222.830828][T11929] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 222.871028][ T26] audit: type=1804 audit(1570129349.556:437): pid=11934 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/192/file0" dev="sda1" ino=16515 res=1 [ 222.902823][ T26] audit: type=1804 audit(1570129349.596:438): pid=11932 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/109/file0" dev="sda1" ino=16881 res=1 [ 222.946945][T11930] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 222.957795][T11937] FAULT_INJECTION: forcing a failure. [ 222.957795][T11937] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 222.971002][T11937] CPU: 1 PID: 11937 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 222.978891][T11937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.988938][T11937] Call Trace: [ 222.992229][T11937] dump_stack+0x1d8/0x2f8 [ 222.996563][T11937] should_fail+0x555/0x770 [ 223.000981][T11937] should_fail_alloc_page+0x55/0x60 [ 223.000992][T11937] prepare_alloc_pages+0x283/0x460 [ 223.001005][T11937] __alloc_pages_nodemask+0xb2/0x5d0 [ 223.001024][T11937] kmem_getpages+0x4d/0xa00 [ 223.011313][T11937] cache_grow_begin+0x7e/0x2c0 [ 223.025811][T11937] cache_alloc_refill+0x311/0x3f0 [ 223.030943][T11937] ? check_preemption_disabled+0xb7/0x2a0 [ 223.036663][T11937] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 223.042024][T11937] ? btrfs_mount_root+0x12c/0x1040 [ 223.047136][T11937] btrfs_mount_root+0x12c/0x1040 [ 223.052077][T11937] ? vfs_parse_fs_string+0x13b/0x1a0 [ 223.057358][T11937] ? rcu_read_lock_sched_held+0x10b/0x170 [ 223.063071][T11937] ? trace_kfree+0xb2/0x110 [ 223.067573][T11937] legacy_get_tree+0xf9/0x1a0 [ 223.072245][T11937] ? btrfs_control_open+0x40/0x40 [ 223.077265][T11937] vfs_get_tree+0x8b/0x2a0 [ 223.081682][T11937] vfs_kern_mount+0xc2/0x160 [ 223.086272][T11937] btrfs_mount+0x34f/0x18e0 [ 223.090782][T11937] ? check_preemption_disabled+0x47/0x2a0 [ 223.096506][T11937] ? vfs_parse_fs_string+0x13b/0x1a0 [ 223.101785][T11937] ? cap_capable+0x250/0x290 [ 223.106368][T11937] ? safesetid_security_capable+0x89/0xf0 [ 223.112084][T11937] legacy_get_tree+0xf9/0x1a0 [ 223.116757][T11937] ? btrfs_resize_thread_pool+0x290/0x290 [ 223.122467][T11937] vfs_get_tree+0x8b/0x2a0 [ 223.126879][T11937] do_mount+0x16c0/0x2510 [ 223.131211][T11937] ? copy_mount_options+0x308/0x3c0 [ 223.136405][T11937] ksys_mount+0xcc/0x100 [ 223.140641][T11937] __x64_sys_mount+0xbf/0xd0 [ 223.145227][T11937] do_syscall_64+0xf7/0x1c0 [ 223.149731][T11937] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.155617][T11937] RIP: 0033:0x45c47a [ 223.159502][T11937] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 223.179097][T11937] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 223.187501][T11937] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 223.195467][T11937] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 223.203432][T11937] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 223.211397][T11937] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 19:02:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4a000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 223.219358][T11937] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 223.237140][T11940] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 223.258035][ T26] audit: type=1804 audit(1570129349.946:439): pid=11936 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/192/file0" dev="sda1" ino=16515 res=1 [ 223.362449][ C1] net_ratelimit: 16 callbacks suppressed [ 223.362454][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 223.373899][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 223.379680][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 223.385463][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 223.391241][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 223.397023][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 223.842456][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 223.848249][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 224.082460][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 224.088346][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:31 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r5 = fanotify_init(0x0, 0x0) fanotify_mark(r5, 0x75, 0x40000002, r4, 0x0) accept$nfc_llcp(r4, 0x0, &(0x7f0000000080)) r6 = creat(&(0x7f0000000100)='./bus\x00', 0xc0) fcntl$setstatus(r6, 0x4, 0x6100) init_module(&(0x7f0000000000)='-keyring*\'%selinux\x00', 0x13, &(0x7f00000000c0)='trustedppp1\x00') writev(r6, &(0x7f00000003c0), 0x63) 19:02:31 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r8 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r8, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r7, 0x4, 0x6100) 19:02:31 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x68000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x4c000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:31 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) ioctl$FICLONE(r2, 0x40049409, r3) r4 = open(&(0x7f0000000200)='./file0\x00', 0x100, 0x0) r5 = dup2(r1, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:31 executing program 1 (fault-call:1 fault-nth:80): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 225.275310][T11948] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 225.294392][ T26] audit: type=1804 audit(1570129351.986:440): pid=11953 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/110/file0" dev="sda1" ino=17226 res=1 [ 225.331542][T11949] FAULT_INJECTION: forcing a failure. [ 225.331542][T11949] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 225.344775][T11949] CPU: 1 PID: 11949 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 225.352663][T11949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.362702][T11949] Call Trace: [ 225.365975][T11949] dump_stack+0x1d8/0x2f8 [ 225.370283][T11949] should_fail+0x555/0x770 [ 225.374679][T11949] should_fail_alloc_page+0x55/0x60 [ 225.379860][T11949] prepare_alloc_pages+0x283/0x460 [ 225.384961][T11949] __alloc_pages_nodemask+0xb2/0x5d0 [ 225.390235][T11949] kmem_getpages+0x4d/0xa00 [ 225.394718][T11949] cache_grow_begin+0x7e/0x2c0 [ 225.399469][T11949] cache_alloc_refill+0x311/0x3f0 [ 225.404467][T11949] ? check_preemption_disabled+0xb7/0x2a0 [ 225.410164][T11949] kmem_cache_alloc_node_trace+0x2a3/0x2d0 [ 225.415956][T11949] ? __kmalloc_node+0x3c/0x60 [ 225.420621][T11949] ? smack_sb_eat_lsm_opts+0x867/0xa20 [ 225.426055][T11949] __kmalloc_node+0x3c/0x60 [ 225.430534][T11949] kvmalloc_node+0xcc/0x130 [ 225.435024][T11949] btrfs_mount_root+0xe3/0x1040 [ 225.439853][T11949] ? vfs_parse_fs_string+0x13b/0x1a0 [ 225.445114][T11949] ? rcu_read_lock_sched_held+0x10b/0x170 [ 225.450826][T11949] ? trace_kfree+0xb2/0x110 [ 225.455321][T11949] legacy_get_tree+0xf9/0x1a0 [ 225.459976][T11949] ? btrfs_control_open+0x40/0x40 [ 225.464978][T11949] vfs_get_tree+0x8b/0x2a0 [ 225.469374][T11949] vfs_kern_mount+0xc2/0x160 [ 225.473940][T11949] btrfs_mount+0x34f/0x18e0 [ 225.478423][T11949] ? check_preemption_disabled+0x47/0x2a0 [ 225.484128][T11949] ? vfs_parse_fs_string+0x13b/0x1a0 [ 225.489389][T11949] ? cap_capable+0x250/0x290 [ 225.493957][T11949] ? safesetid_security_capable+0x89/0xf0 [ 225.499656][T11949] legacy_get_tree+0xf9/0x1a0 [ 225.504314][T11949] ? btrfs_resize_thread_pool+0x290/0x290 [ 225.510010][T11949] vfs_get_tree+0x8b/0x2a0 [ 225.514401][T11949] do_mount+0x16c0/0x2510 [ 225.518710][T11949] ? copy_mount_options+0x308/0x3c0 [ 225.523886][T11949] ksys_mount+0xcc/0x100 [ 225.528107][T11949] __x64_sys_mount+0xbf/0xd0 [ 225.532680][T11949] do_syscall_64+0xf7/0x1c0 [ 225.537158][T11949] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.543027][T11949] RIP: 0033:0x45c47a [ 225.546899][T11949] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 225.566480][T11949] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 225.574950][T11949] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 225.582899][T11949] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 225.590844][T11949] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 225.598790][T11949] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 225.606737][T11949] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 225.626809][T11946] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x60000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:32 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) 19:02:32 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x30000, 0x0) ioctl$ASHMEM_SET_NAME(r1, 0x41007701, &(0x7f0000000100)='procposix_acl_access\x00') setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2000000013001103000000000000000007000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00 \x00\x00\x00'], 0x20}}, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) [ 225.743706][T11962] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x74000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:32 executing program 1 (fault-call:1 fault-nth:81): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x65580000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:32 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:32 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) creat(&(0x7f0000000000)='./bus\x00', 0x0) creat(&(0x7f0000000080)='./bus\x00', 0x0) 19:02:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x68000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 225.934536][T11975] FAULT_INJECTION: forcing a failure. [ 225.934536][T11975] name failslab, interval 1, probability 0, space 0, times 0 [ 225.992946][T11975] CPU: 0 PID: 11975 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 226.000875][T11975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.010923][T11975] Call Trace: [ 226.014214][T11975] dump_stack+0x1d8/0x2f8 [ 226.018545][T11975] should_fail+0x555/0x770 [ 226.022964][T11975] __should_failslab+0x11a/0x160 [ 226.027920][T11975] ? btrfs_mount_root+0x2f4/0x1040 [ 226.033029][T11975] should_failslab+0x9/0x20 [ 226.037529][T11975] __kmalloc_track_caller+0x79/0x340 [ 226.042816][T11975] kstrdup+0x34/0x70 [ 226.046704][T11975] btrfs_mount_root+0x2f4/0x1040 [ 226.051641][T11975] ? vfs_parse_fs_string+0x13b/0x1a0 [ 226.056923][T11975] ? rcu_read_lock_sched_held+0x10b/0x170 [ 226.062638][T11975] ? trace_kfree+0xb2/0x110 [ 226.067147][T11975] legacy_get_tree+0xf9/0x1a0 [ 226.071814][T11975] ? btrfs_control_open+0x40/0x40 [ 226.076839][T11975] vfs_get_tree+0x8b/0x2a0 [ 226.081254][T11975] vfs_kern_mount+0xc2/0x160 [ 226.085837][T11975] btrfs_mount+0x34f/0x18e0 [ 226.090337][T11975] ? check_preemption_disabled+0x47/0x2a0 [ 226.096060][T11975] ? vfs_parse_fs_string+0x13b/0x1a0 [ 226.101338][T11975] ? cap_capable+0x250/0x290 [ 226.105926][T11975] ? safesetid_security_capable+0x89/0xf0 [ 226.111643][T11975] legacy_get_tree+0xf9/0x1a0 [ 226.116311][T11975] ? btrfs_resize_thread_pool+0x290/0x290 [ 226.122024][T11975] vfs_get_tree+0x8b/0x2a0 [ 226.126436][T11975] do_mount+0x16c0/0x2510 [ 226.130765][T11975] ? copy_mount_options+0x308/0x3c0 [ 226.135958][T11975] ksys_mount+0xcc/0x100 [ 226.140193][T11975] __x64_sys_mount+0xbf/0xd0 [ 226.144839][T11975] do_syscall_64+0xf7/0x1c0 [ 226.149345][T11975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 226.155231][T11975] RIP: 0033:0x45c47a [ 226.159116][T11975] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 226.178724][T11975] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 19:02:32 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0xfef) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:32 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r2, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x2000, 0x0) r4 = dup2(r1, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:32 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6a030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 226.187128][T11975] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 226.195098][T11975] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 226.203064][T11975] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 226.211028][T11975] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 226.218992][T11975] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x81000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:33 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) creat(&(0x7f0000000000)='./bus\x00', 0x0) 19:02:33 executing program 1 (fault-call:1 fault-nth:82): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x6c000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:33 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x400000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r1, 0xc0405519, &(0x7f00000000c0)={0x1, 0x6, 0x6, 0x9, 'syz1\x00', 0x20}) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) [ 226.476381][T12008] FAULT_INJECTION: forcing a failure. [ 226.476381][T12008] name failslab, interval 1, probability 0, space 0, times 0 [ 226.521608][T12008] CPU: 0 PID: 12008 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 226.529530][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 226.539571][T12008] Call Trace: [ 226.539590][T12008] dump_stack+0x1d8/0x2f8 [ 226.539610][T12008] should_fail+0x555/0x770 [ 226.539628][T12008] __should_failslab+0x11a/0x160 [ 226.539642][T12008] should_failslab+0x9/0x20 [ 226.539655][T12008] kmem_cache_alloc_trace+0x5d/0x2f0 [ 226.539664][T12008] ? btrfs_mount_root+0x12c/0x1040 [ 226.539675][T12008] btrfs_mount_root+0x12c/0x1040 [ 226.539689][T12008] ? vfs_parse_fs_string+0x13b/0x1a0 [ 226.539698][T12008] ? rcu_read_lock_sched_held+0x10b/0x170 [ 226.539710][T12008] ? trace_kfree+0xb2/0x110 [ 226.551697][T12008] legacy_get_tree+0xf9/0x1a0 [ 226.551709][T12008] ? btrfs_control_open+0x40/0x40 [ 226.551724][T12008] vfs_get_tree+0x8b/0x2a0 [ 226.561126][T12008] vfs_kern_mount+0xc2/0x160 [ 226.561139][T12008] btrfs_mount+0x34f/0x18e0 [ 226.561159][T12008] ? check_preemption_disabled+0x47/0x2a0 [ 226.581689][T12008] ? vfs_parse_fs_string+0x13b/0x1a0 [ 226.581701][T12008] ? cap_capable+0x250/0x290 [ 226.581713][T12008] ? safesetid_security_capable+0x89/0xf0 [ 226.581726][T12008] legacy_get_tree+0xf9/0x1a0 [ 226.640882][T12008] ? btrfs_resize_thread_pool+0x290/0x290 [ 226.646601][T12008] vfs_get_tree+0x8b/0x2a0 [ 226.646615][T12008] do_mount+0x16c0/0x2510 [ 226.646633][T12008] ? copy_mount_options+0x308/0x3c0 [ 226.646644][T12008] ksys_mount+0xcc/0x100 [ 226.646656][T12008] __x64_sys_mount+0xbf/0xd0 19:02:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x88470000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:33 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) mmap(&(0x7f0000fef000/0x2000)=nil, 0x2000, 0x0, 0x11011, r1, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x72010000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 226.646671][T12008] do_syscall_64+0xf7/0x1c0 [ 226.646687][T12008] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 226.646696][T12008] RIP: 0033:0x45c47a [ 226.646706][T12008] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 226.646711][T12008] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 226.664822][T12008] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a 19:02:33 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) [ 226.664829][T12008] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 226.664835][T12008] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 226.664840][T12008] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 226.664846][T12008] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:33 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r1, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) r6 = socket$bt_rfcomm(0x1f, 0x1, 0x3) r7 = gettid() tkill(r7, 0x13) ioctl$sock_FIOSETOWN(r6, 0x8901, &(0x7f0000000100)=r7) writev(r5, &(0x7f00000003c0), 0x63) ioctl$CAPI_INSTALLED(r2, 0x80024322) 19:02:33 executing program 1 (fault-call:1 fault-nth:83): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:33 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x72030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x88480000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:33 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r4, r5) [ 226.874802][ T26] kauditd_printk_skb: 15 callbacks suppressed [ 226.874810][ T26] audit: type=1804 audit(1570129353.566:456): pid=12023 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/114/file0" dev="sda1" ino=17238 res=1 [ 226.897347][T12031] validate_nla: 8 callbacks suppressed [ 226.897353][T12031] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 226.933195][ T26] audit: type=1804 audit(1570129353.626:457): pid=12026 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/189/file0" dev="sda1" ino=17225 res=1 [ 226.981290][ T26] audit: type=1804 audit(1570129353.656:458): pid=12017 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/195/file0" dev="sda1" ino=16865 res=1 [ 227.014116][T12037] FAULT_INJECTION: forcing a failure. [ 227.014116][T12037] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 227.026824][ T26] audit: type=1804 audit(1570129353.706:459): pid=12036 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/115/file0" dev="sda1" ino=17237 res=1 [ 227.027323][T12037] CPU: 1 PID: 12037 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 227.027331][T12037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.027335][T12037] Call Trace: [ 227.027351][T12037] dump_stack+0x1d8/0x2f8 [ 227.027366][T12037] should_fail+0x555/0x770 [ 227.027384][T12037] should_fail_alloc_page+0x55/0x60 [ 227.052188][T12030] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 227.059054][T12037] prepare_alloc_pages+0x283/0x460 [ 227.059074][T12037] __alloc_pages_nodemask+0xb2/0x5d0 [ 227.059093][T12037] kmem_getpages+0x4d/0xa00 [ 227.059106][T12037] cache_grow_begin+0x7e/0x2c0 [ 227.059119][T12037] cache_alloc_refill+0x311/0x3f0 [ 227.059129][T12037] ? check_preemption_disabled+0xb7/0x2a0 [ 227.059144][T12037] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 227.059157][T12037] ? btrfs_mount_root+0x1b2/0x1040 [ 227.086354][T12037] btrfs_mount_root+0x1b2/0x1040 [ 227.086371][T12037] ? vfs_parse_fs_string+0x13b/0x1a0 [ 227.086381][T12037] ? rcu_read_lock_sched_held+0x10b/0x170 [ 227.086396][T12037] ? trace_kfree+0xb2/0x110 [ 227.099618][T12037] legacy_get_tree+0xf9/0x1a0 [ 227.099628][T12037] ? btrfs_control_open+0x40/0x40 [ 227.099641][T12037] vfs_get_tree+0x8b/0x2a0 [ 227.099658][T12037] vfs_kern_mount+0xc2/0x160 [ 227.109396][T12037] btrfs_mount+0x34f/0x18e0 19:02:33 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x88a8ffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 227.109417][T12037] ? check_preemption_disabled+0x47/0x2a0 [ 227.109432][T12037] ? vfs_parse_fs_string+0x13b/0x1a0 [ 227.109443][T12037] ? cap_capable+0x250/0x290 [ 227.119179][T12037] ? safesetid_security_capable+0x89/0xf0 [ 227.119194][T12037] legacy_get_tree+0xf9/0x1a0 [ 227.119203][T12037] ? btrfs_resize_thread_pool+0x290/0x290 [ 227.119219][T12037] vfs_get_tree+0x8b/0x2a0 [ 227.119231][T12037] do_mount+0x16c0/0x2510 [ 227.130267][T12037] ? copy_mount_options+0x278/0x3c0 [ 227.130277][T12037] ? copy_mount_options+0x25e/0x3c0 [ 227.130289][T12037] ? copy_mount_options+0x26b/0x3c0 [ 227.130300][T12037] ? copy_mount_options+0x308/0x3c0 [ 227.130312][T12037] ksys_mount+0xcc/0x100 [ 227.140310][T12037] __x64_sys_mount+0xbf/0xd0 [ 227.140325][T12037] do_syscall_64+0xf7/0x1c0 [ 227.140340][T12037] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.140351][T12037] RIP: 0033:0x45c47a 19:02:33 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r4, 0xffffffffffffffff) [ 227.151298][T12037] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 227.151304][T12037] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 227.151315][T12037] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 227.151321][T12037] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 227.151327][T12037] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 227.151332][T12037] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 227.151342][T12037] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:34 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r4, 0xffffffffffffffff) [ 227.342456][T12042] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:34 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$KVM_SET_TSS_ADDR(r6, 0xae47, 0x0) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:34 executing program 1 (fault-call:1 fault-nth:84): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:34 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x74000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:34 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9effffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 227.485829][ T26] audit: type=1804 audit(1570129354.176:460): pid=12046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/196/file0" dev="sda1" ino=17222 res=1 [ 227.503385][T12052] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 227.524650][T12053] FAULT_INJECTION: forcing a failure. [ 227.524650][T12053] name failslab, interval 1, probability 0, space 0, times 0 [ 227.537464][T12053] CPU: 1 PID: 12053 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 227.545349][T12053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 227.545354][T12053] Call Trace: [ 227.545372][T12053] dump_stack+0x1d8/0x2f8 [ 227.545387][T12053] should_fail+0x555/0x770 [ 227.545405][T12053] __should_failslab+0x11a/0x160 [ 227.545416][T12053] ? getname_kernel+0x59/0x2f0 [ 227.545427][T12053] should_failslab+0x9/0x20 [ 227.545438][T12053] kmem_cache_alloc+0x56/0x2e0 [ 227.545451][T12053] getname_kernel+0x59/0x2f0 [ 227.545462][T12053] kern_path+0x1f/0x40 [ 227.545476][T12053] blkdev_get_by_path+0x71/0x270 [ 227.558795][T12053] btrfs_scan_one_device+0xbd/0x450 [ 227.558806][T12053] ? btrfs_mount_root+0x477/0x1040 [ 227.558818][T12053] ? trace_hardirqs_on+0x74/0x80 [ 227.558833][T12053] btrfs_mount_root+0x4af/0x1040 [ 227.619955][T12053] ? trace_kfree+0xb2/0x110 [ 227.624438][T12053] legacy_get_tree+0xf9/0x1a0 [ 227.629088][T12053] ? btrfs_control_open+0x40/0x40 [ 227.634103][T12053] vfs_get_tree+0x8b/0x2a0 [ 227.638506][T12053] vfs_kern_mount+0xc2/0x160 [ 227.643072][T12053] btrfs_mount+0x34f/0x18e0 [ 227.647570][T12053] ? check_preemption_disabled+0x47/0x2a0 [ 227.653269][T12053] ? vfs_parse_fs_string+0x13b/0x1a0 [ 227.658537][T12053] ? cap_capable+0x250/0x290 [ 227.663114][T12053] ? safesetid_security_capable+0x89/0xf0 [ 227.668820][T12053] legacy_get_tree+0xf9/0x1a0 [ 227.673470][T12053] ? btrfs_resize_thread_pool+0x290/0x290 [ 227.679165][T12053] vfs_get_tree+0x8b/0x2a0 [ 227.683559][T12053] do_mount+0x16c0/0x2510 [ 227.687870][T12053] ? copy_mount_options+0x308/0x3c0 [ 227.693045][T12053] ksys_mount+0xcc/0x100 [ 227.697276][T12053] __x64_sys_mount+0xbf/0xd0 [ 227.701848][T12053] do_syscall_64+0xf7/0x1c0 [ 227.706331][T12053] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 227.712200][T12053] RIP: 0033:0x45c47a [ 227.716073][T12053] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 227.735662][T12053] RSP: 002b:00007faddc0f0a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 227.744050][T12053] RAX: ffffffffffffffda RBX: 00007faddc0f0b40 RCX: 000000000045c47a [ 227.752007][T12053] RDX: 00007faddc0f0ae0 RSI: 0000000020000100 RDI: 00007faddc0f0b00 [ 227.759955][T12053] RBP: 0000000000000001 R08: 00007faddc0f0b40 R09: 00007faddc0f0ae0 [ 227.767903][T12053] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 227.775858][T12053] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 227.788908][T12050] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 227.812896][ T26] audit: type=1804 audit(1570129354.506:461): pid=12055 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/196/file0" dev="sda1" ino=17222 res=1 [ 227.859911][ T26] audit: type=1804 audit(1570129354.526:462): pid=12046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/196/file0" dev="sda1" ino=17222 res=1 [ 228.882498][ C0] net_ratelimit: 22 callbacks suppressed [ 228.882506][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 228.894015][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 229.842522][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 229.848324][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 229.854161][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 229.859915][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 229.865760][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 229.871510][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:02:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x7a000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:36 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r4, 0xffffffffffffffff) 19:02:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xc3ffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:36 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x5, 0x5, 0x1, 0x9, 0x2, 0x8, 0x880}, 0x1c) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='cpu.stat\x00', 0x0, 0x0) ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f0000000180)={0x1, 0x3}) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$inet6_MCAST_MSFILTER(r6, 0x29, 0x30, &(0x7f0000000240)={0x10000, {{0xa, 0x4e24, 0xab4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x2}}, 0x2, 0x4, [{{0xa, 0x4e24, 0x0, @empty, 0x3a200}}, {{0xa, 0x74, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xff}}, {{0xa, 0x4e24, 0xff, @local, 0x10000}}, {{0xa, 0x4e24, 0x8, @mcast2, 0x3}}]}, 0x290) socket$can_bcm(0x1d, 0x2, 0x2) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) lstat(&(0x7f0000000540)='./bus\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) ioprio_set$uid(0x0, r8, 0x6) 19:02:36 executing program 1 (fault-call:1 fault-nth:85): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 230.039789][T12064] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 230.064735][ T26] audit: type=1804 audit(1570129356.756:463): pid=12062 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/197/file0" dev="sda1" ino=17250 res=1 19:02:36 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x7c, &(0x7f00000000c0)={r5}, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000080)={0x4, 0x1, 0x1, 0x6, r5}, &(0x7f00000000c0)=0x10) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r8 = dup2(r6, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = creat(&(0x7f0000000000)='./bus\x00', 0x104) fcntl$setstatus(r9, 0x4, 0x2200) writev(r9, &(0x7f00000003c0), 0x63) [ 230.088657][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 230.088697][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 230.107004][T12065] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 230.127106][T12067] FAULT_INJECTION: forcing a failure. [ 230.127106][T12067] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 230.140316][T12067] CPU: 0 PID: 12067 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 230.140324][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.140329][T12067] Call Trace: [ 230.140346][T12067] dump_stack+0x1d8/0x2f8 [ 230.140361][T12067] should_fail+0x555/0x770 [ 230.140381][T12067] should_fail_alloc_page+0x55/0x60 [ 230.140390][T12067] prepare_alloc_pages+0x283/0x460 [ 230.140404][T12067] __alloc_pages_nodemask+0xb2/0x5d0 [ 230.140424][T12067] kmem_getpages+0x4d/0xa00 19:02:36 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xefffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 230.140437][T12067] cache_grow_begin+0x7e/0x2c0 [ 230.140451][T12067] cache_alloc_refill+0x311/0x3f0 [ 230.140462][T12067] ? check_preemption_disabled+0xb7/0x2a0 [ 230.140477][T12067] kmem_cache_alloc+0x2b9/0x2e0 [ 230.140485][T12067] ? getname_kernel+0x59/0x2f0 [ 230.140495][T12067] getname_kernel+0x59/0x2f0 [ 230.140505][T12067] kern_path+0x1f/0x40 [ 230.140518][T12067] blkdev_get_by_path+0x71/0x270 [ 230.161720][T12067] btrfs_scan_one_device+0xbd/0x450 [ 230.161732][T12067] ? btrfs_mount_root+0x477/0x1040 [ 230.161743][T12067] ? trace_hardirqs_on+0x74/0x80 [ 230.161757][T12067] btrfs_mount_root+0x4af/0x1040 [ 230.161780][T12067] ? trace_kfree+0xb2/0x110 [ 230.161797][T12067] legacy_get_tree+0xf9/0x1a0 [ 230.175678][T12067] ? btrfs_control_open+0x40/0x40 [ 230.175692][T12067] vfs_get_tree+0x8b/0x2a0 [ 230.175706][T12067] vfs_kern_mount+0xc2/0x160 [ 230.175719][T12067] btrfs_mount+0x34f/0x18e0 [ 230.175739][T12067] ? check_preemption_disabled+0x47/0x2a0 [ 230.175756][T12067] ? vfs_parse_fs_string+0x13b/0x1a0 19:02:36 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r4) [ 230.175764][T12067] ? cap_capable+0x250/0x290 [ 230.175777][T12067] ? safesetid_security_capable+0x89/0xf0 [ 230.175790][T12067] legacy_get_tree+0xf9/0x1a0 [ 230.175799][T12067] ? btrfs_resize_thread_pool+0x290/0x290 [ 230.175810][T12067] vfs_get_tree+0x8b/0x2a0 [ 230.175822][T12067] do_mount+0x16c0/0x2510 [ 230.175839][T12067] ? copy_mount_options+0x308/0x3c0 [ 230.175849][T12067] ksys_mount+0xcc/0x100 [ 230.175859][T12067] __x64_sys_mount+0xbf/0xd0 [ 230.175872][T12067] do_syscall_64+0xf7/0x1c0 [ 230.186220][T12067] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 230.195423][T12067] RIP: 0033:0x45c47a [ 230.195433][T12067] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 230.195439][T12067] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 230.195449][T12067] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 230.195456][T12067] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 230.195462][T12067] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 230.195468][T12067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 230.195475][T12067] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 230.212490][ T26] audit: type=1804 audit(1570129356.846:464): pid=12069 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/190/file0" dev="sda1" ino=17255 res=1 19:02:37 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r4) 19:02:37 executing program 1 (fault-call:1 fault-nth:86): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 230.333497][ T26] audit: type=1804 audit(1570129357.016:465): pid=12077 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/119/file0" dev="sda1" ino=17244 res=1 19:02:37 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r4) [ 230.507661][T12075] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 230.531882][T12081] FAULT_INJECTION: forcing a failure. [ 230.531882][T12081] name failslab, interval 1, probability 0, space 0, times 0 19:02:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x81000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 230.578260][T12081] CPU: 1 PID: 12081 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 230.586194][T12081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 230.586199][T12081] Call Trace: [ 230.586217][T12081] dump_stack+0x1d8/0x2f8 [ 230.586232][T12081] should_fail+0x555/0x770 [ 230.608275][T12081] __should_failslab+0x11a/0x160 [ 230.613209][T12081] ? getname_kernel+0x59/0x2f0 [ 230.618053][T12081] should_failslab+0x9/0x20 [ 230.622544][T12081] kmem_cache_alloc+0x56/0x2e0 19:02:37 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x0, 0x100000001, 0x10000, 0x1, 0x0, 0x0, 0x5}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x26401, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) io_setup(0x0, &(0x7f0000000200)) r6 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r7) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000002c0)={0x1, [0x0]}, &(0x7f0000000300)=0x8) unlinkat(r5, &(0x7f00000003c0)='./file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000340)={r8, 0x8}, &(0x7f0000000380)=0x8) quotactl(0x3, &(0x7f0000000100)='./file0\x00', r7, &(0x7f0000000180)="46c3da4ae231da8abaaeec613bf798259c36c2bf05c6396e7de0e5b573e9c955169b4263b0671b72b7d92177583ce08091fc07c6ad57e4c00f8a42f377b580983b916e358e3cf89e905372227455befcccc36ad336699671978b52bc78b6c24dfd9e65b6e9") [ 230.622558][T12081] getname_kernel+0x59/0x2f0 [ 230.622569][T12081] kern_path+0x1f/0x40 [ 230.622584][T12081] blkdev_get_by_path+0x71/0x270 [ 230.640873][T12081] btrfs_scan_one_device+0xbd/0x450 [ 230.646062][T12081] ? btrfs_mount_root+0x477/0x1040 [ 230.651156][T12081] ? trace_hardirqs_on+0x74/0x80 [ 230.651170][T12081] btrfs_mount_root+0x4af/0x1040 [ 230.651192][T12081] ? trace_kfree+0xb2/0x110 [ 230.651208][T12081] legacy_get_tree+0xf9/0x1a0 [ 230.651214][T12081] ? btrfs_control_open+0x40/0x40 [ 230.651227][T12081] vfs_get_tree+0x8b/0x2a0 [ 230.679616][T12081] vfs_kern_mount+0xc2/0x160 [ 230.684202][T12081] btrfs_mount+0x34f/0x18e0 [ 230.688707][T12081] ? check_preemption_disabled+0x47/0x2a0 [ 230.694431][T12081] ? vfs_parse_fs_string+0x13b/0x1a0 [ 230.699704][T12081] ? cap_capable+0x250/0x290 [ 230.704290][T12081] ? safesetid_security_capable+0x89/0xf0 [ 230.710004][T12081] legacy_get_tree+0xf9/0x1a0 [ 230.714671][T12081] ? btrfs_resize_thread_pool+0x290/0x290 [ 230.720386][T12081] vfs_get_tree+0x8b/0x2a0 [ 230.724807][T12081] do_mount+0x16c0/0x2510 [ 230.729132][T12081] ? copy_mount_options+0x278/0x3c0 [ 230.734323][T12081] ? copy_mount_options+0x25e/0x3c0 [ 230.739516][T12081] ? copy_mount_options+0x26b/0x3c0 [ 230.744706][T12081] ? copy_mount_options+0x308/0x3c0 [ 230.749897][T12081] ksys_mount+0xcc/0x100 [ 230.754137][T12081] __x64_sys_mount+0xbf/0xd0 [ 230.758720][T12081] do_syscall_64+0xf7/0x1c0 [ 230.763218][T12081] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 230.769099][T12081] RIP: 0033:0x45c47a [ 230.772984][T12081] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 230.792578][T12081] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 230.800978][T12081] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 230.808943][T12081] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 230.816906][T12081] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 19:02:37 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r2 = fanotify_init(0x0, 0x0) fanotify_mark(r2, 0x75, 0x40000002, r1, 0x0) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000240)="1c8f0016b0496b48b1b66b7f0588725436a3eae00867549d090279201ba0189a4c9ec4d52f05e855240f9f7270510ac1ec87075f280b4be9b6653bd9777b22565c421bedd697dd159a2614a068c1780e45ee531b46fc5d5d06fb154b179bd0c99c0678525e5c523e31e9f9db2336e636168fcc3e01d0c1b504d94bde4b422a5b89260427cd8dc849894de4452c6715ff36d6c9370a38b73ca09a1d511da1cfdaee734afd1f85332e0f24391bf5d28a748130ed52921fe34eb3642db4f80f68a87eb9ead4365e41b281b978b9a85b") r3 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd@\x00\x00\x00\x00\x00\x00\x00p\x00', 0x5, 0x504640) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) sendmsg$kcm(r3, &(0x7f0000002780)={&(0x7f00000000c0)=@x25={0x9, @remote={[], 0x1}}, 0x80, &(0x7f0000000480)=[{&(0x7f0000000180)="d165e9fd0f531358b83879c6e145dbfc0e911aa69d2b24ed46f579128aa60da10f1fa69967abb8e7840a31d446e9c1cdce66c756d57b1a818c6c28", 0x3b}, {&(0x7f00000001c0)="6a3a23b39d9d0a2b36980b26539c120aadc1bb1d998f5f80a98128079d859c20cce0d349a15998ae6b6e4fad703aaef2fa6765d8dc", 0x35}, {&(0x7f0000000340)="d9f5ce7acbbd0826a5672c4b32e587ddee08e2dce311ff56c074a28ad26d62aba3d0f3a36c5d12b68af039342b0abbba37b20252737785266a2301584c56b8b1f3b6ddb219edfb12aee42dd2deb8", 0x4e}, {&(0x7f00000003c0)="db9c8e6164f0bc5a3d75ee47f9582f4b23747439ddd45f327836b28947147750fc9efce9d7c5a3374e9b5045dac64e5d6e4582ebf73af222c8be940d359249df5ef2", 0x42}, {&(0x7f0000000540)="e995b6385f40a28135bebea6c76d893b01c5311c0036e530da732fb767d26992e8fbf2280850cecea246b95f554859ea98a4f0ce621e2af5ee2ffb404fdc7fe2dc31588d5e0ab163459fbb58a4077fa3afdcaf61ec032b67abee80bf327172e636528b4ce55cbcf6903b994c77b7010d43b16c1b8205f177c8af13af24d46321e117c617d87e55f3d20fe44e31ee27ccc764929aec1eac28caa5c790a68b8182f839cb2b59fbac3a50aa0e52f9ffb0d07d803cb53a9c2815f3bf2a46143904571ee40c890864b914cf492080dd6d4f1768ca083989b818a2827e3472f0023d8266224478a49ec7897eeb408707d7b426785fc1896b3c1f1fc939995b8ecab61a065e2c3ebd901e82b6c23631f0120960164ec36a306fa94a00eea892dd25ae3bbdbb3deac45b26ad485f6e98d3fdb9b1f0bcca9a9f425d3e2a0e17d8375436eb3151ee99e3be53959e261dad07c0377ded316c29f24707c0b759f773911ecd61e88bd9bdf207a9c993d0dbc7b5ab84fd8c44f49b6b8cf523a149231e56a88b48f7057f3a824a5cc7f2e3309f1b4d4662564c52e9ca751b601e09a7f075858a3ad775264eb885ad0ba97327ef9744111da3c5199f74fa5445e9bc195dff69395fc378e8a18e16193964cdb4f8c0dff70d7ec34c38d53a4a40f2be51025cc07e4f6d293faac35b257b4e254f28155d5f4f39f1127eacd0a98343b59e43da7a4e3a4ce283c2e1b793d7d0bdf0770da7b7b12db4425a109b49d7d6f99ed3c05176fa1d708b39597868017a4b111d071602839bef34749d4ea33a25995b0d95bdd57e55280a66ebe41d248d887d5c5b234b71de541aac2df0f4e5de7d8410d219232012a369cc6a95c93d7e75ffbee01a59cf261aa7daf3d838843dc287439a1e3d6df87f6cfcec395a98695ba87866b09223ece7d4e258ad3f4af6ee237f7c9b302293aed9b0f37bd960ffd9614bf7f5283a1687d61251e4ed59fa2a335961092a48702e11fefb31f0e5808208901501777d102f946ba7808de1e9787cd8cd2301d92544da24b62b2d1d50d60c83f1838d46b300c42bc97084ef2115b6f5b396df5788051c6b7a590af92d510797438a4accbb8998bd5f0acd8796fa0304b112fed6963a3e4abfcab01920f6797b401069dec425aa15f1721aeb7faebe021f449969a5df68d81365d72126652062e449e34dde17b176a20a03e75e27e30b27113d52cf0a92d73d4b73aba815ae7422dc7a396ed60e9a3b13dfc92b2607dde48f56168b64056c36198581e3ab5b5b4153d02e29c31a0b3f4a7885a68134e0cd9d9bc475db81b7a0ab42de70149b2b40b3181d5300d7ccf8fb3c90b9f74cf369c45611c5f045c91afaae802ad6f1e804e507b78c65ca7c8bf154922ea3a05f38a04a6f83906916b5044780c41917972613855725772da59ad18b4c26f7c681087bbd64bbd94e7cb0767c2d6248044d39c4b4821da2a49066cf9ef4b547af07017dea0e45a32b27d4784432544af3c3e4a8207c99e37313850a0ba2d772f9d53cbf5fd60803d06e7116ee6811ced6d3607e94d35ab75e14a9bce91ad7c4a9fadc3384303062da932d36e2d3a44e9ef1b2dfc36b071265a373872349a446e96ec699d698aafa0f6712a41459153d440ef4e712f206bfd8a3bbda54aa1a3eb8f01816d22556342905ef5d6e050d24de9003190e7a198f87aea89491215bf5246e4463d42bc1bccd4161c238ba05b9b62d0ec3947d2b6dcb38a2527eeb43b2198c0742530036f961b7b6e589beeed61c070fcbc436575772c1c4f54f3e6fe899943356351905ff28212173328b268842bd7731b5d4ec91ec9f609dd0765795a16557640d24b12ea19fc257b41f76bed7c40979fbfb3dd90ed3a8625a2daad123c0e7e58245c073082a3eb2275b79e4f5ea58c90512d7cc2f99def5060f7ec7c48a6a40d61cd87623d86eb3b6176bdf5ced8527ff3fbac81f399efbbe78cea8524f04b1b55aa6455c246d24a144401dc22a7e2f779bbd540f00da2d8f9408d34063538d50b8d16e98eb0892fc7b103ba19d3afc64b13d08aacc0ff344cc2cf02f05a2416bde85ac67c5f91c3f3937096a474abf9d4201cf570955418b64e10d969abd64da1fe130da015227d362979e0d5adfd7717cc35004a1022e6b303f23b7eaa4aa8f3a11d80f136d07d3c0530a13d9484b74881addcb211c5d04eb82737cac82cd427bc5315b069a0f1efa4c497ea64b5e1b99897caa2c9116e9e2c3171d106553e87e8ba7f0c3d7efe31f47c2694ad36d3ca8bcee19a2fccaff4e524066fe66162ec0ec2548df0f5b2369578314fe4e1fc2f4bf7d0789a70da86c5e1be75e6a703644e2e5f0f4b2e22d13c3c16b37f8242e4f3d1959e22e79c778b63af2fee9dd067f9f8dc28117c895a063dea7a0e2e761aa6f308341a8f1acd33fba357ed0be2d9413179cd803f1c6e91acbe2e2e566ac73f0ea4fdb4c1d66e480207830e02157473d113769ad699ba0a1251c8a81cf57e0dfbad395dca7d2eda1508f2671b2fdc8b1ed55f4fe713378541db3ba04b324a9ca9986b8a8fe282eb57778583c1c773545e71f2de3551809a539a18a6f174a6de8906afd5919fa61ac66d585e89e5e5192eb3460121ad5d8b9e01e2cdb2a8a3fd5fd68b4b8262e5207e0569ca1088642a7e40f3a162e5526d795fedd2f1bea1a52d8c5a97de0d17bfff8e96b625b437422601dc9e05b2c1e2a35dff0d7666b731ef0b898570c10d8e4e781531d7a69efc34643989556d4405dac254bc7eef0dd4bce26a1771ed81468286811e0b9043a219308f2f55e0918b29ca8bba5d0fde75d33503ad4c16a95916d1ae6949bc053b84d0fbdffee61a701424bf76057bc159c4d1111963dfea373e1886f18d287294f77a6dc27d822e32842edc922d6643ad05cb965e8433d6069842356fb7091a955325f80d4e83760381fbec218da5e78049cf0746e6eb9f9173bd45eef49362b9ec292bc252c7c9100bac1b55d5a1b22a2978d368f7d4a14fb70cac3d76b649c17e510d5bb8ce6815d1bba9fe81591a12072062c971b1ad899534180aa7196af4baddf60b89cda1ec47d9e34ca7ef5cdf1cd8caee0ca3df03648454544c0e4f61b0eb490883b2b579b4d3154c05a2225dddce93f6294a52680c3ab8b62f5afdc0394ae36fc9a872f977c26b730a3adc3b7281cafff9dcb673399fa132bdb15e0cc4e28021d02d42d56fda5120ac2eafe6c112f3e36c76618e1f44134d566d75ba35fce29da2cde62821a816b567a7cf759d2b84eced4ab629d5ec0be874f6b78526d34bc56af2c582c4c6708bca8e38194a40dac9d3bccb881b0509ee36f219c893b069ede090f5b1f33c6552d462a16e672586e64f71a1de28fe033685b22cc0ff78c8ca7c3f69f32af2ace76fc142e369e9db8d4e4ba9cf9d574f6bb5f4bd7883fa0e982af24bf113addb198f5df7f40b5aa387ab3fd87859a0287d329d088b9252d9ec9b5a2f6d05475216fcfffb9f484c36db7b68d3338f1ead25d479cc90aed16006db8ba7dbc7ea1dba74c1001b5c83e2c17ce15862880e889137418cf23d5f1fd0b2cbcf69d138ad279974f33d085e67f0f2ddab815d750c28d74b2ad44afa9c4940a07c4c507400823c544232aca014548b240468aeb2c62245ab49d8a61c5aeadd7ed5efe461a668e8536c9aba2a8097ec144bdc64632fba47cfb9bcfa3620d9afee2cdfbcca7b0f6a085bee99b4d9cdbdcad833da8a3df27b56f798d8c4f7f4686db425fcf580309cc96f229c95c74cfe5235f235505253e08a66a60951e72a00c44f3bbb7988cd11ad8507379b40e583ba93cfbe698cdfbce217e41d272cf64f645fe41464f60e1ef4b7220475cbd1b14c99e669b184d8cd46c179f055a7ff99e38ea4ff291d2e8efe8bc3c111aad1b889154d0feff4c4d3efc5bae9429f6c8f2edda03c7b5b3070942099cb083d2c7481cf23ee359cf925d8d6b4285166fba3b857506472c101caf9a90892eee0c593a3188887093a2fed2a247b8d800fedfcfe2d7c3b0a35d05d11e6cc6a711c44b783f20f8f9594642a3650317d3a5c50b52ef9aba6b593dbe8e7b67adfee199d40017c4c23c017c16cefb281eb7c528c9b93e2f9dbf13f959a4acc84c46da1e54f2e879a11f8ee0527544e8605d86b324fb3e4fab8a5ec2cd228a3a0f6e41bbad6dc4c5a30b567cfcf2b6618b7a1792186797c86fc23bc61326e507f19a40d6c77e13278d2279b8bb03bc5b6aadd3048012b3fc4e916a8e4aa103a2b53cbd2e63b43a31c0c4e94c3233c671fcddfa9c5d4048a38eaeb097412dbd3c1159cda3aac5797274064e88dcd791fc2fca4f4d876a3fed46b404c89f921782ef05f2cd25486fbe67f0198a57b979a57d9f2e5cc413b7ee07294c3aef0fd35710f60417cdf5560a57ac39b6d21da14141b8a41cf0076edc3483ccd2dd92d73588fe53b5f3e50b04720b2ee7b1703bc01757c376a4dcc5dccb024524425af126f21ffc0ddb09ffc91aca2138540d42372911f588f54150e7bfbb861c65893ef08b0867057468b90496de86023fc9bd59de717bdbba8f3abf914bbb4c1c82b19ffdd916f36fc5ead47112a1637b82a07293411a875ca3c173f7e625838451f6e525c621a2e9a371d75254b7a897f00b6337d4af5e3aa8a7f5e95951ba660a833aeab0eb52d8067c4389277bab6662abff0f8329319aefc4bbb9c46630782849b2438b876b615109a6885e01919d0caab6874984eb6b5e33beb1f8c302794075b6b6974d49e4556888ec06759979ec6a82eb39edcd09bacf59d10c5f40c015263df2c48a6c650dfaadbf8d535f2f6bfd19ba9e6d0ef0795b114b9f1b4a964b00c5ee05631cb1d5644d4d5fa543f7e4a2a9fef31ddcddbde1c279be282609727908de3bd64001356249e11802c8c0ca8c55c431ce725763027370f01b4491ba306b58c00a50dcd254fcfb93c8d21a18aacf57c301dfacaef58893840cfa07284aedb96e5f6e79451c639285c678f8c9395743ac7a459e27f31d62b01685ca212b1ad279905dcbff6d4b013fd54dad1c6c0fb4024303b96fcfec06c4ed8ed24b6a9d994f5af1b0ad1651de337c21343484b35f168f077d154d5837f2ed4b33a0ae60f34478e8a0a58ff4829a44f53540b17293b034aa8a2cf8f6369c9eb7c636287cdbb9dd9793832d436020953c1852115608411111d7a4fb4061c456f2f146eded1fad6c93575f37c3026529730310f07e651d62283068c46b76999a9452ca3bb2a0030bead133c8386fb374fa43aab4bbc08357c748701196ccaeeadf5a9700155317e6c1586368757e9ed7cdb5cc7b47c21b37ae2ca1ae1fff41b70a2d0c3e9dee53d0dce9ac770f52b4bc61084a6074ffaef755afca2ddb1f19a22b0137b9c45faab1efae572c8afce8b3564e887a098c4e544bed06beff96bd8cf2d05fbc69e9cbf5b3c9a34340ffa728691172befddeb3d7b79472200d3703b601722b1aaa7a81b979abeeec9facee9b843c3f04e634a2a3b290479b794dd355abffb97b9b237f030cb10670811eb248051a7235380005ea7786573fe707c6500d64610455e28fac7362e14b849f6355f3fe9cfd7436a499d7f18a1ee8bbc567a3b379c7a616b267477e98f0b072ec321380bd4d27ec8dd015a5a18d9945cef435106ae8a77f4af0bcd5431ed1241f0d1a4b58b1bbb4c126d73bb374b3149ae96e18b592694d2637e88491eefc7ea484aeeecfb63d900c30ae9aca6ff1cd7bdac6d482523fafd5eff88a12130ff321e162f58e8d7d", 0x1000}, {&(0x7f0000000440)="0952b1cb9c7a182d44107ff3d2ca969e301d4103ba925e8fa70a7a2e", 0x1c}, {&(0x7f0000001540)="aba261be2cd7c50ca230925b5f776c3d2150fdb0d5b392fd7bafcaac825e56f4c757a19f0c4e50c37466a5675ad65fc5006fb1fe929db8222103c86bc9309e6683bc7c80f376460b411a50840fcf875af69b259ca81d1a84e88542e915636c71972988af3983778daf8894adfcf0b9af8c397d817ea18300ba9de464eb5b574a5df174778f274d11a3f949a93a29e0ca246398d3e4edbadb0a0c8722c1f0e8915cc761d0837f957b12ff603845d06820547d37737676183d0eec7f0834f787b04f675148fd65961839d7792a8256419bf702e16203dea442751e71893d13c3079c38699ba8e0bdde013c", 0xea}], 0x7, &(0x7f0000001640)=ANY=[@ANYBLOB="30000000000000001a0200000900000067fec7944fd9ce7e8b826dab7af2d05e266392d11a2a8bf5cc34297de70000001010000000000000180100000600000008370419c2ef2071e624b410ed7570fd295a4515f16284d5b2fb93194c60bfc0f21e6f75528d0f82ee825e128a0e46aae021d1855ab05d938fe525eb4318754fe6721311ebc8989431935c611c8018facc75d9acb9565f000fda5a570ef8e4f9adda9516bd6b7fe13a2ecb41aabbd8baecb40be96f6d8c77a37f9405bfa8ac5523e3ea6f119b5eac7c7401f84608555c323b80e1c26646af4aa9eef7cd0041f96f51c92cb995c6526ee311b09ca36ffc49ad987886895930bd5db3c3727b876ccdffcbf84c94abb158a2bcb32b28e06e3ae424c1fd98a3f514dc25e9ca5cc1c8dfa780f8588c6986a82a97ac615fbeca9cfa6648412ecc327f34155c1de32e3a7f16ae971e0b7401650f25113626796aa42065482a41e3f33b7dc2e52e2e782b9088eaec1f6c9198029da6367b0a8c9685fec09f08aeec87ee2ba4af0f3be4fa3cde9c814f0732bbe984ac7c8ce224c49faae67ab753226ef3f793cc131b13b5b3ef96dc7425208f9e755d16d38feb5b3fb91bb067427a4f69952567674763f5d4719c902c5883f0e31517be8e6ee230ccb0927303bf984e662b013a75c787f7df33f61dc52752a1069407e06b448f694681f5c27563d0f032380875496f885cb624b7a4ffa84a49184fba7b2543ff07024812ca5984d97c1978f639ea9e9f578778f3104006cc9a7dc42b8d3b1259275ef8e05872820ebfc744219a8ec4629d6fde7085b9ca6cdff586d14dc5b98c0ef85e17ea9214ae559741ff9a7df14cc3a5f705475ab60899e13dc28db7fa8f7b27daf2a7a06984aeff00643b8554d90b22076c6c19fb7f4bad52be76ca3ac7d9c771071968d37713c3f168212a5a0c2dfca3c4a869d8c40892a807814184183d10f804883ef8fbd28b328eaa77934fdd79ae2f6e3d76c469d1c8a7b075adf14417a6f6f74089eb12d509005ad603bec8a2e0c27d3c9b53cae2c38c1ebb8ec2536cb9dfaf742427617c60eb15d8503d3d44dc97b32df5450a1efe7ab230212a7510c20d26128c1fedc9ad557924d29822eaedb82466b83155f11b713c4140fad2930759b57787b516446bbcf98e7d0bc97928249aee39d47da3d9f4bd3efdc0ac4a0857f60f13fb2a3da84a43c94c26590ec357647e3ec507f853f52ac35e5f87a8c9b803e0feac1d7607278cea79c36f22a8d34a3409ef2cd997adc69a431f75058950ad9ae62dff7fc2aedc59f87447ef75092525ddd5dd23e9029e48a4c4b14e61eceeea4ccb0085558d35afbab0a9c6fae524f5cf90fe6f32690ab5042ad5dc3a4e371d2afdb3957677b7eb59a82e22b32745fe7344d59781858d3dfbc85e73885a7ad05e0a47c1768fa039cf437642039554d594b4c6d6da77bfa5c3ac7df6608dfef5a844aea04465e2fa9417fee6ad52397e967c0303e06ce3e8060265d37c61bbe3ff069780f256e604c937da0689241edcc929bcab4b4c283e1de6524a6eea9afdbe2907b6ab4f3e2dc65977d001ad579e595c1379f7247086c85328a2208eb1e957badf80ef8ddfc863b5e6ff9cdaf90aac9929e1a294629f43a02267020045cd43c9b770fa313b8afde18f54750e0a7806c6228650107395e6076da5075f9b3ad4326c1f2284809094686aa854a847a5f2e6ad3e48e344303e36d784b8a2858d797e90fed46dee5f8e0f4cdd48a767329c76aa0553ec42f1b2336fa029cd9019768708c6ffa3b0e74929c4023730c35295669defc9f7d125520c546e478cd34cd0673ff86584ef52f4a1262c25cecb75b911167748f4db8fecd82ea5dca493c36aa9510c033b43e7a6cfa44595fa9d5736c9e95a0d111174c71ca493e6399943042aa51d976124787b5b2a2fe221179042c94806315e8060573c6a3ade28c0e3be4726c1cf7148421feb3e155b44f5691aadacfaf12cce1fc23648ee58515180c0c3de959e9c22dfab0d194a8c9cef7fa1c06d9165b86f384ba92b97ab6c1d1d733003cbd094d9c0bb3f1530fd6cded900db2bc0144c48def01b103461588846510f5db465d5cdbdf3ae597f5802d68f7da65727ac9a08327e0315d52ef6424e5f9cf56db32f463a65fa22e5a94ff26dee53aaf2c99eeb54acfa7825ee261b101e96ecf27cffa78cd5fbd24f546b81a3ddced772626f39f37cca7d617a5cecf5726ca68cefffe035381bfbe2cc22a306073f40d39191783faf04422da00fcbfb617d8b60eaae4ae0b83d5fa7283a0e2ef7ca017f945606e825f9518abce117c0d5f16a8c6b135914785623178d18a7565fc14a072db2594e4484bebb761628f470b22d9e50d83097579d3dd213772e1ba97c6e2ae1c6da40c6fe578734279aada8a97718e0a4e63692c37a2c44020a777a87aafbf0411aa214e3e235bfae553694df5b1a4df314ac93d71bac0f5a6235df7bf1ff48c875105d15165c809ecf195835175259e72506130e578be4386e48148222467d27c52c41d39f2a454589c6a05b72cc76492e7fbc16a3ccce36cb0df6cbd435d5c12fe6c2ac808bf1d9f9fb226ecdabe050cec703c8a7c608e28f896b1d72fa7931f09368a7bb24b05d3c198e100640764278c2687306795e64626061ff6d5458bbd39ced0daca634fc87df9537c3660483a8fb894b2677598756d1d2eb69b28147a345eda7fcffbc20db11ffb1ce4e427199ff1ee9ca54b6136e5fbd590c3baf624df7b4fb30230bacba32454f99058b063f559bf12d3aa94cb8dd76f0afa97760043e73fdfd585505e5c8bfa049796c38833a8d52f93d7ab4176fe340da4c461c13d7e2dcc573fe61da22f8bd118f9c6ba7201e775fa3f86f1d71dac5c67d0ac92070b03ea502f70155e279184ef3db57e8806c57039c96231e8aa2cb1c8719be271f9bcd4b0424567c1d1c537f390ba37e22941b2cd88dc76876a279957945e9834dca199ed6bc4a30ee25618a262abf6c568d8b8d6573a3ca2b6d3802cfdf619625bce098f59f797480f64ef1e953ff47a998c05c0012b5a065ae6caa25d63d7724c607aca1d4467dc93e797858b2617ddb60e88ac8226027e350408460dfbbb0480460166b64810ed0dd49baf6e9fa43063513a3595e19dbb2fd47cf2e5c92ee644fed7cea1bc00c8dcfe07d1bbcd0757d9496158a71fc5b458909a7772cc687c8bf4c0d6f54a3a8872111de2b2577b36b7420aed8ea2d7c849e67e8f35576ab6d1e76fe93ca931cc51b52dea721f100b2342b6bea050279cf6924133e34f5fafc644e8dc24beb5ab36afde6697a2d6bbbf6b67a5a5f878c5c990e53c80180b4dc37aa77ac765de0c1abb9cbef616bef965c22a4820e2b93457047a8084defebae292db6d2abfd6a6b87df0578180ee1523c60ad662c6b866b4bcb83c7aa82e50a55194b4dda0bb1c2d37b188a76a5057bed6dceb58363d0e9e6b073f18aa3f4e5831c0d3b265e79b5f35680fba2587d18bc0bd974cfc6e270cf4a9d12b2bc973013e1bad756e6f970eac0aed3b2048e78b07564d6717292df783893fe63601663249196d1ab4c0e5bf75758eae8c6c6a5b289a1c383c20266e02e4c8e8e726e6867a444b985a55fc2d3386d73f994cc475f4cb0a8e0837093b5cafb5608262f73af3184c0efebca3870b39e8076b730884e5d8c0777625b3df3454a2c858e054e98bb2a78bb3aa9841aaa9def33a9a1d254974d701b93cfbb877237d6b881dba0d502249c84640e0d5dbf3a8360357058052dca4df5c9870c36a3661e37402d7d1f8765d2bda889a3bfcb048f6b29a57a2582f1d9144281533c69f55e73f9f3d0948c448affb452f64b70d69eb1f7fa8271108280def08ae6eef5265f5c387d3af9540179ed4347d9bfc133f111f96630f16fe1cc8df64ba7dd94e68411292954805c16391cef3bd058f191455fe03c774cae5ab832d22f5e9b7cb837a5980fca05c8f505459193dfaf9a253589d178a47b0bfea2d360575d09a366c906e8f91b34db36cc69ed103f7432e6b8267da3c409c4bbf5bd4b315442182aca46fe80efd55ccce1ab1fe97d4fd2706fa339fa796e469414a537be48ec029df366df17c048522a18043858ea0d661958c7b83410cb40ec299efe34783171fd6f795a32d4a692f01539507cf10a1c0ce14ca3fb233399e1c459490522b11393060f1f06dd259d2e6836f5032d0d075857c9638f4ff2390f52b693fac23df379238e9da524af28e22d7e495b11c6f36e3f6d3d8bb99aa7bb2de574ae92a44389dd73f703bb493cbdbcd73eb81f22f51e5c2a16a416c24e129a9cedd82180cce31be854c6bf9359e98017ac8823b51c775a8f23b1cbd6df3dc4cc270262294dacd7f220028b8536e35488ccd1411db77619ce9461a99199b1a83efbcc8978073149183de1c7559f966742cba628ac9a0212910da3327976204fa3ad86caab9b61ffe112a1611eb20019b905f99280597697883226760cf8fb0b9b74cb0eb508bc217ef72ce4414f01dc156936a42bcff27327a9e38131339a6777948e70365449927051f193de5d129cfe03ce1fcd4e03c7afb0f15a74720e4afb05b08b9f44de10d8a503655216d594b6c4a057817877d959fef5ab517975d8f7055592b42d12a67f9abbaa41007a78d66e176d5ea9d2f4071971293e3b15d2fe5992f488185392551ee639a306d9124feee32492566a9412e3d637d016d9c870a1937618db7cd4920d5dab20d7592a071300c1245d3ebed15850f3fb6702704ad473aed6043c8842f7e9e106a8d2ce9779cb247a094d902954b42d76af58c83a712a41a564d1a8aaa0d8a9fb6e7b65e1378d3565d0d1ead059b61d6c1c54d47911620335e7227c7f814e5b5143c564f8acb440419bc0e29f22bb35a8fd45be2846bd78bc559a3972a799b8ddfd1445876011dd42a7c3edcb6aca5fda7272b8d4bd4bba226b4269a6c7703aad9f8b128254f0bef1b99da6c90db5cfa53e407492ea3cd2c97fe8f0348cd29c3e428fae2874f75fafc10f5e497bbdee4422c4d4c2db91c881f2afe1130df696c76ca34cc702869ffce06f1cf5e56ed872b2588fa549b121170b7af832b8078660b3435811ccb25a6a861be9121dc7f752db053f9eb6a6a404ad3bb1b5d4149a30b823daaf03f396a4f560679ee70eab2f18426fbb709a4cf15d2536e5ef144886602f7075c294df5e1cbe61cb5c6bae893832478de499b68212a8c40ad3e53c544f70dda14b5380bbac00f111e02bdff402eb0360c4352d4772e5d92080e910d53f64878ace6e6913bf672b4615da122efd4db8f30d2bbd79a3a7a5ff6dcce912db8b2cbecd4fcb149802ca9bcd3d7d33a8ae27874e62a5c6adda1b9df5f1f61fa71b55ddc88e68a2bbf30f9a180d03cfd8aa0643b7e42eb4f8537faf3a0f9c4c57bfc3d791fb5f1784b95f9205676a09d5b69e51788d26e4dbf148c1f94ac0ef48460f5446a133998fe5d4f727635900d58c3b5d675f67877c2c9a84cdc808f7cd54dbaeb624044dd7a142ca27fe52d5458a223341f77baff887b6858521b1b1092a925d9e942ca25bf23819bc27e45e6028a0110839adbbdaf0506f28078c86e3633a5b8da5be14c0d0791d5bc7e1a356c0bab114fa2984f83442e8fac23187c6d1837c2ce9af3694030f2ed4ae60c02e089ef8b41013cde56712cc1ebfd580aa632fef8043908e4b8d78ffb68b380567af053d21d185b23715824be9288ec0f80da2d33c8fa44187907a3d592b9af46466439c9a414bbd3df465b633d0ea01e41e3267549426d678e51fea7a99ea0fbf0f9381224c1dca5aed6026033f140995e839f242076bdfa281bb5577c9f0fe30bce0000000000000000c01000009000000c3a19c8f84b5af55c70e2897da761642bb0d2bbca117b73f7ea5f6fdb9b54fc1bec5bf78915224bae1f45c1e157d9bf35e93630a99d0dc0fbfac381d5424f020428898a2b83a6dc462a434d6c4026e36205a688b2201f00132aa6b4f72864e32f6f799c7316fbea4ab9e1ee55fd32af7a5f14aca358cf41678da0d5ccbe8fe421c34c0ef9e7d618d946e308c46336f38cd480db3f2f0138937c5a2360f984be5f2df887644505191a18d31b228276377c91c91acfb6d670869d6162761b0fa276a01d959ebf0120a0400000000000000"], 0x1120}, 0x0) r6 = dup2(r4, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000038c0)=[{&(0x7f00000027c0)="60b6cc24892d638172bdb4bc6f8855e8fd2cba9d1fb1476de8971a869aa188f9bb26a5911a326dcd937a4696c86c93837b077b168ab026df0864ea8078a8b29e9629b05d4bbab72bc79b7617e3cab2e1c6cf4d67d776e5b34edbaa19ed167d43593b1df24b4b5479425d24dd16a2cc2bea20617148d0373f1828bd66d0b7140680820d913dad4d85cb3c23e965b1b5205a96a69be4584ba857fa745d932b89431b36ff94e4a426277b95e990af869b3b504821dcb55c77c4532b71ed4d7eb9474b8673b02df412c696364831f6654bba268566f5112125a851e36230779a50b8a06b1a368f84a9872a2fe1f7e4a5", 0xee}, {&(0x7f00000028c0)="39723835593a66c6a94c7e8c938223a05957f51d9c18ef691275a029ef3256a097cc4f707355f2416aca568fab17fa2985bc34db78dce1624cfe5e2235e3d4b7f81b0b474e0258ce779978fe1c00ba5af4ed9a01054a10eec8747d019bf4d069f01710834ff9cc355c83b00a260130c1475109bd4e3fd6b27e9883127f2fe8f5dbbb3852150ff615d2e2d98c6b69db5381fbd7888b8b446ad5c9d41d1036bafd7e3bc2e1fe6b124543ce760e1f93aa7c79ac2336d8b6df0c61944439a3ea357c398b248504e7aebf1d4d24fd74e83f6f260c234bec7cd12cde4d72dd4eb064b39bf9f9ff5fea095f5e67b8ef9b10e9d90ce4392008c717f21c19ef248e122ac6fc360335d2a1dd481acd5f597239914e5e80a5a76d268274799b3c9116cb48c6d668f040028ef777e057c5f2bb91bf8853c0f3b3e73c7284ee6538bd9815ee1050e66c2f03e2ddbabb38ee712d3938dedc615686d99301411d14acb8912e0e84d711d327b769f6d589b442ded28955863615a03ee7d06c8ae918f2395f0eff5d7be570ba04bc286dcd0532249b79ea0e9b6cd66ac0e2a2705c68aa4520efe5e3cf988687ae6a94a95455427dd0afcde4addb877d992a33adbb5bb241c0015979cae0839a1c8b04bbb77a815bb6e644719a2bd66fd97e290ce3fb63c6ca9fd260d19855f4822b95f9e9441e2af25531e6c02c36a74ce5b5468348cc6aa5bb6b8080a7c9916cb11f126779ac1aadd22e61c5911ba85bf91c7232aa7de5f4ad89da703a36011e317aaee567e8ba4b5d17ce398796e453c8252ec0114d2b3d76b744ee48d115d9908d55e61eddd30e50b55a2b8776f1d88a0c0d9cb31c94944c0b72511496b0c03f5aaa8d9ca03f3ab4ce67dccc2e6f3fa6d3094b2ade31112929ed5285851394da12d6553fa89e5059378519b0c0e897e51e746c2b2867076f30e22aa6b4246d19b01a0ad566c746da49d9d16a998bd2be585c1dd257dd72a018befbbd5ed677655f90306c65d842f1c2a0cad39ed1d9f23e83533a8d018a9fdc202dd27eec7fcf94fbefbc87cf2fa5f3545ba820e180c6956ac3be622e61ac52af21830e35135f2af915f956ecfd4f37e42da3dea1484bbe80a6acb25004e34e67ecea161f8f0ab93ac056a8f1ce341db0e79486227ef05e58fc5844376baf11b2c83386f6ce5d2884957900e83c274fc4292869dadcf082a96ed5426be63816b2912ebc4892b6d326dafc0c8ecd269b69f2f6bb03d742b4d445c92db60a837aa5d0cc0d30fe371eb360101c99c2d1b27cad46386c50065e013b8efd40b33f6a886b86dfc3cb75a0daad5b9c55a1404e0d43802d8db86f5ace2eb68df7f6545f20eba49150f4c894e2105fb02a66c7274ed39cfb46a7e3ef48a923a5c5e6424e3e863a8ea28e01600b89865f287a74ad788c043d3ece2240f1649a02a8be1589c3ece130ce4b146feac0053c32dd2f91ff8aa800a760470de554c73b17ed56c802c5b03dfa2c4d0676fb280769364955e892c359ef9eb8179d35231c7291a094ee493d88084e14e9489d1a83378c9c95d1dffedbd2db84a3abcc62e3a5a4a7a7cf6bf2b9d58bfb03ea231bf0f03d149adc43acd61842af2905d157e1013c57000ba429f8da3551f1993b2e8479142151b42c67b061f92465dec4ae3c590f7a16a1c57e5b12fcde5c451f18610b916899960fe277b84ed7823d8dc9ef31a1acb29f21da31edcd1319e76acff5c8acc5bc3bed1a14d1f6c7d1df0cee91c2548fb47ad458af8f21bab9458851c1f61f1ec767ee46232588ac76cc37b1ed6798ab57d81f4128aa577f3c4bc6cb61488307ee5a2d856c028ca4718dbc17e2aed3f6ed8cbde97f770dbfd73e51ba9f7d08b0f793d6638217ed6bd15ab0882a9108136983bb11afd9bf33b4075abdf24c1885f5f096691e08cfe37ead070048e5e4de4bb755ed34ee31067db9a5224ee0f4dc8cd473499302214a7caa96d66cf4d48c7c86c659cc6522fce9e95b7948af355908e89f2a4c77ca94aaedf18065ef2826d41ae7b25d7fbe21a8fb57c59778805f3e3fc92f5838027f88cb1b62844744a81a2ac4cc2b0a6e22fe5c399a58bd573c15a595ddde093081e75fb09886004b276a8d07fb4b1209157b32f028885493060c62c00dc5ff9680bbf5d3859274358aa733eece0aee9a28872327d4078fa7e6b89b584ccfe119b14e6b0153c3589de228daffbfd561ca218682ed6d424876fa44c128b82f275afd088061f77f85c057ee7dce640610194d765ae00fb1a506b68bf687f84f7efbff2419a15c65b161a248e1d1c7386a1c3fce3fb24332261475ded65f559494363fecd280e03a3c37bdde5285b144c04f27c077d39d3fa23d29750f4920496a1e3a991f0c78ecda50ca48512627339a8bb4dc470775b7f28cbdf7b318c285390362cd745d3b6b3b20282faa318304e4340669abe70b52c25cde855dd79be46db99727d0b41a9c95145848bace8eb7135a211b228e34119b229ddb97f4b85d44376ff340e02c8197cea9a8d2e01b1fc2def2c5da0e349123dccf20b715658659c61c6614ed1605a93b5985da758a399df43398b83bf71b6f1d591d16f41391cc299c0092707e2f96d82b75191ad84851e1144290d223ed9ea488bfddc4f1898ebd901aad0cce7649505d8eaa38b0a3a7fd384beae402a4e8b950fc76663ec9c50f8ecc8a5795f2061c02019bbfdfcca2540d7d3e8c205e42ed2e50b4b607c8322b21817000fd2f48b6a7ac3020f9fa089ed341f3dcffc4055f45badfba442f027e0a61e347505a9bd1d8754da14db1b73f811b7397ac1c6018acfda2f4c586252eb0b100815300264ed8644bb7a301066aa280834afdcad2ee1d40e7e41a0581a7050e0da2f4243ac1f6b7c34a52371c65df6a4b0578a401f60de871013953224266bee13c937cd5ccf7fae583416ff57bc5799faf46d45ce651ff1ab75493691edb934951c1f8669788e625123f269be2a4cef1bbf9d3c29ce58d3526e0d8dfd19c0a1516659723284bbbadabcee024b744b44181145d1d2f09f9e7f70791bc594ba34c3ea75b41cbe12afc363ca094e69610b9f799dd690161c42a54ef06279f5c8ede350ca61f9adbac1f19bc18e280a27b6180b1a235ff419d34297077f508c2ece25042b025a7a7278ba6f2af4c414c4913277a766f11afaed4a235e2e7f62b549c53d1e9531df6ff82533986d54def28849dc1f63e50c4e7ae6c000e204103c18dfc36d71b9c376e670e17b59035844d16825ae6b0f8b9aad086cf8b3a7e3354c88771b3c52a25b71af5061d8728ac11a5ed8f55d8b45154d18067ae288da3952eb94bdbe8b42e0bcda96f67ee8b3afe217e635d1a03721fdbdd6f835d0ad5e4af1d3c90a26b45b86e5045a2b6d296761849a78974f24802d1123227a7411d59a15886bd9877b4e36f7130a585f0f204de445917789be8f81e0fc809c930e7288138272fb694767ade029d40e73ce1ed610122aa4aa759b97010a34ad5729a4f8830f6fbf3938eecd5e4cc17742d53add0e5f52b6a76a41e8eca6fb8beda0dd7a0a819819371124a6eb46fd837f57369e1bcb214d6826eabb58a1c6bb2f6cf5f2881cc0aace5fdf507a86609acf482f79e8dc03b3660561629ac3d1a339a96689566dcf5b8896d064b1d3787cbbc9aa6ec75a3d1cb7127c8abe07b2c4c38d9ac93f8eeb6a4b0189d0c75826e18cb0e27df2b841dca06f515f0e8aef00ff39947a115a29d1e10ba35692d148be93d7421ea27c23e86af54b7baa7a467e41c9078b3abc57d556bed2e85128228a36cbbbc08e72ce2a4ea76cf9bc3059ac461833c55a03cc0ae00820d0a5d3663eb6efed8e47a0be9cc9c22aba0beda7c118346f604c69945d3956206643ff1c7021a26dbd19c8d142afc8d76e3dd768971c0d1a0eb784037f64ba0a054ca6a039e55eac7cf39868382f5353c9f5dbb97779383529fed62d1aeb22e8dc471a2feeb547231e0da240209ee83311e781f5c116ee06447e03ee6e3de87e2bc1c5b895b80e4aa8f10dd4b07673742a981001f7df61037f9be5ef6eec270a91be56651793b605e4954ef2c066898c7090c83a2af1c8d9c2316039fb901745c24079d3f269440b0c9fbfc5395d8bb8abb39b94f0a1c913ca95bdb8768ac676facc0c52b90902e366643019e31a6c0bfafecc1abb54601e97654c21597d3f544780a2bf325fe5fa4bab8fd56c320205dea79e1936dc153adf6200aad55115491fce661904ea8fa5e40ac4f0d381b983419976798081f73c834575a268cdfe0fce71482fc7964c4b0e4448fb9d2df44beb01cd43433857e6cfff6693d18f86f143f3c9ea2d35881e454c197ac78086b9f9e67bc777185a4fa61d7d5179597da5816eb8f948a651bb14a3c0ba85c87fc15ad2bd41a6469578453a99171bd19b2a5f618593714f160f2f3acd235795d6e263338501948489b89e0165e9b12035e9f6f70152f9631132c29e351390010179e086122d1dabdfcd516a6f1b4dc02de06a8f3c0840ba4c27db14c2ca7f98f74134f28ed12646a3dc12f54f9a54e4a43cc34315ada77c36de115fb718c1b8ce8e52d27fb3be7bf4501ba5d561c677e568a8bff05cad1e1e33dd5b95f915caac80e39a04e46addf21ae0a0629a479254a1d469cbf0b05c4dc7cb0603aff1002af7cbfedae465dfda01a5020043dba55ed4e1ce680c0a2325e62e60bdf35d93aa410d219b8b026194e85abed076a42db0fd0df902fbf9298617697eeeb0014220dbe368c7501545c05062a8b7402f4fc2851e0182f726f4f3026beda2c1366f3565103b1afd0cb9844ffdf557d81e7a8eb3298d6363b6eba7a7b630418688a95347d178fcd279d77965b0c68ca351888f2d4ba63eb7e51be688ce6f4f2f81c14448787a9123e7b1cdcbc3b10431b696a3990f8b679674dc4c887151e80ff0ee6124dd9b7d40af6056090f7189a2b8e90e80cedca6621cf286f0efcb7b1ecf4220912c4454e0fe7621e8c98b041c73ec41975cfffccded7db1587f10ba45b4b3ae4f90a0848745106ad53d07376d2d205472886ebe0d445bda25ad34e77c85edab3d8c8fd7aed82f6e05482f1b835472dcca0f734aa075921778f32fafb3f86da0f2967472838de056095cdf21477dff51ff5d2b988ef65190cea4bb94446e138bbd86eb54c63f8edbb301c2817440cd607968da15482284d7d98c17602f6895247899a544ea8c113b5db52391caeff65ee4b68a723578cb929e198181126bc159e9fff8f7e4fe7a943bb367765b012ceba3ba0e0e02730db0ecf690e45bc79d7906dc848d0c1afe94da99d74ba93026c8681beeee66b3c0a31897449529a3ba52ef16e0f9c40dfcbfe85b5ee6b8deed228b10585c95ab4aae0d0d9c5573a57b2d7699dbc113048149c44dbeab1f2a68e06182a65e2bf38bfe8c24e4200915fbaeb744f8226c8938abe5cb8296adf46b4653ed7cec84bcf6533b50ee28215df0f3c0541457a57e67acf82955c9f7565d0f856c527522dfcbb8211f608f1247a8f71dfe38100e6ec05345d0b50f6fe9bcf87d7bfee75ef96574fa13bfc5df07fb0e7daaf46527a9b77d32886c8e144d299232719ca13e04022894dc93e3931d10d2325d7dea978b492c0536c0c1b0523e5667eb72f02ee9e18d00295628bcba3691fbded4fb0acbf75dbed25e7902c64640a2843ff843e7c2a64b1adb6dc442937e99e118b1583e2d3653ef23e7e6a222e79e855598deeff4758e479a7e688a2335ab05b18c3447690661ce01ce1c1a59142cf20", 0x1000}], 0x2) socket$packet(0x11, 0x1, 0x300) 19:02:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0ffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 230.824869][T12081] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 230.832829][T12081] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:37 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:37 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r4, r5) [ 230.900409][T12091] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x88470000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 230.940610][T12095] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:37 executing program 1 (fault-call:1 fault-nth:87): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfcffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 231.080678][T12107] FAULT_INJECTION: forcing a failure. [ 231.080678][T12107] name failslab, interval 1, probability 0, space 0, times 0 [ 231.115709][T12107] CPU: 0 PID: 12107 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 231.123633][T12107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.133681][T12107] Call Trace: [ 231.136971][T12107] dump_stack+0x1d8/0x2f8 [ 231.141303][T12107] should_fail+0x555/0x770 [ 231.145724][T12107] __should_failslab+0x11a/0x160 [ 231.150667][T12107] ? getname_kernel+0x59/0x2f0 [ 231.155425][T12107] should_failslab+0x9/0x20 [ 231.155440][T12107] kmem_cache_alloc+0x56/0x2e0 [ 231.155454][T12107] getname_kernel+0x59/0x2f0 [ 231.155465][T12107] kern_path+0x1f/0x40 [ 231.155478][T12107] blkdev_get_by_path+0x71/0x270 19:02:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x88480000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 231.155492][T12107] btrfs_scan_one_device+0xbd/0x450 [ 231.155503][T12107] ? btrfs_mount_root+0x477/0x1040 [ 231.155513][T12107] ? trace_hardirqs_on+0x74/0x80 [ 231.155525][T12107] btrfs_mount_root+0x4af/0x1040 [ 231.155543][T12107] ? trace_kfree+0xb2/0x110 [ 231.164780][T12107] legacy_get_tree+0xf9/0x1a0 [ 231.164790][T12107] ? btrfs_control_open+0x40/0x40 [ 231.164803][T12107] vfs_get_tree+0x8b/0x2a0 [ 231.164821][T12107] vfs_kern_mount+0xc2/0x160 [ 231.164832][T12107] btrfs_mount+0x34f/0x18e0 19:02:37 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r4, r5) 19:02:37 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) r6 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r7 = fanotify_init(0x0, 0x0) fanotify_mark(r7, 0x75, 0x40000002, r6, 0x0) setsockopt$inet6_tcp_buf(r6, 0x6, 0x1c, &(0x7f00000000c0)="657357bdabca404f20434edf", 0xc) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 231.164849][T12107] ? check_preemption_disabled+0x47/0x2a0 [ 231.164870][T12107] ? vfs_parse_fs_string+0x13b/0x1a0 [ 231.164879][T12107] ? cap_capable+0x250/0x290 [ 231.164892][T12107] ? safesetid_security_capable+0x89/0xf0 [ 231.164905][T12107] legacy_get_tree+0xf9/0x1a0 [ 231.178427][T12107] ? btrfs_resize_thread_pool+0x290/0x290 [ 231.178440][T12107] vfs_get_tree+0x8b/0x2a0 [ 231.178452][T12107] do_mount+0x16c0/0x2510 [ 231.178471][T12107] ? copy_mount_options+0x308/0x3c0 [ 231.178483][T12107] ksys_mount+0xcc/0x100 [ 231.188743][T12107] __x64_sys_mount+0xbf/0xd0 19:02:37 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeff0000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 231.188759][T12107] do_syscall_64+0xf7/0x1c0 [ 231.188774][T12107] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 231.188783][T12107] RIP: 0033:0x45c47a [ 231.188793][T12107] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 231.198611][T12107] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 19:02:38 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) close(r1) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x20) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:38 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r4, r5) 19:02:38 executing program 1 (fault-call:1 fault-nth:88): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 231.198621][T12107] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 231.198628][T12107] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 231.198633][T12107] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 231.198639][T12107] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 231.198646][T12107] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x88a8ffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:38 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) r3 = accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) creat(&(0x7f0000000140)='./file0\x00', 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r4, r5) 19:02:38 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000040)) r5 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz', 0x1}, &(0x7f0000000100)="cf", 0x1, r5) keyctl$get_keyring_id(0x0, r5, 0x8508) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) writev(0xffffffffffffffff, &(0x7f00000003c0), 0x63) [ 231.557398][T12135] FAULT_INJECTION: forcing a failure. [ 231.557398][T12135] name failslab, interval 1, probability 0, space 0, times 0 [ 231.597451][T12135] CPU: 0 PID: 12135 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 231.605368][T12135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.615414][T12135] Call Trace: [ 231.618702][T12135] dump_stack+0x1d8/0x2f8 [ 231.618722][T12135] should_fail+0x555/0x770 [ 231.627442][T12135] __should_failslab+0x11a/0x160 [ 231.632365][T12135] ? mempool_alloc_slab+0x4d/0x70 [ 231.632377][T12135] should_failslab+0x9/0x20 [ 231.632388][T12135] kmem_cache_alloc+0x56/0x2e0 [ 231.632400][T12135] mempool_alloc_slab+0x4d/0x70 [ 231.632409][T12135] ? mempool_free+0x350/0x350 19:02:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x8e000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 231.632417][T12135] mempool_alloc+0x104/0x5e0 [ 231.632441][T12135] bio_alloc_bioset+0x1b0/0x5f0 [ 231.641930][T12135] submit_bh_wbc+0x1d5/0x700 [ 231.641949][T12135] block_read_full_page+0x9de/0xbd0 [ 231.651519][T12135] ? blkdev_direct_IO+0xd0/0xd0 [ 231.680136][T12135] ? lru_cache_add+0x2db/0x3b0 [ 231.680152][T12135] ? add_to_page_cache_lru+0x2d4/0x4a0 [ 231.680168][T12135] blkdev_readpage+0x1c/0x20 [ 231.680178][T12135] do_read_cache_page+0x798/0xcb0 [ 231.680193][T12135] read_cache_page_gfp+0x29/0x30 [ 231.690371][T12135] btrfs_scan_one_device+0x16a/0x450 [ 231.710122][T12135] ? trace_hardirqs_on+0x74/0x80 [ 231.715055][T12135] btrfs_mount_root+0x4af/0x1040 [ 231.719995][T12135] ? trace_kfree+0xb2/0x110 [ 231.724498][T12135] legacy_get_tree+0xf9/0x1a0 [ 231.729166][T12135] ? btrfs_control_open+0x40/0x40 [ 231.734185][T12135] vfs_get_tree+0x8b/0x2a0 [ 231.738600][T12135] vfs_kern_mount+0xc2/0x160 [ 231.743192][T12135] btrfs_mount+0x34f/0x18e0 [ 231.747698][T12135] ? check_preemption_disabled+0x47/0x2a0 [ 231.753415][T12135] ? vfs_parse_fs_string+0x13b/0x1a0 [ 231.758696][T12135] ? cap_capable+0x250/0x290 [ 231.763279][T12135] ? safesetid_security_capable+0x89/0xf0 [ 231.768997][T12135] legacy_get_tree+0xf9/0x1a0 [ 231.773662][T12135] ? btrfs_resize_thread_pool+0x290/0x290 [ 231.779547][T12135] vfs_get_tree+0x8b/0x2a0 [ 231.783961][T12135] do_mount+0x16c0/0x2510 [ 231.788297][T12135] ? copy_mount_options+0x308/0x3c0 [ 231.793493][T12135] ksys_mount+0xcc/0x100 [ 231.797744][T12135] __x64_sys_mount+0xbf/0xd0 [ 231.802336][T12135] do_syscall_64+0xf7/0x1c0 [ 231.806838][T12135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 231.812721][T12135] RIP: 0033:0x45c47a [ 231.816611][T12135] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 231.836211][T12135] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 231.844617][T12135] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a 19:02:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff0f0000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 231.852579][T12135] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 231.860541][T12135] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 231.868593][T12135] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 231.876555][T12135] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 231.894455][ T26] kauditd_printk_skb: 16 callbacks suppressed 19:02:38 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) ioctl$DRM_IOCTL_RES_CTX(r3, 0xc0106426, &(0x7f00000000c0)={0x5, &(0x7f0000000080)=[{}, {}, {0x0}, {}, {}]}) ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000100)={r6, 0x6}) writev(r5, &(0x7f00000003c0), 0x63) 19:02:38 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) accept(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r3, r4) 19:02:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x96000000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 231.894463][ T26] audit: type=1804 audit(1570129358.586:482): pid=12141 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/201/file0" dev="sda1" ino=17243 res=1 [ 231.907026][T12149] validate_nla: 6 callbacks suppressed [ 231.907032][T12149] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:38 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xff7f0000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 231.988260][ T26] audit: type=1804 audit(1570129358.636:483): pid=12152 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/193/file0" dev="sda1" ino=17250 res=1 19:02:38 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) r1 = creat(&(0x7f0000000100)='./file0\x00', 0xe) mmap$xdp(&(0x7f0000ff7000/0x3000)=nil, 0x3000, 0x0, 0x20010, r1, 0x180000000) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) ioctl$VIDIOC_QUERYMENU(r5, 0xc02c5625, &(0x7f00000000c0)={0x3ff, 0x3, @value=0x7}) r7 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r7, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000000000004000000000f9ffffffffffffff00000000000000d7090000000000000000000000000000000000000000000000000000000000284cd88900"/108], 0x78) setsockopt$inet6_MRT6_DEL_MFC(r7, 0x29, 0xcd, &(0x7f0000000180)={{0xa, 0x4e23, 0x7a, @empty, 0xff}, {0xa, 0x4e20, 0x9, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x10001}, 0x40, [0x4, 0x3, 0x10000, 0x7, 0x8, 0xc, 0x5, 0x527b8719]}, 0x5c) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) [ 232.040383][T12157] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 232.050059][ T26] audit: type=1804 audit(1570129358.666:484): pid=12154 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/193/file0" dev="sda1" ino=17250 res=1 [ 232.100764][ T26] audit: type=1804 audit(1570129358.776:485): pid=12158 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/126/file0" dev="sda1" ino=16849 res=1 19:02:38 executing program 1 (fault-call:1 fault-nth:89): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:38 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000300)={{{@in6=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@local}}, &(0x7f0000000240)=0xe8) ioprio_get$uid(0x5, r1) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d550250288dcd4f379139dad85165e5dd33ea9364645c72a81c18ab4ac395dcfb8f610e326ff261468e8d2ca826590f0d35dddd8de2b529de85820221fd2ac75f46cf935a8732a37c74e454ba6c8990c2ea07136da71635732d370d396e5c8ca6890165bf876bd8ee4dace4c9799c7ab04f63aa9bbcb0d402a7f48628214d22196f688c7615c165072ac4b97574ee15e30fb9bf9b58049c02ad5fea11ee78643cb6b0331c2c6a909141b96cf06c11fb91ffbaa252b0dc48663e72dafff4f49bb5534ab0b0edcf4cf88b14933a03cd293ea79fe732b5c12a327830fd15a37c21a312124a1237d5bd120eb4c4ab8309f4fd50d14b814"], 0x78) connect(r2, &(0x7f0000000080)=@ipx={0x4, 0x28, 0x6f, "e1000112b800", 0x9}, 0x80) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_CONTEXT(r5, 0x84, 0x11, &(0x7f0000000100)={0x0, 0xfad1}, &(0x7f0000000180)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000001c0)=@assoc_id=r6, 0x4) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000000c0), 0x0) 19:02:38 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r2, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r3, r4) 19:02:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x9effffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 232.164283][ T26] audit: type=1804 audit(1570129358.856:486): pid=12160 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/202/file0" dev="sda1" ino=17223 res=1 [ 232.188533][T12162] netlink: 'syz-executor.2': attribute type 38 has an invalid length. 19:02:38 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r2, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r3, r4) [ 232.238825][ T26] audit: type=1804 audit(1570129358.926:487): pid=12167 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/127/file0" dev="sda1" ino=17250 res=1 [ 232.267407][T12166] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffff0300, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 232.291127][T12170] FAULT_INJECTION: forcing a failure. [ 232.291127][T12170] name failslab, interval 1, probability 0, space 0, times 0 [ 232.298145][ T26] audit: type=1804 audit(1570129358.976:488): pid=12169 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/194/file0" dev="sda1" ino=16518 res=1 [ 232.368503][T12170] CPU: 1 PID: 12170 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 232.376428][T12170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 232.386503][T12170] Call Trace: [ 232.389798][T12170] dump_stack+0x1d8/0x2f8 [ 232.391865][ T26] audit: type=1804 audit(1570129358.976:489): pid=12160 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir051139464/syzkaller.YVrnIQ/202/file0" dev="sda1" ino=17223 res=1 [ 232.394128][T12170] should_fail+0x555/0x770 [ 232.394154][T12170] __should_failslab+0x11a/0x160 [ 232.394167][T12170] ? getname_kernel+0x59/0x2f0 [ 232.394178][T12170] should_failslab+0x9/0x20 [ 232.394195][T12170] kmem_cache_alloc+0x56/0x2e0 [ 232.421850][T12181] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 232.422400][T12170] getname_kernel+0x59/0x2f0 [ 232.422412][T12170] kern_path+0x1f/0x40 [ 232.422427][T12170] blkdev_get_by_path+0x71/0x270 [ 232.441315][T12170] btrfs_get_bdev_and_sb+0x48/0x280 [ 232.441329][T12170] open_fs_devices+0x14d/0xb40 [ 232.441342][T12170] ? list_sort+0x5fc/0x860 [ 232.441354][T12170] ? btrfs_open_devices+0x1b0/0x1b0 [ 232.441372][T12170] btrfs_open_devices+0x11d/0x1b0 [ 232.466299][ T26] audit: type=1804 audit(1570129359.056:490): pid=12178 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir359064164/syzkaller.vb44xM/194/file0" dev="sda1" ino=16518 res=1 [ 232.468236][T12170] btrfs_mount_root+0x6ef/0x1040 [ 232.468261][T12170] ? trace_kfree+0xb2/0x110 [ 232.468275][T12170] legacy_get_tree+0xf9/0x1a0 [ 232.468290][T12170] ? btrfs_control_open+0x40/0x40 [ 232.477429][T12170] vfs_get_tree+0x8b/0x2a0 [ 232.487227][ T26] audit: type=1804 audit(1570129359.056:491): pid=12177 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir923156790/syzkaller.VqFC7X/128/file0" dev="sda1" ino=17263 res=1 [ 232.487603][T12170] vfs_kern_mount+0xc2/0x160 [ 232.520775][T12170] btrfs_mount+0x34f/0x18e0 [ 232.520796][T12170] ? check_preemption_disabled+0x47/0x2a0 [ 232.520813][T12170] ? vfs_parse_fs_string+0x13b/0x1a0 [ 232.520823][T12170] ? cap_capable+0x250/0x290 [ 232.520835][T12170] ? safesetid_security_capable+0x89/0xf0 [ 232.520848][T12170] legacy_get_tree+0xf9/0x1a0 [ 232.558652][T12170] ? btrfs_resize_thread_pool+0x290/0x290 [ 232.558665][T12170] vfs_get_tree+0x8b/0x2a0 [ 232.558678][T12170] do_mount+0x16c0/0x2510 [ 232.558696][T12170] ? copy_mount_options+0x308/0x3c0 [ 232.558709][T12170] ksys_mount+0xcc/0x100 [ 232.558721][T12170] __x64_sys_mount+0xbf/0xd0 [ 232.558739][T12170] do_syscall_64+0xf7/0x1c0 [ 232.558753][T12170] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 232.558765][T12170] RIP: 0033:0x45c47a [ 232.603784][T12170] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 232.603790][T12170] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 19:02:39 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) socket(0xa, 0x0, 0x4) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./bus\x00', 0x280, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r6 = open(&(0x7f00000000c0)='./bus\x00', 0x324601, 0x120) ioctl$IMGETVERSION(r6, 0x80044942, &(0x7f0000000100)) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xa4010000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 232.603800][T12170] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 232.603806][T12170] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 232.603812][T12170] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 232.603817][T12170] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 232.603823][T12170] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:39 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) socket$packet(0x11, 0x3, 0x300) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r2, r3) 19:02:39 executing program 1 (fault-call:1 fault-nth:90): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:39 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000002c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000001580)={0x5c, r4, 0x31, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_DAEMON={0x48, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'lo\x00\x00\x00\x00 \xed\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x8, @mcast2}, @IPVS_DAEMON_ATTR_STATE={0xfffffffffffffefd}]}]}, 0x5c}}, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000002}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x60, r4, 0x10, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @local}]}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'ip6_vti0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x800) r5 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) [ 232.847876][T12188] netlink: 'syz-executor.3': attribute type 37 has an invalid length. [ 232.860765][T12190] netlink: 'syz-executor.4': attribute type 8 has an invalid length. [ 232.880275][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 19:02:39 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffff0f00, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:39 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r2, r3) [ 232.917477][T12194] FAULT_INJECTION: forcing a failure. [ 232.917477][T12194] name failslab, interval 1, probability 0, space 0, times 0 [ 232.948442][T12190] netlink: 'syz-executor.4': attribute type 8 has an invalid length. 19:02:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xbc030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) [ 232.976985][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 233.005744][T12202] netlink: 'syz-executor.2': attribute type 38 has an invalid length. [ 233.020792][T12194] CPU: 1 PID: 12194 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 233.028701][T12194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.038745][T12194] Call Trace: [ 233.042033][T12194] dump_stack+0x1d8/0x2f8 [ 233.046361][T12194] should_fail+0x555/0x770 [ 233.050781][T12194] __should_failslab+0x11a/0x160 [ 233.055713][T12194] ? mempool_alloc_slab+0x4d/0x70 [ 233.060735][T12194] should_failslab+0x9/0x20 [ 233.065231][T12194] kmem_cache_alloc+0x56/0x2e0 [ 233.069992][T12194] mempool_alloc_slab+0x4d/0x70 [ 233.074832][T12194] ? mempool_free+0x350/0x350 [ 233.079496][T12194] mempool_alloc+0x104/0x5e0 [ 233.084091][T12194] bio_alloc_bioset+0x1b0/0x5f0 [ 233.088946][T12194] submit_bh_wbc+0x1d5/0x700 [ 233.093538][T12194] block_read_full_page+0x9de/0xbd0 [ 233.098735][T12194] ? blkdev_direct_IO+0xd0/0xd0 [ 233.103577][T12194] ? lru_cache_add+0x2db/0x3b0 [ 233.108336][T12194] ? add_to_page_cache_lru+0x2d4/0x4a0 [ 233.113795][T12194] blkdev_readpage+0x1c/0x20 [ 233.118376][T12194] do_read_cache_page+0x798/0xcb0 [ 233.123401][T12194] read_cache_page_gfp+0x29/0x30 [ 233.128328][T12194] btrfs_scan_one_device+0x16a/0x450 [ 233.133607][T12194] ? trace_hardirqs_on+0x74/0x80 [ 233.138543][T12194] btrfs_mount_root+0x4af/0x1040 [ 233.143489][T12194] ? trace_kfree+0xb2/0x110 [ 233.147992][T12194] legacy_get_tree+0xf9/0x1a0 [ 233.152661][T12194] ? btrfs_control_open+0x40/0x40 [ 233.157679][T12194] vfs_get_tree+0x8b/0x2a0 [ 233.162089][T12194] vfs_kern_mount+0xc2/0x160 [ 233.166674][T12194] btrfs_mount+0x34f/0x18e0 [ 233.171176][T12194] ? check_preemption_disabled+0x47/0x2a0 [ 233.179588][T12194] ? vfs_parse_fs_string+0x13b/0x1a0 [ 233.184865][T12194] ? cap_capable+0x250/0x290 [ 233.189452][T12194] ? safesetid_security_capable+0x89/0xf0 [ 233.195165][T12194] legacy_get_tree+0xf9/0x1a0 [ 233.199836][T12194] ? btrfs_resize_thread_pool+0x290/0x290 [ 233.205551][T12194] vfs_get_tree+0x8b/0x2a0 [ 233.209959][T12194] do_mount+0x16c0/0x2510 [ 233.214304][T12194] ? copy_mount_options+0x308/0x3c0 [ 233.219514][T12194] ksys_mount+0xcc/0x100 [ 233.223760][T12194] __x64_sys_mount+0xbf/0xd0 [ 233.228348][T12194] do_syscall_64+0xf7/0x1c0 [ 233.232854][T12194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.238736][T12194] RIP: 0033:0x45c47a [ 233.242622][T12194] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 233.262224][T12194] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 233.270627][T12194] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 233.278588][T12194] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 233.286659][T12194] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 233.294632][T12194] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 233.302602][T12194] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:40 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r3, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$sock_inet_SIOCGIFNETMASK(r3, 0x891b, &(0x7f0000000080)={'gre0\x00', {0x2, 0x4e23, @loopback}}) r4 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:40 executing program 5: r0 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r1 = fanotify_init(0x0, 0x0) fanotify_mark(r1, 0x75, 0x40000002, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r2, r3) 19:02:40 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) getsockopt$inet6_udp_int(r6, 0x11, 0x66, &(0x7f00000000c0), &(0x7f0000000100)=0x4) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) [ 233.327134][T12206] netlink: 'syz-executor.3': attribute type 37 has an invalid length. 19:02:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffa888, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:40 executing program 1 (fault-call:1 fault-nth:91): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xefffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:40 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) fanotify_init(0x0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:40 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)=ANY=[@ANYBLOB="7f454c1f21e7288c926476000000000000000000000000000000000000000000400000000000000000000000000000000000000000003800"/120], 0x78) r6 = syz_open_pts(0xffffffffffffffff, 0x80) ioctl$VT_GETMODE(r6, 0x5601, &(0x7f0000000180)) getsockopt$bt_BT_FLUSHABLE(r5, 0x112, 0x8, &(0x7f0000000080)=0x5, &(0x7f00000000c0)=0x4) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r7, 0x4, 0x6100) writev(r7, &(0x7f00000003c0), 0x63) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000100)) 19:02:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffff7f, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 233.521961][T12219] FAULT_INJECTION: forcing a failure. [ 233.521961][T12219] name failslab, interval 1, probability 0, space 0, times 0 [ 233.558580][T12219] CPU: 1 PID: 12219 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 233.566499][T12219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 233.576545][T12219] Call Trace: [ 233.579837][T12219] dump_stack+0x1d8/0x2f8 [ 233.584166][T12219] should_fail+0x555/0x770 [ 233.588584][T12219] __should_failslab+0x11a/0x160 [ 233.588596][T12219] ? getname_kernel+0x59/0x2f0 [ 233.588608][T12219] should_failslab+0x9/0x20 [ 233.588623][T12219] kmem_cache_alloc+0x56/0x2e0 [ 233.607518][T12219] getname_kernel+0x59/0x2f0 [ 233.607532][T12219] kern_path+0x1f/0x40 [ 233.607545][T12219] blkdev_get_by_path+0x71/0x270 [ 233.607561][T12219] btrfs_get_bdev_and_sb+0x48/0x280 [ 233.616182][T12219] open_fs_devices+0x14d/0xb40 [ 233.631042][T12219] ? list_sort+0x5fc/0x860 [ 233.635459][T12219] ? btrfs_open_devices+0x1b0/0x1b0 [ 233.640744][T12219] btrfs_open_devices+0x11d/0x1b0 [ 233.645766][T12219] btrfs_mount_root+0x6ef/0x1040 [ 233.650702][T12219] ? trace_kfree+0xb2/0x110 [ 233.655211][T12219] legacy_get_tree+0xf9/0x1a0 [ 233.659882][T12219] ? btrfs_control_open+0x40/0x40 [ 233.664903][T12219] vfs_get_tree+0x8b/0x2a0 [ 233.669321][T12219] vfs_kern_mount+0xc2/0x160 [ 233.673909][T12219] btrfs_mount+0x34f/0x18e0 [ 233.678409][T12219] ? check_preemption_disabled+0x47/0x2a0 [ 233.678426][T12219] ? vfs_parse_fs_string+0x13b/0x1a0 [ 233.689404][T12219] ? cap_capable+0x250/0x290 [ 233.693992][T12219] ? safesetid_security_capable+0x89/0xf0 [ 233.699712][T12219] legacy_get_tree+0xf9/0x1a0 [ 233.704394][T12219] ? btrfs_resize_thread_pool+0x290/0x290 [ 233.710115][T12219] vfs_get_tree+0x8b/0x2a0 [ 233.710128][T12219] do_mount+0x16c0/0x2510 19:02:40 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf0ffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:40 executing program 5: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:40 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x18, 0x11, 0x1a001000014}, [@ldst={0x0, 0x3}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x214080, 0x0) getsockopt$bt_BT_POWER(r6, 0x112, 0x9, &(0x7f0000000100)=0x6, &(0x7f0000000180)=0x1) [ 233.710148][T12219] ? copy_mount_options+0x308/0x3c0 [ 233.718857][T12219] ksys_mount+0xcc/0x100 [ 233.718870][T12219] __x64_sys_mount+0xbf/0xd0 [ 233.718885][T12219] do_syscall_64+0xf7/0x1c0 [ 233.718899][T12219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 233.718912][T12219] RIP: 0033:0x45c47a [ 233.737373][T12219] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 19:02:40 executing program 5: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) [ 233.737379][T12219] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 233.737390][T12219] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 233.737396][T12219] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 233.737402][T12219] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 233.737412][T12219] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 233.747152][T12219] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:40 executing program 1 (fault-call:1 fault-nth:92): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:40 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf2030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffff9e, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:40 executing program 5: creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:40 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x18, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r1, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r5 = syz_open_dev$vcsn(&(0x7f0000000380)='/dev/vcs#\x00', 0x4, 0x202581) r6 = syz_open_dev$swradio(&(0x7f00000003c0)='/dev/swradio#\x00', 0x0, 0x2) ioctl$KVM_HYPERV_EVENTFD(r5, 0x4018aebd, &(0x7f0000000400)={0x2, r6, 0x1}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000480)={0x0, 0xfffffffffffffcfd, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x30, 0x24, 0x1, 0x70bd27, 0x0, {0x0, r7, {}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_hhf={{0x8, 0x1, '\x06hf\x00'}, {0x4}}]}, 0xfec1}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xdb1a84da1c830ebc}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=@ipv4_delroute={0xfffffffffffffe0b, 0x19, 0x8b2, 0x70bd2d, 0x25dfdbfb, {0x2, 0x20, 0x20, 0x20, 0x0, 0x0, 0xc8, 0x4, 0x800}, [@RTA_PREFSRC={0x8, 0x7, @multicast2}, @RTA_MULTIPATH={0xc, 0x9, {0x81, 0xd6, 0x3c}}, @RTA_SRC={0x8, 0x2, @loopback}, @RTA_MULTIPATH={0xc, 0x9, {0x7, 0x9, 0xc0, r7}}, @RTA_ENCAP={0xc, 0x16, @typed={0x8, 0x67, @u32=0x4}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4010001}, 0x20000001) open(&(0x7f0000000080)='./file0\x00', 0x0, 0x42) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r8, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r9, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) r10 = dup2(r8, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) r11 = creat(&(0x7f0000000240)='./file0\x00', 0xcf58b6b8612eb62c) r12 = fanotify_init(0x0, 0x0) fanotify_mark(r12, 0x75, 0x40000002, r11, 0x0) ioctl$BLKTRACESTART(r11, 0x1274, 0x0) r13 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r13, 0x4, 0x6100) writev(r13, &(0x7f00000003c0), 0x63) [ 233.959432][T12245] FAULT_INJECTION: forcing a failure. [ 233.959432][T12245] name failslab, interval 1, probability 0, space 0, times 0 [ 233.997431][T12245] CPU: 1 PID: 12245 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 19:02:40 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) ioctl$BLKALIGNOFF(r6, 0x127a, &(0x7f00000000c0)) [ 234.005355][T12245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.005361][T12245] Call Trace: [ 234.005379][T12245] dump_stack+0x1d8/0x2f8 [ 234.005394][T12245] should_fail+0x555/0x770 [ 234.005411][T12245] __should_failslab+0x11a/0x160 [ 234.032373][T12245] ? getname_kernel+0x59/0x2f0 [ 234.037145][T12245] should_failslab+0x9/0x20 [ 234.041675][T12245] kmem_cache_alloc+0x56/0x2e0 [ 234.046437][T12245] getname_kernel+0x59/0x2f0 [ 234.051019][T12245] kern_path+0x1f/0x40 [ 234.051032][T12245] blkdev_get_by_path+0x71/0x270 [ 234.051047][T12245] btrfs_get_bdev_and_sb+0x48/0x280 [ 234.060017][T12245] open_fs_devices+0x14d/0xb40 [ 234.060031][T12245] ? list_sort+0x5fc/0x860 [ 234.060046][T12245] ? btrfs_open_devices+0x1b0/0x1b0 [ 234.069972][T12245] btrfs_open_devices+0x11d/0x1b0 [ 234.079538][T12245] btrfs_mount_root+0x6ef/0x1040 [ 234.079561][T12245] ? trace_kfree+0xb2/0x110 [ 234.079578][T12245] legacy_get_tree+0xf9/0x1a0 [ 234.089494][T12245] ? btrfs_control_open+0x40/0x40 [ 234.103628][T12245] vfs_get_tree+0x8b/0x2a0 19:02:40 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffffc3, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:40 executing program 5: creat(0x0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) [ 234.103644][T12245] vfs_kern_mount+0xc2/0x160 [ 234.103656][T12245] btrfs_mount+0x34f/0x18e0 [ 234.103675][T12245] ? check_preemption_disabled+0x47/0x2a0 [ 234.103690][T12245] ? vfs_parse_fs_string+0x13b/0x1a0 [ 234.103701][T12245] ? cap_capable+0x250/0x290 [ 234.112658][T12245] ? safesetid_security_capable+0x89/0xf0 [ 234.112673][T12245] legacy_get_tree+0xf9/0x1a0 [ 234.112682][T12245] ? btrfs_resize_thread_pool+0x290/0x290 [ 234.112695][T12245] vfs_get_tree+0x8b/0x2a0 [ 234.112707][T12245] do_mount+0x16c0/0x2510 [ 234.112724][T12245] ? copy_mount_options+0x308/0x3c0 [ 234.112736][T12245] ksys_mount+0xcc/0x100 [ 234.122906][T12245] __x64_sys_mount+0xbf/0xd0 [ 234.122921][T12245] do_syscall_64+0xf7/0x1c0 [ 234.122937][T12245] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 234.122946][T12245] RIP: 0033:0x45c47a [ 234.122955][T12245] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 19:02:40 executing program 5: creat(0x0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) [ 234.122960][T12245] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 234.132786][T12245] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 234.132793][T12245] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 234.132799][T12245] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 234.132805][T12245] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 234.132811][T12245] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 234.246775][ C0] net_ratelimit: 16 callbacks suppressed [ 234.246780][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 234.260384][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:41 executing program 5: creat(0x0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xffffffef, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf5030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:41 executing program 1 (fault-call:1 fault-nth:93): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:41 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r6, 0x84, 0x7c, &(0x7f00000000c0)={r8}, 0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f00000000c0)={r8, 0x80000000}, &(0x7f0000000100)=0x8) fcntl$setstatus(r4, 0x4, 0x6100) writev(r4, &(0x7f00000003c0), 0x63) 19:02:41 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xf8030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:41 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) 19:02:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffffff0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:41 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$RTC_PLL_SET(r0, 0x40207012, &(0x7f00000000c0)={0x2, 0x7fff, 0x4, 0x8, 0x3, 0x80000000, 0x1}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0xffffffff, 0x8001, 0x3}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000100)={0x1ff, 0x7, 0x2000}, 0x4) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r1, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) setsockopt$bt_hci_HCI_DATA_DIR(r3, 0x0, 0x1, &(0x7f0000000180)=0x364, 0x4) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) [ 234.594865][T12284] FAULT_INJECTION: forcing a failure. [ 234.594865][T12284] name failslab, interval 1, probability 0, space 0, times 0 19:02:41 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r4, 0x4, 0x6100) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='cgroupvmnet1nodev\'\x00', r5}, 0x10) writev(r4, &(0x7f00000003c0), 0x63) fsync(r3) [ 234.642448][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 234.648311][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 234.671740][T12284] CPU: 1 PID: 12284 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 234.671748][T12284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.689703][T12284] Call Trace: [ 234.693037][T12284] dump_stack+0x1d8/0x2f8 [ 234.697492][T12284] should_fail+0x555/0x770 [ 234.701913][T12284] __should_failslab+0x11a/0x160 [ 234.701927][T12284] ? tomoyo_encode2+0x273/0x5a0 [ 234.701939][T12284] should_failslab+0x9/0x20 [ 234.701954][T12284] __kmalloc+0x7a/0x340 [ 234.716204][T12284] tomoyo_encode2+0x273/0x5a0 [ 234.716221][T12284] tomoyo_realpath_from_path+0x769/0x7c0 [ 234.716239][T12284] tomoyo_path_number_perm+0x166/0x640 [ 234.716273][T12284] ? smack_file_ioctl+0x226/0x2e0 19:02:41 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(r0, r1) [ 234.725044][T12284] ? __fget+0x3f1/0x510 [ 234.725061][T12284] tomoyo_file_ioctl+0x23/0x30 [ 234.725075][T12284] security_file_ioctl+0x6d/0xd0 [ 234.725089][T12284] __x64_sys_ioctl+0xa3/0x120 [ 234.725103][T12284] do_syscall_64+0xf7/0x1c0 [ 234.725121][T12284] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 234.736157][T12284] RIP: 0033:0x459897 [ 234.736168][T12284] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 234.736174][T12284] RSP: 002b:00007faddc0f0a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 234.736185][T12284] RAX: ffffffffffffffda RBX: 00007faddc0f0b40 RCX: 0000000000459897 [ 234.736191][T12284] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000006 [ 234.736196][T12284] RBP: 0000000000000001 R08: 00007faddc0f0b40 R09: 00007faddc0f0ae0 [ 234.736202][T12284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 234.736207][T12284] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:41 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(0x0, 0x0, 0x0) dup2(r0, r1) [ 234.839426][T12284] ERROR: Out of memory at tomoyo_realpath_from_path. 19:02:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffffffc, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfe030000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:41 executing program 1 (fault-call:1 fault-nth:94): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:41 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(0x0, 0x0, 0x0) dup2(r0, r1) 19:02:41 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req={0x8000, 0x401, 0x4, 0xf1d}, 0x10) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) fcntl$setstatus(r4, 0x4, 0x6100) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x10000, 0x0) fspick(r5, &(0x7f0000000180)='./file0\x00', 0xc79110111093b6f0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r6, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r7 = accept$inet6(r6, 0x0, &(0x7f0000000080)) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r8, 0x84, 0x7c, &(0x7f00000000c0)={r10}, 0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r7, 0x84, 0x78, &(0x7f00000000c0)=r10, 0x4) writev(r4, &(0x7f00000003c0), 0x63) r11 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r11, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000240)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r11, &(0x7f00000003c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x50, r12, 0x300, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x2c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xfb}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @empty}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x8}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x80000001}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x4040004) 19:02:41 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x101000, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000100)={0x10000, 0x6000}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r1, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:41 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfffffffe, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 235.114806][T12313] FAULT_INJECTION: forcing a failure. [ 235.114806][T12313] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 235.128036][T12313] CPU: 1 PID: 12313 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 235.135919][T12313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.145970][T12313] Call Trace: [ 235.149263][T12313] dump_stack+0x1d8/0x2f8 [ 235.153594][T12313] should_fail+0x555/0x770 [ 235.158015][T12313] should_fail_alloc_page+0x55/0x60 [ 235.163207][T12313] prepare_alloc_pages+0x283/0x460 [ 235.168315][T12313] __alloc_pages_nodemask+0xb2/0x5d0 [ 235.173607][T12313] kmem_getpages+0x4d/0xa00 [ 235.178109][T12313] cache_grow_begin+0x7e/0x2c0 [ 235.182873][T12313] cache_alloc_refill+0x311/0x3f0 [ 235.187900][T12313] ? check_preemption_disabled+0xb7/0x2a0 [ 235.193617][T12313] kmem_cache_alloc+0x2b9/0x2e0 [ 235.198462][T12313] ? getname_kernel+0x59/0x2f0 [ 235.203228][T12313] getname_kernel+0x59/0x2f0 [ 235.207815][T12313] kern_path+0x1f/0x40 [ 235.211885][T12313] blkdev_get_by_path+0x71/0x270 [ 235.216819][T12313] btrfs_get_bdev_and_sb+0x48/0x280 [ 235.222009][T12313] open_fs_devices+0x14d/0xb40 [ 235.226771][T12313] ? list_sort+0x5fc/0x860 [ 235.231182][T12313] ? btrfs_open_devices+0x1b0/0x1b0 [ 235.236383][T12313] btrfs_open_devices+0x11d/0x1b0 [ 235.241407][T12313] btrfs_mount_root+0x6ef/0x1040 [ 235.246354][T12313] ? trace_kfree+0xb2/0x110 [ 235.252682][T12313] legacy_get_tree+0xf9/0x1a0 [ 235.257358][T12313] ? btrfs_control_open+0x40/0x40 [ 235.262379][T12313] vfs_get_tree+0x8b/0x2a0 [ 235.266794][T12313] vfs_kern_mount+0xc2/0x160 [ 235.271381][T12313] btrfs_mount+0x34f/0x18e0 [ 235.275892][T12313] ? check_preemption_disabled+0x47/0x2a0 [ 235.281611][T12313] ? vfs_parse_fs_string+0x13b/0x1a0 [ 235.286886][T12313] ? cap_capable+0x250/0x290 [ 235.291472][T12313] ? safesetid_security_capable+0x89/0xf0 [ 235.297187][T12313] legacy_get_tree+0xf9/0x1a0 [ 235.301858][T12313] ? btrfs_resize_thread_pool+0x290/0x290 [ 235.307575][T12313] vfs_get_tree+0x8b/0x2a0 [ 235.312001][T12313] do_mount+0x16c0/0x2510 [ 235.316345][T12313] ? copy_mount_options+0x308/0x3c0 [ 235.321559][T12313] ksys_mount+0xcc/0x100 [ 235.325809][T12313] __x64_sys_mount+0xbf/0xd0 [ 235.330406][T12313] do_syscall_64+0xf7/0x1c0 [ 235.334917][T12313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.340802][T12313] RIP: 0033:0x45c47a [ 235.344694][T12313] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 235.364304][T12313] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 235.372717][T12313] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 235.380685][T12313] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 235.388648][T12313] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 235.396610][T12313] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 235.404574][T12313] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 19:02:42 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(0x0, 0x0, 0x0) dup2(r0, r1) 19:02:42 executing program 4: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) write$binfmt_elf64(r5, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) setsockopt$bt_hci_HCI_DATA_DIR(r5, 0x0, 0x1, &(0x7f0000000080)=0x4, 0x4) fcntl$setstatus(r4, 0x4, 0x6100) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000001f00000000000000000000850000002c0000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r6, 0x0, 0xe, 0x0, &(0x7f0000000080)="020043d05d25b666cd783f4b8e1c", 0x0, 0xc7a9}, 0x28) ppoll(&(0x7f00000000c0)=[{r4, 0x8002}, {r6, 0x80}], 0x2, &(0x7f0000000100)={0x77359400}, &(0x7f0000000180)={0x3}, 0x8) writev(r4, &(0x7f00000003c0), 0x63) [ 235.423090][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 235.428906][ C0] protocol 88fb is buggy, dev hsr_slave_1 19:02:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeff0000, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:42 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r3 = creat(&(0x7f0000000240)='./file0\x00', 0x0) r4 = fanotify_init(0x0, 0x0) fanotify_mark(r4, 0x75, 0x40000002, r3, 0x0) ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f00000000c0)=0x5) r5 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r7 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(r7, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r6, 0x4, 0x6100) writev(r6, &(0x7f00000003c0), 0x63) 19:02:42 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) 19:02:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:42 executing program 1 (fault-call:1 fault-nth:95): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000e00)='/dev/snapshot\x00', 0x0, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed0200000000000000384d010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 19:02:42 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0xfeffffff, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_IP6TABLES={0x8, 0x25, 0x8}]}}}]}, 0x3c}}, 0x0) 19:02:42 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) [ 235.701968][T12340] FAULT_INJECTION: forcing a failure. [ 235.701968][T12340] name failslab, interval 1, probability 0, space 0, times 0 [ 235.730336][T12340] CPU: 0 PID: 12340 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 235.738251][T12340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 235.748297][T12340] Call Trace: [ 235.748318][T12340] dump_stack+0x1d8/0x2f8 [ 235.748336][T12340] should_fail+0x555/0x770 [ 235.748360][T12340] __should_failslab+0x11a/0x160 [ 235.760330][T12340] ? bio_alloc_bioset+0x118/0x5f0 [ 235.760344][T12340] should_failslab+0x9/0x20 [ 235.760358][T12340] __kmalloc+0x7a/0x340 [ 235.760372][T12340] bio_alloc_bioset+0x118/0x5f0 [ 235.778923][T12340] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 235.778935][T12340] ? btrfs_alloc_device+0x78/0x580 [ 235.778948][T12340] btrfs_alloc_device+0xa7/0x580 [ 235.778962][T12340] ? blkdev_put+0x2c8/0x3b0 [ 235.794408][T12340] close_fs_devices+0x4ae/0x8d0 [ 235.794431][T12340] btrfs_close_devices+0x33/0x130 [ 235.794444][T12340] btrfs_mount_root+0xa9d/0x1040 [ 235.794465][T12340] ? trace_kfree+0xb2/0x110 [ 235.823093][T12340] legacy_get_tree+0xf9/0x1a0 [ 235.827767][T12340] ? btrfs_control_open+0x40/0x40 [ 235.832792][T12340] vfs_get_tree+0x8b/0x2a0 [ 235.837215][T12340] vfs_kern_mount+0xc2/0x160 [ 235.841813][T12340] btrfs_mount+0x34f/0x18e0 [ 235.841836][T12340] ? check_preemption_disabled+0x47/0x2a0 19:02:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x9, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) 19:02:42 executing program 0: getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000500)={&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x0) r0 = dup(0xffffffffffffffff) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000740)={0x9, 0x0, [{0x2000, 0xdc, &(0x7f0000000240)=""/220}, {0x10000, 0xc8, &(0x7f0000000340)=""/200}, {0x0, 0xa9, &(0x7f0000000440)=""/169}, {0x7800, 0x0, &(0x7f00000000c0)}, {0x10000, 0xd6, &(0x7f0000000540)=""/214}, {0x2, 0x71, &(0x7f0000000180)=""/113}, {0x0, 0x1, &(0x7f0000000100)=""/1}, {0x4000, 0xa7, &(0x7f0000000640)=""/167}, {0xf000, 0x2f, &(0x7f0000000700)=""/47}]}) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r1, 0x0) mprotect(&(0x7f0000ff3000/0x2000)=nil, 0x2000, 0x5) creat(&(0x7f0000000140)='./file0\x00', 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r4 = dup2(r2, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r6 = creat(&(0x7f0000000080)='./bus\x00', 0x0) ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x100000001) ioctl$EXT4_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)) fcntl$setstatus(r5, 0x4, 0x6100) writev(r5, &(0x7f00000003c0), 0x63) 19:02:42 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x10, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0xc, 0x2, [@IFLA_BR_NF_CALL_ARPTABLES={0x8}]}}}]}, 0x3c}}, 0x0) [ 235.841854][T12340] ? vfs_parse_fs_string+0x13b/0x1a0 [ 235.841865][T12340] ? cap_capable+0x250/0x290 [ 235.841883][T12340] ? safesetid_security_capable+0x89/0xf0 [ 235.852068][T12340] legacy_get_tree+0xf9/0x1a0 [ 235.852079][T12340] ? btrfs_resize_thread_pool+0x290/0x290 [ 235.852092][T12340] vfs_get_tree+0x8b/0x2a0 [ 235.852105][T12340] do_mount+0x16c0/0x2510 [ 235.852116][T12340] ? copy_mount_options+0x278/0x3c0 [ 235.852131][T12340] ? __sanitizer_cov_trace_const_cmp4+0x22/0x90 19:02:42 executing program 5: creat(&(0x7f0000000240)='./file0\x00', 0x0) creat(&(0x7f0000000140)='./file0\x00', 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r0) [ 235.852142][T12340] ? copy_mount_options+0x308/0x3c0 [ 235.903405][T12340] ksys_mount+0xcc/0x100 [ 235.907645][T12340] __x64_sys_mount+0xbf/0xd0 [ 235.912236][T12340] do_syscall_64+0xf7/0x1c0 [ 235.916742][T12340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 235.922629][T12340] RIP: 0033:0x45c47a [ 235.926516][T12340] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 235.946109][T12340] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 235.946120][T12340] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 235.946126][T12340] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 235.946132][T12340] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 235.946138][T12340] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 235.946144][T12340] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 235.979379][T12340] ------------[ cut here ]------------ [ 236.000111][T12340] kernel BUG at fs/btrfs/volumes.c:1266! [ 236.011784][T12340] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 236.017864][T12340] CPU: 0 PID: 12340 Comm: syz-executor.1 Not tainted 5.4.0-rc1+ #0 [ 236.018795][ T3892] kobject: 'loop5' (00000000d48683a7): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 236.025734][T12340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 236.025749][T12340] RIP: 0010:close_fs_devices+0x8c1/0x8d0 [ 236.025757][T12340] Code: 6e fa fe 48 8b 5d c0 e9 73 ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 7c 87 48 89 df e8 89 6e fa fe e9 7a ff ff ff e8 5f 35 c1 fe <0f> 0b e8 58 35 c1 fe 0f 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 [ 236.025761][T12340] RSP: 0018:ffff8880580ff9a0 EFLAGS: 00010246 [ 236.025769][T12340] RAX: ffffffff82b1ef11 RBX: ffff88808c3909e8 RCX: 0000000000040000 [ 236.025774][T12340] RDX: ffffc90008146000 RSI: 000000000003ffff RDI: 0000000000040000 [ 236.025779][T12340] RBP: ffff8880580ffa30 R08: ffff888095a68dd8 R09: fffffbfff12bb6b7 [ 236.025783][T12340] R10: fffffbfff12bb6b7 R11: 0000000000000000 R12: dffffc0000000000 [ 236.025789][T12340] R13: ffff88808c3909f0 R14: ffff88808c390900 R15: ffff888094214080 [ 236.025797][T12340] FS: 00007faddc112700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 236.025803][T12340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 236.025807][T12340] CR2: 0000000000710158 CR3: 00000000a4b1c000 CR4: 00000000001406f0 [ 236.025817][T12340] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 236.045182][ T3892] kobject: 'loop3' (00000000ba3d5808): kobject_uevent_env [ 236.045979][T12340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 236.045983][T12340] Call Trace: [ 236.046007][T12340] btrfs_close_devices+0x33/0x130 [ 236.051690][ T3892] kobject: 'loop3' (00000000ba3d5808): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 236.071193][T12340] btrfs_mount_root+0xa9d/0x1040 [ 236.071209][T12340] ? trace_kfree+0xb2/0x110 [ 236.071221][T12340] legacy_get_tree+0xf9/0x1a0 [ 236.071228][T12340] ? btrfs_control_open+0x40/0x40 [ 236.071238][T12340] vfs_get_tree+0x8b/0x2a0 [ 236.071247][T12340] vfs_kern_mount+0xc2/0x160 [ 236.071256][T12340] btrfs_mount+0x34f/0x18e0 [ 236.071270][T12340] ? check_preemption_disabled+0x47/0x2a0 [ 236.071280][T12340] ? vfs_parse_fs_string+0x13b/0x1a0 [ 236.071289][T12340] ? cap_capable+0x250/0x290 [ 236.071298][T12340] ? safesetid_security_capable+0x89/0xf0 [ 236.071308][T12340] legacy_get_tree+0xf9/0x1a0 [ 236.080558][ T3892] kobject: 'loop2' (00000000d9113216): kobject_uevent_env [ 236.085297][T12340] ? btrfs_resize_thread_pool+0x290/0x290 [ 236.085309][T12340] vfs_get_tree+0x8b/0x2a0 [ 236.085318][T12340] do_mount+0x16c0/0x2510 [ 236.085327][T12340] ? copy_mount_options+0x278/0x3c0 [ 236.085339][T12340] ? __sanitizer_cov_trace_const_cmp4+0x22/0x90 [ 236.085353][T12340] ? copy_mount_options+0x308/0x3c0 [ 236.095676][ T3892] kobject: 'loop2' (00000000d9113216): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 236.101255][T12340] ksys_mount+0xcc/0x100 [ 236.101266][T12340] __x64_sys_mount+0xbf/0xd0 [ 236.101280][T12340] do_syscall_64+0xf7/0x1c0 [ 236.110102][ T3892] kobject: 'loop5' (00000000d48683a7): kobject_uevent_env [ 236.117186][T12340] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 236.117194][T12340] RIP: 0033:0x45c47a [ 236.117203][T12340] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 9d 8d fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 7a 8d fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 236.117208][T12340] RSP: 002b:00007faddc111a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 236.117216][T12340] RAX: ffffffffffffffda RBX: 00007faddc111b40 RCX: 000000000045c47a [ 236.117221][T12340] RDX: 00007faddc111ae0 RSI: 0000000020000100 RDI: 00007faddc111b00 [ 236.117226][T12340] RBP: 0000000000000001 R08: 00007faddc111b40 R09: 00007faddc111ae0 [ 236.117231][T12340] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 236.117236][T12340] R13: 00000000004c8d37 R14: 00000000004e0180 R15: 0000000000000004 [ 236.117247][T12340] Modules linked in: [ 236.117572][T12340] ---[ end trace 573c17e961f9e9a1 ]--- [ 236.129929][ T3892] kobject: 'loop5' (00000000d48683a7): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 236.133179][T12340] RIP: 0010:close_fs_devices+0x8c1/0x8d0 [ 236.162416][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 236.171464][T12340] Code: 6e fa fe 48 8b 5d c0 e9 73 ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 7c 87 48 89 df e8 89 6e fa fe e9 7a ff ff ff e8 5f 35 c1 fe <0f> 0b e8 58 35 c1 fe 0f 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 [ 236.172410][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 236.182622][T12340] RSP: 0018:ffff8880580ff9a0 EFLAGS: 00010246 [ 236.187507][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 236.191983][T12340] RAX: ffffffff82b1ef11 RBX: ffff88808c3909e8 RCX: 0000000000040000 [ 236.196634][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 236.201662][T12340] RDX: ffffc90008146000 RSI: 000000000003ffff RDI: 0000000000040000 [ 236.209639][ T3892] kobject: 'loop0' (0000000012ea2f0a): kobject_uevent_env [ 236.210684][T12340] RBP: ffff8880580ffa30 R08: ffff888095a68dd8 R09: fffffbfff12bb6b7 [ 236.215369][ T3892] kobject: 'loop0' (0000000012ea2f0a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 236.220911][T12340] R10: fffffbfff12bb6b7 R11: 0000000000000000 R12: dffffc0000000000 [ 236.445560][ T3892] kobject: 'loop1' (000000007b881654): kobject_uevent_env [ 236.450349][T12340] R13: ffff88808c3909f0 R14: ffff88808c390900 R15: ffff888094214080 [ 236.456835][ T3892] kobject: 'loop1' (000000007b881654): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 236.472123][T12340] FS: 00007faddc112700(0000) GS:ffff8880aea00000(0000) knlGS:0000000000000000 [ 236.544962][T12340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 236.551625][T12340] CR2: 0000000000710158 CR3: 00000000a4b1c000 CR4: 00000000001406f0 [ 236.559642][T12340] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 236.567639][T12340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 236.575705][T12340] Kernel panic - not syncing: Fatal exception [ 236.583116][T12340] Kernel Offset: disabled [ 236.587430][T12340] Rebooting in 86400 seconds..